0b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x806], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:52 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b48920efd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2704.256063][ T4414] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:12:52 executing program 3: [ 2704.303275][ C0] net_ratelimit: 20 callbacks suppressed [ 2704.303282][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2704.303431][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2704.309139][ C0] protocol 88fb is buggy, dev hsr_slave_1 04:12:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c, 0x5}]}, 0x15c}}, 0x0) [ 2704.404633][ T4510] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b48920efd9a devid 0 transid 210 /dev/loop0 04:12:52 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xab, 0xe00000000000000) 04:12:52 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:52 executing program 3: 04:12:52 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000a0000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:12:52 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b4c920efd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:52 executing program 3: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r0, 0x6) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) sendmmsg(r1, &(0x7f0000015f40)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000000c0)="c0", 0x1}], 0x1}}], 0x1, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmmsg(r1, &(0x7f00000036c0)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)="ff", 0xc}], 0x1}}], 0x8, 0x0) 04:12:52 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:52 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xac, 0xe00000000000000) [ 2704.863384][ T4844] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b4c920efd9a devid 0 transid 210 /dev/loop0 [ 2704.882247][ T4888] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:12:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0xf}}, 0x0) [ 2704.948672][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2704.954609][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2704.960662][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2704.966529][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:12:53 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x2, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x3c) bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77ffff, 0x0, 0x820000, 0x0}, 0x2c) [ 2705.029294][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2705.035269][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:12:53 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe80], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:53 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f00000001c0)={0x23, 0x3, 0x0, {0x1, 0x2, 0x0, 'fd'}}, 0x23) 04:12:53 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000110000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:12:53 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b68920efd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2705.355291][ T5286] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:12:53 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1021], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:53 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xad, 0xe00000000000000) 04:12:53 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x50}}, 0x0) [ 2705.513169][ T5343] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b68920efd9a devid 0 transid 210 /dev/loop0 04:12:53 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000200000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:12:53 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000600)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 04:12:53 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2705.847090][ T5676] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:12:53 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xae, 0xe00000000000000) 04:12:53 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b6c920efd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000005c0)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r2, 0x403, 0x0, 0x0, {{}, 0x0, 0x4102, 0x0, {0x10, 0x13, @udp='udp:syz0\x00'}}}, 0x2c}}, 0x0) 04:12:53 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2110], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:53 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x2c0}}, 0x0) 04:12:54 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000003f0000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2706.173016][ T5857] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b6c920efd9a devid 0 transid 210 /dev/loop0 04:12:54 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2800], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:54 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xaf, 0xe00000000000000) 04:12:54 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket(0x1f, 0x1, 0xb2) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r1, 0x6, 0x15, &(0x7f0000000080)=0x7, 0x4) sendto$rxrpc(r1, &(0x7f0000000100)="5d8c2cf834c1de345ec738bb2680a430d8dafedf0b", 0x15, 0x40, &(0x7f0000000140)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e21, 0x401, @dev={0xfe, 0x80, [], 0x26}, 0x100000000}}, 0x24) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ppoll(&(0x7f0000000000)=[{r2}], 0x2000000000000059, 0x0, 0x0, 0x0) ioctl$VT_RELDISP(r1, 0x5605) ioctl$TIOCLINUX6(r2, 0x541c, &(0x7f00000000c0)={0x6, 0x6}) [ 2706.400665][ C1] protocol 88fb is buggy, dev hsr_slave_0 04:12:54 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0xec0}}, 0x0) 04:12:54 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b74920efd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:54 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000400000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:12:54 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3580], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:54 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xb0, 0xe00000000000000) [ 2706.702861][ T6382] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b74920efd9a devid 0 transid 210 /dev/loop0 [ 2706.737540][ T6507] xt_check_target: 1 callbacks suppressed [ 2706.737550][ T6507] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:12:54 executing program 3: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$setlease(r0, 0x400, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0xffffff8a, 0x23, 0x1, 0x0, 0x0, {0x20000000005, 0xe00000000000000}}, 0xb}}, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1100}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r2, 0x8, 0x70bd26, 0x25dfdbfe, {{}, 0x0, 0x410c, 0x0, {0xc, 0x14, 'syz1\x00'}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) 04:12:54 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:54 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b7a920efd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:54 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x33fe0}}, 0x0) 04:12:55 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000480000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:12:55 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xb1, 0xe00000000000000) 04:12:55 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b74920efd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:55 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2707.179745][ T6925] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b7a920efd9a devid 0 transid 210 /dev/loop0 [ 2707.266104][ T6958] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:12:55 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x200001dc}}, 0x0) [ 2707.444327][ T6991] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b74920efd9a devid 0 transid 210 /dev/loop3 04:12:55 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:55 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4305], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:55 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000004c0000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:12:55 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xb2, 0xe00000000000000) 04:12:55 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x7ffff000}}, 0x0) 04:12:55 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000bc0)={&(0x7f0000000080), 0xc, &(0x7f0000000b80)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc0700002d0001002dbd7000ffdbdf2500000000", @ANYRES32, @ANYBLOB="07000200ffff0f000600ffff9c05010066770000180002000c000200080005004b5a0000080001000000ffff0c000100726f757465000000d0010200400005003c00010004000000000000000600000002000000200000000101ffff01009f04060000000002020007000500ff000000090000000200000000000080600106005c01140000000c00010073696d706c650000c400020018000200ff00000005000000ffffffff1e030000000000001800020009000000a16e000002000000fc5400000700000018000200010100000300000000000020010000000500000018000200e300000002000000080000300900000006000000180002009200000000fcffff0d000000080000000100000018000300766d6e657430292a65746831626465760000000018000200ca0700007500000007000000ffffffff070000001800020004000000ffffff7f000000200000008005000000840006006c86446180cbc8d9ce2e2e7fb94072b3ea44e120abc59ae180700daf7de7b0c37ac2b4e47f79617df5c3185ce53c700f6b3f24a899b3f3a3f2fa5cab0ab1361465356483b12d7ee45c9818399b979e085a06858b6b62e964596c53b91337eae905d5b74b834f84e2512634526664dee678a2336084a3b1a93026656d51a10000000014000400766c616e30000000000000000000000008000200c600000008000100ffff0e00080002002700000008000100753332007405020008000b0002000000880407008404040000000c000100706f6c696365000008040200040403000300000000000000ff7f000007000000b8e7000001000000010000000800000000000000030000006a0b000003000000df0b00000600000009000000ff7f0000200000008000000008000000bba40000d80b0000780a00000700000009000000000000000700000003000000030000000100000000801e1c0100000003000000000400000100010005000000000000000300000003000000e7000000080000000600000023000000090000000000000000000000060000003114ffff0700000000010000060000003f000000080000000900000006000000ffffffff09000000000000000100000003000000010400000200000005000000090000000000f80f899456698100000009000000ffffff7f0900000008000000050000000300000000020000ff0300000040000003000000020000004800000020000000df000000030000001f0a00000600000001000000810000009e35000001000000800000000100010001000000000001000300000001000000a70200005e690000fcffffff03000000ff07000001010000040000000900000048d600000400000008000000010000000300000000100000c008000005000000090000000200000007000000ff00000001800000040000000104000009000000f40ae0780fda69c510850ee16a2b7642d60000040000000100000040000000060000000900000000020000030000000400000000040000830700002d000000fbffffff010000000180000000000000ffff0000000000000500000004000000ff7f000002000000010100003a0d00000600000005000000001000008000000007000000030000000000008009000000000800009dfe000006000000dbffffffd9290000060000000100000002000000000000e01900000003000000090000002f863678490a00000400000003000000060000004404000005000000040000000000000004000000000000000900000000800000bb0e000001000000010000000000000000000000ff0300000200000001000000bc66eb2008000000040000003f00000000000000080000000600000002000000010400000010000007000000eb05000002000000090000000900000000000000c579000001000000af00000007000000b4d2000000000000b60000000000000002000000030000000500000000000000000001000800000008000000b6ffffff080000000008000003000000ba9affff00000100000c00000b0d0000090000000000000007000000010000000600000001000000000100000100000001000000ffff0000b0000000060000000000010002000000000100000100000021050000a000000005000000de01000004000000000001000500000074800000050000008100000003000000ffffff7f010001000400000006000000b10f000006000000e7000000ff0000006800060046043d7088393ab99b3825704190920babe4937d22db6f528491b0acc782b6e2e2290ecba5bf0fd2888a63278d15414e3d883b5e3b5293b7bdcc5f5c72f0d0669cc405b32a05ac4476c645adf5b8dd8dbdf3ddd7bd55ce47127b5b280d5be618044e02aa0000b4000700b000120000000800010062706600300002001c00040001000040070000000008ff03010000008000083f09000000080003000a00000008000500c044d54691288d59d85f4eaaa985aa487d122b4a95416a809a7043e443021b477f5e42c1a08b00f043f41d93b8c3c053202942beddeca5e3e4f1429251c39b1ed7fae2c564eef410f9ed91c1d73d078b8b1bc47dc2d03d2d076d17666c049d375c40578daef8adabc507d0261409c8f5bdb1ad503b827cdf0f4fbcaa494d5b4a", @ANYRES32, @ANYBLOB="700006007625f34d75a01d23fd376d6d81e5ebcf2846b049b8028a1588f81c636429e0adeee0d61c3bb296c17f9a74829c13cdb56170e80d300b3cb319d0a5061e8521f35d923fdc9427dad2a59e2a7b32ceb4f7a9d6a341c1606ad75f2a527ce07b9565784d3e210f192f7326e3af000000080002007fffffff14000800687773696d300000000000000000000008000b000300000008000200400000000c0001007463696e6465780014000200080004000100000008000500ffff0400"], 0x7bc}, 0x1, 0x0, 0x0, 0x20000004}, 0x80) fgetxattr(r0, &(0x7f0000000000)=@known='system.advise\x00', &(0x7f00000000c0)=""/221, 0xdd) syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x9, 0x0) [ 2707.748750][ T7356] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2707.803806][ T7360] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b00ff0efd9a devid 0 transid 210 /dev/loop0 04:12:55 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4788], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:55 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xb3, 0xe00000000000000) 04:12:55 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000600000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2707.985603][ T7577] netlink: 508 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2708.049986][ T7577] netlink: 508 bytes leftover after parsing attributes in process `syz-executor.3'. 04:12:56 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009207fd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2708.173450][ T7728] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:12:56 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:56 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4888], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0xfffffdef}}, 0x0) 04:12:56 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xb4, 0xe00000000000000) 04:12:56 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000680000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:12:56 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2708.550505][ T8006] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b009207fd9a devid 0 transid 210 /dev/loop0 04:12:56 executing program 3: creat(&(0x7f0000000700)='./bus\x00', 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x101000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x200004) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x10000014c) recvfrom$rose(r2, &(0x7f0000000040)=""/122, 0x7a, 0x40002102, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 2708.641076][ T8094] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:12:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x2}, 0x0) 04:12:56 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xb5, 0xe00000000000000) 04:12:56 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009210fd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:56 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6488], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:56 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000006c0000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:12:56 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x8) sendmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="240000001a000704", 0x8}], 0x1}, 0x0) r1 = socket(0x10, 0x800000000080002, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x12001}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x80, r2, 0x22, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xdd}, @IPVS_CMD_ATTR_DAEMON={0x58, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0xfffffffffffffffa, 0x0}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x80}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x4}]}, 0x80}, 0x1, 0x0, 0x0, 0x8040}, 0x80) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0xd2efff7f00000000, &(0x7f0000000000), 0x0, &(0x7f00000000c0)}], 0x1, 0x0) [ 2709.030645][ T8467] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b009210fd9a devid 0 transid 210 /dev/loop0 [ 2709.091372][ T8574] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:12:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x3}, 0x0) 04:12:57 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:57 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xb6, 0xe00000000000000) 04:12:57 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000740000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:12:57 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:57 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8035], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x8}, 0x0) 04:12:57 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r1, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000480)=ANY=[@ANYBLOB="2c00000003060d01ff0488fffdffff57ffccad000c000100060d0010091900010c00020000002208f6f000613e10319c6ce1dc42d86be002f9f93546707bdb7834db8be9937646ce65134f3119f35e31a95014cd856901a5493e789cd1a724afb701e512e1f7a29cf7d0a5d5398b8b42a7e83a0e4b53848842416ec94a03d400ff7fc4d92fb7b6a5fb847e15aa36530841fc86"], 0x2c}}, 0x0) exit_group(0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', &(0x7f0000000280)="5eb3276fa70034a5bafaff0d2a05b14a755aaa69d9145c023712ab3eddbcfa469cd3c1ab59086d85c2d5ad55602c8f11553c32562f0ed98542859406ccff85047f38b537a8eb11b8666072be43e6dcf74c5cb5", 0x53) close(r2) socketpair$tipc(0x1e, 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000300), 0x4) close(r2) [ 2709.487610][ T8885] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2709.627482][ T8979] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b009213fd9a devid 0 transid 210 /dev/loop0 04:12:57 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8100], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:57 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xb7, 0xe00000000000000) 04:12:57 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009214fd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0xffffff1f}, 0x0) 04:12:57 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8847], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:57 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000007a0000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2710.044915][ T9352] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b009214fd9a devid 0 transid 210 /dev/loop0 [ 2710.069045][ T9387] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:12:58 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8848], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:58 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:58 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xb8, 0xe00000000000000) 04:12:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x2}, 0x0) 04:12:58 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009246fd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:58 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000880000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2710.459183][ T9666] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b009213fd9a devid 0 transid 210 /dev/loop3 04:12:58 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8864], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2710.527615][ T9726] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2710.576574][ T9704] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b009246fd9a devid 0 transid 210 /dev/loop0 [ 2710.595479][ C1] net_ratelimit: 19 callbacks suppressed [ 2710.595487][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2710.595493][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2710.595726][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2710.601298][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:12:58 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xb9, 0xe00000000000000) 04:12:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x3}, 0x0) 04:12:58 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:58 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000007fffffe0000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:12:58 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8906], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:58 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00925dfd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2711.003819][T10057] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:12:58 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:59 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xba, 0xe00000000000000) 04:12:59 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2711.172303][T10199] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b00925dfd9a devid 0 transid 210 /dev/loop0 [ 2711.240882][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2711.246805][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2711.252798][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2711.260145][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:12:59 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x4}, 0x0) [ 2711.321502][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2711.327424][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:12:59 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000200000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:12:59 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00000000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:59 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:59 executing program 3: syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:59 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xbb, 0xe00000000000000) 04:12:59 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:12:59 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000100000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:12:59 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x5}, 0x0) 04:12:59 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a400100000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:12:59 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2712.026368][T10763] xt_check_target: 1 callbacks suppressed [ 2712.026377][T10763] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:12:59 executing program 3: syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:00 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xbc, 0xe00000000000000) 04:13:00 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a800100000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:00 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300af2], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:00 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000200000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:00 executing program 3: syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x6}, 0x0) 04:13:00 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xbd, 0xe00000000000000) [ 2712.516291][T11104] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:00 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00100000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:00 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:00 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000300000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:00 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:00 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xbe, 0xe00000000000000) [ 2712.926626][T11397] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x8}, 0x0) 04:13:00 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:01 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a400200000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:01 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:01 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000400000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:01 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:01 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xbf, 0xe00000000000000) [ 2713.472541][T11765] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:01 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x9}, 0x0) 04:13:01 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:01 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a800200000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:01 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:01 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000500000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:01 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 04:13:01 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0xa}, 0x0) 04:13:01 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xc0, 0xe00000000000000) 04:13:01 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00200000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2713.913884][T11992] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:01 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:02 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 04:13:02 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000600000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:02 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000300000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2714.297628][T12258] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:02 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0xb}, 0x0) 04:13:02 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:02 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 04:13:02 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xc1, 0xe00000000000000) 04:13:02 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:02 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000700000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:02 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a400300000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2714.851788][T12633] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:02 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0) 04:13:02 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0xf}, 0x0) 04:13:02 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xc2, 0xe00000000000000) 04:13:02 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:02 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a800300000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:03 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000a00000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:03 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0) 04:13:03 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xc3, 0xe00000000000000) 04:13:03 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8060000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x10}, 0x0) [ 2715.323878][T12957] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:03 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00300000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:03 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0) 04:13:03 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000001100000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:03 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:03 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xc4, 0xe00000000000000) 04:13:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x11}, 0x0) [ 2715.864274][T13321] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:03 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a400400000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:03 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10000}], 0x0, 0x0) 04:13:04 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:04 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000002000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:04 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xc5, 0xe00000000000000) 04:13:04 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:04 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10000}], 0x0, 0x0) 04:13:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x12}, 0x0) [ 2716.429356][T13654] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:04 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a800400000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:04 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10000}], 0x0, 0x0) 04:13:04 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xc6, 0xe00000000000000) 04:13:04 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21100000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:04 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000003f00000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:04 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00400000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2716.887730][ C0] net_ratelimit: 19 callbacks suppressed [ 2716.887739][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2716.887744][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2716.887908][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2716.893594][ C0] protocol 88fb is buggy, dev hsr_slave_1 04:13:04 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0), 0x0, 0x10000}], 0x0, 0x0) 04:13:04 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x13}, 0x0) 04:13:05 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xc7, 0xe00000000000000) 04:13:05 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000500000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:05 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000004000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:05 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0), 0x0, 0x10000}], 0x0, 0x0) 04:13:05 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2717.485054][T14339] xt_check_target: 1 callbacks suppressed [ 2717.485065][T14339] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:05 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a400500000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2717.533140][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2717.539062][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2717.545581][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2717.551615][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2717.614354][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2717.620269][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:13:05 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xc8, 0xe00000000000000) 04:13:05 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:05 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x14}, 0x0) 04:13:05 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0), 0x0, 0x10000}], 0x0, 0x0) 04:13:05 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000004800000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:05 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x43050000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:05 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a800500000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2718.030109][T14634] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:06 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a229", 0x25, 0x10000}], 0x0, 0x0) 04:13:06 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xc9, 0xe00000000000000) 04:13:06 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x300}, 0x0) 04:13:06 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000004c00000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:06 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00500000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:06 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a229", 0x25, 0x10000}], 0x0, 0x0) 04:13:06 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e0000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2718.527015][T14908] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:06 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000600000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:06 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xca, 0xe00000000000000) 04:13:06 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a229", 0x25, 0x10000}], 0x0, 0x0) 04:13:06 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80350000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:06 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000006000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x500}, 0x0) 04:13:06 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2719.067863][T15259] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:07 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a400600000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:07 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a00000100000000", 0x37, 0x10000}], 0x0, 0x0) 04:13:07 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xcb, 0xe00000000000000) 04:13:07 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86ddffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:07 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000006800000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:07 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a00000100000000", 0x37, 0x10000}], 0x0, 0x0) [ 2719.544439][T15570] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:07 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x600}, 0x0) 04:13:07 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a800600000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:07 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88470000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:07 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xcc, 0xe00000000000000) 04:13:07 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a00000100000000", 0x37, 0x10000}], 0x0, 0x0) 04:13:07 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000006c00000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:07 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00600000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:07 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88480000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2720.039306][T15896] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:07 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a00000100000000000100000000000000", 0x40, 0x10000}], 0x0, 0x0) 04:13:07 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x900}, 0x0) 04:13:08 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xcd, 0xe00000000000000) 04:13:08 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88640000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:08 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000007400000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:08 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000700000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:08 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a00000100000000000100000000000000", 0x40, 0x10000}], 0x0, 0x0) 04:13:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0xa00}, 0x0) [ 2720.577174][T16233] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:08 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88a8ffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:08 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xce, 0xe00000000000000) 04:13:08 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000007a00000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:08 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a400700000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:08 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a00000100000000000100000000000000", 0x40, 0x10000}], 0x0, 0x0) [ 2720.995777][T16530] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:08 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88caffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:09 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xcf, 0xe00000000000000) 04:13:09 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266", 0x45, 0x10000}], 0x0, 0x0) 04:13:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0xb00}, 0x0) 04:13:09 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a800700000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:09 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000008800000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2721.486939][T16869] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:09 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89060000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:09 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266", 0x45, 0x10000}], 0x0, 0x0) 04:13:09 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xd0, 0xe00000000000000) 04:13:09 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00700000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:09 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000007fffffe00000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0xf00}, 0x0) 04:13:09 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dffffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:09 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266", 0x45, 0x10000}], 0x0, 0x0) 04:13:09 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xd1, 0xe00000000000000) [ 2721.993010][T17257] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:09 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a400800000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:10 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f", 0x47, 0x10000}], 0x0, 0x0) 04:13:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x1100}, 0x0) 04:13:10 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf20a3000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:10 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xd2, 0xe00000000000000) 04:13:10 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000ffffffff00000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:10 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a800800000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:10 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f", 0x47, 0x10000}], 0x0, 0x0) 04:13:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x1200}, 0x0) 04:13:10 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:10 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000200000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:10 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xd3, 0xe00000000000000) 04:13:10 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00800000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2722.948745][T17942] xt_check_target: 1 callbacks suppressed [ 2722.948755][T17942] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:10 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:10 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f", 0x47, 0x10000}], 0x0, 0x0) [ 2723.179948][ C0] net_ratelimit: 17 callbacks suppressed [ 2723.179956][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2723.180150][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2723.185808][ C0] protocol 88fb is buggy, dev hsr_slave_1 04:13:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x1300}, 0x0) 04:13:11 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000300000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:11 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000900000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:11 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:11 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xd4, 0xe00000000000000) 04:13:11 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffa888], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2723.473915][T18283] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x1400}, 0x0) 04:13:11 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f", 0x47, 0x10000}], 0x0, 0x0) 04:13:11 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000400000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:11 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffca88], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:11 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a400900000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2723.825340][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2723.831330][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2723.837310][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2723.843153][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:13:11 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xd5, 0xe00000000000000) [ 2723.908258][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2723.914200][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2723.983594][T18609] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:11 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffdd86], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:11 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f", 0x47, 0x10000}], 0x0, 0x0) 04:13:12 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000500000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x4000}, 0x0) 04:13:12 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xd6, 0xe00000000000000) 04:13:12 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a800900000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2724.361743][T18935] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:12 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f", 0x47, 0x10000}], 0x0, 0x0) 04:13:12 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:12 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000600000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:12 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:12 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xd7, 0xe00000000000000) 04:13:12 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00900000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2724.800956][T19252] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x34000}, 0x0) 04:13:12 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48}], 0x0, 0x0) 04:13:12 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff8d], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:12 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000700000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:13 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xd8, 0xe00000000000000) 04:13:13 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000a00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2725.277337][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2725.296744][T19526] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:13 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff5], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:13 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48}], 0x0, 0x0) 04:13:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x400300}, 0x0) 04:13:13 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000a00000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:13 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:13 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xd9, 0xe00000000000000) 04:13:13 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a400a00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2725.783497][T19828] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:13 executing program 3: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48}], 0x0, 0x0) 04:13:13 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:13 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000001100000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x1000000}, 0x0) [ 2726.186036][T20074] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:14 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a800a00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:14 executing program 3 (fault-call:0 fault-nth:0): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:14 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2726.375638][T20227] FAULT_INJECTION: forcing a failure. [ 2726.375638][T20227] name failslab, interval 1, probability 0, space 0, times 0 [ 2726.388551][T20227] CPU: 0 PID: 20227 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2726.396206][T20227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2726.406365][T20227] Call Trace: [ 2726.409680][T20227] dump_stack+0x16f/0x1f0 [ 2726.414038][T20227] should_fail.cold+0xa/0x15 [ 2726.418657][T20227] ? fault_create_debugfs_attr+0x180/0x180 [ 2726.434406][T20227] __should_failslab+0x121/0x190 [ 2726.439360][T20227] should_failslab+0x9/0x14 [ 2726.443874][T20227] __kmalloc+0x2ce/0x760 [ 2726.448130][T20227] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2726.454381][T20227] ? fput_many+0x12c/0x1a0 [ 2726.458810][T20227] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2726.465068][T20227] ? strnlen_user+0x1ed/0x2e0 [ 2726.469763][T20227] ? __x64_sys_memfd_create+0x13c/0x470 [ 2726.475330][T20227] __x64_sys_memfd_create+0x13c/0x470 [ 2726.480721][T20227] ? memfd_fcntl+0x1590/0x1590 [ 2726.485631][T20227] ? do_syscall_64+0x26/0x6a0 [ 2726.490334][T20227] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2726.495630][T20227] ? trace_hardirqs_on+0x67/0x220 [ 2726.500680][T20227] do_syscall_64+0xfd/0x6a0 [ 2726.505210][T20227] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2726.511120][T20227] RIP: 0033:0x459819 [ 2726.515027][T20227] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2726.534639][T20227] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 2726.543082][T20227] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459819 [ 2726.551070][T20227] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be72c [ 2726.559048][T20227] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2726.567036][T20227] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f4d260606d4 04:13:14 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xda, 0xe00000000000000) [ 2726.575017][T20227] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:14 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000004800000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x2000000}, 0x0) 04:13:14 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffffffffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:14 executing program 3 (fault-call:0 fault-nth:1): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:14 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00a00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2726.800558][T20426] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:14 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xdb, 0xe00000000000000) [ 2726.970195][T20572] FAULT_INJECTION: forcing a failure. [ 2726.970195][T20572] name failslab, interval 1, probability 0, space 0, times 0 [ 2726.983100][T20572] CPU: 0 PID: 20572 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2726.990746][T20572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2727.000894][T20572] Call Trace: [ 2727.004204][T20572] dump_stack+0x16f/0x1f0 [ 2727.008559][T20572] should_fail.cold+0xa/0x15 [ 2727.013173][T20572] ? fault_create_debugfs_attr+0x180/0x180 [ 2727.019020][T20572] __should_failslab+0x121/0x190 [ 2727.023976][T20572] ? shmem_destroy_inode+0x80/0x80 [ 2727.029104][T20572] should_failslab+0x9/0x14 [ 2727.033620][T20572] kmem_cache_alloc+0x298/0x700 [ 2727.038487][T20572] ? __alloc_fd+0x487/0x620 [ 2727.043013][T20572] ? shmem_destroy_inode+0x80/0x80 [ 2727.048139][T20572] shmem_alloc_inode+0x1c/0x50 [ 2727.052931][T20572] alloc_inode+0x68/0x1e0 [ 2727.057279][T20572] new_inode_pseudo+0x19/0xf0 [ 2727.061963][T20572] new_inode+0x1f/0x40 [ 2727.066048][T20572] shmem_get_inode+0x84/0x7e0 [ 2727.070741][T20572] __shmem_file_setup.part.0+0x7e/0x2b0 [ 2727.076314][T20572] shmem_file_setup+0x66/0x90 [ 2727.081009][T20572] __x64_sys_memfd_create+0x2a2/0x470 [ 2727.086407][T20572] ? memfd_fcntl+0x1590/0x1590 [ 2727.091186][T20572] ? do_syscall_64+0x26/0x6a0 [ 2727.095882][T20572] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2727.101200][T20572] ? trace_hardirqs_on+0x67/0x220 [ 2727.106237][T20572] do_syscall_64+0xfd/0x6a0 [ 2727.110754][T20572] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2727.116645][T20572] RIP: 0033:0x459819 [ 2727.120561][T20572] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2727.141709][T20572] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 2727.150146][T20572] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459819 [ 2727.158128][T20572] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be72c 04:13:14 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x3000000}, 0x0) 04:13:14 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000004c00000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2727.166105][T20572] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2727.174075][T20572] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f4d260606d4 [ 2727.182050][T20572] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:15 executing program 3 (fault-call:0 fault-nth:2): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:15 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000b00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2727.406535][T20832] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2727.416013][T20844] FAULT_INJECTION: forcing a failure. [ 2727.416013][T20844] name failslab, interval 1, probability 0, space 0, times 0 [ 2727.428851][T20844] CPU: 1 PID: 20844 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2727.436492][T20844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2727.446555][T20844] Call Trace: [ 2727.449868][T20844] dump_stack+0x16f/0x1f0 [ 2727.454218][T20844] should_fail.cold+0xa/0x15 [ 2727.458828][T20844] ? fault_create_debugfs_attr+0x180/0x180 [ 2727.464661][T20844] __should_failslab+0x121/0x190 [ 2727.469621][T20844] should_failslab+0x9/0x14 [ 2727.474141][T20844] kmem_cache_alloc+0x298/0x700 [ 2727.479012][T20844] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 2727.484836][T20844] ? current_time+0x6b/0x140 [ 2727.489436][T20844] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 2727.495257][T20844] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2727.500558][T20844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2727.506815][T20844] ? timespec64_trunc+0xf0/0x180 [ 2727.511766][T20844] __d_alloc+0x2e/0x8c0 [ 2727.515947][T20844] d_alloc_pseudo+0x1e/0x70 [ 2727.520476][T20844] alloc_file_pseudo+0xe2/0x280 [ 2727.525342][T20844] ? alloc_file+0x4d0/0x4d0 [ 2727.529870][T20844] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 2727.536143][T20844] __shmem_file_setup.part.0+0x108/0x2b0 [ 2727.541799][T20844] shmem_file_setup+0x66/0x90 [ 2727.546502][T20844] __x64_sys_memfd_create+0x2a2/0x470 [ 2727.551893][T20844] ? memfd_fcntl+0x1590/0x1590 [ 2727.556676][T20844] ? do_syscall_64+0x26/0x6a0 [ 2727.561375][T20844] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2727.566680][T20844] ? trace_hardirqs_on+0x67/0x220 [ 2727.571750][T20844] do_syscall_64+0xfd/0x6a0 [ 2727.576272][T20844] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2727.582180][T20844] RIP: 0033:0x459819 [ 2727.586185][T20844] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 04:13:15 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xdc, 0xe00000000000000) 04:13:15 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x4000000}, 0x0) [ 2727.605833][T20844] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 2727.614352][T20844] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459819 [ 2727.622357][T20844] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be72c [ 2727.630335][T20844] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2727.638310][T20844] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f4d260606d4 [ 2727.646305][T20844] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:15 executing program 3 (fault-call:0 fault-nth:3): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:15 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a400b00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:15 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000006000000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:15 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2727.980079][T21174] FAULT_INJECTION: forcing a failure. [ 2727.980079][T21174] name failslab, interval 1, probability 0, space 0, times 0 [ 2727.992889][T21174] CPU: 0 PID: 21174 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2728.000536][T21174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2728.010602][T21174] Call Trace: [ 2728.013909][T21174] dump_stack+0x16f/0x1f0 [ 2728.018351][T21174] should_fail.cold+0xa/0x15 [ 2728.022963][T21174] ? fault_create_debugfs_attr+0x180/0x180 [ 2728.028790][T21174] __should_failslab+0x121/0x190 [ 2728.033747][T21174] should_failslab+0x9/0x14 [ 2728.038266][T21174] kmem_cache_alloc+0x298/0x700 [ 2728.043135][T21174] ? rwlock_bug.part.0+0x90/0x90 [ 2728.048091][T21174] ? lock_downgrade+0x920/0x920 [ 2728.052963][T21174] __alloc_file+0x27/0x300 [ 2728.057404][T21174] alloc_empty_file+0x72/0x170 [ 2728.062192][T21174] alloc_file+0x5e/0x4d0 [ 2728.066466][T21174] alloc_file_pseudo+0x189/0x280 [ 2728.071426][T21174] ? alloc_file+0x4d0/0x4d0 04:13:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x5000000}, 0x0) [ 2728.075946][T21174] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 2728.082213][T21174] __shmem_file_setup.part.0+0x108/0x2b0 [ 2728.088659][T21174] shmem_file_setup+0x66/0x90 [ 2728.093364][T21174] __x64_sys_memfd_create+0x2a2/0x470 [ 2728.098757][T21174] ? memfd_fcntl+0x1590/0x1590 [ 2728.103535][T21174] ? do_syscall_64+0x26/0x6a0 [ 2728.108232][T21174] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2728.113537][T21174] ? trace_hardirqs_on+0x67/0x220 [ 2728.118595][T21174] do_syscall_64+0xfd/0x6a0 [ 2728.123132][T21174] entry_SYSCALL_64_after_hwframe+0x49/0xbe 04:13:15 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2728.129033][T21174] RIP: 0033:0x459819 [ 2728.132938][T21174] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2728.152993][T21174] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 2728.161430][T21174] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459819 [ 2728.176019][T21174] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be72c [ 2728.184009][T21174] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2728.191991][T21174] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f4d260606d4 [ 2728.192001][T21174] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:16 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xdd, 0xe00000000000000) [ 2728.225768][T21252] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:16 executing program 3 (fault-call:0 fault-nth:4): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:16 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2728.502088][T21455] FAULT_INJECTION: forcing a failure. [ 2728.502088][T21455] name failslab, interval 1, probability 0, space 0, times 0 [ 2728.515009][T21455] CPU: 1 PID: 21455 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2728.522653][T21455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2728.532717][T21455] Call Trace: [ 2728.536028][T21455] dump_stack+0x16f/0x1f0 [ 2728.540386][T21455] should_fail.cold+0xa/0x15 [ 2728.544995][T21455] ? fault_create_debugfs_attr+0x180/0x180 [ 2728.550825][T21455] __should_failslab+0x121/0x190 [ 2728.555780][T21455] should_failslab+0x9/0x14 [ 2728.560311][T21455] kmem_cache_alloc+0x298/0x700 [ 2728.565188][T21455] ? rcu_read_lock_sched_held+0x110/0x130 [ 2728.570922][T21455] ? kmem_cache_alloc+0x347/0x700 [ 2728.575967][T21455] security_file_alloc+0x39/0x170 [ 2728.581001][T21455] __alloc_file+0xac/0x300 [ 2728.585694][T21455] alloc_empty_file+0x72/0x170 [ 2728.590500][T21455] alloc_file+0x5e/0x4d0 [ 2728.594756][T21455] alloc_file_pseudo+0x189/0x280 04:13:16 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a800b00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:16 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xde, 0xe00000000000000) 04:13:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x6000000}, 0x0) [ 2728.599709][T21455] ? alloc_file+0x4d0/0x4d0 [ 2728.604236][T21455] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 2728.610527][T21455] __shmem_file_setup.part.0+0x108/0x2b0 [ 2728.616183][T21455] shmem_file_setup+0x66/0x90 [ 2728.620887][T21455] __x64_sys_memfd_create+0x2a2/0x470 [ 2728.626277][T21455] ? memfd_fcntl+0x1590/0x1590 [ 2728.631058][T21455] ? do_syscall_64+0x26/0x6a0 [ 2728.635743][T21455] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2728.641023][T21455] ? trace_hardirqs_on+0x67/0x220 [ 2728.646048][T21455] do_syscall_64+0xfd/0x6a0 [ 2728.650597][T21455] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2728.656490][T21455] RIP: 0033:0x459819 [ 2728.660371][T21455] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2728.679972][T21455] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 2728.688417][T21455] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459819 04:13:16 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000006800000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:16 executing program 3 (fault-call:0 fault-nth:5): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2728.696378][T21455] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be72c [ 2728.704333][T21455] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2728.712297][T21455] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f4d260606d4 [ 2728.720264][T21455] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2728.904944][T21606] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2728.948072][T21615] FAULT_INJECTION: forcing a failure. [ 2728.948072][T21615] name failslab, interval 1, probability 0, space 0, times 0 [ 2728.961646][T21615] CPU: 0 PID: 21615 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2728.969646][T21615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2728.979714][T21615] Call Trace: [ 2728.983022][T21615] dump_stack+0x16f/0x1f0 [ 2728.987371][T21615] should_fail.cold+0xa/0x15 [ 2728.991982][T21615] ? fault_create_debugfs_attr+0x180/0x180 [ 2728.997817][T21615] ? __kasan_check_read+0x11/0x20 [ 2729.002871][T21615] __should_failslab+0x121/0x190 [ 2729.007828][T21615] should_failslab+0x9/0x14 [ 2729.012346][T21615] __kmalloc+0x2ce/0x760 [ 2729.016603][T21615] ? tomoyo_realpath_from_path+0xc0/0x7b0 [ 2729.022356][T21615] ? tomoyo_realpath_from_path+0xc0/0x7b0 [ 2729.028094][T21615] ? rcu_read_lock_sched_held+0x110/0x130 [ 2729.033833][T21615] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 2729.039576][T21615] tomoyo_realpath_from_path+0xcd/0x7b0 [ 2729.045135][T21615] ? tomoyo_path_perm+0x1cb/0x430 [ 2729.050180][T21615] tomoyo_path_perm+0x230/0x430 [ 2729.055043][T21615] ? tomoyo_path_perm+0x1cb/0x430 [ 2729.060083][T21615] ? tomoyo_check_open_permission+0x3f0/0x3f0 [ 2729.066223][T21615] tomoyo_path_truncate+0x1d/0x30 [ 2729.071268][T21615] security_path_truncate+0xf2/0x150 [ 2729.076579][T21615] do_sys_ftruncate+0x3d9/0x550 [ 2729.081452][T21615] __x64_sys_ftruncate+0x59/0x80 [ 2729.086408][T21615] do_syscall_64+0xfd/0x6a0 [ 2729.090938][T21615] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2729.096854][T21615] RIP: 0033:0x4597e7 [ 2729.100777][T21615] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2729.100812][T21615] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d [ 2729.100830][T21615] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00000000004597e7 [ 2729.100842][T21615] RDX: 0000000020000228 RSI: 0000000000020000 RDI: 0000000000000004 04:13:16 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xdf, 0xe00000000000000) 04:13:16 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000006c00000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2729.100853][T21615] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2729.100871][T21615] R10: 0000000000010000 R11: 0000000000000217 R12: 0000000000000004 [ 2729.130335][T21615] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2729.130427][T21615] ERROR: Out of memory at tomoyo_realpath_from_path. 04:13:17 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x8000000}, 0x0) [ 2729.340204][T21915] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:17 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00b00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2729.472177][ C1] net_ratelimit: 16 callbacks suppressed [ 2729.472187][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2729.472214][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2729.478017][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2729.483729][ C0] protocol 88fb is buggy, dev hsr_slave_1 04:13:17 executing program 3 (fault-call:0 fault-nth:6): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:17 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xe0, 0xe00000000000000) 04:13:17 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2729.684765][T22160] FAULT_INJECTION: forcing a failure. [ 2729.684765][T22160] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2729.697991][T22160] CPU: 1 PID: 22160 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2729.705698][T22160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2729.715739][T22160] Call Trace: [ 2729.719047][T22160] dump_stack+0x16f/0x1f0 [ 2729.723401][T22160] should_fail.cold+0xa/0x15 [ 2729.728009][T22160] ? is_bpf_text_address+0xae/0x170 [ 2729.733228][T22160] ? fault_create_debugfs_attr+0x180/0x180 [ 2729.739038][T22160] ? is_bpf_text_address+0xae/0x170 [ 2729.744251][T22160] should_fail_alloc_page+0x50/0x60 [ 2729.749451][T22160] __alloc_pages_nodemask+0x1a1/0x8e0 [ 2729.754812][T22160] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2729.760889][T22160] ? __alloc_pages_slowpath+0x2520/0x2520 [ 2729.766617][T22160] ? __kasan_check_read+0x11/0x20 [ 2729.771639][T22160] cache_grow_begin+0x90/0xc90 [ 2729.776394][T22160] ? trace_hardirqs_off+0x62/0x210 04:13:17 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000007400000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x9000000}, 0x0) [ 2729.781504][T22160] __kmalloc+0x694/0x760 [ 2729.785733][T22160] ? tomoyo_realpath_from_path+0xc0/0x7b0 [ 2729.791458][T22160] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 2729.797190][T22160] tomoyo_realpath_from_path+0xcd/0x7b0 [ 2729.802747][T22160] ? tomoyo_path_perm+0x1cb/0x430 [ 2729.807789][T22160] tomoyo_path_perm+0x230/0x430 [ 2729.812709][T22160] ? tomoyo_path_perm+0x1cb/0x430 [ 2729.817766][T22160] ? tomoyo_check_open_permission+0x3f0/0x3f0 [ 2729.823844][T22160] tomoyo_path_truncate+0x1d/0x30 [ 2729.828857][T22160] security_path_truncate+0xf2/0x150 [ 2729.834130][T22160] do_sys_ftruncate+0x3d9/0x550 [ 2729.838976][T22160] __x64_sys_ftruncate+0x59/0x80 [ 2729.843917][T22160] do_syscall_64+0xfd/0x6a0 [ 2729.848412][T22160] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2729.854283][T22160] RIP: 0033:0x4597e7 [ 2729.858189][T22160] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2729.877784][T22160] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d [ 2729.886190][T22160] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00000000004597e7 [ 2729.894162][T22160] RDX: 0000000020000228 RSI: 0000000000020000 RDI: 0000000000000004 [ 2729.902132][T22160] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2729.910084][T22160] R10: 0000000000010000 R11: 0000000000000217 R12: 0000000000000004 [ 2729.918037][T22160] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:17 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x806000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2730.117561][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2730.123423][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2730.129365][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2730.130865][T22260] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2730.135215][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:13:17 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000c00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2730.198203][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2730.204100][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:13:18 executing program 3 (fault-call:0 fault-nth:7): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0xa000000}, 0x0) 04:13:18 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xe1, 0xe00000000000000) 04:13:18 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:18 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a400c00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2730.482799][T22549] FAULT_INJECTION: forcing a failure. [ 2730.482799][T22549] name failslab, interval 1, probability 0, space 0, times 0 [ 2730.495744][T22549] CPU: 1 PID: 22549 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2730.503389][T22549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2730.513451][T22549] Call Trace: [ 2730.517378][T22549] dump_stack+0x16f/0x1f0 [ 2730.521864][T22549] should_fail.cold+0xa/0x15 [ 2730.526482][T22549] ? fault_create_debugfs_attr+0x180/0x180 04:13:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0xb000000}, 0x0) [ 2730.532321][T22549] __should_failslab+0x121/0x190 [ 2730.537276][T22549] should_failslab+0x9/0x14 [ 2730.541793][T22549] __kmalloc+0x2ce/0x760 [ 2730.546054][T22549] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2730.552304][T22549] ? simple_dname+0xd1/0x1f0 [ 2730.556908][T22549] ? tomoyo_encode2.part.0+0xf5/0x400 [ 2730.562301][T22549] tomoyo_encode2.part.0+0xf5/0x400 [ 2730.567540][T22549] tomoyo_encode+0x2b/0x50 [ 2730.571962][T22549] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 2730.577697][T22549] ? tomoyo_path_perm+0x1cb/0x430 [ 2730.582718][T22549] tomoyo_path_perm+0x230/0x430 [ 2730.587553][T22549] ? tomoyo_path_perm+0x1cb/0x430 [ 2730.592587][T22549] ? tomoyo_check_open_permission+0x3f0/0x3f0 [ 2730.598689][T22549] tomoyo_path_truncate+0x1d/0x30 [ 2730.603715][T22549] security_path_truncate+0xf2/0x150 [ 2730.609003][T22549] do_sys_ftruncate+0x3d9/0x550 [ 2730.613864][T22549] __x64_sys_ftruncate+0x59/0x80 [ 2730.618795][T22549] do_syscall_64+0xfd/0x6a0 [ 2730.623305][T22549] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2730.629187][T22549] RIP: 0033:0x4597e7 [ 2730.633065][T22549] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2730.652750][T22549] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d [ 2730.661154][T22549] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00000000004597e7 [ 2730.669133][T22549] RDX: 0000000020000228 RSI: 0000000000020000 RDI: 0000000000000004 04:13:18 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000007a00000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2730.677086][T22549] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2730.685043][T22549] R10: 0000000000010000 R11: 0000000000000217 R12: 0000000000000004 [ 2730.692999][T22549] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2730.701111][T22549] ERROR: Out of memory at tomoyo_realpath_from_path. 04:13:18 executing program 3 (fault-call:0 fault-nth:8): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:18 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2730.915507][T22683] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:18 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a800c00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:18 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xe2, 0xe00000000000000) 04:13:19 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0xf000000}, 0x0) 04:13:19 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000008800000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2731.322488][T22973] FAULT_INJECTION: forcing a failure. [ 2731.322488][T22973] name failslab, interval 1, probability 0, space 0, times 0 [ 2731.336005][T22973] CPU: 0 PID: 22973 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2731.343907][T22973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2731.353968][T22973] Call Trace: [ 2731.357272][T22973] dump_stack+0x16f/0x1f0 [ 2731.361625][T22973] should_fail.cold+0xa/0x15 [ 2731.366258][T22973] ? fault_create_debugfs_attr+0x180/0x180 [ 2731.372085][T22973] ? percpu_ref_put_many+0x91/0x170 [ 2731.377311][T22973] __should_failslab+0x121/0x190 [ 2731.382265][T22973] should_failslab+0x9/0x14 [ 2731.386781][T22973] kmem_cache_alloc+0x47/0x700 [ 2731.391579][T22973] ? __kasan_check_read+0x11/0x20 [ 2731.396613][T22973] ? __lock_acquire+0x1702/0x4c30 [ 2731.401660][T22973] xas_alloc+0x346/0x460 [ 2731.405939][T22973] xas_create+0x2cd/0x1060 [ 2731.410383][T22973] xas_create_range+0x198/0x5d0 [ 2731.415267][T22973] shmem_add_to_page_cache+0x8ed/0x14c0 [ 2731.420843][T22973] ? shmem_writepage+0xea0/0xea0 [ 2731.425816][T22973] shmem_getpage_gfp+0xeb0/0x2650 [ 2731.430878][T22973] ? shmem_unuse_inode+0x1020/0x1020 [ 2731.436178][T22973] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 2731.441995][T22973] ? current_time+0x6b/0x140 [ 2731.446599][T22973] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 2731.452418][T22973] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2731.458675][T22973] ? iov_iter_fault_in_readable+0x22c/0x450 [ 2731.464575][T22973] shmem_write_begin+0x105/0x1e0 04:13:19 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2110000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x10000000}, 0x0) [ 2731.469535][T22973] generic_perform_write+0x23b/0x540 [ 2731.474843][T22973] ? timespec64_trunc+0x180/0x180 [ 2731.479906][T22973] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4b0/0x4b0 [ 2731.488823][T22973] ? current_time+0x140/0x140 [ 2731.493525][T22973] ? __kasan_check_write+0x14/0x20 [ 2731.498661][T22973] ? down_write+0xdf/0x150 [ 2731.503104][T22973] __generic_file_write_iter+0x25e/0x630 [ 2731.508753][T22973] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2731.514515][T22973] generic_file_write_iter+0x356/0x620 [ 2731.520017][T22973] ? __kasan_check_read+0x11/0x20 [ 2731.525063][T22973] ? __generic_file_write_iter+0x630/0x630 [ 2731.530893][T22973] ? __kasan_check_read+0x11/0x20 [ 2731.535941][T22973] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2731.542193][T22973] ? iov_iter_init+0xee/0x210 [ 2731.546991][T22973] new_sync_write+0x4d3/0x770 [ 2731.551688][T22973] ? new_sync_read+0x800/0x800 [ 2731.556466][T22973] ? mark_held_locks+0xf0/0xf0 [ 2731.561275][T22973] __vfs_write+0xe1/0x110 [ 2731.565641][T22973] vfs_write+0x268/0x5d0 [ 2731.569899][T22973] ksys_pwrite64+0x183/0x1c0 04:13:19 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2800000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:19 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xe3, 0xe00000000000000) [ 2731.574500][T22973] ? __ia32_sys_pread64+0xf0/0xf0 [ 2731.579527][T22973] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2731.584994][T22973] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2731.590479][T22973] ? do_syscall_64+0x26/0x6a0 [ 2731.595171][T22973] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2731.601270][T22973] ? do_syscall_64+0x26/0x6a0 [ 2731.605962][T22973] __x64_sys_pwrite64+0x97/0xf0 [ 2731.610828][T22973] do_syscall_64+0xfd/0x6a0 [ 2731.615351][T22973] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2731.621250][T22973] RIP: 0033:0x413767 [ 2731.625153][T22973] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 a7 f9 ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 ed f9 ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2731.645020][T22973] RSP: 002b:00007f4d2605fa80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 2731.653611][T22973] RAX: ffffffffffffffda RBX: 0000000020000210 RCX: 0000000000413767 [ 2731.661581][T22973] RDX: 0000000000000048 RSI: 00000000200008c0 RDI: 0000000000000004 [ 2731.669539][T22973] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2731.677517][T22973] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 2731.685490][T22973] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2731.844185][T23207] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:19 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00c00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:19 executing program 3 (fault-call:0 fault-nth:9): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:19 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:19 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xe4, 0xe00000000000000) [ 2732.151215][T23521] FAULT_INJECTION: forcing a failure. [ 2732.151215][T23521] name failslab, interval 1, probability 0, space 0, times 0 [ 2732.164663][T23521] CPU: 0 PID: 23521 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2732.176318][T23521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2732.186410][T23521] Call Trace: [ 2732.189715][T23521] dump_stack+0x16f/0x1f0 [ 2732.194132][T23521] should_fail.cold+0xa/0x15 04:13:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x11000000}, 0x0) [ 2732.198739][T23521] ? fault_create_debugfs_attr+0x180/0x180 [ 2732.204567][T23521] __should_failslab+0x121/0x190 [ 2732.209531][T23521] should_failslab+0x9/0x14 [ 2732.214047][T23521] kmem_cache_alloc+0x298/0x700 [ 2732.218937][T23521] getname_flags+0xd6/0x5b0 [ 2732.223464][T23521] getname+0x1a/0x20 [ 2732.227369][T23521] do_sys_open+0x2c9/0x5d0 [ 2732.231801][T23521] ? filp_open+0x80/0x80 [ 2732.236075][T23521] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2732.241552][T23521] ? do_syscall_64+0x26/0x6a0 04:13:19 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2732.246244][T23521] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2732.252321][T23521] ? do_syscall_64+0x26/0x6a0 [ 2732.257016][T23521] __x64_sys_open+0x7e/0xc0 [ 2732.261527][T23521] do_syscall_64+0xfd/0x6a0 [ 2732.266051][T23521] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2732.271948][T23521] RIP: 0033:0x413701 [ 2732.275858][T23521] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 04:13:20 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000003000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:20 executing program 3 (fault-call:0 fault-nth:10): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2732.295494][T23521] RSP: 002b:00007f4d2605fa80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 2732.303944][T23521] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413701 [ 2732.303956][T23521] RDX: 00007f4d2605fb0a RSI: 0000000000000002 RDI: 00007f4d2605fb00 [ 2732.303964][T23521] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2732.303972][T23521] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 2732.303982][T23521] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2732.491365][T23547] FAULT_INJECTION: forcing a failure. [ 2732.491365][T23547] name failslab, interval 1, probability 0, space 0, times 0 [ 2732.504222][T23547] CPU: 0 PID: 23547 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2732.511869][T23547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2732.521943][T23547] Call Trace: [ 2732.525262][T23547] dump_stack+0x16f/0x1f0 [ 2732.529616][T23547] should_fail.cold+0xa/0x15 [ 2732.534227][T23547] ? fault_create_debugfs_attr+0x180/0x180 [ 2732.540061][T23547] __should_failslab+0x121/0x190 [ 2732.545025][T23547] should_failslab+0x9/0x14 [ 2732.549556][T23547] kmem_cache_alloc+0x298/0x700 [ 2732.554442][T23547] getname_flags+0xd6/0x5b0 [ 2732.558966][T23547] getname+0x1a/0x20 [ 2732.562892][T23547] do_sys_open+0x2c9/0x5d0 [ 2732.567326][T23547] ? filp_open+0x80/0x80 [ 2732.571581][T23547] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2732.577485][T23547] ? do_syscall_64+0x26/0x6a0 [ 2732.582180][T23547] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2732.588260][T23547] ? do_syscall_64+0x26/0x6a0 [ 2732.592960][T23547] __x64_sys_open+0x7e/0xc0 [ 2732.597478][T23547] do_syscall_64+0xfd/0x6a0 [ 2732.601991][T23547] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2732.607887][T23547] RIP: 0033:0x413701 [ 2732.611784][T23547] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2732.631406][T23547] RSP: 002b:00007f4d2605fa80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 04:13:20 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4305000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2732.639844][T23547] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413701 [ 2732.647826][T23547] RDX: 00007f4d2605fb0a RSI: 0000000000000002 RDI: 00007f4d2605fb00 [ 2732.655814][T23547] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2732.663802][T23547] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 2732.671980][T23547] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2732.702687][T23635] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:20 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xe5, 0xe00000000000000) 04:13:20 executing program 3 (fault-call:0 fault-nth:11): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:20 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:20 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000d00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x12000000}, 0x0) [ 2732.957833][T23851] FAULT_INJECTION: forcing a failure. [ 2732.957833][T23851] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2732.971077][T23851] CPU: 0 PID: 23851 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2732.978712][T23851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2732.988804][T23851] Call Trace: [ 2732.992107][T23851] dump_stack+0x16f/0x1f0 [ 2732.996455][T23851] should_fail.cold+0xa/0x15 [ 2733.001064][T23851] ? fault_create_debugfs_attr+0x180/0x180 04:13:20 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000005000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2733.006887][T23851] ? __kasan_check_read+0x11/0x20 [ 2733.011933][T23851] ? __lock_acquire+0x1702/0x4c30 [ 2733.016987][T23851] should_fail_alloc_page+0x50/0x60 [ 2733.022206][T23851] __alloc_pages_nodemask+0x1a1/0x8e0 [ 2733.027594][T23851] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2733.033250][T23851] ? __alloc_pages_slowpath+0x2520/0x2520 [ 2733.038981][T23851] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2733.044645][T23851] cache_grow_begin+0x90/0xc90 [ 2733.049431][T23851] ? trace_hardirqs_off+0x62/0x210 [ 2733.054650][T23851] kmem_cache_alloc+0x636/0x700 [ 2733.059549][T23851] getname_flags+0xd6/0x5b0 [ 2733.064071][T23851] getname+0x1a/0x20 [ 2733.067979][T23851] do_sys_open+0x2c9/0x5d0 [ 2733.072419][T23851] ? filp_open+0x80/0x80 [ 2733.076689][T23851] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2733.082176][T23851] ? do_syscall_64+0x26/0x6a0 [ 2733.086871][T23851] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2733.092949][T23851] ? do_syscall_64+0x26/0x6a0 [ 2733.097653][T23851] __x64_sys_open+0x7e/0xc0 [ 2733.102183][T23851] do_syscall_64+0xfd/0x6a0 04:13:20 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2733.106717][T23851] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2733.112621][T23851] RIP: 0033:0x413701 [ 2733.116530][T23851] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2733.137652][T23851] RSP: 002b:00007f4d2605fa80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 2733.146087][T23851] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413701 04:13:20 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xe6, 0xe00000000000000) [ 2733.154068][T23851] RDX: 00007f4d2605fb0a RSI: 0000000000000002 RDI: 00007f4d2605fb00 [ 2733.168130][T23851] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2733.176109][T23851] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 2733.184084][T23851] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2733.350150][T24047] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:21 executing program 3 (fault-call:0 fault-nth:12): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x13000000}, 0x0) 04:13:21 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a400d00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:21 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2733.629638][T24262] FAULT_INJECTION: forcing a failure. [ 2733.629638][T24262] name failslab, interval 1, probability 0, space 0, times 0 [ 2733.642451][T24262] CPU: 0 PID: 24262 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2733.650271][T24262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2733.650284][T24262] Call Trace: [ 2733.663620][T24262] dump_stack+0x16f/0x1f0 [ 2733.667961][T24262] should_fail.cold+0xa/0x15 [ 2733.672568][T24262] ? fault_create_debugfs_attr+0x180/0x180 04:13:21 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xe7, 0xe00000000000000) [ 2733.678390][T24262] __should_failslab+0x121/0x190 [ 2733.683338][T24262] should_failslab+0x9/0x14 [ 2733.687849][T24262] kmem_cache_alloc+0x298/0x700 [ 2733.692714][T24262] ? stack_trace_save+0xac/0xe0 [ 2733.697570][T24262] ? stack_trace_consume_entry+0x190/0x190 [ 2733.703391][T24262] __alloc_file+0x27/0x300 [ 2733.707821][T24262] alloc_empty_file+0x72/0x170 [ 2733.712596][T24262] path_openat+0xef/0x4630 [ 2733.717021][T24262] ? kasan_slab_alloc+0xf/0x20 [ 2733.721795][T24262] ? kmem_cache_alloc+0x121/0x700 [ 2733.726854][T24262] ? getname_flags+0xd6/0x5b0 [ 2733.731535][T24262] ? getname+0x1a/0x20 [ 2733.735607][T24262] ? do_sys_open+0x2c9/0x5d0 [ 2733.740199][T24262] ? __x64_sys_open+0x7e/0xc0 [ 2733.744886][T24262] ? do_syscall_64+0xfd/0x6a0 [ 2733.749570][T24262] ? __kasan_check_read+0x11/0x20 [ 2733.754599][T24262] ? mark_lock+0xc0/0x11e0 [ 2733.754625][T24262] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 2733.754646][T24262] ? __alloc_fd+0x487/0x620 [ 2733.764509][T24262] do_filp_open+0x1a1/0x280 [ 2733.773487][T24262] ? may_open_dev+0x100/0x100 [ 2733.778169][T24262] ? lock_downgrade+0x920/0x920 [ 2733.783030][T24262] ? rwlock_bug.part.0+0x90/0x90 [ 2733.788012][T24262] ? __kasan_check_read+0x11/0x20 [ 2733.793044][T24262] ? do_raw_spin_unlock+0x57/0x270 [ 2733.793064][T24262] ? _raw_spin_unlock+0x23/0x30 [ 2733.793083][T24262] ? __alloc_fd+0x487/0x620 [ 2733.803038][T24262] do_sys_open+0x3fe/0x5d0 [ 2733.811922][T24262] ? filp_open+0x80/0x80 [ 2733.816175][T24262] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2733.821642][T24262] ? do_syscall_64+0x26/0x6a0 [ 2733.826332][T24262] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2733.832402][T24262] ? do_syscall_64+0x26/0x6a0 [ 2733.837096][T24262] __x64_sys_open+0x7e/0xc0 [ 2733.841609][T24262] do_syscall_64+0xfd/0x6a0 [ 2733.846117][T24262] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2733.852009][T24262] RIP: 0033:0x413701 [ 2733.855906][T24262] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 04:13:21 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000006000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:21 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8035000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2733.875515][T24262] RSP: 002b:00007f4d2605fa80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 2733.883933][T24262] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413701 [ 2733.891905][T24262] RDX: 00007f4d2605fb0a RSI: 0000000000000002 RDI: 00007f4d2605fb00 [ 2733.899877][T24262] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2733.907851][T24262] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 2733.915826][T24262] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:21 executing program 3 (fault-call:0 fault-nth:13): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:21 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a800d00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2734.123212][T24432] FAULT_INJECTION: forcing a failure. [ 2734.123212][T24432] name failslab, interval 1, probability 0, space 0, times 0 [ 2734.136025][T24432] CPU: 0 PID: 24432 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2734.143683][T24432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2734.153794][T24432] Call Trace: [ 2734.157100][T24432] dump_stack+0x16f/0x1f0 [ 2734.161459][T24432] should_fail.cold+0xa/0x15 [ 2734.167621][T24469] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2734.171683][T24432] ? fault_create_debugfs_attr+0x180/0x180 [ 2734.171718][T24432] __should_failslab+0x121/0x190 [ 2734.171740][T24432] should_failslab+0x9/0x14 [ 2734.171758][T24432] kmem_cache_alloc+0x298/0x700 [ 2734.171778][T24432] ? rcu_read_lock_sched_held+0x110/0x130 [ 2734.171801][T24432] ? kmem_cache_alloc+0x347/0x700 [ 2734.210726][T24432] security_file_alloc+0x39/0x170 [ 2734.215764][T24432] __alloc_file+0xac/0x300 [ 2734.220196][T24432] alloc_empty_file+0x72/0x170 [ 2734.224975][T24432] path_openat+0xef/0x4630 [ 2734.229408][T24432] ? kasan_slab_alloc+0xf/0x20 [ 2734.234181][T24432] ? kmem_cache_alloc+0x121/0x700 [ 2734.239204][T24432] ? getname_flags+0xd6/0x5b0 [ 2734.243883][T24432] ? getname+0x1a/0x20 [ 2734.247947][T24432] ? do_sys_open+0x2c9/0x5d0 [ 2734.252536][T24432] ? __x64_sys_open+0x7e/0xc0 [ 2734.257214][T24432] ? do_syscall_64+0xfd/0x6a0 [ 2734.261901][T24432] ? __kasan_check_read+0x11/0x20 [ 2734.266931][T24432] ? mark_lock+0xc0/0x11e0 [ 2734.271371][T24432] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 2734.276766][T24432] ? __alloc_fd+0x487/0x620 [ 2734.281282][T24432] do_filp_open+0x1a1/0x280 [ 2734.285804][T24432] ? may_open_dev+0x100/0x100 [ 2734.290585][T24432] ? lock_downgrade+0x920/0x920 [ 2734.295444][T24432] ? rwlock_bug.part.0+0x90/0x90 [ 2734.300405][T24432] ? __kasan_check_read+0x11/0x20 [ 2734.305438][T24432] ? do_raw_spin_unlock+0x57/0x270 [ 2734.310554][T24432] ? _raw_spin_unlock+0x23/0x30 [ 2734.315410][T24432] ? __alloc_fd+0x487/0x620 [ 2734.319932][T24432] do_sys_open+0x3fe/0x5d0 [ 2734.324361][T24432] ? filp_open+0x80/0x80 [ 2734.328622][T24432] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2734.334086][T24432] ? do_syscall_64+0x26/0x6a0 [ 2734.334105][T24432] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2734.334125][T24432] ? do_syscall_64+0x26/0x6a0 [ 2734.344935][T24432] __x64_sys_open+0x7e/0xc0 [ 2734.344953][T24432] do_syscall_64+0xfd/0x6a0 [ 2734.344972][T24432] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2734.344984][T24432] RIP: 0033:0x413701 04:13:22 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8100000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x14000000}, 0x0) 04:13:22 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xe8, 0xe00000000000000) 04:13:22 executing program 3 (fault-call:0 fault-nth:14): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2734.344999][T24432] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2734.345007][T24432] RSP: 002b:00007f4d2605fa80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 2734.345021][T24432] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413701 [ 2734.345030][T24432] RDX: 00007f4d2605fb0a RSI: 0000000000000002 RDI: 00007f4d2605fb00 [ 2734.345038][T24432] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2734.345047][T24432] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 2734.345055][T24432] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2734.537269][T24617] FAULT_INJECTION: forcing a failure. [ 2734.537269][T24617] name failslab, interval 1, probability 0, space 0, times 0 [ 2734.550079][T24617] CPU: 0 PID: 24617 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2734.557715][T24617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2734.567771][T24617] Call Trace: [ 2734.571070][T24617] dump_stack+0x16f/0x1f0 [ 2734.575446][T24617] should_fail.cold+0xa/0x15 [ 2734.580066][T24617] ? fault_create_debugfs_attr+0x180/0x180 [ 2734.585949][T24617] __should_failslab+0x121/0x190 [ 2734.585989][T24617] should_failslab+0x9/0x14 [ 2734.586003][T24617] __kmalloc+0x2ce/0x760 [ 2734.586023][T24617] ? tomoyo_realpath_from_path+0xc0/0x7b0 [ 2734.586042][T24617] ? tomoyo_realpath_from_path+0xc0/0x7b0 [ 2734.586060][T24617] ? rcu_read_lock_sched_held+0x110/0x130 [ 2734.586076][T24617] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 2734.586099][T24617] tomoyo_realpath_from_path+0xcd/0x7b0 [ 2734.586118][T24617] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2734.586145][T24617] tomoyo_check_open_permission+0x2a8/0x3f0 [ 2734.634586][T24617] ? cache_grow_begin.cold+0x43/0x48 [ 2734.646413][T24617] ? tomoyo_path_number_perm+0x520/0x520 [ 2734.646438][T24617] ? __kasan_check_read+0x11/0x20 [ 2734.646453][T24617] ? mark_lock+0xc0/0x11e0 [ 2734.646486][T24617] ? lock_downgrade+0x920/0x920 [ 2734.646501][T24617] ? rwlock_bug.part.0+0x90/0x90 [ 2734.646521][T24617] tomoyo_file_open+0xa9/0xd0 [ 2734.646543][T24617] security_file_open+0x71/0x300 [ 2734.681717][T24617] do_dentry_open+0x373/0x1250 [ 2734.686503][T24617] ? chown_common+0x5c0/0x5c0 [ 2734.691194][T24617] ? inode_permission+0xb4/0x560 [ 2734.696143][T24617] vfs_open+0xa0/0xd0 [ 2734.700167][T24617] path_openat+0x10e9/0x4630 [ 2734.704757][T24617] ? kasan_slab_alloc+0xf/0x20 [ 2734.709529][T24617] ? kmem_cache_alloc+0x121/0x700 [ 2734.714564][T24617] ? getname_flags+0xd6/0x5b0 [ 2734.719248][T24617] ? getname+0x1a/0x20 [ 2734.723327][T24617] ? do_sys_open+0x2c9/0x5d0 [ 2734.727916][T24617] ? __x64_sys_open+0x7e/0xc0 [ 2734.732614][T24617] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 2734.738003][T24617] ? __alloc_fd+0x487/0x620 [ 2734.742519][T24617] do_filp_open+0x1a1/0x280 [ 2734.747026][T24617] ? may_open_dev+0x100/0x100 [ 2734.747054][T24617] ? __kasan_check_read+0x11/0x20 [ 2734.747069][T24617] ? do_raw_spin_unlock+0x57/0x270 [ 2734.747088][T24617] ? _raw_spin_unlock+0x23/0x30 [ 2734.747106][T24617] ? __alloc_fd+0x487/0x620 [ 2734.756807][T24617] do_sys_open+0x3fe/0x5d0 [ 2734.756825][T24617] ? filp_open+0x80/0x80 [ 2734.756845][T24617] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2734.756868][T24617] ? do_syscall_64+0x26/0x6a0 [ 2734.790025][T24617] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2734.796101][T24617] ? do_syscall_64+0x26/0x6a0 [ 2734.800786][T24617] __x64_sys_open+0x7e/0xc0 [ 2734.805303][T24617] do_syscall_64+0xfd/0x6a0 [ 2734.809821][T24617] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2734.815717][T24617] RIP: 0033:0x413701 [ 2734.819613][T24617] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2734.839219][T24617] RSP: 002b:00007f4d2605fa80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 2734.847639][T24617] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413701 [ 2734.855630][T24617] RDX: 00007f4d2605fb0a RSI: 0000000000000002 RDI: 00007f4d2605fb00 [ 2734.863609][T24617] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2734.871576][T24617] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 2734.879536][T24617] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x40000000}, 0x0) 04:13:22 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xe9, 0xe00000000000000) 04:13:22 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86ddffff00000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:22 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000007000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2734.887866][T24617] ERROR: Out of memory at tomoyo_realpath_from_path. [ 2735.012240][T24737] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:22 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00d00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:22 executing program 3 (fault-call:0 fault-nth:15): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:22 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8847000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:22 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xea, 0xe00000000000000) 04:13:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0xffffff7f}, 0x0) [ 2735.300196][T25021] FAULT_INJECTION: forcing a failure. [ 2735.300196][T25021] name failslab, interval 1, probability 0, space 0, times 0 [ 2735.313063][T25021] CPU: 1 PID: 25021 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2735.320702][T25021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2735.330761][T25021] Call Trace: [ 2735.334069][T25021] dump_stack+0x16f/0x1f0 [ 2735.338418][T25021] should_fail.cold+0xa/0x15 [ 2735.343037][T25021] ? fault_create_debugfs_attr+0x180/0x180 [ 2735.348875][T25021] __should_failslab+0x121/0x190 [ 2735.354262][T25021] should_failslab+0x9/0x14 [ 2735.358780][T25021] __kmalloc+0x2ce/0x760 [ 2735.363040][T25021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2735.369295][T25021] ? d_absolute_path+0x11b/0x170 [ 2735.374248][T25021] ? __d_path+0x140/0x140 [ 2735.378600][T25021] ? rcu_read_lock_sched_held+0x110/0x130 [ 2735.384336][T25021] ? tomoyo_encode2.part.0+0xf5/0x400 [ 2735.389735][T25021] tomoyo_encode2.part.0+0xf5/0x400 [ 2735.394961][T25021] tomoyo_encode+0x2b/0x50 [ 2735.399397][T25021] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 2735.405061][T25021] tomoyo_path_number_perm+0x1dd/0x520 [ 2735.410538][T25021] ? tomoyo_path_number_perm+0x193/0x520 [ 2735.416217][T25021] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2735.422075][T25021] ? __fget+0x388/0x560 [ 2735.426261][T25021] ? ksys_dup3+0x3e0/0x3e0 [ 2735.430693][T25021] ? do_sys_open+0x31d/0x5d0 [ 2735.435299][T25021] tomoyo_file_ioctl+0x23/0x30 [ 2735.440084][T25021] security_file_ioctl+0x77/0xc0 [ 2735.445041][T25021] ksys_ioctl+0x57/0xd0 [ 2735.449224][T25021] __x64_sys_ioctl+0x73/0xb0 [ 2735.453836][T25021] do_syscall_64+0xfd/0x6a0 [ 2735.458368][T25021] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2735.464273][T25021] RIP: 0033:0x459687 [ 2735.468192][T25021] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2735.487810][T25021] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 04:13:23 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000a000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2735.496236][T25021] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 [ 2735.504245][T25021] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2735.512231][T25021] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2735.520214][T25021] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2735.528220][T25021] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2735.536342][T25021] ERROR: Out of memory at tomoyo_realpath_from_path. 04:13:23 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8848000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:23 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000e00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2735.761760][T25157] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2735.764380][ C1] net_ratelimit: 20 callbacks suppressed [ 2735.764388][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2735.775806][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:13:23 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8864000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:23 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xeb, 0xe00000000000000) 04:13:23 executing program 3 (fault-call:0 fault-nth:16): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2736.006429][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2736.012350][ C0] protocol 88fb is buggy, dev hsr_slave_1 04:13:23 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88a8ffff00000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x40030000000000}, 0x0) [ 2736.120295][T25416] FAULT_INJECTION: forcing a failure. [ 2736.120295][T25416] name failslab, interval 1, probability 0, space 0, times 0 [ 2736.133257][T25416] CPU: 0 PID: 25416 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2736.140907][T25416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2736.150971][T25416] Call Trace: [ 2736.154276][T25416] dump_stack+0x16f/0x1f0 [ 2736.158639][T25416] should_fail.cold+0xa/0x15 [ 2736.165442][T25416] ? fault_create_debugfs_attr+0x180/0x180 [ 2736.175725][T25416] __should_failslab+0x121/0x190 [ 2736.180690][T25416] should_failslab+0x9/0x14 [ 2736.185194][T25416] __kmalloc+0x2ce/0x760 [ 2736.189444][T25416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2736.195708][T25416] ? d_absolute_path+0x11b/0x170 [ 2736.200693][T25416] ? __d_path+0x140/0x140 [ 2736.205038][T25416] ? rcu_read_lock_sched_held+0x110/0x130 [ 2736.210775][T25416] ? tomoyo_encode2.part.0+0xf5/0x400 [ 2736.216169][T25416] tomoyo_encode2.part.0+0xf5/0x400 [ 2736.221391][T25416] tomoyo_encode+0x2b/0x50 [ 2736.225813][T25416] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 2736.231465][T25416] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2736.237726][T25416] tomoyo_check_open_permission+0x2a8/0x3f0 [ 2736.243631][T25416] ? cache_grow_begin.cold+0x43/0x48 [ 2736.248928][T25416] ? tomoyo_path_number_perm+0x520/0x520 [ 2736.254573][T25416] ? __kasan_check_read+0x11/0x20 [ 2736.259596][T25416] ? mark_lock+0xc0/0x11e0 [ 2736.264034][T25416] ? lock_downgrade+0x920/0x920 [ 2736.268885][T25416] ? rwlock_bug.part.0+0x90/0x90 [ 2736.273829][T25416] tomoyo_file_open+0xa9/0xd0 [ 2736.278509][T25416] security_file_open+0x71/0x300 [ 2736.283454][T25416] do_dentry_open+0x373/0x1250 [ 2736.289049][T25416] ? chown_common+0x5c0/0x5c0 [ 2736.293727][T25416] ? inode_permission+0xb4/0x560 [ 2736.298664][T25416] vfs_open+0xa0/0xd0 [ 2736.302654][T25416] path_openat+0x10e9/0x4630 [ 2736.307244][T25416] ? kasan_slab_alloc+0xf/0x20 [ 2736.312004][T25416] ? kmem_cache_alloc+0x121/0x700 [ 2736.317038][T25416] ? getname_flags+0xd6/0x5b0 [ 2736.321710][T25416] ? getname+0x1a/0x20 [ 2736.325789][T25416] ? do_sys_open+0x2c9/0x5d0 [ 2736.330383][T25416] ? __x64_sys_open+0x7e/0xc0 [ 2736.335072][T25416] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 2736.340447][T25416] ? __alloc_fd+0x487/0x620 [ 2736.344952][T25416] do_filp_open+0x1a1/0x280 [ 2736.349455][T25416] ? may_open_dev+0x100/0x100 [ 2736.354141][T25416] ? __kasan_check_read+0x11/0x20 [ 2736.359159][T25416] ? do_raw_spin_unlock+0x57/0x270 [ 2736.364271][T25416] ? _raw_spin_unlock+0x23/0x30 [ 2736.369120][T25416] ? __alloc_fd+0x487/0x620 [ 2736.373724][T25416] do_sys_open+0x3fe/0x5d0 [ 2736.378142][T25416] ? filp_open+0x80/0x80 [ 2736.382387][T25416] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2736.387855][T25416] ? do_syscall_64+0x26/0x6a0 [ 2736.392529][T25416] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2736.398588][T25416] ? do_syscall_64+0x26/0x6a0 [ 2736.403265][T25416] __x64_sys_open+0x7e/0xc0 [ 2736.407769][T25416] do_syscall_64+0xfd/0x6a0 [ 2736.409779][ C1] protocol 88fb is buggy, dev hsr_slave_0 04:13:24 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000011000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:24 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xec, 0xe00000000000000) [ 2736.412287][T25416] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2736.418155][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2736.423870][T25416] RIP: 0033:0x413701 [ 2736.423885][T25416] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2736.423892][T25416] RSP: 002b:00007f4d2605fa80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 2736.423905][T25416] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413701 [ 2736.423913][T25416] RDX: 00007f4d2605fb0a RSI: 0000000000000002 RDI: 00007f4d2605fb00 [ 2736.423921][T25416] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2736.423929][T25416] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 2736.423944][T25416] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2736.429870][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2736.433659][T25416] ERROR: Out of memory at tomoyo_realpath_from_path. [ 2736.453328][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2736.519923][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2736.525807][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:13:24 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a400e00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2736.643502][T25496] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:24 executing program 3 (fault-call:0 fault-nth:17): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:24 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88caffff00000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2736.936566][T25810] FAULT_INJECTION: forcing a failure. [ 2736.936566][T25810] name failslab, interval 1, probability 0, space 0, times 0 [ 2736.949460][T25810] CPU: 0 PID: 25810 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2736.957113][T25810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2736.967180][T25810] Call Trace: [ 2736.970492][T25810] dump_stack+0x16f/0x1f0 [ 2736.974844][T25810] should_fail.cold+0xa/0x15 [ 2736.979804][T25810] ? fault_create_debugfs_attr+0x180/0x180 [ 2736.985667][T25810] ? __kasan_check_read+0x11/0x20 [ 2736.990731][T25810] __should_failslab+0x121/0x190 [ 2736.995703][T25810] should_failslab+0x9/0x14 [ 2737.000221][T25810] __kmalloc+0x2ce/0x760 [ 2737.004482][T25810] ? tomoyo_realpath_from_path+0xc0/0x7b0 [ 2737.010224][T25810] ? tomoyo_realpath_from_path+0xc0/0x7b0 [ 2737.015961][T25810] ? rcu_read_lock_sched_held+0x110/0x130 [ 2737.021734][T25810] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 2737.027480][T25810] tomoyo_realpath_from_path+0xcd/0x7b0 [ 2737.033050][T25810] ? tomoyo_path_number_perm+0x193/0x520 [ 2737.038743][T25810] tomoyo_path_number_perm+0x1dd/0x520 [ 2737.044234][T25810] ? tomoyo_path_number_perm+0x193/0x520 [ 2737.049902][T25810] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2737.055767][T25810] ? __fget+0x388/0x560 [ 2737.059944][T25810] ? ksys_dup3+0x3e0/0x3e0 [ 2737.064386][T25810] tomoyo_file_ioctl+0x23/0x30 [ 2737.069177][T25810] security_file_ioctl+0x77/0xc0 [ 2737.074143][T25810] ksys_ioctl+0x57/0xd0 [ 2737.078332][T25810] __x64_sys_ioctl+0x73/0xb0 [ 2737.082971][T25810] do_syscall_64+0xfd/0x6a0 [ 2737.087512][T25810] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2737.093424][T25810] RIP: 0033:0x459687 [ 2737.097326][T25810] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2737.116940][T25810] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2737.126873][T25810] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 04:13:24 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xed, 0xe00000000000000) 04:13:24 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a800e00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:24 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000020000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2737.134854][T25810] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2737.142828][T25810] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2737.150804][T25810] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2737.158782][T25810] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2737.166847][T25810] ERROR: Out of memory at tomoyo_realpath_from_path. 04:13:24 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8906000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x100000000000000}, 0x0) 04:13:25 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xee, 0xe00000000000000) [ 2737.351438][T25932] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:25 executing program 3 (fault-call:0 fault-nth:18): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:25 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dffffff00000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:25 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00e00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x200000000000000}, 0x0) [ 2737.738245][T26184] FAULT_INJECTION: forcing a failure. [ 2737.738245][T26184] name failslab, interval 1, probability 0, space 0, times 0 [ 2737.752073][T26184] CPU: 0 PID: 26184 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2737.759725][T26184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2737.769795][T26184] Call Trace: [ 2737.773101][T26184] dump_stack+0x16f/0x1f0 [ 2737.777448][T26184] should_fail.cold+0xa/0x15 [ 2737.782053][T26184] ? fault_create_debugfs_attr+0x180/0x180 [ 2737.787875][T26184] ? stack_trace_save+0xac/0xe0 [ 2737.792748][T26184] __should_failslab+0x121/0x190 [ 2737.797717][T26184] should_failslab+0x9/0x14 [ 2737.802230][T26184] kmem_cache_alloc+0x47/0x700 [ 2737.807008][T26184] ? save_stack+0x5c/0x90 [ 2737.811351][T26184] ? save_stack+0x23/0x90 [ 2737.815698][T26184] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2737.821513][T26184] ? kasan_slab_alloc+0xf/0x20 [ 2737.826295][T26184] ? kmem_cache_alloc+0x121/0x700 [ 2737.831415][T26184] radix_tree_node_alloc.constprop.0+0x1eb/0x310 04:13:25 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xef, 0xe00000000000000) [ 2737.837768][T26184] idr_get_free+0x48e/0x8c0 [ 2737.842304][T26184] idr_alloc_u32+0x19e/0x330 [ 2737.846941][T26184] ? __fprop_inc_percpu_max+0x230/0x230 [ 2737.852636][T26184] ? mark_held_locks+0xf0/0xf0 [ 2737.857461][T26184] idr_alloc_cyclic+0x132/0x270 [ 2737.862349][T26184] ? idr_alloc+0x150/0x150 [ 2737.866895][T26184] __kernfs_new_node+0x172/0x690 [ 2737.871863][T26184] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2737.877328][T26184] ? __kasan_check_read+0x11/0x20 [ 2737.882383][T26184] ? __lock_acquire+0x1702/0x4c30 04:13:25 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf20a300000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2737.887452][T26184] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2737.892752][T26184] ? retint_kernel+0x10/0x10 [ 2737.897356][T26184] ? trace_hardirqs_on_caller+0x6a/0x210 [ 2737.903007][T26184] kernfs_new_node+0x96/0x120 [ 2737.907712][T26184] kernfs_create_dir_ns+0x52/0x160 [ 2737.912864][T26184] internal_create_group+0x7f4/0xc30 [ 2737.918154][T26184] ? bd_set_size+0x3f/0xb0 [ 2737.922591][T26184] ? remove_files.isra.0+0x190/0x190 [ 2737.927992][T26184] ? __down_timeout+0x2d0/0x2d0 [ 2737.932860][T26184] ? __kasan_check_write+0x14/0x20 [ 2737.938000][T26184] ? up_write+0x9d/0x280 [ 2737.942263][T26184] sysfs_create_group+0x20/0x30 [ 2737.947163][T26184] loop_set_fd+0xb3b/0x10c0 [ 2737.951661][T26184] lo_ioctl+0x1a3/0x1460 [ 2737.955905][T26184] ? loop_set_fd+0x10c0/0x10c0 [ 2737.960683][T26184] blkdev_ioctl+0xedb/0x1c1a [ 2737.965269][T26184] ? blkpg_ioctl+0xa90/0xa90 [ 2737.969848][T26184] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2737.975771][T26184] block_ioctl+0xee/0x130 [ 2737.980123][T26184] ? blkdev_fallocate+0x410/0x410 [ 2737.985149][T26184] do_vfs_ioctl+0xdb6/0x13e0 [ 2737.989769][T26184] ? ioctl_preallocate+0x210/0x210 [ 2737.994888][T26184] ? __fget+0x388/0x560 [ 2737.999091][T26184] ? ksys_dup3+0x3e0/0x3e0 [ 2738.003534][T26184] ? do_sys_open+0x31d/0x5d0 [ 2738.008131][T26184] ? tomoyo_file_ioctl+0x23/0x30 [ 2738.013078][T26184] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2738.019331][T26184] ? security_file_ioctl+0x8d/0xc0 [ 2738.024441][T26184] ksys_ioctl+0xab/0xd0 [ 2738.028604][T26184] __x64_sys_ioctl+0x73/0xb0 [ 2738.033242][T26184] do_syscall_64+0xfd/0x6a0 [ 2738.037769][T26184] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2738.043666][T26184] RIP: 0033:0x459687 [ 2738.047602][T26184] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2738.067384][T26184] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2738.075800][T26184] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 04:13:25 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000003f000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2738.083788][T26184] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2738.091764][T26184] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2738.099728][T26184] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2738.107803][T26184] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:26 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff00000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2738.283413][T26281] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:26 executing program 3 (fault-call:0 fault-nth:19): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:26 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xf0, 0xe00000000000000) 04:13:26 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000f00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2738.575932][T26577] FAULT_INJECTION: forcing a failure. [ 2738.575932][T26577] name failslab, interval 1, probability 0, space 0, times 0 [ 2738.588740][T26577] CPU: 0 PID: 26577 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2738.596388][T26577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2738.606462][T26577] Call Trace: [ 2738.609775][T26577] dump_stack+0x16f/0x1f0 [ 2738.614123][T26577] should_fail.cold+0xa/0x15 [ 2738.618736][T26577] ? fault_create_debugfs_attr+0x180/0x180 04:13:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x300000000000000}, 0x0) 04:13:26 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffffffffffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2738.624575][T26577] __should_failslab+0x121/0x190 [ 2738.629541][T26577] should_failslab+0x9/0x14 [ 2738.634067][T26577] kmem_cache_alloc+0x47/0x700 [ 2738.638852][T26577] ? save_stack+0x5c/0x90 [ 2738.643194][T26577] ? save_stack+0x23/0x90 [ 2738.647542][T26577] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2738.653373][T26577] ? kasan_slab_alloc+0xf/0x20 [ 2738.658179][T26577] radix_tree_node_alloc.constprop.0+0x1eb/0x310 [ 2738.664533][T26577] idr_get_free+0x48e/0x8c0 [ 2738.669074][T26577] idr_alloc_u32+0x19e/0x330 [ 2738.673707][T26577] ? __fprop_inc_percpu_max+0x230/0x230 [ 2738.679288][T26577] ? mark_held_locks+0xf0/0xf0 [ 2738.684083][T26577] idr_alloc_cyclic+0x132/0x270 [ 2738.688967][T26577] ? idr_alloc+0x150/0x150 [ 2738.693458][T26577] __kernfs_new_node+0x172/0x690 [ 2738.698474][T26577] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2738.703953][T26577] ? __kasan_check_read+0x11/0x20 [ 2738.709001][T26577] ? __lock_acquire+0x1702/0x4c30 [ 2738.714046][T26577] ? set_user_nice.part.0+0x292/0x5e0 [ 2738.719444][T26577] kernfs_new_node+0x96/0x120 04:13:26 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xf1, 0xe00000000000000) [ 2738.724143][T26577] kernfs_create_dir_ns+0x52/0x160 [ 2738.729278][T26577] internal_create_group+0x7f4/0xc30 [ 2738.734584][T26577] ? bd_set_size+0x3f/0xb0 [ 2738.739032][T26577] ? remove_files.isra.0+0x190/0x190 [ 2738.744336][T26577] ? __down_timeout+0x2d0/0x2d0 [ 2738.749203][T26577] ? __kasan_check_write+0x14/0x20 [ 2738.754327][T26577] ? up_write+0x9d/0x280 [ 2738.758576][T26577] sysfs_create_group+0x20/0x30 [ 2738.763523][T26577] loop_set_fd+0xb3b/0x10c0 [ 2738.768047][T26577] lo_ioctl+0x1a3/0x1460 [ 2738.772303][T26577] ? loop_set_fd+0x10c0/0x10c0 [ 2738.777065][T26577] blkdev_ioctl+0xedb/0x1c1a [ 2738.781657][T26577] ? blkpg_ioctl+0xa90/0xa90 [ 2738.786254][T26577] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2738.792076][T26577] block_ioctl+0xee/0x130 [ 2738.796440][T26577] ? blkdev_fallocate+0x410/0x410 [ 2738.801471][T26577] do_vfs_ioctl+0xdb6/0x13e0 [ 2738.806059][T26577] ? ioctl_preallocate+0x210/0x210 [ 2738.811176][T26577] ? __fget+0x388/0x560 [ 2738.815345][T26577] ? ksys_dup3+0x3e0/0x3e0 [ 2738.819773][T26577] ? do_sys_open+0x31d/0x5d0 [ 2738.824398][T26577] ? tomoyo_file_ioctl+0x23/0x30 [ 2738.829337][T26577] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2738.835590][T26577] ? security_file_ioctl+0x8d/0xc0 [ 2738.840733][T26577] ksys_ioctl+0xab/0xd0 [ 2738.844897][T26577] __x64_sys_ioctl+0x73/0xb0 [ 2738.849481][T26577] do_syscall_64+0xfd/0x6a0 [ 2738.853983][T26577] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2738.859873][T26577] RIP: 0033:0x459687 [ 2738.863756][T26577] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2738.883356][T26577] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2738.891797][T26577] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 [ 2738.899773][T26577] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2738.907730][T26577] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2738.915701][T26577] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2738.923768][T26577] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:26 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000040000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:26 executing program 3 (fault-call:0 fault-nth:20): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:26 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2739.187940][T26764] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2739.276667][T26861] FAULT_INJECTION: forcing a failure. [ 2739.276667][T26861] name failslab, interval 1, probability 0, space 0, times 0 [ 2739.289625][T26861] CPU: 0 PID: 26861 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2739.297295][T26861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2739.307384][T26861] Call Trace: [ 2739.310712][T26861] dump_stack+0x16f/0x1f0 [ 2739.315106][T26861] should_fail.cold+0xa/0x15 [ 2739.319732][T26861] ? fault_create_debugfs_attr+0x180/0x180 04:13:27 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xf2, 0xe00000000000000) [ 2739.325577][T26861] __should_failslab+0x121/0x190 [ 2739.330538][T26861] should_failslab+0x9/0x14 [ 2739.335055][T26861] kmem_cache_alloc+0x298/0x700 [ 2739.339925][T26861] ? lock_downgrade+0x920/0x920 [ 2739.344799][T26861] ? __mutex_lock+0x3a9/0x1330 [ 2739.349584][T26861] __kernfs_new_node+0xf0/0x690 [ 2739.354453][T26861] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2739.359936][T26861] ? wait_for_completion+0x440/0x440 [ 2739.365291][T26861] ? mutex_unlock+0xd/0x10 [ 2739.369733][T26861] ? kernfs_activate+0x192/0x1f0 [ 2739.374708][T26861] kernfs_new_node+0x96/0x120 [ 2739.379412][T26861] __kernfs_create_file+0x51/0x33b [ 2739.384546][T26861] sysfs_add_file_mode_ns+0x222/0x560 [ 2739.389942][T26861] internal_create_group+0x359/0xc30 [ 2739.395242][T26861] ? bd_set_size+0x3f/0xb0 [ 2739.399696][T26861] ? remove_files.isra.0+0x190/0x190 [ 2739.405002][T26861] ? __down_timeout+0x2d0/0x2d0 [ 2739.409883][T26861] ? __kasan_check_write+0x14/0x20 [ 2739.415024][T26861] ? up_write+0x9d/0x280 [ 2739.419301][T26861] sysfs_create_group+0x20/0x30 04:13:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x400000000000000}, 0x0) [ 2739.424179][T26861] loop_set_fd+0xb3b/0x10c0 [ 2739.428723][T26861] lo_ioctl+0x1a3/0x1460 [ 2739.432999][T26861] ? loop_set_fd+0x10c0/0x10c0 [ 2739.437795][T26861] blkdev_ioctl+0xedb/0x1c1a [ 2739.442506][T26861] ? blkpg_ioctl+0xa90/0xa90 [ 2739.447146][T26861] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2739.452995][T26861] block_ioctl+0xee/0x130 [ 2739.457348][T26861] ? blkdev_fallocate+0x410/0x410 [ 2739.462408][T26861] do_vfs_ioctl+0xdb6/0x13e0 [ 2739.467025][T26861] ? ioctl_preallocate+0x210/0x210 [ 2739.472149][T26861] ? __fget+0x388/0x560 [ 2739.476332][T26861] ? ksys_dup3+0x3e0/0x3e0 [ 2739.480755][T26861] ? tomoyo_file_ioctl+0x23/0x30 [ 2739.485725][T26861] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2739.492007][T26861] ? security_file_ioctl+0x8d/0xc0 [ 2739.497133][T26861] ksys_ioctl+0xab/0xd0 [ 2739.501308][T26861] __x64_sys_ioctl+0x73/0xb0 [ 2739.505915][T26861] do_syscall_64+0xfd/0x6a0 [ 2739.510418][T26861] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2739.516304][T26861] RIP: 0033:0x459687 [ 2739.520219][T26861] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2739.540005][T26861] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2739.548421][T26861] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 [ 2739.556398][T26861] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2739.564369][T26861] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 04:13:27 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000048000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2739.572427][T26861] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2739.580414][T26861] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:27 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a400f00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:27 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2739.801456][T27064] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:27 executing program 3 (fault-call:0 fault-nth:21): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:27 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xf3, 0xe00000000000000) [ 2740.055889][T27338] FAULT_INJECTION: forcing a failure. [ 2740.055889][T27338] name failslab, interval 1, probability 0, space 0, times 0 [ 2740.068731][T27338] CPU: 0 PID: 27338 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2740.076406][T27338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2740.086479][T27338] Call Trace: [ 2740.089816][T27338] dump_stack+0x16f/0x1f0 [ 2740.094184][T27338] should_fail.cold+0xa/0x15 [ 2740.098805][T27338] ? fault_create_debugfs_attr+0x180/0x180 04:13:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x500000000000000}, 0x0) [ 2740.104669][T27338] ? stack_trace_save+0xac/0xe0 [ 2740.109579][T27338] __should_failslab+0x121/0x190 [ 2740.114636][T27338] should_failslab+0x9/0x14 [ 2740.119184][T27338] kmem_cache_alloc+0x47/0x700 [ 2740.123971][T27338] ? save_stack+0x5c/0x90 [ 2740.128316][T27338] ? save_stack+0x23/0x90 [ 2740.132661][T27338] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2740.138496][T27338] ? kasan_slab_alloc+0xf/0x20 [ 2740.143307][T27338] ? kmem_cache_alloc+0x121/0x700 [ 2740.148371][T27338] radix_tree_node_alloc.constprop.0+0x1eb/0x310 04:13:27 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffff000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2740.154738][T27338] idr_get_free+0x48e/0x8c0 [ 2740.159286][T27338] idr_alloc_u32+0x19e/0x330 [ 2740.174591][T27338] ? __fprop_inc_percpu_max+0x230/0x230 [ 2740.180166][T27338] ? mark_held_locks+0xf0/0xf0 [ 2740.184956][T27338] idr_alloc_cyclic+0x132/0x270 [ 2740.189918][T27338] ? idr_alloc+0x150/0x150 [ 2740.194368][T27338] __kernfs_new_node+0x172/0x690 [ 2740.199334][T27338] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2740.204821][T27338] ? __kasan_check_read+0x11/0x20 [ 2740.209868][T27338] ? __lock_acquire+0x1702/0x4c30 [ 2740.214918][T27338] ? set_user_nice.part.0+0x292/0x5e0 [ 2740.220319][T27338] kernfs_new_node+0x96/0x120 [ 2740.225025][T27338] kernfs_create_dir_ns+0x52/0x160 [ 2740.231118][T27338] internal_create_group+0x7f4/0xc30 [ 2740.236414][T27338] ? bd_set_size+0x3f/0xb0 [ 2740.240855][T27338] ? remove_files.isra.0+0x190/0x190 [ 2740.246155][T27338] ? __down_timeout+0x2d0/0x2d0 [ 2740.251022][T27338] ? __kasan_check_write+0x14/0x20 04:13:27 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xf4, 0xe00000000000000) [ 2740.256150][T27338] ? up_write+0x9d/0x280 [ 2740.260405][T27338] sysfs_create_group+0x20/0x30 [ 2740.265263][T27338] loop_set_fd+0xb3b/0x10c0 [ 2740.269782][T27338] lo_ioctl+0x1a3/0x1460 [ 2740.274035][T27338] ? loop_set_fd+0x10c0/0x10c0 [ 2740.278849][T27338] blkdev_ioctl+0xedb/0x1c1a [ 2740.283458][T27338] ? blkpg_ioctl+0xa90/0xa90 [ 2740.288061][T27338] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2740.293903][T27338] block_ioctl+0xee/0x130 [ 2740.298248][T27338] ? blkdev_fallocate+0x410/0x410 [ 2740.303296][T27338] do_vfs_ioctl+0xdb6/0x13e0 [ 2740.307910][T27338] ? ioctl_preallocate+0x210/0x210 [ 2740.313042][T27338] ? __fget+0x388/0x560 [ 2740.317207][T27338] ? ksys_dup3+0x3e0/0x3e0 [ 2740.321646][T27338] ? tomoyo_file_ioctl+0x23/0x30 [ 2740.326609][T27338] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2740.332901][T27338] ? security_file_ioctl+0x8d/0xc0 [ 2740.338022][T27338] ksys_ioctl+0xab/0xd0 [ 2740.342223][T27338] __x64_sys_ioctl+0x73/0xb0 [ 2740.346861][T27338] do_syscall_64+0xfd/0x6a0 [ 2740.351423][T27338] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2740.357369][T27338] RIP: 0033:0x459687 [ 2740.361270][T27338] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2740.381053][T27338] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2740.389474][T27338] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 [ 2740.397455][T27338] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2740.405440][T27338] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2740.413415][T27338] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2740.421390][T27338] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:28 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000004c000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:28 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a800f00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:28 executing program 3 (fault-call:0 fault-nth:22): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2740.645658][T27475] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:28 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:28 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xf5, 0xe00000000000000) [ 2740.809719][T27682] FAULT_INJECTION: forcing a failure. [ 2740.809719][T27682] name failslab, interval 1, probability 0, space 0, times 0 [ 2740.823535][T27682] CPU: 1 PID: 27682 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2740.831191][T27682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2740.841272][T27682] Call Trace: [ 2740.844584][T27682] dump_stack+0x16f/0x1f0 [ 2740.848950][T27682] should_fail.cold+0xa/0x15 [ 2740.853610][T27682] ? fault_create_debugfs_attr+0x180/0x180 04:13:28 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac00f00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x600000000000000}, 0x0) [ 2740.859459][T27682] __should_failslab+0x121/0x190 [ 2740.864441][T27682] should_failslab+0x9/0x14 [ 2740.868994][T27682] kmem_cache_alloc+0x298/0x700 [ 2740.873885][T27682] ? kernfs_activate+0x192/0x1f0 [ 2740.878856][T27682] ? __mutex_lock+0x3a9/0x1330 [ 2740.883660][T27682] __kernfs_new_node+0xf0/0x690 [ 2740.888569][T27682] ? __mutex_lock+0x3a9/0x1330 [ 2740.893365][T27682] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2740.898881][T27682] ? __kasan_check_write+0x14/0x20 [ 2740.904022][T27682] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 2740.909594][T27682] ? wait_for_completion+0x440/0x440 [ 2740.914904][T27682] kernfs_new_node+0x96/0x120 [ 2740.919609][T27682] __kernfs_create_file+0x51/0x33b [ 2740.924720][T27682] sysfs_add_file_mode_ns+0x222/0x560 [ 2740.930110][T27682] internal_create_group+0x359/0xc30 [ 2740.935402][T27682] ? bd_set_size+0x3f/0xb0 [ 2740.939837][T27682] ? remove_files.isra.0+0x190/0x190 [ 2740.945127][T27682] ? __down_timeout+0x2d0/0x2d0 [ 2740.949997][T27682] ? __kasan_check_write+0x14/0x20 [ 2740.955137][T27682] ? up_write+0x9d/0x280 [ 2740.959384][T27682] sysfs_create_group+0x20/0x30 [ 2740.964245][T27682] loop_set_fd+0xb3b/0x10c0 [ 2740.968761][T27682] lo_ioctl+0x1a3/0x1460 [ 2740.973058][T27682] ? loop_set_fd+0x10c0/0x10c0 [ 2740.977846][T27682] blkdev_ioctl+0xedb/0x1c1a [ 2740.982455][T27682] ? blkpg_ioctl+0xa90/0xa90 [ 2740.987046][T27682] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2740.992877][T27682] block_ioctl+0xee/0x130 [ 2740.997244][T27682] ? blkdev_fallocate+0x410/0x410 [ 2741.002274][T27682] do_vfs_ioctl+0xdb6/0x13e0 [ 2741.006864][T27682] ? ioctl_preallocate+0x210/0x210 [ 2741.011962][T27682] ? __fget+0x388/0x560 [ 2741.016136][T27682] ? ksys_dup3+0x3e0/0x3e0 [ 2741.020543][T27682] ? do_sys_open+0x31d/0x5d0 [ 2741.025124][T27682] ? tomoyo_file_ioctl+0x23/0x30 [ 2741.030063][T27682] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2741.036309][T27682] ? security_file_ioctl+0x8d/0xc0 [ 2741.041431][T27682] ksys_ioctl+0xab/0xd0 [ 2741.045593][T27682] __x64_sys_ioctl+0x73/0xb0 [ 2741.050193][T27682] do_syscall_64+0xfd/0x6a0 [ 2741.054714][T27682] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2741.060633][T27682] RIP: 0033:0x459687 [ 2741.064543][T27682] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2741.084147][T27682] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2741.092555][T27682] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 [ 2741.100548][T27682] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 04:13:28 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000060000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2741.108520][T27682] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2741.116503][T27682] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2741.125823][T27682] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:28 executing program 3 (fault-call:0 fault-nth:23): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2741.292496][T27793] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:29 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:29 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401000000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:29 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xf6, 0xe00000000000000) 04:13:29 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000068000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2741.597368][T28073] FAULT_INJECTION: forcing a failure. [ 2741.597368][T28073] name failslab, interval 1, probability 0, space 0, times 0 [ 2741.610288][T28073] CPU: 1 PID: 28073 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2741.617960][T28073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2741.628032][T28073] Call Trace: [ 2741.631356][T28073] dump_stack+0x16f/0x1f0 [ 2741.635743][T28073] should_fail.cold+0xa/0x15 [ 2741.640364][T28073] ? fault_create_debugfs_attr+0x180/0x180 04:13:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x800000000000000}, 0x0) [ 2741.646213][T28073] __should_failslab+0x121/0x190 [ 2741.651186][T28073] should_failslab+0x9/0x14 [ 2741.655696][T28073] kmem_cache_alloc+0x298/0x700 [ 2741.660678][T28073] ? lock_downgrade+0x920/0x920 [ 2741.665539][T28073] ? __mutex_lock+0x3a9/0x1330 [ 2741.670304][T28073] __kernfs_new_node+0xf0/0x690 [ 2741.675246][T28073] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2741.680701][T28073] ? wait_for_completion+0x440/0x440 [ 2741.686000][T28073] ? mutex_unlock+0xd/0x10 [ 2741.690433][T28073] ? kernfs_activate+0x192/0x1f0 [ 2741.695393][T28073] kernfs_new_node+0x96/0x120 [ 2741.700072][T28073] __kernfs_create_file+0x51/0x33b [ 2741.705187][T28073] sysfs_add_file_mode_ns+0x222/0x560 [ 2741.710572][T28073] internal_create_group+0x359/0xc30 [ 2741.715851][T28073] ? bd_set_size+0x3f/0xb0 [ 2741.720291][T28073] ? remove_files.isra.0+0x190/0x190 [ 2741.725570][T28073] ? __down_timeout+0x2d0/0x2d0 [ 2741.730417][T28073] ? __kasan_check_write+0x14/0x20 [ 2741.735519][T28073] ? up_write+0x9d/0x280 [ 2741.739758][T28073] sysfs_create_group+0x20/0x30 [ 2741.744599][T28073] loop_set_fd+0xb3b/0x10c0 [ 2741.749098][T28073] lo_ioctl+0x1a3/0x1460 [ 2741.753364][T28073] ? loop_set_fd+0x10c0/0x10c0 [ 2741.758124][T28073] blkdev_ioctl+0xedb/0x1c1a [ 2741.762708][T28073] ? blkpg_ioctl+0xa90/0xa90 [ 2741.767302][T28073] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2741.773239][T28073] block_ioctl+0xee/0x130 [ 2741.777571][T28073] ? blkdev_fallocate+0x410/0x410 [ 2741.782589][T28073] do_vfs_ioctl+0xdb6/0x13e0 [ 2741.787170][T28073] ? ioctl_preallocate+0x210/0x210 [ 2741.792276][T28073] ? __fget+0x388/0x560 [ 2741.796434][T28073] ? ksys_dup3+0x3e0/0x3e0 [ 2741.800860][T28073] ? do_sys_open+0x31d/0x5d0 [ 2741.805450][T28073] ? tomoyo_file_ioctl+0x23/0x30 [ 2741.810374][T28073] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2741.816629][T28073] ? security_file_ioctl+0x8d/0xc0 [ 2741.821734][T28073] ksys_ioctl+0xab/0xd0 [ 2741.825901][T28073] __x64_sys_ioctl+0x73/0xb0 [ 2741.830484][T28073] do_syscall_64+0xfd/0x6a0 [ 2741.834991][T28073] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2741.840892][T28073] RIP: 0033:0x459687 [ 2741.844778][T28073] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2741.864383][T28073] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2741.872789][T28073] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 [ 2741.880776][T28073] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2741.888759][T28073] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2741.896724][T28073] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2741.904685][T28073] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2741.967639][T28119] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:29 executing program 3 (fault-call:0 fault-nth:24): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2742.056619][ C1] net_ratelimit: 20 callbacks suppressed [ 2742.056628][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2742.068365][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:13:29 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:29 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801000000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2742.297733][T28372] FAULT_INJECTION: forcing a failure. [ 2742.297733][T28372] name failslab, interval 1, probability 0, space 0, times 0 [ 2742.310652][T28372] CPU: 1 PID: 28372 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2742.318303][T28372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2742.328393][T28372] Call Trace: [ 2742.331703][T28372] dump_stack+0x16f/0x1f0 [ 2742.336065][T28372] should_fail.cold+0xa/0x15 [ 2742.340787][T28372] ? fault_create_debugfs_attr+0x180/0x180 04:13:30 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xf7, 0xe00000000000000) 04:13:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x900000000000000}, 0x0) [ 2742.346635][T28372] __should_failslab+0x121/0x190 [ 2742.351601][T28372] should_failslab+0x9/0x14 [ 2742.356132][T28372] kmem_cache_alloc+0x47/0x700 [ 2742.360949][T28372] ? save_stack+0x5c/0x90 [ 2742.365292][T28372] ? save_stack+0x23/0x90 [ 2742.369639][T28372] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2742.375463][T28372] ? kasan_slab_alloc+0xf/0x20 [ 2742.380265][T28372] radix_tree_node_alloc.constprop.0+0x1eb/0x310 [ 2742.386621][T28372] idr_get_free+0x48e/0x8c0 [ 2742.391132][T28372] idr_alloc_u32+0x19e/0x330 [ 2742.395730][T28372] ? __fprop_inc_percpu_max+0x230/0x230 [ 2742.401296][T28372] ? mark_held_locks+0xf0/0xf0 [ 2742.406064][T28372] idr_alloc_cyclic+0x132/0x270 [ 2742.410917][T28372] ? idr_alloc+0x150/0x150 [ 2742.415349][T28372] __kernfs_new_node+0x172/0x690 [ 2742.420286][T28372] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2742.425755][T28372] ? __kasan_check_read+0x11/0x20 [ 2742.430782][T28372] ? __lock_acquire+0x1702/0x4c30 [ 2742.435798][T28372] ? set_user_nice.part.0+0x292/0x5e0 [ 2742.441227][T28372] kernfs_new_node+0x96/0x120 [ 2742.446017][T28372] kernfs_create_dir_ns+0x52/0x160 [ 2742.451144][T28372] internal_create_group+0x7f4/0xc30 [ 2742.456448][T28372] ? bd_set_size+0x3f/0xb0 [ 2742.460863][T28372] ? remove_files.isra.0+0x190/0x190 [ 2742.466161][T28372] ? __down_timeout+0x2d0/0x2d0 [ 2742.471015][T28372] ? __kasan_check_write+0x14/0x20 [ 2742.476111][T28372] ? up_write+0x9d/0x280 [ 2742.480342][T28372] sysfs_create_group+0x20/0x30 [ 2742.485185][T28372] loop_set_fd+0xb3b/0x10c0 [ 2742.489700][T28372] lo_ioctl+0x1a3/0x1460 [ 2742.493993][T28372] ? loop_set_fd+0x10c0/0x10c0 [ 2742.498751][T28372] blkdev_ioctl+0xedb/0x1c1a [ 2742.503330][T28372] ? blkpg_ioctl+0xa90/0xa90 [ 2742.507910][T28372] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2742.513716][T28372] block_ioctl+0xee/0x130 [ 2742.518055][T28372] ? blkdev_fallocate+0x410/0x410 [ 2742.523088][T28372] do_vfs_ioctl+0xdb6/0x13e0 [ 2742.527696][T28372] ? ioctl_preallocate+0x210/0x210 [ 2742.532808][T28372] ? __fget+0x388/0x560 [ 2742.536970][T28372] ? ksys_dup3+0x3e0/0x3e0 [ 2742.541379][T28372] ? do_sys_open+0x31d/0x5d0 [ 2742.546001][T28372] ? tomoyo_file_ioctl+0x23/0x30 [ 2742.550949][T28372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2742.557228][T28372] ? security_file_ioctl+0x8d/0xc0 [ 2742.562369][T28372] ksys_ioctl+0xab/0xd0 [ 2742.566558][T28372] __x64_sys_ioctl+0x73/0xb0 [ 2742.571203][T28372] do_syscall_64+0xfd/0x6a0 [ 2742.575749][T28372] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2742.581652][T28372] RIP: 0033:0x459687 [ 2742.585653][T28372] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2742.605470][T28372] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2742.613889][T28372] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 [ 2742.621891][T28372] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2742.629858][T28372] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2742.637835][T28372] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2742.645834][T28372] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2742.661827][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2742.667731][ C0] protocol 88fb is buggy, dev hsr_slave_1 04:13:30 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000006c000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2742.701962][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2742.707915][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2742.782660][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2742.788665][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2742.794713][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2742.800582][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:13:30 executing program 3 (fault-call:0 fault-nth:25): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:30 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2742.933083][T28457] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:30 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01000000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2743.125702][T28633] FAULT_INJECTION: forcing a failure. [ 2743.125702][T28633] name failslab, interval 1, probability 0, space 0, times 0 [ 2743.138401][T28633] CPU: 0 PID: 28633 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2743.146047][T28633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2743.158127][T28633] Call Trace: [ 2743.162546][T28633] dump_stack+0x16f/0x1f0 [ 2743.169357][T28633] should_fail.cold+0xa/0x15 [ 2743.173979][T28633] ? fault_create_debugfs_attr+0x180/0x180 [ 2743.179834][T28633] __should_failslab+0x121/0x190 [ 2743.184830][T28633] should_failslab+0x9/0x14 [ 2743.189361][T28633] kmem_cache_alloc+0x298/0x700 [ 2743.194272][T28633] ? lock_downgrade+0x920/0x920 [ 2743.199155][T28633] ? __mutex_lock+0x3a9/0x1330 [ 2743.203983][T28633] __kernfs_new_node+0xf0/0x690 [ 2743.208866][T28633] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2743.214356][T28633] ? wait_for_completion+0x440/0x440 [ 2743.219689][T28633] ? mutex_unlock+0xd/0x10 [ 2743.224139][T28633] ? kernfs_activate+0x192/0x1f0 [ 2743.229115][T28633] kernfs_new_node+0x96/0x120 [ 2743.233837][T28633] __kernfs_create_file+0x51/0x33b [ 2743.238978][T28633] sysfs_add_file_mode_ns+0x222/0x560 [ 2743.244471][T28633] internal_create_group+0x359/0xc30 [ 2743.249773][T28633] ? bd_set_size+0x3f/0xb0 [ 2743.254988][T28633] ? remove_files.isra.0+0x190/0x190 [ 2743.260311][T28633] ? __down_timeout+0x2d0/0x2d0 [ 2743.265214][T28633] ? __kasan_check_write+0x14/0x20 [ 2743.270358][T28633] ? up_write+0x9d/0x280 04:13:30 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:30 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xf8, 0xe00000000000000) [ 2743.274629][T28633] sysfs_create_group+0x20/0x30 [ 2743.279503][T28633] loop_set_fd+0xb3b/0x10c0 [ 2743.284031][T28633] lo_ioctl+0x1a3/0x1460 [ 2743.288312][T28633] ? loop_set_fd+0x10c0/0x10c0 [ 2743.293134][T28633] blkdev_ioctl+0xedb/0x1c1a [ 2743.297754][T28633] ? blkpg_ioctl+0xa90/0xa90 [ 2743.302389][T28633] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2743.308231][T28633] block_ioctl+0xee/0x130 [ 2743.312573][T28633] ? blkdev_fallocate+0x410/0x410 [ 2743.317614][T28633] do_vfs_ioctl+0xdb6/0x13e0 04:13:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0xa00000000000000}, 0x0) [ 2743.322230][T28633] ? ioctl_preallocate+0x210/0x210 [ 2743.327359][T28633] ? __fget+0x388/0x560 [ 2743.331546][T28633] ? ksys_dup3+0x3e0/0x3e0 [ 2743.335980][T28633] ? do_sys_open+0x31d/0x5d0 [ 2743.340595][T28633] ? tomoyo_file_ioctl+0x23/0x30 [ 2743.345550][T28633] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2743.351807][T28633] ? security_file_ioctl+0x8d/0xc0 [ 2743.356952][T28633] ksys_ioctl+0xab/0xd0 [ 2743.361114][T28633] __x64_sys_ioctl+0x73/0xb0 [ 2743.365719][T28633] do_syscall_64+0xfd/0x6a0 [ 2743.370219][T28633] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2743.376099][T28633] RIP: 0033:0x459687 [ 2743.379996][T28633] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2743.399637][T28633] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2743.408071][T28633] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 [ 2743.416047][T28633] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 04:13:31 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000074000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2743.424013][T28633] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2743.432081][T28633] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2743.440066][T28633] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:31 executing program 3 (fault-call:0 fault-nth:26): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2743.672581][T28802] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:31 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:31 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a001100000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2743.870501][T29063] FAULT_INJECTION: forcing a failure. [ 2743.870501][T29063] name failslab, interval 1, probability 0, space 0, times 0 [ 2743.883448][T29063] CPU: 1 PID: 29063 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2743.891103][T29063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2743.901187][T29063] Call Trace: [ 2743.904518][T29063] dump_stack+0x16f/0x1f0 [ 2743.908971][T29063] should_fail.cold+0xa/0x15 [ 2743.913622][T29063] ? fault_create_debugfs_attr+0x180/0x180 04:13:31 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xf9, 0xe00000000000000) [ 2743.919472][T29063] __should_failslab+0x121/0x190 [ 2743.924437][T29063] should_failslab+0x9/0x14 [ 2743.928981][T29063] kmem_cache_alloc+0x298/0x700 [ 2743.933895][T29063] ? lock_downgrade+0x920/0x920 [ 2743.938799][T29063] ? __mutex_lock+0x3a9/0x1330 [ 2743.943602][T29063] __kernfs_new_node+0xf0/0x690 [ 2743.948489][T29063] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2743.954116][T29063] ? wait_for_completion+0x440/0x440 [ 2743.959422][T29063] ? mutex_unlock+0xd/0x10 [ 2743.963838][T29063] ? kernfs_activate+0x192/0x1f0 [ 2743.968937][T29063] kernfs_new_node+0x96/0x120 [ 2743.973625][T29063] __kernfs_create_file+0x51/0x33b [ 2743.978765][T29063] sysfs_add_file_mode_ns+0x222/0x560 [ 2743.984192][T29063] internal_create_group+0x359/0xc30 [ 2743.989487][T29063] ? bd_set_size+0x3f/0xb0 [ 2743.993902][T29063] ? remove_files.isra.0+0x190/0x190 [ 2743.999189][T29063] ? __down_timeout+0x2d0/0x2d0 [ 2744.004059][T29063] ? __kasan_check_write+0x14/0x20 [ 2744.009172][T29063] ? up_write+0x9d/0x280 [ 2744.013454][T29063] sysfs_create_group+0x20/0x30 [ 2744.018316][T29063] loop_set_fd+0xb3b/0x10c0 [ 2744.022834][T29063] lo_ioctl+0x1a3/0x1460 [ 2744.027102][T29063] ? loop_set_fd+0x10c0/0x10c0 [ 2744.031880][T29063] blkdev_ioctl+0xedb/0x1c1a [ 2744.036470][T29063] ? blkpg_ioctl+0xa90/0xa90 [ 2744.041090][T29063] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2744.046911][T29063] block_ioctl+0xee/0x130 [ 2744.051246][T29063] ? blkdev_fallocate+0x410/0x410 [ 2744.056292][T29063] do_vfs_ioctl+0xdb6/0x13e0 [ 2744.060872][T29063] ? ioctl_preallocate+0x210/0x210 [ 2744.065974][T29063] ? __fget+0x388/0x560 04:13:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0xb00000000000000}, 0x0) [ 2744.070143][T29063] ? ksys_dup3+0x3e0/0x3e0 [ 2744.074583][T29063] ? do_sys_open+0x31d/0x5d0 [ 2744.079207][T29063] ? tomoyo_file_ioctl+0x23/0x30 [ 2744.084166][T29063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2744.090466][T29063] ? security_file_ioctl+0x8d/0xc0 [ 2744.095662][T29063] ksys_ioctl+0xab/0xd0 [ 2744.099844][T29063] __x64_sys_ioctl+0x73/0xb0 [ 2744.104456][T29063] do_syscall_64+0xfd/0x6a0 [ 2744.108980][T29063] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2744.114878][T29063] RIP: 0033:0x459687 [ 2744.118779][T29063] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2744.138392][T29063] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2744.146804][T29063] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 [ 2744.154785][T29063] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2744.162796][T29063] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2744.173784][T29063] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2744.181880][T29063] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:31 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000007a000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:32 executing program 3 (fault-call:0 fault-nth:27): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:32 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2744.416845][T29127] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:32 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401100000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:32 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xfa, 0xe00000000000000) 04:13:32 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2744.651430][T29399] FAULT_INJECTION: forcing a failure. [ 2744.651430][T29399] name failslab, interval 1, probability 0, space 0, times 0 [ 2744.664193][T29399] CPU: 1 PID: 29399 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2744.671836][T29399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2744.681988][T29399] Call Trace: [ 2744.685378][T29399] dump_stack+0x16f/0x1f0 [ 2744.689727][T29399] should_fail.cold+0xa/0x15 [ 2744.694339][T29399] ? fault_create_debugfs_attr+0x180/0x180 04:13:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0xf00000000000000}, 0x0) [ 2744.700176][T29399] __should_failslab+0x121/0x190 [ 2744.705133][T29399] should_failslab+0x9/0x14 [ 2744.709647][T29399] kmem_cache_alloc_trace+0x2c3/0x770 [ 2744.715048][T29399] kobject_uevent_env+0x387/0x1023 [ 2744.720174][T29399] ? __kasan_check_write+0x14/0x20 [ 2744.725284][T29399] ? up_write+0x9d/0x280 [ 2744.729520][T29399] kobject_uevent+0x20/0x26 [ 2744.734014][T29399] loop_set_fd+0xbcc/0x10c0 [ 2744.738509][T29399] lo_ioctl+0x1a3/0x1460 [ 2744.742739][T29399] ? loop_set_fd+0x10c0/0x10c0 [ 2744.747493][T29399] blkdev_ioctl+0xedb/0x1c1a [ 2744.752089][T29399] ? blkpg_ioctl+0xa90/0xa90 [ 2744.756689][T29399] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2744.762496][T29399] block_ioctl+0xee/0x130 [ 2744.766808][T29399] ? blkdev_fallocate+0x410/0x410 [ 2744.771814][T29399] do_vfs_ioctl+0xdb6/0x13e0 [ 2744.776391][T29399] ? ioctl_preallocate+0x210/0x210 [ 2744.781491][T29399] ? __fget+0x388/0x560 [ 2744.785650][T29399] ? ksys_dup3+0x3e0/0x3e0 [ 2744.790075][T29399] ? do_sys_open+0x31d/0x5d0 [ 2744.794684][T29399] ? tomoyo_file_ioctl+0x23/0x30 [ 2744.799636][T29399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2744.805876][T29399] ? security_file_ioctl+0x8d/0xc0 [ 2744.810981][T29399] ksys_ioctl+0xab/0xd0 [ 2744.815136][T29399] __x64_sys_ioctl+0x73/0xb0 [ 2744.819719][T29399] do_syscall_64+0xfd/0x6a0 [ 2744.824245][T29399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2744.830135][T29399] RIP: 0033:0x459687 [ 2744.834017][T29399] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2744.853633][T29399] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2744.862035][T29399] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 [ 2744.870006][T29399] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2744.877960][T29399] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2744.885952][T29399] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2744.893942][T29399] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:32 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000088000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:32 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:32 executing program 3 (fault-call:0 fault-nth:28): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2745.140892][T29524] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:32 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801100000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2745.332689][T29634] FAULT_INJECTION: forcing a failure. [ 2745.332689][T29634] name failslab, interval 1, probability 0, space 0, times 0 [ 2745.345715][T29634] CPU: 0 PID: 29634 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2745.353367][T29634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2745.363443][T29634] Call Trace: [ 2745.366766][T29634] dump_stack+0x16f/0x1f0 [ 2745.371123][T29634] should_fail.cold+0xa/0x15 [ 2745.375743][T29634] ? fault_create_debugfs_attr+0x180/0x180 [ 2745.381578][T29634] __should_failslab+0x121/0x190 [ 2745.386537][T29634] should_failslab+0x9/0x14 [ 2745.391085][T29634] kmem_cache_alloc_trace+0x2c3/0x770 [ 2745.396583][T29634] kobject_uevent_env+0x387/0x1023 [ 2745.401753][T29634] ? __kasan_check_write+0x14/0x20 [ 2745.406897][T29634] ? up_write+0x9d/0x280 [ 2745.411178][T29634] kobject_uevent+0x20/0x26 [ 2745.415733][T29634] loop_set_fd+0xbcc/0x10c0 [ 2745.420283][T29634] lo_ioctl+0x1a3/0x1460 [ 2745.424563][T29634] ? loop_set_fd+0x10c0/0x10c0 04:13:33 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:33 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xfb, 0xe00000000000000) [ 2745.429365][T29634] blkdev_ioctl+0xedb/0x1c1a [ 2745.433988][T29634] ? blkpg_ioctl+0xa90/0xa90 [ 2745.438623][T29634] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2745.444489][T29634] block_ioctl+0xee/0x130 [ 2745.448888][T29634] ? blkdev_fallocate+0x410/0x410 [ 2745.453945][T29634] do_vfs_ioctl+0xdb6/0x13e0 [ 2745.458566][T29634] ? ioctl_preallocate+0x210/0x210 [ 2745.463740][T29634] ? __fget+0x388/0x560 [ 2745.467932][T29634] ? ksys_dup3+0x3e0/0x3e0 [ 2745.472414][T29634] ? do_sys_open+0x31d/0x5d0 [ 2745.477038][T29634] ? tomoyo_file_ioctl+0x23/0x30 04:13:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x1000000000000000}, 0x0) [ 2745.482005][T29634] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2745.488273][T29634] ? security_file_ioctl+0x8d/0xc0 [ 2745.493418][T29634] ksys_ioctl+0xab/0xd0 [ 2745.497602][T29634] __x64_sys_ioctl+0x73/0xb0 [ 2745.502215][T29634] do_syscall_64+0xfd/0x6a0 [ 2745.506751][T29634] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2745.512657][T29634] RIP: 0033:0x459687 [ 2745.516569][T29634] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2745.536186][T29634] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2745.544605][T29634] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 [ 2745.552583][T29634] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2745.560665][T29634] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2745.568777][T29634] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 04:13:33 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000200000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2745.576755][T29634] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:33 executing program 3 (fault-call:0 fault-nth:29): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2745.835594][T29858] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:33 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xfc, 0xe00000000000000) 04:13:33 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:33 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01100000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2746.057500][T30032] FAULT_INJECTION: forcing a failure. [ 2746.057500][T30032] name failslab, interval 1, probability 0, space 0, times 0 [ 2746.070467][T30032] CPU: 1 PID: 30032 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2746.078118][T30032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2746.088197][T30032] Call Trace: [ 2746.091512][T30032] dump_stack+0x16f/0x1f0 [ 2746.095859][T30032] should_fail.cold+0xa/0x15 [ 2746.100467][T30032] ? fault_create_debugfs_attr+0x180/0x180 [ 2746.106320][T30032] __should_failslab+0x121/0x190 [ 2746.111277][T30032] should_failslab+0x9/0x14 [ 2746.115799][T30032] kmem_cache_alloc+0x298/0x700 [ 2746.120848][T30032] ? lock_downgrade+0x920/0x920 [ 2746.125717][T30032] ? __mutex_lock+0x3a9/0x1330 [ 2746.130516][T30032] __kernfs_new_node+0xf0/0x690 [ 2746.135404][T30032] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2746.140895][T30032] ? wait_for_completion+0x440/0x440 [ 2746.146220][T30032] ? mutex_unlock+0xd/0x10 [ 2746.150663][T30032] ? kernfs_activate+0x192/0x1f0 04:13:33 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xfd, 0xe00000000000000) 04:13:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x1100000000000000}, 0x0) [ 2746.155665][T30032] kernfs_new_node+0x96/0x120 [ 2746.160368][T30032] __kernfs_create_file+0x51/0x33b [ 2746.166352][T30032] sysfs_add_file_mode_ns+0x222/0x560 [ 2746.179621][T30032] internal_create_group+0x359/0xc30 [ 2746.185122][T30032] ? bd_set_size+0x3f/0xb0 [ 2746.189546][T30032] ? remove_files.isra.0+0x190/0x190 [ 2746.194839][T30032] ? __down_timeout+0x2d0/0x2d0 [ 2746.199708][T30032] ? __kasan_check_write+0x14/0x20 [ 2746.204834][T30032] ? up_write+0x9d/0x280 [ 2746.209267][T30032] sysfs_create_group+0x20/0x30 [ 2746.214104][T30032] loop_set_fd+0xb3b/0x10c0 [ 2746.218600][T30032] lo_ioctl+0x1a3/0x1460 [ 2746.222832][T30032] ? loop_set_fd+0x10c0/0x10c0 [ 2746.227612][T30032] blkdev_ioctl+0xedb/0x1c1a [ 2746.232213][T30032] ? blkpg_ioctl+0xa90/0xa90 [ 2746.236797][T30032] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2746.242606][T30032] block_ioctl+0xee/0x130 [ 2746.246920][T30032] ? blkdev_fallocate+0x410/0x410 [ 2746.251943][T30032] do_vfs_ioctl+0xdb6/0x13e0 [ 2746.256559][T30032] ? ioctl_preallocate+0x210/0x210 [ 2746.261656][T30032] ? __fget+0x388/0x560 [ 2746.265799][T30032] ? ksys_dup3+0x3e0/0x3e0 [ 2746.270225][T30032] ? do_sys_open+0x31d/0x5d0 [ 2746.274825][T30032] ? tomoyo_file_ioctl+0x23/0x30 [ 2746.279758][T30032] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2746.285986][T30032] ? security_file_ioctl+0x8d/0xc0 [ 2746.291090][T30032] ksys_ioctl+0xab/0xd0 [ 2746.295255][T30032] __x64_sys_ioctl+0x73/0xb0 [ 2746.299838][T30032] do_syscall_64+0xfd/0x6a0 [ 2746.304335][T30032] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2746.310220][T30032] RIP: 0033:0x459687 [ 2746.314095][T30032] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2746.333703][T30032] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2746.342114][T30032] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 [ 2746.350117][T30032] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2746.358078][T30032] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2746.366033][T30032] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2746.374005][T30032] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:34 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000100000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:34 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2746.587721][T30230] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:34 executing program 3 (fault-call:0 fault-nth:30): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:34 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a001200000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x1200000000000000}, 0x0) 04:13:34 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0xfe, 0xe00000000000000) 04:13:34 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2746.991251][T30545] FAULT_INJECTION: forcing a failure. [ 2746.991251][T30545] name failslab, interval 1, probability 0, space 0, times 0 [ 2747.005088][T30545] CPU: 1 PID: 30545 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2747.012753][T30545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2747.022820][T30545] Call Trace: [ 2747.026129][T30545] dump_stack+0x16f/0x1f0 [ 2747.030467][T30545] should_fail.cold+0xa/0x15 [ 2747.035134][T30545] ? fault_create_debugfs_attr+0x180/0x180 [ 2747.040939][T30545] __should_failslab+0x121/0x190 [ 2747.045968][T30545] should_failslab+0x9/0x14 [ 2747.050464][T30545] kmem_cache_alloc_node_trace+0x269/0x730 [ 2747.056284][T30545] __kmalloc_node_track_caller+0x3d/0x70 [ 2747.061932][T30545] __kmalloc_reserve.isra.0+0x40/0xf0 [ 2747.067325][T30545] __alloc_skb+0x10b/0x5e0 [ 2747.071744][T30545] ? netdev_alloc_frag+0x140/0x140 [ 2747.076884][T30545] alloc_uevent_skb+0x83/0x1e2 [ 2747.081656][T30545] kobject_uevent_env+0xaa3/0x1023 [ 2747.086770][T30545] kobject_uevent+0x20/0x26 [ 2747.091275][T30545] loop_set_fd+0xbcc/0x10c0 [ 2747.095785][T30545] lo_ioctl+0x1a3/0x1460 [ 2747.100029][T30545] ? loop_set_fd+0x10c0/0x10c0 [ 2747.104816][T30545] blkdev_ioctl+0xedb/0x1c1a [ 2747.109419][T30545] ? blkpg_ioctl+0xa90/0xa90 [ 2747.114020][T30545] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2747.119837][T30545] block_ioctl+0xee/0x130 [ 2747.124963][T30545] ? blkdev_fallocate+0x410/0x410 [ 2747.130017][T30545] do_vfs_ioctl+0xdb6/0x13e0 [ 2747.134637][T30545] ? ioctl_preallocate+0x210/0x210 [ 2747.139785][T30545] ? __fget+0x388/0x560 [ 2747.143952][T30545] ? ksys_dup3+0x3e0/0x3e0 [ 2747.148371][T30545] ? tomoyo_file_ioctl+0x23/0x30 [ 2747.153305][T30545] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2747.159566][T30545] ? security_file_ioctl+0x8d/0xc0 [ 2747.164672][T30545] ksys_ioctl+0xab/0xd0 [ 2747.168823][T30545] __x64_sys_ioctl+0x73/0xb0 [ 2747.173414][T30545] do_syscall_64+0xfd/0x6a0 [ 2747.177909][T30545] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2747.183791][T30545] RIP: 0033:0x459687 [ 2747.187683][T30545] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2747.207374][T30545] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2747.215778][T30545] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 [ 2747.223866][T30545] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2747.231838][T30545] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 04:13:34 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000200000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2747.239915][T30545] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2747.247880][T30545] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:34 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401200000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2747.393570][T30640] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:35 executing program 3 (fault-call:0 fault-nth:31): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:35 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:35 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x102, 0xe00000000000000) 04:13:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x1300000000000000}, 0x0) 04:13:35 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000300000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2747.728667][T30875] FAULT_INJECTION: forcing a failure. [ 2747.728667][T30875] name failslab, interval 1, probability 0, space 0, times 0 [ 2747.741469][T30875] CPU: 0 PID: 30875 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2747.749134][T30875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2747.759195][T30875] Call Trace: [ 2747.762503][T30875] dump_stack+0x16f/0x1f0 [ 2747.766852][T30875] should_fail.cold+0xa/0x15 [ 2747.771462][T30875] ? fault_create_debugfs_attr+0x180/0x180 04:13:35 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801200000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:35 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2747.777298][T30875] __should_failslab+0x121/0x190 [ 2747.782352][T30875] should_failslab+0x9/0x14 [ 2747.786863][T30875] kmem_cache_alloc+0x298/0x700 [ 2747.791731][T30875] ? finish_task_switch+0x11d/0x690 [ 2747.796942][T30875] ? finish_task_switch+0xef/0x690 [ 2747.802081][T30875] getname_flags+0xd6/0x5b0 [ 2747.806607][T30875] do_mkdirat+0xa0/0x2a0 [ 2747.810869][T30875] ? __ia32_sys_mknod+0xb0/0xb0 [ 2747.815739][T30875] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2747.821217][T30875] ? do_syscall_64+0x26/0x6a0 [ 2747.825912][T30875] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2747.831998][T30875] ? do_syscall_64+0x26/0x6a0 [ 2747.836713][T30875] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2747.842041][T30875] __x64_sys_mkdir+0x5c/0x80 [ 2747.846327][T30917] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2747.846657][T30875] do_syscall_64+0xfd/0x6a0 [ 2747.859316][T30875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2747.865218][T30875] RIP: 0033:0x458c37 [ 2747.869122][T30875] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2747.888755][T30875] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2747.888772][T30875] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 [ 2747.888779][T30875] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2747.888786][T30875] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2747.888793][T30875] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2747.888800][T30875] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:35 executing program 3 (fault-call:0 fault-nth:32): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:35 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x103, 0xe00000000000000) 04:13:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x1400000000000000}, 0x0) 04:13:35 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2748.189215][T31192] FAULT_INJECTION: forcing a failure. [ 2748.189215][T31192] name failslab, interval 1, probability 0, space 0, times 0 [ 2748.202167][T31192] CPU: 1 PID: 31192 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2748.209859][T31192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2748.219936][T31192] Call Trace: [ 2748.223262][T31192] dump_stack+0x16f/0x1f0 [ 2748.227667][T31192] should_fail.cold+0xa/0x15 [ 2748.232299][T31192] ? fault_create_debugfs_attr+0x180/0x180 04:13:35 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01200000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2748.238163][T31192] __should_failslab+0x121/0x190 [ 2748.238195][T31192] should_failslab+0x9/0x14 [ 2748.238208][T31192] kmem_cache_alloc_node+0x25d/0x720 [ 2748.238223][T31192] ? find_held_lock+0x35/0x130 [ 2748.238241][T31192] ? netlink_has_listeners+0x23d/0x3f0 [ 2748.238263][T31192] __alloc_skb+0xd5/0x5e0 [ 2748.267506][T31192] ? netdev_alloc_frag+0x140/0x140 [ 2748.272626][T31192] alloc_uevent_skb+0x83/0x1e2 [ 2748.277392][T31192] kobject_uevent_env+0xaa3/0x1023 [ 2748.282522][T31192] kobject_uevent+0x20/0x26 [ 2748.287013][T31192] loop_set_fd+0xbcc/0x10c0 [ 2748.291504][T31192] lo_ioctl+0x1a3/0x1460 [ 2748.295732][T31192] ? loop_set_fd+0x10c0/0x10c0 [ 2748.300491][T31192] blkdev_ioctl+0xedb/0x1c1a [ 2748.305071][T31192] ? blkpg_ioctl+0xa90/0xa90 [ 2748.309842][T31192] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2748.315659][T31192] block_ioctl+0xee/0x130 [ 2748.319976][T31192] ? blkdev_fallocate+0x410/0x410 [ 2748.324982][T31192] do_vfs_ioctl+0xdb6/0x13e0 [ 2748.329646][T31192] ? ioctl_preallocate+0x210/0x210 [ 2748.334744][T31192] ? __fget+0x388/0x560 [ 2748.338900][T31192] ? ksys_dup3+0x3e0/0x3e0 [ 2748.343323][T31192] ? tomoyo_file_ioctl+0x23/0x30 [ 2748.348260][T31192] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2748.354486][T31192] ? security_file_ioctl+0x8d/0xc0 [ 2748.359585][T31192] ksys_ioctl+0xab/0xd0 [ 2748.363739][T31192] __x64_sys_ioctl+0x73/0xb0 [ 2748.368337][T31192] do_syscall_64+0xfd/0x6a0 [ 2748.372877][T31192] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2748.378764][T31192] RIP: 0033:0x459687 [ 2748.382659][T31192] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2748.402267][T31192] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2748.410704][T31192] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 [ 2748.418677][T31192] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2748.426637][T31192] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2748.434587][T31192] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2748.442543][T31192] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2748.450967][ C1] net_ratelimit: 20 callbacks suppressed [ 2748.450974][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2748.463243][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:13:36 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000400000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:36 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x543], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2748.650313][T31327] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:36 executing program 3 (fault-call:0 fault-nth:33): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:36 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x104, 0xe00000000000000) 04:13:36 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a001300000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x4000000000000000}, 0x0) 04:13:36 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2748.940153][T31534] FAULT_INJECTION: forcing a failure. [ 2748.940153][T31534] name failslab, interval 1, probability 0, space 0, times 0 [ 2748.952891][T31534] CPU: 0 PID: 31534 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2748.960537][T31534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2748.970610][T31534] Call Trace: [ 2748.973930][T31534] dump_stack+0x16f/0x1f0 [ 2748.978291][T31534] should_fail.cold+0xa/0x15 [ 2748.982915][T31534] ? fault_create_debugfs_attr+0x180/0x180 04:13:36 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x105, 0xe00000000000000) [ 2748.988759][T31534] __should_failslab+0x121/0x190 [ 2748.993735][T31534] should_failslab+0x9/0x14 [ 2748.998286][T31534] kmem_cache_alloc_node+0x25d/0x720 [ 2749.003605][T31534] ? find_held_lock+0x35/0x130 [ 2749.008391][T31534] ? netlink_has_listeners+0x23d/0x3f0 [ 2749.013871][T31534] __alloc_skb+0xd5/0x5e0 [ 2749.018219][T31534] ? netdev_alloc_frag+0x140/0x140 [ 2749.023375][T31534] alloc_uevent_skb+0x83/0x1e2 [ 2749.028173][T31534] kobject_uevent_env+0xaa3/0x1023 [ 2749.033320][T31534] kobject_uevent+0x20/0x26 [ 2749.037860][T31534] loop_set_fd+0xbcc/0x10c0 [ 2749.042472][T31534] lo_ioctl+0x1a3/0x1460 [ 2749.046748][T31534] ? loop_set_fd+0x10c0/0x10c0 [ 2749.051553][T31534] blkdev_ioctl+0xedb/0x1c1a [ 2749.056154][T31534] ? blkpg_ioctl+0xa90/0xa90 [ 2749.060943][T31534] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2749.066949][T31534] block_ioctl+0xee/0x130 [ 2749.071294][T31534] ? blkdev_fallocate+0x410/0x410 [ 2749.074865][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2749.076330][T31534] do_vfs_ioctl+0xdb6/0x13e0 [ 2749.076355][T31534] ? ioctl_preallocate+0x210/0x210 [ 2749.076376][T31534] ? __fget+0x388/0x560 [ 2749.082371][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2749.086963][T31534] ? ksys_dup3+0x3e0/0x3e0 [ 2749.086978][T31534] ? do_sys_open+0x31d/0x5d0 [ 2749.086993][T31534] ? tomoyo_file_ioctl+0x23/0x30 [ 2749.087009][T31534] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2749.087025][T31534] ? security_file_ioctl+0x8d/0xc0 [ 2749.087044][T31534] ksys_ioctl+0xab/0xd0 [ 2749.092481][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2749.096422][T31534] __x64_sys_ioctl+0x73/0xb0 [ 2749.096440][T31534] do_syscall_64+0xfd/0x6a0 [ 2749.096461][T31534] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2749.096479][T31534] RIP: 0033:0x459687 [ 2749.102327][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2749.106632][T31534] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2749.106641][T31534] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2749.106653][T31534] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459687 [ 2749.106660][T31534] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2749.106668][T31534] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2749.106689][T31534] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2749.111474][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2749.116203][T31534] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:36 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000500000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2749.116510][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2749.123794][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2749.128943][ C0] protocol 88fb is buggy, dev hsr_slave_1 04:13:37 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x608], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2749.383308][T31672] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:37 executing program 3 (fault-call:0 fault-nth:34): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:37 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401300000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:37 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x106, 0xe00000000000000) 04:13:37 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x689], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0xffffff7f00000000}, 0x0) 04:13:37 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000600000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2749.708573][T31964] FAULT_INJECTION: forcing a failure. [ 2749.708573][T31964] name failslab, interval 1, probability 0, space 0, times 0 [ 2749.721468][T31964] CPU: 0 PID: 31964 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2749.729110][T31964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2749.739174][T31964] Call Trace: [ 2749.742478][T31964] dump_stack+0x16f/0x1f0 [ 2749.746830][T31964] should_fail.cold+0xa/0x15 [ 2749.751443][T31964] ? fault_create_debugfs_attr+0x180/0x180 [ 2749.757276][T31964] __should_failslab+0x121/0x190 [ 2749.757300][T31964] should_failslab+0x9/0x14 [ 2749.757323][T31964] kmem_cache_alloc+0x298/0x700 [ 2749.766754][T31964] ? __fget+0x388/0x560 [ 2749.775747][T31964] getname_flags+0xd6/0x5b0 [ 2749.780266][T31964] do_mkdirat+0xa0/0x2a0 [ 2749.784527][T31964] ? __ia32_sys_mknod+0xb0/0xb0 [ 2749.789387][T31964] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2749.794863][T31964] ? do_syscall_64+0x26/0x6a0 [ 2749.799551][T31964] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2749.805622][T31964] ? do_syscall_64+0x26/0x6a0 [ 2749.810311][T31964] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2749.815610][T31964] __x64_sys_mkdir+0x5c/0x80 [ 2749.820219][T31964] do_syscall_64+0xfd/0x6a0 [ 2749.824741][T31964] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2749.830759][T31964] RIP: 0033:0x458c37 [ 2749.834662][T31964] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2749.854541][T31964] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2749.862960][T31964] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 [ 2749.870960][T31964] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2749.878940][T31964] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2749.886921][T31964] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2749.894909][T31964] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2749.925049][T31978] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:37 executing program 3 (fault-call:0 fault-nth:35): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:37 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:37 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801300000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:37 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x107, 0xe00000000000000) [ 2750.219934][T32209] FAULT_INJECTION: forcing a failure. [ 2750.219934][T32209] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2750.233175][T32209] CPU: 1 PID: 32209 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2750.240822][T32209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2750.251113][T32209] Call Trace: [ 2750.254883][T32209] dump_stack+0x16f/0x1f0 [ 2750.259234][T32209] should_fail.cold+0xa/0x15 [ 2750.263866][T32209] ? fault_create_debugfs_attr+0x180/0x180 [ 2750.269688][T32209] ? __kasan_check_read+0x11/0x20 [ 2750.274737][T32209] ? __lock_acquire+0x1702/0x4c30 [ 2750.279787][T32209] should_fail_alloc_page+0x50/0x60 [ 2750.285000][T32209] __alloc_pages_nodemask+0x1a1/0x8e0 [ 2750.290388][T32209] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2750.296035][T32209] ? __alloc_pages_slowpath+0x2520/0x2520 [ 2750.301778][T32209] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2750.307436][T32209] cache_grow_begin+0x90/0xc90 [ 2750.312224][T32209] ? trace_hardirqs_off+0x62/0x210 [ 2750.317438][T32209] kmem_cache_alloc+0x636/0x700 [ 2750.322312][T32209] ? trace_hardirqs_on+0x67/0x220 [ 2750.327373][T32209] getname_flags+0xd6/0x5b0 [ 2750.331896][T32209] do_mkdirat+0xa0/0x2a0 [ 2750.336165][T32209] ? __ia32_sys_mknod+0xb0/0xb0 [ 2750.341035][T32209] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2750.346517][T32209] ? do_syscall_64+0x26/0x6a0 [ 2750.351220][T32209] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2750.357391][T32209] ? do_syscall_64+0x26/0x6a0 [ 2750.362151][T32209] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2750.367465][T32209] __x64_sys_mkdir+0x5c/0x80 [ 2750.372075][T32209] do_syscall_64+0xfd/0x6a0 [ 2750.376614][T32209] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2750.382515][T32209] RIP: 0033:0x458c37 [ 2750.386451][T32209] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2750.406066][T32209] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 04:13:38 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x806], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2750.414485][T32209] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 [ 2750.422499][T32209] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2750.430487][T32209] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2750.438465][T32209] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2750.446442][T32209] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:38 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000700000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x2}, 0x0) 04:13:38 executing program 3 (fault-call:0 fault-nth:36): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2750.736918][T32391] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:38 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01300000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:38 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x108, 0xe00000000000000) 04:13:38 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2750.906262][T32423] FAULT_INJECTION: forcing a failure. [ 2750.906262][T32423] name failslab, interval 1, probability 0, space 0, times 0 [ 2750.919961][T32423] CPU: 1 PID: 32423 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2750.927642][T32423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2750.937709][T32423] Call Trace: [ 2750.941107][T32423] dump_stack+0x16f/0x1f0 [ 2750.945488][T32423] should_fail.cold+0xa/0x15 [ 2750.950106][T32423] ? fault_create_debugfs_attr+0x180/0x180 [ 2750.956790][T32423] __should_failslab+0x121/0x190 [ 2750.961782][T32423] should_failslab+0x9/0x14 [ 2750.966883][T32423] kmem_cache_alloc+0x298/0x700 [ 2750.971756][T32423] ? __d_lookup+0x433/0x760 [ 2750.976276][T32423] ? lookup_dcache+0x23/0x140 [ 2750.980967][T32423] ? d_lookup+0xf9/0x260 [ 2750.985230][T32423] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2750.990533][T32423] __d_alloc+0x2e/0x8c0 [ 2750.994711][T32423] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2751.000452][T32423] d_alloc+0x4d/0x280 [ 2751.004456][T32423] __lookup_hash+0xcd/0x190 [ 2751.008983][T32423] filename_create+0x1a7/0x4f0 [ 2751.013778][T32423] ? kern_path_mountpoint+0x40/0x40 [ 2751.019008][T32423] ? strncpy_from_user+0x2b4/0x400 [ 2751.024148][T32423] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2751.030420][T32423] ? getname_flags+0x277/0x5b0 [ 2751.035301][T32423] do_mkdirat+0xb5/0x2a0 [ 2751.039569][T32423] ? __ia32_sys_mknod+0xb0/0xb0 [ 2751.044440][T32423] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2751.049924][T32423] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe 04:13:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x3}, 0x0) [ 2751.056019][T32423] ? do_syscall_64+0x26/0x6a0 [ 2751.060744][T32423] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2751.066083][T32423] __x64_sys_mkdir+0x5c/0x80 [ 2751.070701][T32423] do_syscall_64+0xfd/0x6a0 [ 2751.075236][T32423] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2751.081142][T32423] RIP: 0033:0x458c37 [ 2751.085173][T32423] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 04:13:38 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000feffff0700000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2751.104895][T32423] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2751.113327][T32423] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 [ 2751.121317][T32423] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2751.130800][T32423] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2751.138918][T32423] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2751.146905][T32423] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:38 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:38 executing program 3 (fault-call:0 fault-nth:37): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2751.309725][T32678] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:39 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a001400000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:39 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x109, 0xe00000000000000) [ 2751.473466][ T386] FAULT_INJECTION: forcing a failure. [ 2751.473466][ T386] name failslab, interval 1, probability 0, space 0, times 0 [ 2751.487123][ T386] CPU: 1 PID: 386 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2751.494592][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2751.504657][ T386] Call Trace: [ 2751.507994][ T386] dump_stack+0x16f/0x1f0 [ 2751.512347][ T386] should_fail.cold+0xa/0x15 [ 2751.516961][ T386] ? fault_create_debugfs_attr+0x180/0x180 04:13:39 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe80], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2751.522798][ T386] ? __kasan_check_read+0x11/0x20 [ 2751.527857][ T386] __should_failslab+0x121/0x190 [ 2751.532809][ T386] should_failslab+0x9/0x14 [ 2751.537325][ T386] __kmalloc+0x2ce/0x760 [ 2751.541598][ T386] ? tomoyo_realpath_from_path+0xc0/0x7b0 [ 2751.547683][ T386] ? tomoyo_realpath_from_path+0xc0/0x7b0 [ 2751.553422][ T386] ? rcu_read_lock_sched_held+0x110/0x130 [ 2751.559190][ T386] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 2751.564971][ T386] tomoyo_realpath_from_path+0xcd/0x7b0 [ 2751.570542][ T386] ? tomoyo_path_number_perm+0x193/0x520 [ 2751.576206][ T386] tomoyo_path_number_perm+0x1dd/0x520 [ 2751.581675][ T386] ? tomoyo_path_number_perm+0x193/0x520 [ 2751.587414][ T386] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2751.593235][ T386] ? find_held_lock+0x35/0x130 [ 2751.598084][ T386] ? putname+0xef/0x130 [ 2751.602294][ T386] ? putname+0xef/0x130 [ 2751.606485][ T386] ? rcu_read_lock_sched_held+0x110/0x130 [ 2751.612257][ T386] ? kmem_cache_free+0x259/0x310 [ 2751.617207][ T386] tomoyo_path_mkdir+0xaa/0xf0 [ 2751.621972][ T386] ? tomoyo_file_ioctl+0x30/0x30 [ 2751.626916][ T386] ? kern_path_mountpoint+0x40/0x40 [ 2751.632121][ T386] ? strncpy_from_user+0x2b4/0x400 [ 2751.637239][ T386] security_path_mkdir+0x113/0x170 [ 2751.642365][ T386] do_mkdirat+0x160/0x2a0 [ 2751.646708][ T386] ? __ia32_sys_mknod+0xb0/0xb0 [ 2751.651559][ T386] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2751.657112][ T386] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2751.663175][ T386] ? do_syscall_64+0x26/0x6a0 [ 2751.667951][ T386] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2751.673241][ T386] __x64_sys_mkdir+0x5c/0x80 [ 2751.677830][ T386] do_syscall_64+0xfd/0x6a0 [ 2751.682346][ T386] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2751.688240][ T386] RIP: 0033:0x458c37 [ 2751.692155][ T386] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2751.711879][ T386] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 04:13:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x4}, 0x0) [ 2751.720283][ T386] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 [ 2751.728246][ T386] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2751.736212][ T386] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2751.744174][ T386] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2751.752145][ T386] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2751.760282][ T386] ERROR: Out of memory at tomoyo_realpath_from_path. 04:13:39 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000a00000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:39 executing program 3 (fault-call:0 fault-nth:38): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2751.987439][ T559] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:39 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401400000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:39 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1021], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:39 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x10a, 0xe00000000000000) [ 2752.183596][ T748] FAULT_INJECTION: forcing a failure. [ 2752.183596][ T748] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2752.196833][ T748] CPU: 0 PID: 748 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2752.204295][ T748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2752.214354][ T748] Call Trace: [ 2752.217658][ T748] dump_stack+0x16f/0x1f0 [ 2752.222014][ T748] should_fail.cold+0xa/0x15 [ 2752.226631][ T748] ? fault_create_debugfs_attr+0x180/0x180 [ 2752.232464][ T748] ? __kasan_check_read+0x11/0x20 [ 2752.237505][ T748] ? __lock_acquire+0x1702/0x4c30 [ 2752.242555][ T748] should_fail_alloc_page+0x50/0x60 [ 2752.247764][ T748] __alloc_pages_nodemask+0x1a1/0x8e0 [ 2752.253149][ T748] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2752.258799][ T748] ? __alloc_pages_slowpath+0x2520/0x2520 [ 2752.264538][ T748] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2752.270195][ T748] cache_grow_begin+0x90/0xc90 [ 2752.274982][ T748] ? trace_hardirqs_off+0x62/0x210 [ 2752.280103][ T748] kmem_cache_alloc+0x636/0x700 [ 2752.284967][ T748] ? finish_task_switch+0x11d/0x690 [ 2752.290190][ T748] getname_flags+0xd6/0x5b0 [ 2752.294730][ T748] do_mkdirat+0xa0/0x2a0 [ 2752.298990][ T748] ? __ia32_sys_mknod+0xb0/0xb0 [ 2752.303857][ T748] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2752.309322][ T748] ? do_syscall_64+0x26/0x6a0 [ 2752.309344][ T748] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2752.309360][ T748] ? do_syscall_64+0x26/0x6a0 [ 2752.309381][ T748] ? lockdep_hardirqs_on+0x418/0x5d0 04:13:39 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2752.309407][ T748] __x64_sys_mkdir+0x5c/0x80 [ 2752.320128][ T748] do_syscall_64+0xfd/0x6a0 [ 2752.339120][ T748] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2752.345017][ T748] RIP: 0033:0x458c37 [ 2752.348916][ T748] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2752.368546][ T748] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 04:13:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x5}, 0x0) 04:13:40 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000001100000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2752.368572][ T748] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 [ 2752.384934][ T748] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2752.384944][ T748] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2752.384952][ T748] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2752.384959][ T748] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:40 executing program 3 (fault-call:0 fault-nth:39): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2752.570104][ T910] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:40 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x10b, 0xe00000000000000) 04:13:40 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801400000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2752.759651][ T1007] FAULT_INJECTION: forcing a failure. [ 2752.759651][ T1007] name failslab, interval 1, probability 0, space 0, times 0 [ 2752.773381][ T1007] CPU: 1 PID: 1007 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2752.780937][ T1007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2752.790993][ T1007] Call Trace: [ 2752.794299][ T1007] dump_stack+0x16f/0x1f0 [ 2752.798680][ T1007] should_fail.cold+0xa/0x15 [ 2752.803287][ T1007] ? fault_create_debugfs_attr+0x180/0x180 [ 2752.809110][ T1007] __should_failslab+0x121/0x190 [ 2752.814057][ T1007] should_failslab+0x9/0x14 [ 2752.818575][ T1007] __kmalloc+0x2ce/0x760 [ 2752.822842][ T1007] ? mark_lock+0xc0/0x11e0 [ 2752.827269][ T1007] ? __kasan_check_read+0x11/0x20 [ 2752.832307][ T1007] ? ext4_find_extent+0x76e/0x9d0 [ 2752.837346][ T1007] ext4_find_extent+0x76e/0x9d0 [ 2752.842221][ T1007] ext4_ext_map_blocks+0x1dc/0x4f50 [ 2752.847437][ T1007] ? find_held_lock+0x35/0x130 [ 2752.852310][ T1007] ? ext4_ext_release+0x10/0x10 [ 2752.857195][ T1007] ? __kasan_check_write+0x14/0x20 [ 2752.862318][ T1007] ? down_read+0x10a/0x3f0 [ 2752.866763][ T1007] ? down_read_killable+0x460/0x460 [ 2752.871975][ T1007] ? rcu_read_lock_sched_held+0x110/0x130 [ 2752.877709][ T1007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2752.883962][ T1007] ? ext4_es_lookup_extent+0x3fd/0xb80 [ 2752.889439][ T1007] ext4_map_blocks+0xdc5/0x17f0 [ 2752.894305][ T1007] ? __ext4_new_inode+0x2dad/0x4da0 [ 2752.899536][ T1007] ? ext4_issue_zeroout+0x190/0x190 [ 2752.904755][ T1007] ext4_getblk+0xc4/0x580 [ 2752.909095][ T1007] ? ext4_iomap_begin+0x1000/0x1000 [ 2752.914311][ T1007] ext4_bread+0x93/0x270 [ 2752.918566][ T1007] ? ext4_getblk+0x580/0x580 [ 2752.923180][ T1007] ext4_append+0x155/0x370 [ 2752.927617][ T1007] ext4_mkdir+0x632/0xe20 [ 2752.931962][ T1007] ? ext4_init_dot_dotdot+0x520/0x520 [ 2752.937344][ T1007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2752.943950][ T1007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2752.950205][ T1007] ? security_inode_permission+0xcb/0x100 [ 2752.955934][ T1007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2752.962183][ T1007] ? security_inode_mkdir+0xe4/0x120 [ 2752.967485][ T1007] vfs_mkdir+0x42e/0x670 [ 2752.971749][ T1007] do_mkdirat+0x234/0x2a0 [ 2752.976096][ T1007] ? __ia32_sys_mknod+0xb0/0xb0 [ 2752.980955][ T1007] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2752.986435][ T1007] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2752.992510][ T1007] ? do_syscall_64+0x26/0x6a0 [ 2752.997213][ T1007] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2753.002510][ T1007] __x64_sys_mkdir+0x5c/0x80 [ 2753.007111][ T1007] do_syscall_64+0xfd/0x6a0 [ 2753.011634][ T1007] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2753.017529][ T1007] RIP: 0033:0x458c37 [ 2753.021431][ T1007] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2753.041040][ T1007] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2753.049458][ T1007] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 04:13:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x6}, 0x0) 04:13:40 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2110], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:40 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000002000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2753.057436][ T1007] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2753.065406][ T1007] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2753.073380][ T1007] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2753.081355][ T1007] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:40 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2800], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:40 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x10c, 0xe00000000000000) [ 2753.277885][ T1234] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:40 executing program 3 (fault-call:0 fault-nth:40): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:40 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01400000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:41 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3580], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2753.563254][ T1480] FAULT_INJECTION: forcing a failure. [ 2753.563254][ T1480] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2753.576481][ T1480] CPU: 0 PID: 1480 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2753.576517][ T1480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2753.576524][ T1480] Call Trace: [ 2753.576550][ T1480] dump_stack+0x16f/0x1f0 [ 2753.576574][ T1480] should_fail.cold+0xa/0x15 [ 2753.576594][ T1480] ? fault_create_debugfs_attr+0x180/0x180 [ 2753.576611][ T1480] ? is_bpf_text_address+0xae/0x170 [ 2753.576637][ T1480] should_fail_alloc_page+0x50/0x60 [ 2753.576653][ T1480] __alloc_pages_nodemask+0x1a1/0x8e0 [ 2753.576674][ T1480] ? __alloc_pages_slowpath+0x2520/0x2520 [ 2753.576710][ T1480] ? __kasan_check_read+0x11/0x20 [ 2753.576730][ T1480] cache_grow_begin+0x90/0xc90 [ 2753.576758][ T1480] ? trace_hardirqs_off+0x62/0x210 [ 2753.594344][ T1480] __kmalloc+0x694/0x760 [ 2753.594362][ T1480] ? tomoyo_realpath_from_path+0xc0/0x7b0 04:13:41 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2753.594384][ T1480] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 2753.594404][ T1480] tomoyo_realpath_from_path+0xcd/0x7b0 [ 2753.594425][ T1480] ? tomoyo_path_number_perm+0x193/0x520 [ 2753.606609][ T1480] tomoyo_path_number_perm+0x1dd/0x520 [ 2753.617602][ T1480] ? tomoyo_path_number_perm+0x193/0x520 [ 2753.687321][ T1480] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2753.693141][ T1480] ? find_held_lock+0x35/0x130 [ 2753.697952][ T1480] ? putname+0xef/0x130 [ 2753.702121][ T1480] ? putname+0xef/0x130 [ 2753.706296][ T1480] ? rcu_read_lock_sched_held+0x110/0x130 [ 2753.712196][ T1480] ? kmem_cache_free+0x259/0x310 [ 2753.717145][ T1480] tomoyo_path_mkdir+0xaa/0xf0 [ 2753.721916][ T1480] ? tomoyo_file_ioctl+0x30/0x30 [ 2753.727209][ T1480] ? kern_path_mountpoint+0x40/0x40 [ 2753.732425][ T1480] ? strncpy_from_user+0x2b4/0x400 [ 2753.737676][ T1480] security_path_mkdir+0x113/0x170 [ 2753.742905][ T1480] do_mkdirat+0x160/0x2a0 [ 2753.747254][ T1480] ? __ia32_sys_mknod+0xb0/0xb0 [ 2753.752148][ T1480] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2753.757619][ T1480] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2753.763711][ T1480] ? do_syscall_64+0x26/0x6a0 [ 2753.768422][ T1480] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2753.773729][ T1480] __x64_sys_mkdir+0x5c/0x80 [ 2753.778323][ T1480] do_syscall_64+0xfd/0x6a0 [ 2753.782894][ T1480] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2753.788797][ T1480] RIP: 0033:0x458c37 [ 2753.792695][ T1480] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 04:13:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x8}, 0x0) 04:13:41 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x10d, 0xe00000000000000) [ 2753.812309][ T1480] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2753.820733][ T1480] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 [ 2753.828726][ T1480] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2753.836720][ T1480] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2753.844715][ T1480] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2753.852733][ T1480] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:41 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000003f00000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:41 executing program 3 (fault-call:0 fault-nth:41): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:41 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a001500000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:41 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2754.114977][ T1532] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2754.299431][ T1768] FAULT_INJECTION: forcing a failure. [ 2754.299431][ T1768] name failslab, interval 1, probability 0, space 0, times 0 [ 2754.312365][ T1768] CPU: 0 PID: 1768 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2754.319927][ T1768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2754.330728][ T1768] Call Trace: [ 2754.334036][ T1768] dump_stack+0x16f/0x1f0 [ 2754.338395][ T1768] should_fail.cold+0xa/0x15 [ 2754.343009][ T1768] ? fault_create_debugfs_attr+0x180/0x180 04:13:41 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x10e, 0xe00000000000000) [ 2754.348849][ T1768] __should_failslab+0x121/0x190 [ 2754.353830][ T1768] should_failslab+0x9/0x14 [ 2754.358349][ T1768] __kmalloc+0x2ce/0x760 [ 2754.362611][ T1768] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2754.368866][ T1768] ? d_absolute_path+0x11b/0x170 [ 2754.373827][ T1768] ? __d_path+0x140/0x140 [ 2754.378182][ T1768] ? rcu_read_lock_sched_held+0x110/0x130 [ 2754.384524][ T1768] ? tomoyo_encode2.part.0+0xf5/0x400 [ 2754.389921][ T1768] tomoyo_encode2.part.0+0xf5/0x400 [ 2754.395227][ T1768] tomoyo_encode+0x2b/0x50 [ 2754.399657][ T1768] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 2754.405311][ T1768] tomoyo_path_number_perm+0x1dd/0x520 [ 2754.410783][ T1768] ? tomoyo_path_number_perm+0x193/0x520 [ 2754.416435][ T1768] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2754.422258][ T1768] ? find_held_lock+0x35/0x130 [ 2754.427101][ T1768] ? putname+0xef/0x130 [ 2754.431267][ T1768] ? putname+0xef/0x130 [ 2754.435434][ T1768] ? rcu_read_lock_sched_held+0x110/0x130 [ 2754.441159][ T1768] ? kmem_cache_free+0x259/0x310 [ 2754.441183][ T1768] tomoyo_path_mkdir+0xaa/0xf0 [ 2754.441201][ T1768] ? tomoyo_file_ioctl+0x30/0x30 [ 2754.441224][ T1768] ? kern_path_mountpoint+0x40/0x40 [ 2754.441244][ T1768] ? strncpy_from_user+0x2b4/0x400 [ 2754.441267][ T1768] security_path_mkdir+0x113/0x170 [ 2754.441290][ T1768] do_mkdirat+0x160/0x2a0 [ 2754.441311][ T1768] ? __ia32_sys_mknod+0xb0/0xb0 [ 2754.480719][ T1768] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2754.486195][ T1768] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2754.492280][ T1768] ? do_syscall_64+0x26/0x6a0 04:13:42 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4305], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2754.496983][ T1768] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2754.502286][ T1768] __x64_sys_mkdir+0x5c/0x80 [ 2754.506894][ T1768] do_syscall_64+0xfd/0x6a0 [ 2754.511423][ T1768] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2754.517327][ T1768] RIP: 0033:0x458c37 [ 2754.521235][ T1768] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2754.541381][ T1768] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2754.549828][ T1768] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 [ 2754.557813][ T1768] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2754.565792][ T1768] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2754.573791][ T1768] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2754.581790][ T1768] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2754.581913][ T1768] ERROR: Out of memory at tomoyo_realpath_from_path. 04:13:42 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000004000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x9}, 0x0) [ 2754.721770][ C1] net_ratelimit: 20 callbacks suppressed [ 2754.721779][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2754.733446][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:13:42 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4788], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2754.770311][ T1960] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:42 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x10f, 0xe00000000000000) 04:13:42 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4888], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:42 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401500000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:42 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000004800000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:42 executing program 3 (fault-call:0 fault-nth:42): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2755.094002][ T2174] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0xa}, 0x0) [ 2755.215948][ T2244] FAULT_INJECTION: forcing a failure. [ 2755.215948][ T2244] name failslab, interval 1, probability 0, space 0, times 0 [ 2755.228680][ T2244] CPU: 1 PID: 2244 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2755.236267][ T2244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2755.246329][ T2244] Call Trace: [ 2755.249683][ T2244] dump_stack+0x16f/0x1f0 [ 2755.255542][ T2244] should_fail.cold+0xa/0x15 [ 2755.260148][ T2244] ? fault_create_debugfs_attr+0x180/0x180 [ 2755.266007][ T2244] __should_failslab+0x121/0x190 [ 2755.270964][ T2244] should_failslab+0x9/0x14 [ 2755.275475][ T2244] __kmalloc+0x2ce/0x760 [ 2755.279755][ T2244] ? __kasan_check_read+0x11/0x20 [ 2755.284792][ T2244] ? mark_lock+0xc0/0x11e0 [ 2755.289223][ T2244] ? mark_held_locks+0xa4/0xf0 [ 2755.294003][ T2244] ? ext4_find_extent+0x76e/0x9d0 [ 2755.299044][ T2244] ext4_find_extent+0x76e/0x9d0 [ 2755.303920][ T2244] ext4_ext_map_blocks+0x1dc/0x4f50 [ 2755.309136][ T2244] ? mark_held_locks+0xf0/0xf0 [ 2755.313915][ T2244] ? ext4_ext_release+0x10/0x10 [ 2755.318772][ T2244] ? lock_acquire+0x190/0x400 [ 2755.323461][ T2244] ? ext4_map_blocks+0x4b1/0x17f0 [ 2755.328495][ T2244] ? __kasan_check_write+0x14/0x20 [ 2755.333717][ T2244] ? down_write+0xdf/0x150 [ 2755.338477][ T2244] ? __down_timeout+0x2d0/0x2d0 [ 2755.343584][ T2244] ? rcu_read_lock_sched_held+0x110/0x130 [ 2755.349303][ T2244] ? ext4_es_lookup_extent+0x3fd/0xb80 [ 2755.354772][ T2244] ext4_map_blocks+0x529/0x17f0 [ 2755.359631][ T2244] ? ext4_issue_zeroout+0x190/0x190 [ 2755.364841][ T2244] ext4_getblk+0xc4/0x580 [ 2755.369181][ T2244] ? ext4_iomap_begin+0x1000/0x1000 [ 2755.374402][ T2244] ext4_bread+0x93/0x270 [ 2755.378645][ T2244] ? ext4_getblk+0x580/0x580 [ 2755.383244][ T2244] ext4_append+0x155/0x370 [ 2755.387663][ T2244] ext4_mkdir+0x632/0xe20 [ 2755.392004][ T2244] ? ext4_init_dot_dotdot+0x520/0x520 [ 2755.397374][ T2244] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2755.403611][ T2244] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2755.409850][ T2244] ? security_inode_permission+0xcb/0x100 [ 2755.415566][ T2244] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2755.421805][ T2244] ? security_inode_mkdir+0xe4/0x120 [ 2755.427097][ T2244] vfs_mkdir+0x42e/0x670 [ 2755.431344][ T2244] do_mkdirat+0x234/0x2a0 [ 2755.435677][ T2244] ? __ia32_sys_mknod+0xb0/0xb0 [ 2755.440527][ T2244] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2755.445987][ T2244] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2755.452061][ T2244] ? do_syscall_64+0x26/0x6a0 [ 2755.456739][ T2244] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2755.462026][ T2244] __x64_sys_mkdir+0x5c/0x80 [ 2755.466614][ T2244] do_syscall_64+0xfd/0x6a0 [ 2755.471124][ T2244] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2755.477014][ T2244] RIP: 0033:0x458c37 [ 2755.480926][ T2244] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2755.500630][ T2244] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2755.509043][ T2244] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 [ 2755.517013][ T2244] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2755.524976][ T2244] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2755.532943][ T2244] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2755.540914][ T2244] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2755.549666][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2755.555557][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2755.558840][ C0] protocol 88fb is buggy, dev hsr_slave_0 04:13:43 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801500000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:43 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:43 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x110, 0xe00000000000000) [ 2755.561469][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2755.567121][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2755.572833][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2755.584353][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2755.590239][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:13:43 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000004c00000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:43 executing program 3 (fault-call:0 fault-nth:43): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:43 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6488], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2755.869335][ T2466] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2756.000750][ T2613] FAULT_INJECTION: forcing a failure. [ 2756.000750][ T2613] name failslab, interval 1, probability 0, space 0, times 0 [ 2756.013775][ T2613] CPU: 0 PID: 2613 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2756.021337][ T2613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2756.031398][ T2613] Call Trace: [ 2756.034717][ T2613] dump_stack+0x16f/0x1f0 [ 2756.039062][ T2613] should_fail.cold+0xa/0x15 [ 2756.043673][ T2613] ? fault_create_debugfs_attr+0x180/0x180 04:13:43 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01500000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:43 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x111, 0xe00000000000000) [ 2756.049518][ T2613] __should_failslab+0x121/0x190 [ 2756.054473][ T2613] should_failslab+0x9/0x14 [ 2756.058993][ T2613] kmem_cache_alloc+0x298/0x700 [ 2756.063854][ T2613] ? rcu_read_lock_sched_held+0x110/0x130 [ 2756.069585][ T2613] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2756.075838][ T2613] ? __mark_inode_dirty+0x3d1/0x1280 [ 2756.081141][ T2613] ext4_mb_new_blocks+0x5be/0x3770 [ 2756.086365][ T2613] ? mark_lock+0xc0/0x11e0 [ 2756.090801][ T2613] ? mark_held_locks+0xa4/0xf0 [ 2756.095580][ T2613] ? ext4_find_extent+0x76e/0x9d0 [ 2756.100707][ T2613] ext4_ext_map_blocks+0x2a7f/0x4f50 [ 2756.106046][ T2613] ? ext4_ext_release+0x10/0x10 [ 2756.110923][ T2613] ? lock_acquire+0x190/0x400 [ 2756.115612][ T2613] ? ext4_map_blocks+0x4b1/0x17f0 [ 2756.120680][ T2613] ? rcu_read_lock_sched_held+0x110/0x130 [ 2756.126594][ T2613] ? ext4_es_lookup_extent+0x3fd/0xb80 [ 2756.132061][ T2613] ext4_map_blocks+0x529/0x17f0 [ 2756.136924][ T2613] ? ext4_issue_zeroout+0x190/0x190 [ 2756.142146][ T2613] ext4_getblk+0xc4/0x580 [ 2756.146494][ T2613] ? ext4_iomap_begin+0x1000/0x1000 [ 2756.151719][ T2613] ext4_bread+0x93/0x270 [ 2756.155976][ T2613] ? ext4_getblk+0x580/0x580 [ 2756.160586][ T2613] ext4_append+0x155/0x370 [ 2756.165020][ T2613] ext4_mkdir+0x632/0xe20 [ 2756.169390][ T2613] ? ext4_init_dot_dotdot+0x520/0x520 [ 2756.174775][ T2613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2756.181030][ T2613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2756.187280][ T2613] ? security_inode_permission+0xcb/0x100 [ 2756.193014][ T2613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2756.199258][ T2613] ? security_inode_mkdir+0xe4/0x120 [ 2756.204554][ T2613] vfs_mkdir+0x42e/0x670 [ 2756.208814][ T2613] do_mkdirat+0x234/0x2a0 [ 2756.213156][ T2613] ? __ia32_sys_mknod+0xb0/0xb0 [ 2756.218009][ T2613] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2756.223475][ T2613] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2756.229555][ T2613] ? do_syscall_64+0x26/0x6a0 [ 2756.234243][ T2613] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2756.239552][ T2613] __x64_sys_mkdir+0x5c/0x80 [ 2756.244152][ T2613] do_syscall_64+0xfd/0x6a0 [ 2756.248666][ T2613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2756.254586][ T2613] RIP: 0033:0x458c37 [ 2756.258484][ T2613] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2756.278099][ T2613] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2756.278216][ T2613] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 [ 2756.278226][ T2613] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2756.278234][ T2613] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2756.278241][ T2613] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2756.278248][ T2613] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0xb}, 0x0) 04:13:43 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:43 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000006000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:44 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x112, 0xe00000000000000) [ 2756.505355][ T2852] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:44 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a001600000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:44 executing program 3 (fault-call:0 fault-nth:44): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:44 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8035], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:44 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x113, 0xe00000000000000) [ 2756.844363][ T3105] FAULT_INJECTION: forcing a failure. [ 2756.844363][ T3105] name failslab, interval 1, probability 0, space 0, times 0 [ 2756.857229][ T3105] CPU: 1 PID: 3105 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2756.864781][ T3105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2756.874850][ T3105] Call Trace: [ 2756.878159][ T3105] dump_stack+0x16f/0x1f0 [ 2756.882519][ T3105] should_fail.cold+0xa/0x15 [ 2756.887140][ T3105] ? fault_create_debugfs_attr+0x180/0x180 04:13:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0xf}, 0x0) [ 2756.892989][ T3105] __should_failslab+0x121/0x190 [ 2756.897946][ T3105] should_failslab+0x9/0x14 [ 2756.902482][ T3105] __kmalloc+0x2ce/0x760 [ 2756.906773][ T3105] ? __kasan_check_read+0x11/0x20 [ 2756.911820][ T3105] ? mark_lock+0xc0/0x11e0 [ 2756.916258][ T3105] ? mark_held_locks+0xa4/0xf0 [ 2756.921058][ T3105] ? ext4_find_extent+0x76e/0x9d0 [ 2756.926082][ T3105] ext4_find_extent+0x76e/0x9d0 [ 2756.930947][ T3105] ext4_ext_map_blocks+0x1dc/0x4f50 [ 2756.936174][ T3105] ? mark_held_locks+0xf0/0xf0 [ 2756.940931][ T3105] ? ext4_ext_release+0x10/0x10 [ 2756.945788][ T3105] ? lock_acquire+0x190/0x400 [ 2756.950465][ T3105] ? ext4_map_blocks+0x4b1/0x17f0 [ 2756.955492][ T3105] ? __kasan_check_write+0x14/0x20 [ 2756.960601][ T3105] ? down_write+0xdf/0x150 [ 2756.965038][ T3105] ? __down_timeout+0x2d0/0x2d0 [ 2756.969885][ T3105] ? rcu_read_lock_sched_held+0x110/0x130 [ 2756.975592][ T3105] ? ext4_es_lookup_extent+0x3fd/0xb80 [ 2756.981065][ T3105] ext4_map_blocks+0x529/0x17f0 [ 2756.985911][ T3105] ? ext4_issue_zeroout+0x190/0x190 [ 2756.991110][ T3105] ext4_getblk+0xc4/0x580 [ 2756.995431][ T3105] ? ext4_iomap_begin+0x1000/0x1000 [ 2757.000643][ T3105] ext4_bread+0x93/0x270 [ 2757.004872][ T3105] ? ext4_getblk+0x580/0x580 [ 2757.009475][ T3105] ext4_append+0x155/0x370 [ 2757.013966][ T3105] ext4_mkdir+0x632/0xe20 [ 2757.018299][ T3105] ? ext4_init_dot_dotdot+0x520/0x520 [ 2757.023674][ T3105] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2757.029914][ T3105] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2757.036137][ T3105] ? security_inode_permission+0xcb/0x100 [ 2757.041859][ T3105] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2757.048097][ T3105] ? security_inode_mkdir+0xe4/0x120 [ 2757.053369][ T3105] vfs_mkdir+0x42e/0x670 [ 2757.057608][ T3105] do_mkdirat+0x234/0x2a0 [ 2757.061934][ T3105] ? __ia32_sys_mknod+0xb0/0xb0 [ 2757.066781][ T3105] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2757.072247][ T3105] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2757.078298][ T3105] ? do_syscall_64+0x26/0x6a0 [ 2757.082956][ T3105] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2757.088223][ T3105] __x64_sys_mkdir+0x5c/0x80 [ 2757.092812][ T3105] do_syscall_64+0xfd/0x6a0 [ 2757.097300][ T3105] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2757.103174][ T3105] RIP: 0033:0x458c37 [ 2757.107070][ T3105] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2757.126665][ T3105] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2757.135976][ T3105] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 04:13:44 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000006800000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2757.143928][ T3105] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2757.151903][ T3105] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2757.159884][ T3105] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2757.167847][ T3105] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:44 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401600000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:44 executing program 3 (fault-call:0 fault-nth:45): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:44 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8100], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2757.408489][ T3261] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x10}, 0x0) 04:13:45 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x114, 0xe00000000000000) [ 2757.551314][ T3358] FAULT_INJECTION: forcing a failure. [ 2757.551314][ T3358] name failslab, interval 1, probability 0, space 0, times 0 [ 2757.564187][ T3358] CPU: 1 PID: 3358 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2757.571751][ T3358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2757.581811][ T3358] Call Trace: [ 2757.585119][ T3358] dump_stack+0x16f/0x1f0 [ 2757.589469][ T3358] should_fail.cold+0xa/0x15 [ 2757.594084][ T3358] ? fault_create_debugfs_attr+0x180/0x180 [ 2757.599905][ T3358] ? __kasan_check_read+0x11/0x20 [ 2757.604941][ T3358] ? __lock_acquire+0x8a2/0x4c30 [ 2757.609899][ T3358] __should_failslab+0x121/0x190 [ 2757.614853][ T3358] should_failslab+0x9/0x14 [ 2757.619366][ T3358] kmem_cache_alloc+0x47/0x700 [ 2757.624172][ T3358] ? ___might_sleep+0x131/0x280 [ 2757.629064][ T3358] ? mempool_alloc+0x380/0x380 [ 2757.633852][ T3358] mempool_alloc_slab+0x47/0x60 [ 2757.638718][ T3358] mempool_alloc+0x169/0x380 [ 2757.643531][ T3358] ? __kasan_check_read+0x11/0x20 [ 2757.648577][ T3358] ? mempool_destroy+0x40/0x40 [ 2757.653378][ T3358] ? __kasan_check_read+0x11/0x20 [ 2757.658423][ T3358] ? __lock_acquire+0x1702/0x4c30 [ 2757.663475][ T3358] ? __unlock_page_memcg+0x53/0x100 [ 2757.668870][ T3358] ? find_held_lock+0x35/0x130 [ 2757.673667][ T3358] bio_alloc_bioset+0x3b9/0x680 [ 2757.678538][ T3358] ? mark_buffer_dirty_inode+0x305/0x410 [ 2757.684197][ T3358] ? bvec_alloc+0x2f0/0x2f0 [ 2757.688717][ T3358] ? rwlock_bug.part.0+0x90/0x90 [ 2757.693673][ T3358] submit_bh_wbc+0x1c5/0x900 [ 2757.698276][ T3358] __sync_dirty_buffer+0x12b/0x350 [ 2757.703394][ T3358] sync_dirty_buffer+0x1b/0x20 [ 2757.708167][ T3358] __ext4_handle_dirty_metadata+0x241/0x600 [ 2757.714085][ T3358] ext4_getblk+0x368/0x580 [ 2757.718517][ T3358] ? ext4_iomap_begin+0x1000/0x1000 [ 2757.723730][ T3358] ext4_bread+0x93/0x270 [ 2757.727988][ T3358] ? ext4_getblk+0x580/0x580 [ 2757.732592][ T3358] ext4_append+0x155/0x370 [ 2757.737032][ T3358] ext4_mkdir+0x632/0xe20 [ 2757.741379][ T3358] ? ext4_init_dot_dotdot+0x520/0x520 [ 2757.746761][ T3358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2757.753022][ T3358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2757.759281][ T3358] ? security_inode_permission+0xcb/0x100 [ 2757.765015][ T3358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2757.771264][ T3358] ? security_inode_mkdir+0xe4/0x120 [ 2757.776560][ T3358] vfs_mkdir+0x42e/0x670 [ 2757.780819][ T3358] do_mkdirat+0x234/0x2a0 [ 2757.785163][ T3358] ? __ia32_sys_mknod+0xb0/0xb0 [ 2757.790136][ T3358] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2757.795605][ T3358] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2757.801675][ T3358] ? do_syscall_64+0x26/0x6a0 [ 2757.806360][ T3358] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2757.811664][ T3358] __x64_sys_mkdir+0x5c/0x80 [ 2757.816260][ T3358] do_syscall_64+0xfd/0x6a0 [ 2757.820777][ T3358] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2757.826673][ T3358] RIP: 0033:0x458c37 [ 2757.830574][ T3358] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 04:13:45 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8847], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2757.850181][ T3358] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2757.858604][ T3358] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 [ 2757.866611][ T3358] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2757.874586][ T3358] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2757.882561][ T3358] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2757.890538][ T3358] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:45 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801600000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:45 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000006c00000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:45 executing program 3 (fault-call:0 fault-nth:46): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:45 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8848], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x11}, 0x0) [ 2758.264845][ T3660] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:45 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x115, 0xe00000000000000) 04:13:45 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8864], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2758.459650][ T3782] FAULT_INJECTION: forcing a failure. [ 2758.459650][ T3782] name failslab, interval 1, probability 0, space 0, times 0 [ 2758.472433][ T3782] CPU: 1 PID: 3782 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2758.479986][ T3782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2758.490046][ T3782] Call Trace: [ 2758.493348][ T3782] dump_stack+0x16f/0x1f0 [ 2758.497699][ T3782] should_fail.cold+0xa/0x15 [ 2758.502312][ T3782] ? fault_create_debugfs_attr+0x180/0x180 [ 2758.508139][ T3782] ? __kasan_check_read+0x11/0x20 [ 2758.513216][ T3782] ? __lock_acquire+0x8a2/0x4c30 [ 2758.518178][ T3782] __should_failslab+0x121/0x190 [ 2758.523140][ T3782] should_failslab+0x9/0x14 [ 2758.527664][ T3782] kmem_cache_alloc+0x47/0x700 [ 2758.532448][ T3782] ? ___might_sleep+0x131/0x280 [ 2758.537347][ T3782] ? mempool_alloc+0x380/0x380 [ 2758.542124][ T3782] mempool_alloc_slab+0x47/0x60 [ 2758.546988][ T3782] mempool_alloc+0x169/0x380 [ 2758.551587][ T3782] ? __kasan_check_read+0x11/0x20 04:13:46 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01600000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2758.556655][ T3782] ? mempool_destroy+0x40/0x40 [ 2758.561439][ T3782] ? __kasan_check_read+0x11/0x20 [ 2758.566512][ T3782] ? __lock_acquire+0x1702/0x4c30 [ 2758.571557][ T3782] ? __unlock_page_memcg+0x53/0x100 [ 2758.576765][ T3782] ? find_held_lock+0x35/0x130 [ 2758.581543][ T3782] bio_alloc_bioset+0x3b9/0x680 [ 2758.586410][ T3782] ? mark_buffer_dirty_inode+0x305/0x410 [ 2758.592352][ T3782] ? bvec_alloc+0x2f0/0x2f0 [ 2758.597129][ T3782] ? rwlock_bug.part.0+0x90/0x90 [ 2758.602125][ T3782] submit_bh_wbc+0x1c5/0x900 04:13:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x12}, 0x0) [ 2758.606749][ T3782] __sync_dirty_buffer+0x12b/0x350 [ 2758.611863][ T3782] sync_dirty_buffer+0x1b/0x20 [ 2758.616634][ T3782] __ext4_handle_dirty_metadata+0x241/0x600 [ 2758.622561][ T3782] ext4_getblk+0x368/0x580 [ 2758.626980][ T3782] ? ext4_iomap_begin+0x1000/0x1000 [ 2758.632207][ T3782] ext4_bread+0x93/0x270 [ 2758.636455][ T3782] ? ext4_getblk+0x580/0x580 [ 2758.641051][ T3782] ext4_append+0x155/0x370 [ 2758.645472][ T3782] ext4_mkdir+0x632/0xe20 [ 2758.649810][ T3782] ? ext4_init_dot_dotdot+0x520/0x520 [ 2758.655181][ T3782] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2758.661425][ T3782] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2758.667666][ T3782] ? security_inode_permission+0xcb/0x100 [ 2758.673384][ T3782] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2758.679622][ T3782] ? security_inode_mkdir+0xe4/0x120 [ 2758.684906][ T3782] vfs_mkdir+0x42e/0x670 [ 2758.689151][ T3782] do_mkdirat+0x234/0x2a0 [ 2758.693492][ T3782] ? __ia32_sys_mknod+0xb0/0xb0 [ 2758.698343][ T3782] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2758.703802][ T3782] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2758.709882][ T3782] ? do_syscall_64+0x26/0x6a0 [ 2758.714560][ T3782] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2758.719845][ T3782] __x64_sys_mkdir+0x5c/0x80 [ 2758.724434][ T3782] do_syscall_64+0xfd/0x6a0 [ 2758.728942][ T3782] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2758.734832][ T3782] RIP: 0033:0x458c37 [ 2758.738730][ T3782] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2758.758422][ T3782] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2758.766851][ T3782] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 [ 2758.774818][ T3782] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2758.782781][ T3782] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2758.790747][ T3782] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2758.798714][ T3782] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:46 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000007400000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:46 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8906], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2758.952064][ T3955] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:46 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x116, 0xe00000000000000) 04:13:46 executing program 3 (fault-call:0 fault-nth:47): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x13}, 0x0) 04:13:46 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2759.309615][ T4275] FAULT_INJECTION: forcing a failure. [ 2759.309615][ T4275] name failslab, interval 1, probability 0, space 0, times 0 [ 2759.323266][ T4275] CPU: 0 PID: 4275 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2759.330811][ T4275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2759.340875][ T4275] Call Trace: [ 2759.344231][ T4275] dump_stack+0x16f/0x1f0 [ 2759.348576][ T4275] should_fail.cold+0xa/0x15 [ 2759.353208][ T4275] ? fault_create_debugfs_attr+0x180/0x180 [ 2759.359029][ T4275] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2759.364761][ T4275] ? __es_tree_search.isra.0+0x1bf/0x230 [ 2759.370415][ T4275] __should_failslab+0x121/0x190 [ 2759.375367][ T4275] should_failslab+0x9/0x14 [ 2759.379883][ T4275] kmem_cache_alloc+0x47/0x700 [ 2759.384662][ T4275] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2759.390513][ T4275] ? ext4_es_can_be_merged+0x1a3/0x2a0 [ 2759.395984][ T4275] ? __es_shrink+0xa90/0xa90 [ 2759.400586][ T4275] ? do_raw_write_lock+0x124/0x290 [ 2759.405725][ T4275] __es_insert_extent+0x2cc/0xf20 [ 2759.410775][ T4275] ext4_es_insert_extent+0x2d0/0xa30 [ 2759.416085][ T4275] ? ext4_es_scan_clu+0x50/0x50 [ 2759.420976][ T4275] ? rcu_read_lock_sched_held+0x110/0x130 [ 2759.426708][ T4275] ? ext4_es_lookup_extent+0x3fd/0xb80 [ 2759.432185][ T4275] ext4_map_blocks+0x7eb/0x17f0 [ 2759.437050][ T4275] ? ext4_issue_zeroout+0x190/0x190 [ 2759.442272][ T4275] ext4_getblk+0xc4/0x580 [ 2759.446616][ T4275] ? ext4_iomap_begin+0x1000/0x1000 [ 2759.451826][ T4275] ext4_bread+0x93/0x270 [ 2759.456076][ T4275] ? ext4_getblk+0x580/0x580 [ 2759.460680][ T4275] ext4_append+0x155/0x370 [ 2759.465112][ T4275] ext4_mkdir+0x632/0xe20 [ 2759.469459][ T4275] ? ext4_init_dot_dotdot+0x520/0x520 [ 2759.474840][ T4275] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2759.481087][ T4275] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2759.487333][ T4275] ? security_inode_permission+0xcb/0x100 [ 2759.493062][ T4275] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2759.499309][ T4275] ? security_inode_mkdir+0xe4/0x120 [ 2759.504609][ T4275] vfs_mkdir+0x42e/0x670 04:13:47 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a001700000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2759.508863][ T4275] do_mkdirat+0x234/0x2a0 [ 2759.513202][ T4275] ? __ia32_sys_mknod+0xb0/0xb0 [ 2759.518061][ T4275] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2759.523543][ T4275] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2759.529620][ T4275] ? do_syscall_64+0x26/0x6a0 [ 2759.534308][ T4275] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2759.539606][ T4275] __x64_sys_mkdir+0x5c/0x80 [ 2759.544209][ T4275] do_syscall_64+0xfd/0x6a0 [ 2759.548773][ T4275] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2759.554671][ T4275] RIP: 0033:0x458c37 [ 2759.558573][ T4275] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2759.578190][ T4275] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2759.586611][ T4275] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 [ 2759.594588][ T4275] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2759.602570][ T4275] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 04:13:47 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000007a00000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:47 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x117, 0xe00000000000000) [ 2759.610550][ T4275] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2759.618536][ T4275] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:47 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:47 executing program 3 (fault-call:0 fault-nth:48): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x14}, 0x0) [ 2759.822954][ T4462] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2759.965249][ C1] net_ratelimit: 12 callbacks suppressed [ 2759.965257][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2759.965305][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2759.971231][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2759.976913][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2759.982741][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2759.999836][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2760.005742][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2760.011739][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2760.089614][ T4592] FAULT_INJECTION: forcing a failure. [ 2760.089614][ T4592] name failslab, interval 1, probability 0, space 0, times 0 [ 2760.102703][ T4592] CPU: 1 PID: 4592 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2760.110257][ T4592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2760.120322][ T4592] Call Trace: [ 2760.123638][ T4592] dump_stack+0x16f/0x1f0 [ 2760.127988][ T4592] should_fail.cold+0xa/0x15 [ 2760.132585][ T4592] ? fault_create_debugfs_attr+0x180/0x180 [ 2760.138401][ T4592] __should_failslab+0x121/0x190 [ 2760.143357][ T4592] should_failslab+0x9/0x14 [ 2760.147859][ T4592] kmem_cache_alloc_trace+0x2c3/0x770 [ 2760.153241][ T4592] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2760.159479][ T4592] ? _copy_from_user+0x12c/0x1a0 [ 2760.164422][ T4592] copy_mount_options+0x5c/0x3f0 [ 2760.169366][ T4592] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2760.175612][ T4592] ksys_mount+0xa7/0x150 [ 2760.179872][ T4592] __x64_sys_mount+0xbe/0x150 [ 2760.184555][ T4592] do_syscall_64+0xfd/0x6a0 [ 2760.189065][ T4592] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2760.194955][ T4592] RIP: 0033:0x45c26a [ 2760.198870][ T4592] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2760.218476][ T4592] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2760.226892][ T4592] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a 04:13:47 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000008800000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:47 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:47 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401700000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2760.235222][ T4592] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2760.243203][ T4592] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2760.251172][ T4592] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2760.259158][ T4592] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:47 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x118, 0xe00000000000000) 04:13:47 executing program 3 (fault-call:0 fault-nth:49): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2760.420468][ T4731] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:48 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x300}, 0x0) 04:13:48 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x119, 0xe00000000000000) 04:13:48 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000007fffffe00000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2760.660837][ T4913] FAULT_INJECTION: forcing a failure. [ 2760.660837][ T4913] name failslab, interval 1, probability 0, space 0, times 0 [ 2760.674769][ T4913] CPU: 1 PID: 4913 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2760.682364][ T4913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2760.692426][ T4913] Call Trace: [ 2760.695733][ T4913] dump_stack+0x16f/0x1f0 [ 2760.700090][ T4913] should_fail.cold+0xa/0x15 [ 2760.704693][ T4913] ? fault_create_debugfs_attr+0x180/0x180 [ 2760.710517][ T4913] ? find_held_lock+0x35/0x130 [ 2760.715297][ T4913] ? __sigqueue_alloc+0x175/0x4d0 [ 2760.720346][ T4913] __should_failslab+0x121/0x190 [ 2760.725300][ T4913] should_failslab+0x9/0x14 [ 2760.729818][ T4913] kmem_cache_alloc+0x47/0x700 [ 2760.734614][ T4913] __sigqueue_alloc+0x26c/0x4d0 [ 2760.739500][ T4913] __send_signal+0x827/0x1050 [ 2760.744207][ T4913] send_signal+0x4c9/0x7e0 [ 2760.748641][ T4913] force_sig_info_to_task+0x278/0x340 [ 2760.754035][ T4913] force_sig_fault+0xbe/0x100 [ 2760.758718][ T4913] ? force_sig_fault_to_task+0xf0/0xf0 [ 2760.764202][ T4913] ? trace_hardirqs_on+0x67/0x220 [ 2760.769249][ T4913] __bad_area_nosemaphore+0x32e/0x420 [ 2760.774633][ T4913] ? vmacache_find+0x65/0x310 [ 2760.779330][ T4913] bad_area+0x69/0x80 [ 2760.783328][ T4913] __do_page_fault+0xa28/0xdd0 [ 2760.788099][ T4913] ? page_fault+0x16/0x40 [ 2760.793139][ T4913] do_page_fault+0x38/0x536 [ 2760.797638][ T4913] page_fault+0x39/0x40 [ 2760.801787][ T4913] RIP: 0033:0x45341f [ 2760.805692][ T4913] Code: bc d1 f3 0f 7f 27 f3 0f 7f 6f 10 f3 0f 7f 77 20 f3 0f 7f 7f 30 49 83 c0 0f 49 29 d0 48 8d 7c 17 31 e9 95 0b 00 00 66 0f ef c0 0f 6f 0e f3 0f 6f 56 10 66 0f 74 c1 66 0f d7 d0 49 83 f8 11 0f [ 2760.825305][ T4913] RSP: 002b:00007f4d2605fa88 EFLAGS: 00010283 [ 2760.831405][ T4913] RAX: 00007f4d2605fb40 RBX: 0000000020000228 RCX: 0000000000000000 [ 2760.839396][ T4913] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007f4d2605fb40 [ 2760.847407][ T4913] RBP: 0000000000000001 R08: 00000000000000e0 R09: 000000000000000a 04:13:48 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300af2], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x500}, 0x0) [ 2760.855423][ T4913] R10: 0000000000000075 R11: 00000000004e4dc0 R12: 0000000000000004 [ 2760.863412][ T4913] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2760.971335][ T5124] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2761.013975][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2761.019967][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:13:48 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x11a, 0xe00000000000000) 04:13:48 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:48 executing program 3 (fault-call:0 fault-nth:50): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:48 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801700000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x600}, 0x0) 04:13:48 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000002000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:48 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2761.496108][ T5437] FAULT_INJECTION: forcing a failure. [ 2761.496108][ T5437] name failslab, interval 1, probability 0, space 0, times 0 [ 2761.508937][ T5437] CPU: 0 PID: 5437 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2761.516497][ T5437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2761.526649][ T5437] Call Trace: [ 2761.526713][ T5437] dump_stack+0x16f/0x1f0 [ 2761.526739][ T5437] should_fail.cold+0xa/0x15 [ 2761.534370][ T5437] ? finish_task_switch+0xef/0x690 [ 2761.544184][ T5437] ? fault_create_debugfs_attr+0x180/0x180 [ 2761.550032][ T5437] ? __schedule+0x77a/0x1530 [ 2761.554638][ T5437] __should_failslab+0x121/0x190 [ 2761.559623][ T5437] should_failslab+0x9/0x14 [ 2761.564141][ T5437] kmem_cache_alloc+0x47/0x700 [ 2761.568932][ T5437] ? ___might_sleep+0x131/0x280 [ 2761.573799][ T5437] ? mempool_alloc+0x380/0x380 [ 2761.578567][ T5437] mempool_alloc_slab+0x47/0x60 [ 2761.583428][ T5437] mempool_alloc+0x169/0x380 [ 2761.588038][ T5437] ? mempool_destroy+0x40/0x40 [ 2761.592824][ T5437] ? __unlock_page_memcg+0x53/0x100 [ 2761.598032][ T5437] ? find_held_lock+0x35/0x130 [ 2761.602816][ T5437] ? __unlock_page_memcg+0x53/0x100 [ 2761.608063][ T5437] bio_alloc_bioset+0x3b9/0x680 [ 2761.612941][ T5437] ? lock_acquire+0x190/0x400 [ 2761.617630][ T5437] ? task_css.constprop.0+0x120/0x120 [ 2761.621377][ T5558] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2761.623024][ T5437] ? bvec_alloc+0x2f0/0x2f0 [ 2761.623050][ T5437] submit_bh_wbc+0x1c5/0x900 [ 2761.623071][ T5437] __sync_dirty_buffer+0x12b/0x350 04:13:49 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01700000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2761.623087][ T5437] sync_dirty_buffer+0x1b/0x20 [ 2761.623106][ T5437] __ext4_handle_dirty_metadata+0x241/0x600 [ 2761.623125][ T5437] ? ___might_sleep+0x131/0x280 [ 2761.623149][ T5437] ext4_handle_dirty_dirblock+0x3ae/0x4c0 [ 2761.666642][ T5437] ? ext4_rename_dir_prepare+0x470/0x470 [ 2761.672292][ T5437] ? memcpy+0x46/0x50 [ 2761.676295][ T5437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2761.682561][ T5437] ? ext4_init_dot_dotdot+0x39c/0x520 [ 2761.687952][ T5437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2761.694208][ T5437] ext4_mkdir+0x6e0/0xe20 [ 2761.698566][ T5437] ? ext4_init_dot_dotdot+0x520/0x520 [ 2761.703963][ T5437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2761.710259][ T5437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2761.716524][ T5437] ? security_inode_permission+0xcb/0x100 [ 2761.722266][ T5437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2761.728534][ T5437] ? security_inode_mkdir+0xe4/0x120 [ 2761.733835][ T5437] vfs_mkdir+0x42e/0x670 [ 2761.738093][ T5437] do_mkdirat+0x234/0x2a0 [ 2761.742433][ T5437] ? __ia32_sys_mknod+0xb0/0xb0 [ 2761.747287][ T5437] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2761.752756][ T5437] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2761.758826][ T5437] ? do_syscall_64+0x26/0x6a0 [ 2761.763515][ T5437] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2761.768824][ T5437] __x64_sys_mkdir+0x5c/0x80 [ 2761.773522][ T5437] do_syscall_64+0xfd/0x6a0 [ 2761.778059][ T5437] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2761.783994][ T5437] RIP: 0033:0x458c37 [ 2761.787916][ T5437] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2761.807535][ T5437] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2761.815995][ T5437] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c37 [ 2761.823988][ T5437] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2761.832144][ T5437] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 04:13:49 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x11b, 0xe00000000000000) 04:13:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x900}, 0x0) [ 2761.840130][ T5437] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2761.848113][ T5437] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:49 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:49 executing program 3 (fault-call:0 fault-nth:51): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:49 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000001000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:49 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a001800000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:49 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2762.195288][ T5896] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:49 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x11c, 0xe00000000000000) [ 2762.331584][ T5979] FAULT_INJECTION: forcing a failure. [ 2762.331584][ T5979] name failslab, interval 1, probability 0, space 0, times 0 [ 2762.344431][ T5979] CPU: 1 PID: 5979 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2762.352016][ T5979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2762.362144][ T5979] Call Trace: [ 2762.365464][ T5979] dump_stack+0x16f/0x1f0 [ 2762.369822][ T5979] should_fail.cold+0xa/0x15 [ 2762.374441][ T5979] ? fault_create_debugfs_attr+0x180/0x180 [ 2762.380282][ T5979] __should_failslab+0x121/0x190 [ 2762.385250][ T5979] should_failslab+0x9/0x14 [ 2762.389767][ T5979] __kmalloc_track_caller+0x2ca/0x750 [ 2762.395241][ T5979] ? setup_sigcontext+0x7d0/0x7d0 [ 2762.400308][ T5979] ? __bad_area_nosemaphore+0xb3/0x420 [ 2762.405783][ T5979] ? strndup_user+0x77/0xd0 [ 2762.410320][ T5979] memdup_user+0x26/0xb0 [ 2762.414594][ T5979] strndup_user+0x77/0xd0 [ 2762.418958][ T5979] ksys_mount+0x3c/0x150 [ 2762.423240][ T5979] __x64_sys_mount+0xbe/0x150 04:13:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0xa00}, 0x0) [ 2762.427982][ T5979] do_syscall_64+0xfd/0x6a0 [ 2762.432545][ T5979] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2762.438490][ T5979] RIP: 0033:0x45c26a [ 2762.442417][ T5979] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2762.462039][ T5979] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2762.470519][ T5979] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a 04:13:50 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000002000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2762.478488][ T5979] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2762.486479][ T5979] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2762.494443][ T5979] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2762.502404][ T5979] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:50 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:50 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401800000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:50 executing program 3 (fault-call:0 fault-nth:52): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2762.741891][ T6107] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:50 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:50 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0xb00}, 0x0) 04:13:50 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000003000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2763.035320][ T6414] FAULT_INJECTION: forcing a failure. [ 2763.035320][ T6414] name failslab, interval 1, probability 0, space 0, times 0 [ 2763.047956][ T6414] CPU: 0 PID: 6414 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2763.055484][ T6414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2763.065628][ T6414] Call Trace: [ 2763.068942][ T6414] dump_stack+0x16f/0x1f0 [ 2763.073308][ T6414] should_fail.cold+0xa/0x15 [ 2763.077917][ T6414] ? fault_create_debugfs_attr+0x180/0x180 [ 2763.083781][ T6414] ? find_held_lock+0x35/0x130 [ 2763.088546][ T6414] ? __sigqueue_alloc+0x175/0x4d0 [ 2763.093624][ T6414] __should_failslab+0x121/0x190 [ 2763.098588][ T6414] should_failslab+0x9/0x14 [ 2763.103115][ T6414] kmem_cache_alloc+0x47/0x700 [ 2763.107912][ T6414] __sigqueue_alloc+0x26c/0x4d0 [ 2763.112784][ T6414] __send_signal+0x827/0x1050 [ 2763.117475][ T6414] send_signal+0x4c9/0x7e0 [ 2763.121952][ T6414] force_sig_info_to_task+0x278/0x340 [ 2763.128864][ T6414] force_sig_fault+0xbe/0x100 [ 2763.133570][ T6414] ? force_sig_fault_to_task+0xf0/0xf0 [ 2763.139068][ T6414] ? trace_hardirqs_on+0x67/0x220 [ 2763.144117][ T6414] __bad_area_nosemaphore+0x32e/0x420 [ 2763.149526][ T6414] ? vmacache_find+0x65/0x310 [ 2763.154227][ T6414] bad_area+0x69/0x80 [ 2763.158222][ T6414] __do_page_fault+0xa28/0xdd0 [ 2763.163012][ T6414] ? page_fault+0x16/0x40 [ 2763.167360][ T6414] do_page_fault+0x38/0x536 [ 2763.171873][ T6414] page_fault+0x39/0x40 [ 2763.176058][ T6414] RIP: 0033:0x45341f [ 2763.179967][ T6414] Code: bc d1 f3 0f 7f 27 f3 0f 7f 6f 10 f3 0f 7f 77 20 f3 0f 7f 7f 30 49 83 c0 0f 49 29 d0 48 8d 7c 17 31 e9 95 0b 00 00 66 0f ef c0 0f 6f 0e f3 0f 6f 56 10 66 0f 74 c1 66 0f d7 d0 49 83 f8 11 0f [ 2763.199584][ T6414] RSP: 002b:00007f4d2605fa88 EFLAGS: 00010283 [ 2763.205662][ T6414] RAX: 00007f4d2605fb40 RBX: 0000000020000228 RCX: 0000000000000000 [ 2763.213641][ T6414] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007f4d2605fb40 [ 2763.221617][ T6414] RBP: 0000000000000001 R08: 00000000000000e0 R09: 000000000000000a 04:13:50 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x11d, 0xe00000000000000) [ 2763.229598][ T6414] R10: 0000000000000075 R11: 00000000004e4dc0 R12: 0000000000000004 [ 2763.237577][ T6414] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:50 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:50 executing program 3 (fault-call:0 fault-nth:53): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:50 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801800000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2763.463995][ T6447] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2763.673065][ T6682] FAULT_INJECTION: forcing a failure. [ 2763.673065][ T6682] name failslab, interval 1, probability 0, space 0, times 0 [ 2763.685826][ T6682] CPU: 0 PID: 6682 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2763.693395][ T6682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2763.703554][ T6682] Call Trace: [ 2763.706878][ T6682] dump_stack+0x16f/0x1f0 [ 2763.711246][ T6682] should_fail.cold+0xa/0x15 [ 2763.715905][ T6682] ? fault_create_debugfs_attr+0x180/0x180 04:13:51 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x11e, 0xe00000000000000) [ 2763.721755][ T6682] __should_failslab+0x121/0x190 [ 2763.726731][ T6682] should_failslab+0x9/0x14 [ 2763.731266][ T6682] kmem_cache_alloc_trace+0x2c3/0x770 [ 2763.736667][ T6682] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2763.742945][ T6682] ? _copy_from_user+0x12c/0x1a0 [ 2763.747935][ T6682] copy_mount_options+0x5c/0x3f0 [ 2763.752899][ T6682] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2763.759174][ T6682] ksys_mount+0xa7/0x150 [ 2763.763460][ T6682] __x64_sys_mount+0xbe/0x150 [ 2763.768166][ T6682] do_syscall_64+0xfd/0x6a0 04:13:51 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0xf00}, 0x0) 04:13:51 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2763.772711][ T6682] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2763.778727][ T6682] RIP: 0033:0x45c26a [ 2763.782645][ T6682] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2763.802294][ T6682] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2763.810757][ T6682] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a 04:13:51 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000004000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2763.818850][ T6682] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2763.826844][ T6682] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2763.834833][ T6682] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2763.842828][ T6682] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:51 executing program 3 (fault-call:0 fault-nth:54): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2764.046646][ T6790] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:51 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01800000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:51 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x11f, 0xe00000000000000) 04:13:51 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8060000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:51 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000005000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2764.332355][ T6917] FAULT_INJECTION: forcing a failure. [ 2764.332355][ T6917] name failslab, interval 1, probability 0, space 0, times 0 [ 2764.345226][ T6917] CPU: 0 PID: 6917 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2764.352792][ T6917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2764.362867][ T6917] Call Trace: [ 2764.366184][ T6917] dump_stack+0x16f/0x1f0 [ 2764.370546][ T6917] should_fail.cold+0xa/0x15 [ 2764.375167][ T6917] ? fault_create_debugfs_attr+0x180/0x180 [ 2764.381029][ T6917] __should_failslab+0x121/0x190 [ 2764.385997][ T6917] should_failslab+0x9/0x14 [ 2764.390518][ T6917] kmem_cache_alloc+0x298/0x700 [ 2764.395392][ T6917] ? lock_downgrade+0x920/0x920 [ 2764.400276][ T6917] getname_flags+0xd6/0x5b0 [ 2764.404812][ T6917] user_path_at_empty+0x2f/0x50 [ 2764.409687][ T6917] do_mount+0x150/0x1c30 [ 2764.413965][ T6917] ? copy_mount_options+0x5c/0x3f0 [ 2764.419111][ T6917] ? copy_mount_string+0x40/0x40 [ 2764.424081][ T6917] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2764.430341][ T6917] ? copy_mount_options+0x2e8/0x3f0 [ 2764.435661][ T6917] ksys_mount+0xdb/0x150 [ 2764.439939][ T6917] __x64_sys_mount+0xbe/0x150 [ 2764.444650][ T6917] do_syscall_64+0xfd/0x6a0 [ 2764.449289][ T6917] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2764.455204][ T6917] RIP: 0033:0x45c26a [ 2764.459122][ T6917] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2764.471243][ T7157] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2764.478767][ T6917] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2764.478786][ T6917] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2764.478795][ T6917] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2764.478805][ T6917] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2764.478814][ T6917] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 04:13:51 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a001900000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x1100}, 0x0) [ 2764.478823][ T6917] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:52 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x120, 0xe00000000000000) 04:13:52 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:52 executing program 3 (fault-call:0 fault-nth:55): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:52 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401900000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:52 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000006000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:52 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2764.972943][ T7408] FAULT_INJECTION: forcing a failure. [ 2764.972943][ T7408] name failslab, interval 1, probability 0, space 0, times 0 [ 2764.985733][ T7408] CPU: 0 PID: 7408 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2764.993299][ T7408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2765.003377][ T7408] Call Trace: [ 2765.006689][ T7408] dump_stack+0x16f/0x1f0 [ 2765.011055][ T7408] should_fail.cold+0xa/0x15 [ 2765.015676][ T7408] ? fault_create_debugfs_attr+0x180/0x180 [ 2765.021509][ T7408] ? nd_jump_link+0x1d0/0x1d0 [ 2765.026223][ T7408] __should_failslab+0x121/0x190 [ 2765.031196][ T7408] should_failslab+0x9/0x14 [ 2765.035735][ T7408] __kmalloc+0x2ce/0x760 [ 2765.040009][ T7408] ? tomoyo_realpath_from_path+0xc0/0x7b0 [ 2765.045899][ T7408] ? tomoyo_realpath_from_path+0xc0/0x7b0 [ 2765.051653][ T7408] ? rcu_read_lock_sched_held+0x110/0x130 [ 2765.057426][ T7408] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 2765.063184][ T7408] tomoyo_realpath_from_path+0xcd/0x7b0 [ 2765.068774][ T7408] tomoyo_mount_acl+0x2cc/0x840 [ 2765.073672][ T7408] ? mark_lock+0xc0/0x11e0 [ 2765.078114][ T7408] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 2765.083716][ T7408] ? __kasan_check_read+0x11/0x20 [ 2765.088768][ T7408] ? trace_hardirqs_off+0x62/0x210 [ 2765.094012][ T7408] ? lock_acquire+0x190/0x400 [ 2765.098737][ T7408] ? tomoyo_mount_permission+0x10a/0x410 [ 2765.104411][ T7408] tomoyo_mount_permission+0x16a/0x410 [ 2765.109919][ T7408] ? tomoyo_mount_permission+0x10a/0x410 [ 2765.116539][ T7408] ? tomoyo_mount_acl+0x840/0x840 04:13:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x1200}, 0x0) [ 2765.121589][ T7408] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2765.130368][ T7408] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2765.136647][ T7408] ? strncpy_from_user+0x2b4/0x400 [ 2765.141791][ T7408] tomoyo_sb_mount+0x35/0x40 [ 2765.146414][ T7408] security_sb_mount+0x87/0xd0 [ 2765.151215][ T7408] do_mount+0x1d4/0x1c30 [ 2765.155482][ T7408] ? copy_mount_options+0x5c/0x3f0 [ 2765.160631][ T7408] ? copy_mount_string+0x40/0x40 [ 2765.165595][ T7408] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2765.171882][ T7408] ? _copy_from_user+0x12c/0x1a0 [ 2765.176841][ T7408] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2765.183099][ T7408] ? copy_mount_options+0x2e8/0x3f0 [ 2765.188318][ T7408] ksys_mount+0xdb/0x150 [ 2765.192579][ T7408] __x64_sys_mount+0xbe/0x150 [ 2765.197272][ T7408] do_syscall_64+0xfd/0x6a0 [ 2765.201791][ T7408] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2765.201803][ T7408] RIP: 0033:0x45c26a [ 2765.201819][ T7408] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2765.201825][ T7408] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2765.201838][ T7408] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2765.201846][ T7408] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2765.201854][ T7408] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2765.201861][ T7408] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 04:13:52 executing program 3 (fault-call:0 fault-nth:56): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:52 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x121, 0xe00000000000000) [ 2765.201869][ T7408] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2765.202339][ T7408] ERROR: Out of memory at tomoyo_realpath_from_path. [ 2765.208796][ C1] net_ratelimit: 16 callbacks suppressed [ 2765.208803][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2765.299938][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:13:52 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2765.338890][ T7512] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:52 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801900000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2765.594258][ T7655] FAULT_INJECTION: forcing a failure. [ 2765.594258][ T7655] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2765.607595][ T7655] CPU: 1 PID: 7655 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2765.615149][ T7655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2765.625235][ T7655] Call Trace: [ 2765.628553][ T7655] dump_stack+0x16f/0x1f0 [ 2765.632941][ T7655] should_fail.cold+0xa/0x15 [ 2765.637567][ T7655] ? fault_create_debugfs_attr+0x180/0x180 04:13:53 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x1300}, 0x0) [ 2765.643402][ T7655] ? __kasan_check_read+0x11/0x20 [ 2765.648462][ T7655] ? __lock_acquire+0x1702/0x4c30 [ 2765.653564][ T7655] should_fail_alloc_page+0x50/0x60 [ 2765.658892][ T7655] __alloc_pages_nodemask+0x1a1/0x8e0 [ 2765.664292][ T7655] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2765.669961][ T7655] ? __alloc_pages_slowpath+0x2520/0x2520 [ 2765.675721][ T7655] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2765.681433][ T7655] cache_grow_begin+0x90/0xc90 [ 2765.686245][ T7655] ? trace_hardirqs_off+0x62/0x210 [ 2765.691407][ T7655] kmem_cache_alloc_trace+0x695/0x770 [ 2765.696835][ T7655] copy_mount_options+0x5c/0x3f0 [ 2765.701923][ T7655] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2765.708287][ T7655] ksys_mount+0xa7/0x150 [ 2765.712641][ T7655] __x64_sys_mount+0xbe/0x150 [ 2765.717346][ T7655] do_syscall_64+0xfd/0x6a0 [ 2765.721875][ T7655] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2765.727788][ T7655] RIP: 0033:0x45c26a 04:13:53 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x122, 0xe00000000000000) [ 2765.731706][ T7655] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2765.751322][ T7655] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2765.759732][ T7655] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2765.767702][ T7655] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2765.775688][ T7655] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2765.783671][ T7655] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 04:13:53 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000007000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2765.792447][ T7655] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:53 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21100000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:53 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x123, 0xe00000000000000) [ 2766.049730][ T8003] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:53 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x1400}, 0x0) 04:13:53 executing program 3 (fault-call:0 fault-nth:57): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:53 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2766.257463][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2766.257526][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2766.263367][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2766.269152][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2766.274956][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2766.286388][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2766.292382][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2766.298295][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:13:53 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000a000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:53 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01900000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2766.494282][ T8321] FAULT_INJECTION: forcing a failure. [ 2766.494282][ T8321] name failslab, interval 1, probability 0, space 0, times 0 [ 2766.507078][ T8321] CPU: 1 PID: 8321 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2766.514640][ T8321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2766.524705][ T8321] Call Trace: [ 2766.528008][ T8321] dump_stack+0x16f/0x1f0 [ 2766.532356][ T8321] should_fail.cold+0xa/0x15 [ 2766.536974][ T8321] ? fault_create_debugfs_attr+0x180/0x180 [ 2766.542810][ T8321] __should_failslab+0x121/0x190 [ 2766.547774][ T8321] should_failslab+0x9/0x14 [ 2766.552299][ T8321] __kmalloc+0x2ce/0x760 [ 2766.556562][ T8321] ? tomoyo_realpath_from_path+0xc0/0x7b0 [ 2766.562328][ T8321] ? tomoyo_realpath_from_path+0xc0/0x7b0 [ 2766.568087][ T8321] ? rcu_read_lock_sched_held+0x110/0x130 [ 2766.573843][ T8321] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 2766.579604][ T8321] tomoyo_realpath_from_path+0xcd/0x7b0 [ 2766.585204][ T8321] tomoyo_mount_acl+0x149/0x840 [ 2766.590120][ T8321] ? __kasan_check_read+0x11/0x20 [ 2766.595181][ T8321] ? mark_lock+0xc0/0x11e0 [ 2766.599647][ T8321] ? lock_downgrade+0x920/0x920 [ 2766.604587][ T8321] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 2766.610163][ T8321] ? __kasan_check_read+0x11/0x20 [ 2766.615227][ T8321] ? trace_hardirqs_off+0x62/0x210 [ 2766.620570][ T8321] ? lock_acquire+0x190/0x400 [ 2766.625279][ T8321] ? tomoyo_mount_permission+0x10a/0x410 [ 2766.630951][ T8321] tomoyo_mount_permission+0x16a/0x410 [ 2766.636446][ T8321] ? tomoyo_mount_permission+0x10a/0x410 [ 2766.642130][ T8321] ? tomoyo_mount_acl+0x840/0x840 [ 2766.647182][ T8321] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2766.653448][ T8321] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2766.659716][ T8321] ? strncpy_from_user+0x2b4/0x400 [ 2766.664902][ T8321] tomoyo_sb_mount+0x35/0x40 [ 2766.669530][ T8321] security_sb_mount+0x87/0xd0 [ 2766.674334][ T8321] do_mount+0x1d4/0x1c30 [ 2766.678605][ T8321] ? copy_mount_options+0x5c/0x3f0 [ 2766.683746][ T8321] ? copy_mount_string+0x40/0x40 [ 2766.688823][ T8321] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2766.695171][ T8321] ? copy_mount_options+0x2e8/0x3f0 [ 2766.700430][ T8321] ksys_mount+0xdb/0x150 [ 2766.704690][ T8321] __x64_sys_mount+0xbe/0x150 [ 2766.709389][ T8321] do_syscall_64+0xfd/0x6a0 [ 2766.713908][ T8321] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2766.719817][ T8321] RIP: 0033:0x45c26a [ 2766.723716][ T8321] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2766.743443][ T8321] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2766.752020][ T8321] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2766.760013][ T8321] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2766.768005][ T8321] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2766.775980][ T8321] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2766.783954][ T8321] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:54 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2766.792143][ T8321] ERROR: Out of memory at tomoyo_realpath_from_path. 04:13:54 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x124, 0xe00000000000000) 04:13:54 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x4000}, 0x0) 04:13:54 executing program 3 (fault-call:0 fault-nth:58): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2766.818640][ T8386] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:54 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:54 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000011000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2767.205940][ T8515] FAULT_INJECTION: forcing a failure. [ 2767.205940][ T8515] name failslab, interval 1, probability 0, space 0, times 0 [ 2767.218628][ T8515] CPU: 1 PID: 8515 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2767.226187][ T8515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2767.236263][ T8515] Call Trace: [ 2767.239573][ T8515] dump_stack+0x16f/0x1f0 [ 2767.243936][ T8515] should_fail.cold+0xa/0x15 [ 2767.248558][ T8515] ? fault_create_debugfs_attr+0x180/0x180 [ 2767.255932][ T8515] __should_failslab+0x121/0x190 [ 2767.260897][ T8515] should_failslab+0x9/0x14 [ 2767.265417][ T8515] kmem_cache_alloc_trace+0x2c3/0x770 [ 2767.270803][ T8515] ? symbol_put_addr+0x40/0x40 [ 2767.275680][ T8515] alloc_fs_context+0x5a/0x680 [ 2767.280466][ T8515] fs_context_for_mount+0x25/0x30 [ 2767.286109][ T8515] do_mount+0x132d/0x1c30 [ 2767.290555][ T8515] ? copy_mount_string+0x40/0x40 [ 2767.295518][ T8515] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2767.301779][ T8515] ? _copy_from_user+0x12c/0x1a0 [ 2767.306740][ T8515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2767.313001][ T8515] ? copy_mount_options+0x2e8/0x3f0 [ 2767.318225][ T8515] ksys_mount+0xdb/0x150 [ 2767.322497][ T8515] __x64_sys_mount+0xbe/0x150 [ 2767.327192][ T8515] do_syscall_64+0xfd/0x6a0 [ 2767.331723][ T8515] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2767.337635][ T8515] RIP: 0033:0x45c26a [ 2767.341545][ T8515] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2767.361167][ T8515] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2767.369600][ T8515] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2767.377580][ T8515] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2767.385589][ T8515] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2767.393749][ T8515] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 04:13:54 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x43050000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2767.401746][ T8515] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:54 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a001a00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2767.448333][ T8675] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:55 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x125, 0xe00000000000000) 04:13:55 executing program 3 (fault-call:0 fault-nth:59): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:55 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x34000}, 0x0) 04:13:55 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:55 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000020000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:55 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401a00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2767.869732][ T8878] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:55 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e0000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:55 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x126, 0xe00000000000000) [ 2768.027064][ T9111] FAULT_INJECTION: forcing a failure. [ 2768.027064][ T9111] name failslab, interval 1, probability 0, space 0, times 0 [ 2768.039938][ T9111] CPU: 1 PID: 9111 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2768.047499][ T9111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2768.057566][ T9111] Call Trace: [ 2768.060875][ T9111] dump_stack+0x16f/0x1f0 [ 2768.065328][ T9111] should_fail.cold+0xa/0x15 [ 2768.070060][ T9111] ? fault_create_debugfs_attr+0x180/0x180 [ 2768.075916][ T9111] __should_failslab+0x121/0x190 [ 2768.080890][ T9111] should_failslab+0x9/0x14 [ 2768.085418][ T9111] __kmalloc+0x2ce/0x760 [ 2768.089686][ T9111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2768.095954][ T9111] ? d_absolute_path+0x11b/0x170 [ 2768.100910][ T9111] ? __d_path+0x140/0x140 [ 2768.105281][ T9111] ? rcu_read_lock_sched_held+0x110/0x130 [ 2768.111024][ T9111] ? tomoyo_encode2.part.0+0xf5/0x400 [ 2768.116417][ T9111] tomoyo_encode2.part.0+0xf5/0x400 [ 2768.121636][ T9111] tomoyo_encode+0x2b/0x50 [ 2768.126074][ T9111] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 2768.131751][ T9111] tomoyo_mount_acl+0x149/0x840 [ 2768.136671][ T9111] ? __kasan_check_read+0x11/0x20 [ 2768.141732][ T9111] ? mark_lock+0xc0/0x11e0 [ 2768.146180][ T9111] ? lock_downgrade+0x920/0x920 [ 2768.151075][ T9111] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 2768.165367][ T9111] ? __kasan_check_read+0x11/0x20 [ 2768.172077][ T9111] ? trace_hardirqs_off+0x62/0x210 [ 2768.177251][ T9111] ? lock_acquire+0x190/0x400 [ 2768.181960][ T9111] ? tomoyo_mount_permission+0x10a/0x410 [ 2768.187627][ T9111] tomoyo_mount_permission+0x16a/0x410 [ 2768.193109][ T9111] ? tomoyo_mount_permission+0x10a/0x410 [ 2768.198766][ T9111] ? tomoyo_mount_acl+0x840/0x840 [ 2768.203818][ T9111] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2768.210088][ T9111] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2768.216348][ T9111] ? strncpy_from_user+0x2b4/0x400 [ 2768.221470][ T9111] tomoyo_sb_mount+0x35/0x40 [ 2768.226073][ T9111] security_sb_mount+0x87/0xd0 [ 2768.230861][ T9111] do_mount+0x1d4/0x1c30 [ 2768.235125][ T9111] ? retint_kernel+0x10/0x10 [ 2768.239742][ T9111] ? copy_mount_string+0x40/0x40 [ 2768.244710][ T9111] ? copy_mount_options+0x260/0x3f0 [ 2768.249931][ T9111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2768.256192][ T9111] ? copy_mount_options+0x2e8/0x3f0 [ 2768.261423][ T9111] ksys_mount+0xdb/0x150 [ 2768.265689][ T9111] __x64_sys_mount+0xbe/0x150 [ 2768.270389][ T9111] do_syscall_64+0xfd/0x6a0 [ 2768.274919][ T9111] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2768.280841][ T9111] RIP: 0033:0x45c26a [ 2768.284758][ T9111] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2768.304374][ T9111] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2768.312843][ T9111] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a 04:13:55 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801a00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:55 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000003f000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2768.320833][ T9111] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2768.328825][ T9111] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2768.336816][ T9111] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2768.344820][ T9111] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2768.353247][ T9111] ERROR: Out of memory at tomoyo_realpath_from_path. 04:13:55 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x400300}, 0x0) 04:13:56 executing program 3 (fault-call:0 fault-nth:60): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2768.566284][ T9216] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:56 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80350000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:56 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01a00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2768.836580][ T9443] FAULT_INJECTION: forcing a failure. [ 2768.836580][ T9443] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2768.849867][ T9443] CPU: 0 PID: 9443 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2768.857476][ T9443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2768.867662][ T9443] Call Trace: [ 2768.870979][ T9443] dump_stack+0x16f/0x1f0 [ 2768.875330][ T9443] should_fail.cold+0xa/0x15 [ 2768.879986][ T9443] ? fault_create_debugfs_attr+0x180/0x180 [ 2768.885857][ T9443] ? trace_hardirqs_off+0x62/0x210 [ 2768.890994][ T9443] should_fail_alloc_page+0x50/0x60 [ 2768.896218][ T9443] __alloc_pages_nodemask+0x1a1/0x8e0 [ 2768.901620][ T9443] ? putname+0xef/0x130 [ 2768.905808][ T9443] ? __alloc_pages_slowpath+0x2520/0x2520 [ 2768.911567][ T9443] ? nd_jump_link+0x1d0/0x1d0 [ 2768.916278][ T9443] cache_grow_begin+0x90/0xc90 [ 2768.921075][ T9443] ? trace_hardirqs_off+0x62/0x210 [ 2768.926215][ T9443] __kmalloc+0x694/0x760 [ 2768.930569][ T9443] ? tomoyo_realpath_from_path+0xc0/0x7b0 04:13:56 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x127, 0xe00000000000000) [ 2768.936310][ T9443] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 2768.942054][ T9443] tomoyo_realpath_from_path+0xcd/0x7b0 [ 2768.947637][ T9443] tomoyo_mount_acl+0x2cc/0x840 [ 2768.952517][ T9443] ? mark_lock+0xc0/0x11e0 [ 2768.956967][ T9443] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 2768.962548][ T9443] ? __kasan_check_read+0x11/0x20 [ 2768.967605][ T9443] ? trace_hardirqs_off+0x62/0x210 [ 2768.972763][ T9443] ? lock_acquire+0x190/0x400 [ 2768.977460][ T9443] ? tomoyo_mount_permission+0x10a/0x410 [ 2768.983112][ T9443] tomoyo_mount_permission+0x16a/0x410 [ 2768.988586][ T9443] ? tomoyo_mount_permission+0x10a/0x410 [ 2768.994239][ T9443] ? tomoyo_mount_acl+0x840/0x840 [ 2768.999282][ T9443] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2769.005555][ T9443] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2769.011809][ T9443] ? strncpy_from_user+0x2b4/0x400 [ 2769.016933][ T9443] tomoyo_sb_mount+0x35/0x40 [ 2769.021538][ T9443] security_sb_mount+0x87/0xd0 [ 2769.026312][ T9443] do_mount+0x1d4/0x1c30 [ 2769.030567][ T9443] ? copy_mount_options+0x5c/0x3f0 04:13:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x1000000}, 0x0) [ 2769.035735][ T9443] ? copy_mount_string+0x40/0x40 [ 2769.040696][ T9443] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2769.046956][ T9443] ? copy_mount_options+0x2e8/0x3f0 [ 2769.052169][ T9443] ksys_mount+0xdb/0x150 [ 2769.056507][ T9443] __x64_sys_mount+0xbe/0x150 [ 2769.061196][ T9443] do_syscall_64+0xfd/0x6a0 [ 2769.065737][ T9443] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2769.071635][ T9443] RIP: 0033:0x45c26a [ 2769.075546][ T9443] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2769.095166][ T9443] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2769.103595][ T9443] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2769.111937][ T9443] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2769.119937][ T9443] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2769.129440][ T9443] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 04:13:56 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:56 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000040000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2769.137459][ T9443] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:56 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x128, 0xe00000000000000) 04:13:56 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86ddffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2769.445081][ T9754] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:56 executing program 3 (fault-call:0 fault-nth:61): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x2000000}, 0x0) 04:13:56 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a001b00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:57 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x129, 0xe00000000000000) [ 2769.769071][ T9983] FAULT_INJECTION: forcing a failure. [ 2769.769071][ T9983] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2769.782314][ T9983] CPU: 1 PID: 9983 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2769.789901][ T9983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2769.799967][ T9983] Call Trace: [ 2769.803271][ T9983] dump_stack+0x16f/0x1f0 [ 2769.807706][ T9983] should_fail.cold+0xa/0x15 [ 2769.812311][ T9983] ? __kmalloc+0x163/0x760 [ 2769.816745][ T9983] ? fault_create_debugfs_attr+0x180/0x180 [ 2769.822577][ T9983] ? do_mount+0x1d4/0x1c30 [ 2769.827019][ T9983] ? ksys_mount+0xdb/0x150 [ 2769.831444][ T9983] ? __x64_sys_mount+0xbe/0x150 [ 2769.836297][ T9983] ? do_syscall_64+0xfd/0x6a0 [ 2769.840974][ T9983] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2769.847057][ T9983] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2769.852794][ T9983] should_fail_alloc_page+0x50/0x60 [ 2769.858023][ T9983] __alloc_pages_nodemask+0x1a1/0x8e0 [ 2769.863404][ T9983] ? is_bpf_text_address+0xd7/0x170 04:13:57 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401b00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2769.868613][ T9983] ? __alloc_pages_slowpath+0x2520/0x2520 [ 2769.874361][ T9983] ? unwind_get_return_address+0x61/0xa0 [ 2769.880022][ T9983] cache_grow_begin+0x90/0xc90 [ 2769.884791][ T9983] ? trace_hardirqs_off+0x62/0x210 [ 2769.889888][ T9983] __kmalloc+0x694/0x760 [ 2769.894149][ T9983] ? tomoyo_realpath_from_path+0xc0/0x7b0 [ 2769.899964][ T9983] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 2769.905670][ T9983] tomoyo_realpath_from_path+0xcd/0x7b0 [ 2769.911210][ T9983] tomoyo_mount_acl+0x149/0x840 [ 2769.916047][ T9983] ? __kasan_check_read+0x11/0x20 [ 2769.921056][ T9983] ? mark_lock+0xc0/0x11e0 [ 2769.925458][ T9983] ? lock_downgrade+0x920/0x920 [ 2769.930314][ T9983] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 2769.935894][ T9983] ? __kasan_check_read+0x11/0x20 [ 2769.940918][ T9983] ? trace_hardirqs_off+0x62/0x210 [ 2769.946039][ T9983] ? lock_acquire+0x190/0x400 [ 2769.950711][ T9983] ? tomoyo_mount_permission+0x10a/0x410 [ 2769.956365][ T9983] tomoyo_mount_permission+0x16a/0x410 [ 2769.961836][ T9983] ? tomoyo_mount_permission+0x10a/0x410 [ 2769.967494][ T9983] ? tomoyo_mount_acl+0x840/0x840 [ 2769.972510][ T9983] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2769.978749][ T9983] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2769.984978][ T9983] ? strncpy_from_user+0x2b4/0x400 [ 2769.990230][ T9983] tomoyo_sb_mount+0x35/0x40 [ 2769.994865][ T9983] security_sb_mount+0x87/0xd0 [ 2769.999628][ T9983] do_mount+0x1d4/0x1c30 [ 2770.003955][ T9983] ? copy_mount_options+0x5c/0x3f0 [ 2770.009061][ T9983] ? copy_mount_string+0x40/0x40 [ 2770.013994][ T9983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2770.020273][ T9983] ? copy_mount_options+0x2e8/0x3f0 [ 2770.025510][ T9983] ksys_mount+0xdb/0x150 [ 2770.029775][ T9983] __x64_sys_mount+0xbe/0x150 [ 2770.034486][ T9983] do_syscall_64+0xfd/0x6a0 [ 2770.039022][ T9983] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2770.044925][ T9983] RIP: 0033:0x45c26a [ 2770.048811][ T9983] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 04:13:57 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88470000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x3000000}, 0x0) [ 2770.068430][ T9983] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2770.076866][ T9983] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2770.084841][ T9983] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2770.092814][ T9983] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2770.100775][ T9983] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2770.108970][ T9983] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:57 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000048000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:57 executing program 3 (fault-call:0 fault-nth:62): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2770.336316][T10186] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:57 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x12a, 0xe00000000000000) [ 2770.452288][ C1] net_ratelimit: 12 callbacks suppressed [ 2770.452297][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2770.462512][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2770.463895][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2770.469632][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2770.475479][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2770.486852][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2770.492796][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2770.498670][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2770.510574][T10237] FAULT_INJECTION: forcing a failure. [ 2770.510574][T10237] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2770.523813][T10237] CPU: 1 PID: 10237 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2770.531451][T10237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2770.541512][T10237] Call Trace: [ 2770.544807][T10237] dump_stack+0x16f/0x1f0 04:13:57 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88480000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:13:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x4000000}, 0x0) [ 2770.549181][T10237] should_fail.cold+0xa/0x15 [ 2770.553796][T10237] ? fault_create_debugfs_attr+0x180/0x180 [ 2770.559615][T10237] ? __kasan_check_read+0x11/0x20 [ 2770.564655][T10237] ? __lock_acquire+0x1702/0x4c30 [ 2770.569703][T10237] should_fail_alloc_page+0x50/0x60 [ 2770.574948][T10237] __alloc_pages_nodemask+0x1a1/0x8e0 [ 2770.580341][T10237] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2770.585992][T10237] ? __alloc_pages_slowpath+0x2520/0x2520 [ 2770.591714][T10237] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2770.597368][T10237] cache_grow_begin+0x90/0xc90 [ 2770.602128][T10237] ? trace_hardirqs_off+0x62/0x210 [ 2770.607244][T10237] kmem_cache_alloc+0x636/0x700 [ 2770.612109][T10237] ? symbol_put_addr+0x40/0x40 [ 2770.616867][T10237] getname_kernel+0x53/0x370 [ 2770.621445][T10237] kern_path+0x20/0x40 [ 2770.625511][T10237] tomoyo_mount_acl+0x28c/0x840 [ 2770.630356][T10237] ? mark_lock+0xc0/0x11e0 [ 2770.634761][T10237] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 2770.640317][T10237] ? __kasan_check_read+0x11/0x20 [ 2770.645343][T10237] ? trace_hardirqs_off+0x62/0x210 [ 2770.650464][T10237] ? lock_acquire+0x190/0x400 [ 2770.655126][T10237] ? tomoyo_mount_permission+0x10a/0x410 [ 2770.660750][T10237] tomoyo_mount_permission+0x16a/0x410 [ 2770.666192][T10237] ? tomoyo_mount_permission+0x10a/0x410 [ 2770.671811][T10237] ? tomoyo_mount_acl+0x840/0x840 [ 2770.676820][T10237] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2770.683056][T10237] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2770.689278][T10237] ? strncpy_from_user+0x2b4/0x400 [ 2770.694384][T10237] tomoyo_sb_mount+0x35/0x40 [ 2770.698972][T10237] security_sb_mount+0x87/0xd0 [ 2770.703720][T10237] do_mount+0x1d4/0x1c30 [ 2770.707944][T10237] ? copy_mount_options+0x5c/0x3f0 [ 2770.713055][T10237] ? copy_mount_string+0x40/0x40 [ 2770.717980][T10237] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2770.724218][T10237] ? copy_mount_options+0x2e8/0x3f0 [ 2770.729424][T10237] ksys_mount+0xdb/0x150 [ 2770.733652][T10237] __x64_sys_mount+0xbe/0x150 [ 2770.738312][T10237] do_syscall_64+0xfd/0x6a0 [ 2770.742809][T10237] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2770.748697][T10237] RIP: 0033:0x45c26a [ 2770.752579][T10237] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2770.772167][T10237] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2770.780571][T10237] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2770.788538][T10237] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2770.796493][T10237] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2770.804448][T10237] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2770.812403][T10237] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:58 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000004c000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:13:58 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801b00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:58 executing program 3 (fault-call:0 fault-nth:63): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2771.075650][T10431] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:58 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88640000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2771.290239][T10684] FAULT_INJECTION: forcing a failure. [ 2771.290239][T10684] name failslab, interval 1, probability 0, space 0, times 0 [ 2771.302967][T10684] CPU: 1 PID: 10684 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2771.310609][T10684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2771.320672][T10684] Call Trace: [ 2771.323981][T10684] dump_stack+0x16f/0x1f0 [ 2771.328326][T10684] should_fail.cold+0xa/0x15 [ 2771.332937][T10684] ? fault_create_debugfs_attr+0x180/0x180 04:13:58 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x12b, 0xe00000000000000) 04:13:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x5000000}, 0x0) [ 2771.338771][T10684] __should_failslab+0x121/0x190 [ 2771.343744][T10684] should_failslab+0x9/0x14 [ 2771.348262][T10684] __kmalloc_track_caller+0x2ca/0x750 [ 2771.353671][T10684] ? vfs_parse_fs_string+0xe8/0x170 [ 2771.358901][T10684] kmemdup_nul+0x31/0xa0 [ 2771.363149][T10684] vfs_parse_fs_string+0xe8/0x170 [ 2771.368181][T10684] ? vfs_parse_fs_param+0x540/0x540 [ 2771.373484][T10684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2771.379727][T10684] ? alloc_fs_context+0x3ee/0x680 [ 2771.384764][T10684] do_mount+0x700/0x1c30 [ 2771.389030][T10684] ? copy_mount_string+0x40/0x40 [ 2771.393981][T10684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2771.400229][T10684] ? copy_mount_options+0x2e8/0x3f0 [ 2771.405438][T10684] ksys_mount+0xdb/0x150 [ 2771.409689][T10684] __x64_sys_mount+0xbe/0x150 [ 2771.414380][T10684] do_syscall_64+0xfd/0x6a0 [ 2771.418901][T10684] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2771.424795][T10684] RIP: 0033:0x45c26a [ 2771.428693][T10684] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2771.448298][T10684] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2771.456708][T10684] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2771.464674][T10684] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2771.472672][T10684] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2771.480653][T10684] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 04:13:58 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01b00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:58 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88a8ffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2771.488628][T10684] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:58 executing program 3 (fault-call:0 fault-nth:64): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:13:59 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000060000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2771.581679][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2771.587592][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:13:59 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88caffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2771.766734][T10760] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2771.848645][T10776] FAULT_INJECTION: forcing a failure. [ 2771.848645][T10776] name failslab, interval 1, probability 0, space 0, times 0 [ 2771.861407][T10776] CPU: 1 PID: 10776 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2771.869044][T10776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2771.879200][T10776] Call Trace: [ 2771.882517][T10776] dump_stack+0x16f/0x1f0 [ 2771.886870][T10776] should_fail.cold+0xa/0x15 [ 2771.891482][T10776] ? fault_create_debugfs_attr+0x180/0x180 [ 2771.897329][T10776] __should_failslab+0x121/0x190 [ 2771.902286][T10776] should_failslab+0x9/0x14 [ 2771.907804][T10776] kmem_cache_alloc_trace+0x2c3/0x770 [ 2771.913297][T10776] ? lockdep_init_map+0x1be/0x6d0 [ 2771.918348][T10776] legacy_init_fs_context+0x48/0xe0 [ 2771.923569][T10776] ? generic_parse_monolithic+0x200/0x200 [ 2771.929310][T10776] alloc_fs_context+0x39d/0x680 [ 2771.934188][T10776] fs_context_for_mount+0x25/0x30 [ 2771.939245][T10776] vfs_kern_mount.part.0+0x28/0xf0 [ 2771.944381][T10776] vfs_kern_mount+0x40/0x60 04:13:59 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x12c, 0xe00000000000000) [ 2771.948904][T10776] btrfs_mount+0x2b4/0x15e2 [ 2771.953426][T10776] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2771.959685][T10776] ? should_fail+0x1de/0x852 [ 2771.964307][T10776] ? btrfs_remount+0x10f0/0x10f0 [ 2771.969270][T10776] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2771.975521][T10776] ? refcount_sub_and_test_checked+0x154/0x200 [ 2771.981685][T10776] ? refcount_dec_not_one+0x1f0/0x1f0 [ 2771.987071][T10776] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2771.993329][T10776] ? vfs_parse_fs_string+0x111/0x170 04:13:59 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x6000000}, 0x0) [ 2771.998628][T10776] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2772.004619][T10776] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2772.010864][T10776] ? apparmor_capable+0x2ef/0x640 [ 2772.015873][T10776] ? cap_capable+0x205/0x270 [ 2772.020447][T10776] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2772.026684][T10776] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2772.033113][T10776] ? btrfs_remount+0x10f0/0x10f0 [ 2772.038080][T10776] legacy_get_tree+0x108/0x220 [ 2772.042842][T10776] ? legacy_get_tree+0x108/0x220 [ 2772.047763][T10776] vfs_get_tree+0x8e/0x390 [ 2772.052181][T10776] do_mount+0x13b3/0x1c30 [ 2772.056514][T10776] ? copy_mount_string+0x40/0x40 [ 2772.061499][T10776] ? copy_mount_options+0x260/0x3f0 [ 2772.066696][T10776] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2772.072943][T10776] ? copy_mount_options+0x2e8/0x3f0 [ 2772.078146][T10776] ksys_mount+0xdb/0x150 [ 2772.082408][T10776] __x64_sys_mount+0xbe/0x150 [ 2772.087097][T10776] do_syscall_64+0xfd/0x6a0 [ 2772.091619][T10776] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2772.097517][T10776] RIP: 0033:0x45c26a [ 2772.101400][T10776] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2772.121005][T10776] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2772.129404][T10776] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2772.137373][T10776] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 04:13:59 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000068000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2772.145340][T10776] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2772.153312][T10776] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2772.161293][T10776] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:13:59 executing program 3 (fault-call:0 fault-nth:65): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2772.363923][T11080] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:13:59 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a001c00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:13:59 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89060000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:00 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x12d, 0xe00000000000000) 04:14:00 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dffffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2772.684664][T11386] FAULT_INJECTION: forcing a failure. [ 2772.684664][T11386] name failslab, interval 1, probability 0, space 0, times 0 [ 2772.697542][T11386] CPU: 1 PID: 11386 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2772.705183][T11386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2772.715246][T11386] Call Trace: [ 2772.718551][T11386] dump_stack+0x16f/0x1f0 [ 2772.722903][T11386] should_fail.cold+0xa/0x15 [ 2772.727516][T11386] ? fault_create_debugfs_attr+0x180/0x180 [ 2772.733351][T11386] __should_failslab+0x121/0x190 [ 2772.738335][T11386] should_failslab+0x9/0x14 [ 2772.742848][T11386] __kmalloc+0x2ce/0x760 [ 2772.747100][T11386] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2772.753355][T11386] ? d_absolute_path+0x11b/0x170 [ 2772.758299][T11386] ? __d_path+0x140/0x140 [ 2772.762643][T11386] ? rcu_read_lock_sched_held+0x110/0x130 [ 2772.768389][T11386] ? tomoyo_encode2.part.0+0xf5/0x400 [ 2772.773804][T11386] tomoyo_encode2.part.0+0xf5/0x400 [ 2772.779021][T11386] tomoyo_encode+0x2b/0x50 [ 2772.783447][T11386] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 2772.789095][T11386] tomoyo_mount_acl+0x2cc/0x840 [ 2772.793958][T11386] ? mark_lock+0xc0/0x11e0 [ 2772.798382][T11386] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 2772.803941][T11386] ? __kasan_check_read+0x11/0x20 [ 2772.808991][T11386] ? trace_hardirqs_off+0x62/0x210 [ 2772.814129][T11386] ? lock_acquire+0x190/0x400 [ 2772.818809][T11386] ? tomoyo_mount_permission+0x10a/0x410 [ 2772.824453][T11386] tomoyo_mount_permission+0x16a/0x410 [ 2772.829915][T11386] ? tomoyo_mount_permission+0x10a/0x410 [ 2772.835561][T11386] ? tomoyo_mount_acl+0x840/0x840 [ 2772.840675][T11386] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2772.846930][T11386] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2772.853200][T11386] ? strncpy_from_user+0x2b4/0x400 [ 2772.858322][T11386] tomoyo_sb_mount+0x35/0x40 [ 2772.862917][T11386] security_sb_mount+0x87/0xd0 [ 2772.867690][T11386] do_mount+0x1d4/0x1c30 [ 2772.871934][T11386] ? copy_mount_options+0x5c/0x3f0 [ 2772.877061][T11386] ? copy_mount_string+0x40/0x40 [ 2772.882006][T11386] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2772.888268][T11386] ? copy_mount_options+0x2e8/0x3f0 [ 2772.893471][T11386] ksys_mount+0xdb/0x150 [ 2772.897719][T11386] __x64_sys_mount+0xbe/0x150 [ 2772.902408][T11386] do_syscall_64+0xfd/0x6a0 [ 2772.907427][T11386] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2772.913554][T11386] RIP: 0033:0x45c26a [ 2772.917461][T11386] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2772.938436][T11386] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2772.946858][T11386] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2772.955607][T11386] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2772.963596][T11386] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2772.971699][T11386] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 04:14:00 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401c00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:14:00 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000006c000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2772.980950][T11386] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2772.989090][T11386] ERROR: Out of memory at tomoyo_realpath_from_path. 04:14:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x8000000}, 0x0) [ 2773.123719][T11404] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:14:00 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf20a3000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:00 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x12e, 0xe00000000000000) 04:14:00 executing program 3 (fault-call:0 fault-nth:66): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:14:00 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000074000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:14:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x9000000}, 0x0) 04:14:00 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:00 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801c00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2773.555995][T11779] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2773.657121][T11805] FAULT_INJECTION: forcing a failure. [ 2773.657121][T11805] name failslab, interval 1, probability 0, space 0, times 0 [ 2773.669902][T11805] CPU: 1 PID: 11805 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2773.677564][T11805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2773.687638][T11805] Call Trace: [ 2773.690953][T11805] dump_stack+0x16f/0x1f0 [ 2773.695309][T11805] should_fail.cold+0xa/0x15 [ 2773.699924][T11805] ? fault_create_debugfs_attr+0x180/0x180 04:14:01 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x12f, 0xe00000000000000) [ 2773.705762][T11805] __should_failslab+0x121/0x190 [ 2773.710732][T11805] should_failslab+0x9/0x14 [ 2773.715254][T11805] kmem_cache_alloc_trace+0x2c3/0x770 [ 2773.720651][T11805] ? lockdep_init_map+0x1be/0x6d0 [ 2773.725726][T11805] legacy_init_fs_context+0x48/0xe0 [ 2773.730954][T11805] ? generic_parse_monolithic+0x200/0x200 [ 2773.736694][T11805] alloc_fs_context+0x39d/0x680 [ 2773.741565][T11805] fs_context_for_mount+0x25/0x30 [ 2773.746606][T11805] do_mount+0x132d/0x1c30 [ 2773.750960][T11805] ? copy_mount_string+0x40/0x40 [ 2773.755921][T11805] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2773.762174][T11805] ? _copy_from_user+0x12c/0x1a0 [ 2773.767139][T11805] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2773.773402][T11805] ? copy_mount_options+0x2e8/0x3f0 [ 2773.778619][T11805] ksys_mount+0xdb/0x150 [ 2773.782886][T11805] __x64_sys_mount+0xbe/0x150 [ 2773.787585][T11805] do_syscall_64+0xfd/0x6a0 [ 2773.792104][T11805] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2773.798006][T11805] RIP: 0033:0x45c26a [ 2773.801905][T11805] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2773.821521][T11805] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2773.829926][T11805] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2773.837881][T11805] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2773.845870][T11805] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2773.853847][T11805] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2773.861807][T11805] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:14:01 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000007a000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:14:01 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2774.076797][T12043] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:14:01 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01c00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:14:01 executing program 3 (fault-call:0 fault-nth:67): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:14:01 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x130, 0xe00000000000000) 04:14:01 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0xa000000}, 0x0) 04:14:01 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffa888], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2774.395145][T12273] FAULT_INJECTION: forcing a failure. [ 2774.395145][T12273] name failslab, interval 1, probability 0, space 0, times 0 [ 2774.407881][T12273] CPU: 0 PID: 12273 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2774.415522][T12273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2774.425586][T12273] Call Trace: [ 2774.428894][T12273] dump_stack+0x16f/0x1f0 [ 2774.433245][T12273] should_fail.cold+0xa/0x15 [ 2774.437855][T12273] ? fault_create_debugfs_attr+0x180/0x180 04:14:01 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x131, 0xe00000000000000) [ 2774.443683][T12273] __should_failslab+0x121/0x190 [ 2774.448643][T12273] should_failslab+0x9/0x14 [ 2774.453156][T12273] kmem_cache_alloc_trace+0x2c3/0x770 [ 2774.458540][T12273] ? lockdep_init_map+0x1be/0x6d0 [ 2774.463582][T12273] legacy_init_fs_context+0x48/0xe0 [ 2774.468792][T12273] ? generic_parse_monolithic+0x200/0x200 [ 2774.474514][T12273] alloc_fs_context+0x39d/0x680 [ 2774.479370][T12273] fs_context_for_mount+0x25/0x30 [ 2774.484410][T12273] vfs_kern_mount.part.0+0x28/0xf0 [ 2774.489538][T12273] vfs_kern_mount+0x40/0x60 [ 2774.489561][T12273] btrfs_mount+0x2b4/0x15e2 [ 2774.489581][T12273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2774.489610][T12273] ? should_fail+0x1de/0x852 [ 2774.498603][T12273] ? btrfs_remount+0x10f0/0x10f0 [ 2774.498621][T12273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2774.498634][T12273] ? refcount_sub_and_test_checked+0x154/0x200 [ 2774.498649][T12273] ? refcount_dec_not_one+0x1f0/0x1f0 [ 2774.498663][T12273] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2774.498680][T12273] ? vfs_parse_fs_string+0x111/0x170 04:14:01 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a001d00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2774.498698][T12273] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2774.498719][T12273] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2774.498734][T12273] ? apparmor_capable+0x2ef/0x640 [ 2774.498755][T12273] ? cap_capable+0x205/0x270 [ 2774.565512][T12273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2774.571761][T12273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2774.571779][T12273] ? btrfs_remount+0x10f0/0x10f0 [ 2774.571795][T12273] legacy_get_tree+0x108/0x220 [ 2774.571811][T12273] ? legacy_get_tree+0x108/0x220 [ 2774.571829][T12273] vfs_get_tree+0x8e/0x390 [ 2774.571846][T12273] do_mount+0x13b3/0x1c30 [ 2774.571867][T12273] ? copy_mount_string+0x40/0x40 [ 2774.571889][T12273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2774.571904][T12273] ? copy_mount_options+0x2e8/0x3f0 [ 2774.571923][T12273] ksys_mount+0xdb/0x150 [ 2774.583128][T12273] __x64_sys_mount+0xbe/0x150 [ 2774.626960][T12273] do_syscall_64+0xfd/0x6a0 [ 2774.631491][T12273] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2774.637391][T12273] RIP: 0033:0x45c26a [ 2774.641294][T12273] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2774.660904][T12273] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2774.669325][T12273] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2774.677331][T12273] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2774.685314][T12273] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 04:14:02 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000088000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2774.693296][T12273] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2774.701282][T12273] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:14:02 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffca88], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:02 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x132, 0xe00000000000000) [ 2774.923621][T12555] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:14:02 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401d00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:14:02 executing program 3 (fault-call:0 fault-nth:68): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:14:02 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0xb000000}, 0x0) 04:14:02 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffdd86], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2775.335519][T12779] FAULT_INJECTION: forcing a failure. [ 2775.335519][T12779] name failslab, interval 1, probability 0, space 0, times 0 [ 2775.348427][T12779] CPU: 1 PID: 12779 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2775.356067][T12779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2775.366141][T12779] Call Trace: [ 2775.369483][T12779] dump_stack+0x16f/0x1f0 [ 2775.373832][T12779] should_fail.cold+0xa/0x15 [ 2775.378443][T12779] ? fault_create_debugfs_attr+0x180/0x180 [ 2775.384271][T12779] __should_failslab+0x121/0x190 [ 2775.389309][T12779] should_failslab+0x9/0x14 [ 2775.393852][T12779] kmem_cache_alloc_trace+0x2c3/0x770 [ 2775.399247][T12779] ? symbol_put_addr+0x40/0x40 [ 2775.404028][T12779] alloc_fs_context+0x5a/0x680 [ 2775.408818][T12779] fs_context_for_mount+0x25/0x30 [ 2775.413863][T12779] do_mount+0x132d/0x1c30 [ 2775.418234][T12779] ? copy_mount_string+0x40/0x40 [ 2775.423209][T12779] ? copy_mount_options+0x258/0x3f0 [ 2775.428433][T12779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2775.434738][T12779] ? copy_mount_options+0x2e8/0x3f0 [ 2775.439964][T12779] ksys_mount+0xdb/0x150 [ 2775.444259][T12779] __x64_sys_mount+0xbe/0x150 [ 2775.448959][T12779] do_syscall_64+0xfd/0x6a0 [ 2775.453495][T12779] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2775.459924][T12779] RIP: 0033:0x45c26a [ 2775.463831][T12779] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2775.483460][T12779] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2775.491901][T12779] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2775.499888][T12779] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2775.507884][T12779] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2775.515871][T12779] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2775.523856][T12779] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:14:02 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000007fffffe000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:14:02 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x133, 0xe00000000000000) 04:14:03 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:03 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801d00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2775.688978][T12893] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:14:03 executing program 3 (fault-call:0 fault-nth:69): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:14:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0xf000000}, 0x0) [ 2775.937865][ C1] net_ratelimit: 17 callbacks suppressed [ 2775.937874][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2775.949684][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:14:03 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:03 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000ffffffff000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2776.123576][T13125] FAULT_INJECTION: forcing a failure. [ 2776.123576][T13125] name failslab, interval 1, probability 0, space 0, times 0 [ 2776.136768][T13125] CPU: 0 PID: 13125 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2776.144416][T13125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2776.154479][T13125] Call Trace: [ 2776.154507][T13125] dump_stack+0x16f/0x1f0 [ 2776.154530][T13125] should_fail.cold+0xa/0x15 [ 2776.154553][T13125] ? fault_create_debugfs_attr+0x180/0x180 [ 2776.154582][T13125] __should_failslab+0x121/0x190 [ 2776.162198][T13125] should_failslab+0x9/0x14 [ 2776.162214][T13125] __kmalloc_track_caller+0x2ca/0x750 [ 2776.162233][T13125] ? vfs_parse_fs_string+0xe8/0x170 [ 2776.162250][T13125] kmemdup_nul+0x31/0xa0 [ 2776.162267][T13125] vfs_parse_fs_string+0xe8/0x170 [ 2776.162287][T13125] ? vfs_parse_fs_param+0x540/0x540 [ 2776.214332][T13125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2776.220680][T13125] ? alloc_fs_context+0x3ee/0x680 [ 2776.225734][T13125] vfs_kern_mount.part.0+0x73/0xf0 [ 2776.230874][T13125] vfs_kern_mount+0x40/0x60 [ 2776.235386][T13125] btrfs_mount+0x2b4/0x15e2 [ 2776.239900][T13125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2776.246148][T13125] ? should_fail+0x1de/0x852 [ 2776.250763][T13125] ? btrfs_remount+0x10f0/0x10f0 [ 2776.255721][T13125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2776.261971][T13125] ? refcount_sub_and_test_checked+0x154/0x200 [ 2776.268132][T13125] ? refcount_dec_not_one+0x1f0/0x1f0 04:14:03 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01d00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2776.273509][T13125] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2776.279758][T13125] ? vfs_parse_fs_string+0x111/0x170 [ 2776.285058][T13125] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2776.291048][T13125] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2776.297296][T13125] ? apparmor_capable+0x2ef/0x640 [ 2776.302325][T13125] ? cap_capable+0x205/0x270 [ 2776.306936][T13125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2776.313185][T13125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2776.319464][T13125] ? btrfs_remount+0x10f0/0x10f0 04:14:03 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x134, 0xe00000000000000) [ 2776.324409][T13125] legacy_get_tree+0x108/0x220 [ 2776.329188][T13125] ? legacy_get_tree+0x108/0x220 [ 2776.334139][T13125] vfs_get_tree+0x8e/0x390 [ 2776.338561][T13125] do_mount+0x13b3/0x1c30 [ 2776.342897][T13125] ? copy_mount_string+0x40/0x40 [ 2776.347843][T13125] ? copy_mount_options+0x270/0x3f0 [ 2776.353060][T13125] ? audit_add_tree_rule.cold+0x37/0x37 [ 2776.358615][T13125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2776.364859][T13125] ? copy_mount_options+0x2e8/0x3f0 [ 2776.370068][T13125] ksys_mount+0xdb/0x150 [ 2776.374324][T13125] __x64_sys_mount+0xbe/0x150 [ 2776.379028][T13125] do_syscall_64+0xfd/0x6a0 [ 2776.383546][T13125] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2776.389440][T13125] RIP: 0033:0x45c26a [ 2776.393341][T13125] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2776.412951][T13125] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2776.421374][T13125] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2776.429356][T13125] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2776.437361][T13125] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2776.445338][T13125] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2776.453318][T13125] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:14:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x10000000}, 0x0) 04:14:04 executing program 3 (fault-call:0 fault-nth:70): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:14:04 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff8d], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:04 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000002000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2776.744497][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2776.744633][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2776.750442][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2776.761969][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2776.767821][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2776.773704][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2776.779590][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:14:04 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a001e00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:14:04 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x135, 0xe00000000000000) 04:14:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x11000000}, 0x0) [ 2776.984465][T13578] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:14:04 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff5], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:04 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401e00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:14:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x12000000}, 0x0) [ 2777.227851][T13682] FAULT_INJECTION: forcing a failure. [ 2777.227851][T13682] name failslab, interval 1, probability 0, space 0, times 0 [ 2777.240806][T13682] CPU: 0 PID: 13682 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2777.248467][T13682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2777.259393][T13682] Call Trace: [ 2777.262718][T13682] dump_stack+0x16f/0x1f0 [ 2777.267078][T13682] should_fail.cold+0xa/0x15 [ 2777.271720][T13682] ? fault_create_debugfs_attr+0x180/0x180 [ 2777.277567][T13682] __should_failslab+0x121/0x190 [ 2777.282537][T13682] should_failslab+0x9/0x14 [ 2777.287064][T13682] __kmalloc_track_caller+0x2ca/0x750 [ 2777.292482][T13682] ? vfs_parse_fs_string+0xe8/0x170 [ 2777.297704][T13682] kmemdup_nul+0x31/0xa0 [ 2777.301974][T13682] vfs_parse_fs_string+0xe8/0x170 [ 2777.307018][T13682] ? vfs_parse_fs_param+0x540/0x540 [ 2777.312239][T13682] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2777.318494][T13682] ? alloc_fs_context+0x3ee/0x680 [ 2777.323548][T13682] do_mount+0x700/0x1c30 [ 2777.327819][T13682] ? copy_mount_string+0x40/0x40 [ 2777.332789][T13682] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2777.339053][T13682] ? copy_mount_options+0x2e8/0x3f0 [ 2777.344278][T13682] ksys_mount+0xdb/0x150 [ 2777.348556][T13682] __x64_sys_mount+0xbe/0x150 [ 2777.353272][T13682] do_syscall_64+0xfd/0x6a0 [ 2777.357808][T13682] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2777.363734][T13682] RIP: 0033:0x45c26a [ 2777.367641][T13682] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2777.387251][T13682] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2777.395672][T13682] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2777.403657][T13682] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2777.411632][T13682] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2777.411642][T13682] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 04:14:04 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x136, 0xe00000000000000) 04:14:04 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:04 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000003000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2777.411651][T13682] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:14:05 executing program 3 (fault-call:0 fault-nth:71): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2777.650893][T13879] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:14:05 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801e00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:14:05 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x13000000}, 0x0) [ 2777.832285][T14046] FAULT_INJECTION: forcing a failure. [ 2777.832285][T14046] name failslab, interval 1, probability 0, space 0, times 0 [ 2777.845156][T14046] CPU: 1 PID: 14046 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2777.852792][T14046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2777.862854][T14046] Call Trace: [ 2777.866157][T14046] dump_stack+0x16f/0x1f0 [ 2777.870503][T14046] should_fail.cold+0xa/0x15 [ 2777.875112][T14046] ? fault_create_debugfs_attr+0x180/0x180 [ 2777.881061][T14046] __should_failslab+0x121/0x190 [ 2777.886017][T14046] should_failslab+0x9/0x14 [ 2777.890534][T14046] __kmalloc_track_caller+0x2ca/0x750 [ 2777.895919][T14046] ? legacy_init_fs_context+0x48/0xe0 [ 2777.901302][T14046] ? alloc_fs_context+0x39d/0x680 [ 2777.906339][T14046] ? fs_context_for_mount+0x25/0x30 [ 2777.911553][T14046] ? do_mount+0x132d/0x1c30 [ 2777.916071][T14046] ? ksys_mount+0xdb/0x150 [ 2777.920532][T14046] ? __x64_sys_mount+0xbe/0x150 [ 2777.925397][T14046] ? do_syscall_64+0xfd/0x6a0 [ 2777.930093][T14046] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2777.936175][T14046] ? btrfs_mount+0xdc/0x15e2 [ 2777.940789][T14046] kstrdup+0x3a/0x70 [ 2777.944705][T14046] ? btrfs_remount+0x10f0/0x10f0 [ 2777.949658][T14046] btrfs_mount+0xdc/0x15e2 [ 2777.954105][T14046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2777.960361][T14046] ? should_fail+0x1de/0x852 [ 2777.964972][T14046] ? btrfs_remount+0x10f0/0x10f0 [ 2777.969929][T14046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2777.976186][T14046] ? refcount_sub_and_test_checked+0x154/0x200 [ 2777.982369][T14046] ? refcount_dec_not_one+0x1f0/0x1f0 [ 2777.987762][T14046] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2777.994012][T14046] ? vfs_parse_fs_string+0x111/0x170 [ 2777.999303][T14046] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2778.005291][T14046] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2778.011537][T14046] ? apparmor_capable+0x2ef/0x640 [ 2778.016585][T14046] ? cap_capable+0x205/0x270 [ 2778.021182][T14046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2778.027438][T14046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2778.033797][T14046] ? btrfs_remount+0x10f0/0x10f0 [ 2778.038831][T14046] legacy_get_tree+0x108/0x220 [ 2778.043691][T14046] ? legacy_get_tree+0x108/0x220 [ 2778.048650][T14046] vfs_get_tree+0x8e/0x390 [ 2778.053079][T14046] do_mount+0x13b3/0x1c30 [ 2778.057432][T14046] ? copy_mount_string+0x40/0x40 [ 2778.062394][T14046] ? copy_mount_options+0x200/0x3f0 [ 2778.067604][T14046] ? __sanitizer_cov_trace_pc+0x48/0x50 [ 2778.073159][T14046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2778.079412][T14046] ? copy_mount_options+0x2e8/0x3f0 [ 2778.084649][T14046] ksys_mount+0xdb/0x150 [ 2778.088907][T14046] __x64_sys_mount+0xbe/0x150 [ 2778.093606][T14046] do_syscall_64+0xfd/0x6a0 [ 2778.098125][T14046] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2778.104021][T14046] RIP: 0033:0x45c26a [ 2778.107929][T14046] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2778.127561][T14046] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2778.135980][T14046] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2778.143959][T14046] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2778.151945][T14046] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2778.160971][T14046] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2778.171381][T14046] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:14:05 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x137, 0xe00000000000000) 04:14:05 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2778.179703][ C1] protocol 88fb is buggy, dev hsr_slave_0 04:14:05 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000004000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:14:05 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:05 executing program 3 (fault-call:0 fault-nth:72): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:14:05 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01e00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2778.516978][T14318] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:14:05 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x138, 0xe00000000000000) 04:14:05 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x14000000}, 0x0) [ 2778.640388][T14377] FAULT_INJECTION: forcing a failure. [ 2778.640388][T14377] name failslab, interval 1, probability 0, space 0, times 0 [ 2778.653088][T14377] CPU: 1 PID: 14377 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2778.660730][T14377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2778.670794][T14377] Call Trace: [ 2778.674108][T14377] dump_stack+0x16f/0x1f0 [ 2778.678458][T14377] should_fail.cold+0xa/0x15 [ 2778.683070][T14377] ? fault_create_debugfs_attr+0x180/0x180 04:14:06 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffffffffff], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2778.688904][T14377] __should_failslab+0x121/0x190 [ 2778.693858][T14377] should_failslab+0x9/0x14 [ 2778.698372][T14377] kmem_cache_alloc_trace+0x2c3/0x770 [ 2778.703755][T14377] ? kasan_kmalloc+0x9/0x10 [ 2778.708259][T14377] ? __kmalloc_node+0x4e/0x70 [ 2778.712949][T14377] btrfs_mount_root+0x1d0/0x1290 [ 2778.717904][T14377] ? btrfs_decode_error+0x70/0x70 [ 2778.722962][T14377] ? logfc+0x700/0x700 [ 2778.727031][T14377] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2778.733300][T14377] ? vfs_parse_fs_string+0x111/0x170 [ 2778.738596][T14377] ? vfs_parse_fs_string+0x111/0x170 [ 2778.743866][T14377] ? rcu_read_lock_sched_held+0x110/0x130 [ 2778.749577][T14377] ? kfree+0x271/0x2a0 [ 2778.753649][T14377] ? vfs_parse_fs_string+0x116/0x170 [ 2778.758925][T14377] ? vfs_parse_fs_param+0x540/0x540 [ 2778.764111][T14377] ? btrfs_decode_error+0x70/0x70 [ 2778.769123][T14377] legacy_get_tree+0x108/0x220 [ 2778.773956][T14377] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2778.780221][T14377] vfs_get_tree+0x8e/0x390 [ 2778.784630][T14377] fc_mount+0x17/0xc0 [ 2778.788598][T14377] vfs_kern_mount.part.0+0xd8/0xf0 [ 2778.793695][T14377] vfs_kern_mount+0x40/0x60 [ 2778.798189][T14377] btrfs_mount+0x2b4/0x15e2 [ 2778.802707][T14377] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2778.808937][T14377] ? should_fail+0x1de/0x852 [ 2778.813542][T14377] ? btrfs_remount+0x10f0/0x10f0 [ 2778.818489][T14377] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2778.824724][T14377] ? refcount_sub_and_test_checked+0x154/0x200 [ 2778.830862][T14377] ? refcount_dec_not_one+0x1f0/0x1f0 [ 2778.836223][T14377] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2778.842448][T14377] ? vfs_parse_fs_string+0x111/0x170 [ 2778.847746][T14377] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2778.853715][T14377] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2778.859939][T14377] ? apparmor_capable+0x2ef/0x640 [ 2778.864960][T14377] ? cap_capable+0x205/0x270 [ 2778.869550][T14377] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2778.875775][T14377] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2778.882026][T14377] ? btrfs_remount+0x10f0/0x10f0 [ 2778.886947][T14377] legacy_get_tree+0x108/0x220 [ 2778.891696][T14377] ? legacy_get_tree+0x108/0x220 [ 2778.896661][T14377] vfs_get_tree+0x8e/0x390 [ 2778.901068][T14377] do_mount+0x13b3/0x1c30 [ 2778.905405][T14377] ? copy_mount_string+0x40/0x40 [ 2778.910342][T14377] ? copy_mount_options+0x241/0x3f0 [ 2778.915565][T14377] ? copy_mount_options+0x24d/0x3f0 [ 2778.920776][T14377] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2778.927000][T14377] ? copy_mount_options+0x2e8/0x3f0 [ 2778.932185][T14377] ksys_mount+0xdb/0x150 [ 2778.936424][T14377] __x64_sys_mount+0xbe/0x150 [ 2778.941088][T14377] do_syscall_64+0xfd/0x6a0 [ 2778.945580][T14377] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2778.951457][T14377] RIP: 0033:0x45c26a [ 2778.955347][T14377] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2778.975022][T14377] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2778.983429][T14377] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a 04:14:06 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000005000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2778.991386][T14377] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2778.999353][T14377] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2779.007317][T14377] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2779.015367][T14377] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:14:06 executing program 3 (fault-call:0 fault-nth:73): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:14:06 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:06 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a001f00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:14:06 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x139, 0xe00000000000000) [ 2779.412409][T14729] FAULT_INJECTION: forcing a failure. [ 2779.412409][T14729] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2779.425667][T14729] CPU: 1 PID: 14729 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2779.433308][T14729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2779.444151][T14729] Call Trace: [ 2779.447483][T14729] dump_stack+0x16f/0x1f0 [ 2779.451843][T14729] should_fail.cold+0xa/0x15 [ 2779.456453][T14729] ? fault_create_debugfs_attr+0x180/0x180 [ 2779.462282][T14729] ? __kasan_check_read+0x11/0x20 [ 2779.467327][T14729] ? __lock_acquire+0x1702/0x4c30 [ 2779.472376][T14729] ? __lock_acquire+0x1702/0x4c30 [ 2779.477440][T14729] should_fail_alloc_page+0x50/0x60 [ 2779.482673][T14729] __alloc_pages_nodemask+0x1a1/0x8e0 [ 2779.488071][T14729] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2779.493727][T14729] ? __alloc_pages_slowpath+0x2520/0x2520 [ 2779.499463][T14729] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2779.505118][T14729] cache_grow_begin+0x90/0xc90 04:14:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x40000000}, 0x0) [ 2779.509998][T14729] ? trace_hardirqs_off+0x62/0x210 [ 2779.515139][T14729] kmem_cache_alloc_trace+0x695/0x770 [ 2779.520543][T14729] btrfs_mount_root+0x1d0/0x1290 [ 2779.525516][T14729] ? btrfs_decode_error+0x70/0x70 [ 2779.530560][T14729] ? logfc+0x700/0x700 [ 2779.534655][T14729] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2779.540944][T14729] ? vfs_parse_fs_string+0x111/0x170 [ 2779.546261][T14729] ? vfs_parse_fs_string+0x111/0x170 [ 2779.551565][T14729] ? rcu_read_lock_sched_held+0x110/0x130 [ 2779.557308][T14729] ? kfree+0x271/0x2a0 [ 2779.561408][T14729] ? vfs_parse_fs_string+0x116/0x170 [ 2779.566832][T14729] ? vfs_parse_fs_param+0x540/0x540 [ 2779.572047][T14729] ? btrfs_decode_error+0x70/0x70 [ 2779.577088][T14729] legacy_get_tree+0x108/0x220 [ 2779.581871][T14729] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2779.588135][T14729] vfs_get_tree+0x8e/0x390 [ 2779.592562][T14729] fc_mount+0x17/0xc0 [ 2779.596563][T14729] vfs_kern_mount.part.0+0xd8/0xf0 [ 2779.601694][T14729] vfs_kern_mount+0x40/0x60 [ 2779.606234][T14729] btrfs_mount+0x2b4/0x15e2 [ 2779.610762][T14729] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2779.617021][T14729] ? should_fail+0x1de/0x852 [ 2779.621647][T14729] ? btrfs_remount+0x10f0/0x10f0 [ 2779.626613][T14729] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2779.632870][T14729] ? refcount_sub_and_test_checked+0x154/0x200 [ 2779.639036][T14729] ? refcount_dec_not_one+0x1f0/0x1f0 [ 2779.644418][T14729] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2779.650673][T14729] ? vfs_parse_fs_string+0x111/0x170 [ 2779.655971][T14729] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2779.661966][T14729] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2779.668230][T14729] ? apparmor_capable+0x2ef/0x640 [ 2779.673275][T14729] ? cap_capable+0x205/0x270 [ 2779.677879][T14729] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2779.684142][T14729] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2779.690398][T14729] ? btrfs_remount+0x10f0/0x10f0 [ 2779.695350][T14729] legacy_get_tree+0x108/0x220 [ 2779.700139][T14729] ? legacy_get_tree+0x108/0x220 [ 2779.705102][T14729] vfs_get_tree+0x8e/0x390 [ 2779.709547][T14729] do_mount+0x13b3/0x1c30 [ 2779.713894][T14729] ? copy_mount_string+0x40/0x40 [ 2779.718848][T14729] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2779.725096][T14729] ? _copy_from_user+0x12c/0x1a0 [ 2779.730050][T14729] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2779.736310][T14729] ? copy_mount_options+0x2e8/0x3f0 [ 2779.741527][T14729] ksys_mount+0xdb/0x150 [ 2779.745785][T14729] __x64_sys_mount+0xbe/0x150 [ 2779.750497][T14729] do_syscall_64+0xfd/0x6a0 [ 2779.755031][T14729] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2779.760940][T14729] RIP: 0033:0x45c26a [ 2779.764849][T14729] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2779.784570][T14729] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2779.793008][T14729] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2779.801020][T14729] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2779.809001][T14729] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2779.816984][T14729] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2779.824961][T14729] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:14:07 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000006000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:14:07 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:07 executing program 3 (fault-call:0 fault-nth:74): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2780.013005][T14833] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:14:07 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a401f00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:14:07 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x13a, 0xe00000000000000) [ 2780.212180][T15030] FAULT_INJECTION: forcing a failure. [ 2780.212180][T15030] name failslab, interval 1, probability 0, space 0, times 0 [ 2780.227466][T15030] CPU: 1 PID: 15030 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2780.235512][T15030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2780.246204][T15030] Call Trace: [ 2780.249516][T15030] dump_stack+0x16f/0x1f0 [ 2780.254262][T15030] should_fail.cold+0xa/0x15 [ 2780.258875][T15030] ? fault_create_debugfs_attr+0x180/0x180 [ 2780.264872][T15030] __should_failslab+0x121/0x190 [ 2780.270389][T15030] should_failslab+0x9/0x14 [ 2780.275434][T15030] __kmalloc_track_caller+0x2ca/0x750 [ 2780.280919][T15030] ? btrfs_mount_root+0x1d0/0x1290 [ 2780.286249][T15030] ? rcu_read_lock_sched_held+0x110/0x130 [ 2780.292164][T15030] ? btrfs_mount_root+0x2b8/0x1290 [ 2780.297558][T15030] kstrdup+0x3a/0x70 [ 2780.301471][T15030] btrfs_mount_root+0x2b8/0x1290 [ 2780.307026][T15030] ? btrfs_decode_error+0x70/0x70 [ 2780.312513][T15030] ? logfc+0x700/0x700 [ 2780.317085][T15030] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2780.323342][T15030] ? vfs_parse_fs_string+0x111/0x170 [ 2780.328763][T15030] ? vfs_parse_fs_string+0x111/0x170 [ 2780.334509][T15030] ? rcu_read_lock_sched_held+0x110/0x130 [ 2780.340242][T15030] ? kfree+0x271/0x2a0 [ 2780.344343][T15030] ? vfs_parse_fs_string+0x116/0x170 [ 2780.349652][T15030] ? vfs_parse_fs_param+0x540/0x540 [ 2780.354866][T15030] ? btrfs_decode_error+0x70/0x70 [ 2780.359903][T15030] legacy_get_tree+0x108/0x220 [ 2780.364725][T15030] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2780.370977][T15030] vfs_get_tree+0x8e/0x390 [ 2780.375403][T15030] fc_mount+0x17/0xc0 [ 2780.379396][T15030] vfs_kern_mount.part.0+0xd8/0xf0 [ 2780.384532][T15030] vfs_kern_mount+0x40/0x60 [ 2780.389439][T15030] btrfs_mount+0x2b4/0x15e2 [ 2780.393952][T15030] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2780.400201][T15030] ? should_fail+0x1de/0x852 [ 2780.404817][T15030] ? btrfs_remount+0x10f0/0x10f0 [ 2780.409893][T15030] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2780.416410][T15030] ? refcount_sub_and_test_checked+0x154/0x200 [ 2780.422572][T15030] ? refcount_dec_not_one+0x1f0/0x1f0 [ 2780.428130][T15030] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2780.434891][T15030] ? vfs_parse_fs_string+0x111/0x170 [ 2780.440193][T15030] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2780.446318][T15030] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2780.453039][T15030] ? apparmor_capable+0x2ef/0x640 [ 2780.458254][T15030] ? cap_capable+0x205/0x270 [ 2780.462853][T15030] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2780.469105][T15030] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2780.475360][T15030] ? btrfs_remount+0x10f0/0x10f0 [ 2780.480303][T15030] legacy_get_tree+0x108/0x220 [ 2780.485079][T15030] ? legacy_get_tree+0x108/0x220 [ 2780.490194][T15030] vfs_get_tree+0x8e/0x390 [ 2780.494635][T15030] do_mount+0x13b3/0x1c30 [ 2780.498978][T15030] ? copy_mount_string+0x40/0x40 [ 2780.503934][T15030] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2780.510187][T15030] ? copy_mount_options+0x2e8/0x3f0 [ 2780.515407][T15030] ksys_mount+0xdb/0x150 [ 2780.519662][T15030] __x64_sys_mount+0xbe/0x150 [ 2780.524353][T15030] do_syscall_64+0xfd/0x6a0 [ 2780.528882][T15030] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2780.535058][T15030] RIP: 0033:0x45c26a [ 2780.538957][T15030] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 04:14:07 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0xffffff7f}, 0x0) 04:14:07 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000007000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:14:07 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2780.558567][T15030] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2780.566998][T15030] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2780.575005][T15030] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2780.582992][T15030] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2780.591054][T15030] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2780.599710][T15030] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2780.769985][T15160] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:14:08 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a801f00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:14:08 executing program 3 (fault-call:0 fault-nth:75): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:14:08 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x13b, 0xe00000000000000) 04:14:08 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2781.100690][ C0] net_ratelimit: 11 callbacks suppressed [ 2781.100697][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2781.100838][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2781.106537][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2781.112333][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2781.130691][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2781.136625][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2781.142529][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2781.203052][T15439] FAULT_INJECTION: forcing a failure. [ 2781.203052][T15439] name failslab, interval 1, probability 0, space 0, times 0 [ 2781.216204][T15439] CPU: 1 PID: 15439 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2781.223849][T15439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2781.233912][T15439] Call Trace: [ 2781.237229][T15439] dump_stack+0x16f/0x1f0 [ 2781.241586][T15439] should_fail.cold+0xa/0x15 [ 2781.246220][T15439] ? fault_create_debugfs_attr+0x180/0x180 04:14:08 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2781.252075][T15439] __should_failslab+0x121/0x190 [ 2781.258522][T15439] should_failslab+0x9/0x14 [ 2781.263039][T15439] __kmalloc_track_caller+0x2ca/0x750 [ 2781.268526][T15439] ? btrfs_mount_root+0x1d0/0x1290 [ 2781.273661][T15439] ? rcu_read_lock_sched_held+0x110/0x130 [ 2781.279399][T15439] ? btrfs_mount_root+0x2b8/0x1290 [ 2781.284788][T15439] kstrdup+0x3a/0x70 [ 2781.288809][T15439] btrfs_mount_root+0x2b8/0x1290 [ 2781.294204][T15439] ? btrfs_decode_error+0x70/0x70 [ 2781.299263][T15439] ? logfc+0x700/0x700 04:14:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x40030000000000}, 0x0) [ 2781.303442][T15439] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2781.309702][T15439] ? vfs_parse_fs_string+0x111/0x170 [ 2781.315202][T15439] ? vfs_parse_fs_string+0x111/0x170 [ 2781.320522][T15439] ? rcu_read_lock_sched_held+0x110/0x130 [ 2781.326283][T15439] ? kfree+0x271/0x2a0 [ 2781.326332][T15439] ? vfs_parse_fs_string+0x116/0x170 [ 2781.326356][T15439] ? vfs_parse_fs_param+0x540/0x540 [ 2781.335700][T15439] ? btrfs_decode_error+0x70/0x70 [ 2781.335716][T15439] legacy_get_tree+0x108/0x220 04:14:08 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x13c, 0xe00000000000000) [ 2781.335732][T15439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2781.335749][T15439] vfs_get_tree+0x8e/0x390 [ 2781.335766][T15439] fc_mount+0x17/0xc0 [ 2781.335782][T15439] vfs_kern_mount.part.0+0xd8/0xf0 [ 2781.335801][T15439] vfs_kern_mount+0x40/0x60 [ 2781.375400][T15439] btrfs_mount+0x2b4/0x15e2 [ 2781.379922][T15439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2781.386280][T15439] ? should_fail+0x1de/0x852 [ 2781.391156][T15439] ? btrfs_remount+0x10f0/0x10f0 [ 2781.396120][T15439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2781.402421][T15439] ? refcount_sub_and_test_checked+0x154/0x200 [ 2781.408587][T15439] ? refcount_dec_not_one+0x1f0/0x1f0 [ 2781.413973][T15439] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2781.420237][T15439] ? vfs_parse_fs_string+0x111/0x170 [ 2781.425543][T15439] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2781.431533][T15439] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2781.437795][T15439] ? apparmor_capable+0x2ef/0x640 [ 2781.442839][T15439] ? cap_capable+0x205/0x270 [ 2781.447443][T15439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2781.453690][T15439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2781.459942][T15439] ? btrfs_remount+0x10f0/0x10f0 [ 2781.464893][T15439] legacy_get_tree+0x108/0x220 [ 2781.469668][T15439] ? legacy_get_tree+0x108/0x220 [ 2781.474618][T15439] vfs_get_tree+0x8e/0x390 [ 2781.479053][T15439] do_mount+0x13b3/0x1c30 [ 2781.483399][T15439] ? copy_mount_string+0x40/0x40 [ 2781.488365][T15439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2781.494612][T15439] ? copy_mount_options+0x2e8/0x3f0 [ 2781.499823][T15439] ksys_mount+0xdb/0x150 [ 2781.504082][T15439] __x64_sys_mount+0xbe/0x150 [ 2781.508766][T15439] do_syscall_64+0xfd/0x6a0 [ 2781.513285][T15439] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2781.519182][T15439] RIP: 0033:0x45c26a [ 2781.523090][T15439] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2781.542788][T15439] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 04:14:08 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000a000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2781.551710][T15439] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2781.559770][T15439] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2781.567748][T15439] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2781.575724][T15439] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2781.583703][T15439] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:14:08 executing program 3 (fault-call:0 fault-nth:76): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:14:09 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac01f00000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2781.829154][T15612] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2781.900533][T15619] FAULT_INJECTION: forcing a failure. [ 2781.900533][T15619] name failslab, interval 1, probability 0, space 0, times 0 [ 2781.913916][T15619] CPU: 1 PID: 15619 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2781.921549][T15619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2781.931617][T15619] Call Trace: [ 2781.935010][T15619] dump_stack+0x16f/0x1f0 [ 2781.939357][T15619] should_fail.cold+0xa/0x15 [ 2781.943962][T15619] ? __kasan_check_read+0x11/0x20 [ 2781.949009][T15619] ? fault_create_debugfs_attr+0x180/0x180 [ 2781.954832][T15619] ? __kasan_check_read+0x11/0x20 [ 2781.959912][T15619] ? mark_lock+0xc0/0x11e0 [ 2781.964340][T15619] ? mark_held_locks+0xa4/0xf0 [ 2781.969119][T15619] __should_failslab+0x121/0x190 [ 2781.974079][T15619] should_failslab+0x9/0x14 [ 2781.978589][T15619] kmem_cache_alloc+0x47/0x700 [ 2781.983367][T15619] ? __kasan_check_read+0x11/0x20 [ 2781.988417][T15619] xas_alloc+0x346/0x460 [ 2781.992677][T15619] xas_create+0x2cd/0x1060 04:14:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x100000000000000}, 0x0) [ 2781.997102][T15619] ? mark_held_locks+0xf0/0xf0 [ 2782.001882][T15619] xas_store+0x9a/0x1a00 [ 2782.006143][T15619] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2782.012409][T15619] ? xas_start+0x166/0x560 [ 2782.016838][T15619] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2782.023088][T15619] ? xas_load+0x67/0x150 [ 2782.027340][T15619] __add_to_page_cache_locked+0x5d8/0xe80 [ 2782.033065][T15619] ? __page_cache_alloc+0x480/0x480 [ 2782.038270][T15619] ? __alloc_pages_nodemask+0x633/0x8e0 [ 2782.043930][T15619] ? count_shadow_nodes+0x830/0x830 [ 2782.049156][T15619] add_to_page_cache_lru+0x1d8/0x790 [ 2782.054458][T15619] ? add_to_page_cache_locked+0x40/0x40 [ 2782.060100][T15619] ? __page_cache_alloc+0x116/0x480 [ 2782.065303][T15619] do_read_cache_page+0x499/0xca0 [ 2782.070350][T15619] read_cache_page_gfp+0x28/0x30 [ 2782.075303][T15619] btrfs_scan_one_device+0x19b/0x710 [ 2782.080584][T15619] ? kfree+0x210/0x2a0 [ 2782.084658][T15619] ? device_list_add+0x14f0/0x14f0 [ 2782.089769][T15619] ? trace_hardirqs_on+0x30/0x220 [ 2782.094792][T15619] ? btrfs_mount_root+0xb2f/0x1290 [ 2782.099908][T15619] btrfs_mount_root+0x711/0x1290 [ 2782.104852][T15619] ? btrfs_decode_error+0x70/0x70 [ 2782.109884][T15619] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2782.116130][T15619] ? vfs_parse_fs_string+0x111/0x170 [ 2782.121654][T15619] ? vfs_parse_fs_string+0x111/0x170 [ 2782.126952][T15619] ? rcu_read_lock_sched_held+0x110/0x130 [ 2782.132686][T15619] ? kfree+0x271/0x2a0 [ 2782.136773][T15619] ? vfs_parse_fs_string+0x116/0x170 [ 2782.142148][T15619] ? vfs_parse_fs_param+0x540/0x540 [ 2782.147350][T15619] ? btrfs_decode_error+0x70/0x70 [ 2782.152371][T15619] legacy_get_tree+0x108/0x220 [ 2782.157620][T15619] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2782.163990][T15619] vfs_get_tree+0x8e/0x390 [ 2782.169103][T15619] fc_mount+0x17/0xc0 [ 2782.173096][T15619] vfs_kern_mount.part.0+0xd8/0xf0 [ 2782.178217][T15619] vfs_kern_mount+0x40/0x60 [ 2782.182723][T15619] btrfs_mount+0x2b4/0x15e2 [ 2782.187231][T15619] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2782.193473][T15619] ? should_fail+0x1de/0x852 [ 2782.198091][T15619] ? btrfs_remount+0x10f0/0x10f0 [ 2782.203027][T15619] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2782.209264][T15619] ? refcount_sub_and_test_checked+0x154/0x200 [ 2782.215433][T15619] ? refcount_dec_not_one+0x1f0/0x1f0 [ 2782.220810][T15619] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2782.227058][T15619] ? vfs_parse_fs_string+0x111/0x170 [ 2782.232350][T15619] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2782.238342][T15619] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2782.244585][T15619] ? apparmor_capable+0x2ef/0x640 [ 2782.249658][T15619] ? cap_capable+0x205/0x270 [ 2782.254715][T15619] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2782.260955][T15619] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2782.267201][T15619] ? btrfs_remount+0x10f0/0x10f0 [ 2782.272149][T15619] legacy_get_tree+0x108/0x220 [ 2782.276915][T15619] ? legacy_get_tree+0x108/0x220 [ 2782.281857][T15619] vfs_get_tree+0x8e/0x390 [ 2782.286291][T15619] do_mount+0x13b3/0x1c30 [ 2782.290631][T15619] ? copy_mount_string+0x40/0x40 [ 2782.295568][T15619] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2782.301808][T15619] ? _copy_from_user+0x12c/0x1a0 [ 2782.306747][T15619] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2782.312983][T15619] ? copy_mount_options+0x2e8/0x3f0 [ 2782.318184][T15619] ksys_mount+0xdb/0x150 [ 2782.322431][T15619] __x64_sys_mount+0xbe/0x150 [ 2782.327116][T15619] do_syscall_64+0xfd/0x6a0 [ 2782.331658][T15619] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2782.337548][T15619] RIP: 0033:0x45c26a [ 2782.341444][T15619] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2782.361050][T15619] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2782.369466][T15619] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2782.377453][T15619] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2782.385430][T15619] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2782.393397][T15619] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 04:14:09 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x13d, 0xe00000000000000) 04:14:09 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:09 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000011000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2782.401361][T15619] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2782.409727][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2782.415633][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:14:09 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2782.618316][T15941] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:14:10 executing program 3 (fault-call:0 fault-nth:77): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:14:10 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x13e, 0xe00000000000000) 04:14:10 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a002000000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:14:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x200000000000000}, 0x0) 04:14:10 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x806000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:10 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000048000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2783.079298][T16390] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2783.125020][T16365] FAULT_INJECTION: forcing a failure. [ 2783.125020][T16365] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2783.138242][T16365] CPU: 0 PID: 16365 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2783.145886][T16365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2783.155945][T16365] Call Trace: [ 2783.159251][T16365] dump_stack+0x16f/0x1f0 [ 2783.163600][T16365] should_fail.cold+0xa/0x15 [ 2783.168207][T16365] ? fault_create_debugfs_attr+0x180/0x180 [ 2783.174030][T16365] ? __kasan_check_read+0x11/0x20 [ 2783.179065][T16365] ? __lock_acquire+0x1702/0x4c30 [ 2783.184116][T16365] should_fail_alloc_page+0x50/0x60 [ 2783.189327][T16365] __alloc_pages_nodemask+0x1a1/0x8e0 [ 2783.194720][T16365] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2783.198079][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2783.200366][T16365] ? __alloc_pages_slowpath+0x2520/0x2520 [ 2783.200387][T16365] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2783.200423][T16365] cache_grow_begin+0x90/0xc90 [ 2783.222207][T16365] ? trace_hardirqs_off+0x62/0x210 [ 2783.227363][T16365] kmem_cache_alloc+0x636/0x700 [ 2783.232243][T16365] ? vfs_get_tree+0x8e/0x390 [ 2783.236840][T16365] ? fc_mount+0x17/0xc0 [ 2783.241008][T16365] ? vfs_kern_mount+0x40/0x60 [ 2783.245695][T16365] ? legacy_get_tree+0x108/0x220 [ 2783.250663][T16365] getname_kernel+0x53/0x370 [ 2783.255924][T16365] kern_path+0x20/0x40 [ 2783.260003][T16365] lookup_bdev.part.0+0x7b/0x1b0 [ 2783.264950][T16365] ? blkdev_open+0x290/0x290 [ 2783.269547][T16365] ? __kasan_check_read+0x11/0x20 04:14:10 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a402000000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:14:10 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:10 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x13f, 0xe00000000000000) [ 2783.274579][T16365] blkdev_get_by_path+0x81/0x130 [ 2783.279529][T16365] btrfs_scan_one_device+0xd3/0x710 [ 2783.284743][T16365] ? kfree+0x210/0x2a0 [ 2783.288823][T16365] ? device_list_add+0x14f0/0x14f0 [ 2783.293948][T16365] ? trace_hardirqs_on+0x30/0x220 [ 2783.298989][T16365] ? btrfs_mount_root+0xb2f/0x1290 [ 2783.304111][T16365] btrfs_mount_root+0x711/0x1290 [ 2783.309061][T16365] ? btrfs_decode_error+0x70/0x70 [ 2783.314101][T16365] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2783.320352][T16365] ? vfs_parse_fs_string+0x111/0x170 [ 2783.326251][T16365] ? vfs_parse_fs_string+0x111/0x170 [ 2783.331547][T16365] ? rcu_read_lock_sched_held+0x110/0x130 [ 2783.337277][T16365] ? kfree+0x271/0x2a0 [ 2783.341362][T16365] ? vfs_parse_fs_string+0x116/0x170 [ 2783.346657][T16365] ? vfs_parse_fs_param+0x540/0x540 [ 2783.351864][T16365] ? btrfs_decode_error+0x70/0x70 [ 2783.351879][T16365] legacy_get_tree+0x108/0x220 [ 2783.351895][T16365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2783.351913][T16365] vfs_get_tree+0x8e/0x390 [ 2783.351928][T16365] fc_mount+0x17/0xc0 [ 2783.351944][T16365] vfs_kern_mount.part.0+0xd8/0xf0 [ 2783.351962][T16365] vfs_kern_mount+0x40/0x60 [ 2783.351984][T16365] btrfs_mount+0x2b4/0x15e2 [ 2783.390426][T16365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2783.396680][T16365] ? should_fail+0x1de/0x852 [ 2783.401298][T16365] ? btrfs_remount+0x10f0/0x10f0 [ 2783.406246][T16365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2783.412498][T16365] ? refcount_sub_and_test_checked+0x154/0x200 [ 2783.418665][T16365] ? refcount_dec_not_one+0x1f0/0x1f0 [ 2783.424045][T16365] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2783.430295][T16365] ? vfs_parse_fs_string+0x111/0x170 [ 2783.435591][T16365] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2783.441577][T16365] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2783.447825][T16365] ? apparmor_capable+0x2ef/0x640 [ 2783.452851][T16365] ? cap_capable+0x205/0x270 [ 2783.457445][T16365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2783.463699][T16365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2783.469991][T16365] ? btrfs_remount+0x10f0/0x10f0 04:14:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x300000000000000}, 0x0) [ 2783.474948][T16365] legacy_get_tree+0x108/0x220 [ 2783.474963][T16365] ? legacy_get_tree+0x108/0x220 [ 2783.474983][T16365] vfs_get_tree+0x8e/0x390 [ 2783.475000][T16365] do_mount+0x13b3/0x1c30 [ 2783.475020][T16365] ? copy_mount_string+0x40/0x40 [ 2783.475043][T16365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2783.475058][T16365] ? copy_mount_options+0x2e8/0x3f0 [ 2783.475078][T16365] ksys_mount+0xdb/0x150 [ 2783.475097][T16365] __x64_sys_mount+0xbe/0x150 [ 2783.475119][T16365] do_syscall_64+0xfd/0x6a0 [ 2783.523243][T16365] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2783.529136][T16365] RIP: 0033:0x45c26a [ 2783.533028][T16365] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2783.552638][T16365] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2783.561050][T16365] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2783.569034][T16365] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2783.577000][T16365] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2783.584966][T16365] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2783.592936][T16365] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:14:11 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000004c000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:14:11 executing program 3 (fault-call:0 fault-nth:78): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 04:14:11 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x140, 0xe00000000000000) 04:14:11 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2783.847990][T16706] x_tables: eb_tables: snat target: only valid in nat table, not nat [ 2783.948498][T16725] FAULT_INJECTION: forcing a failure. [ 2783.948498][T16725] name failslab, interval 1, probability 0, space 0, times 0 [ 2783.961333][T16725] CPU: 1 PID: 16725 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2783.968973][T16725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2783.979032][T16725] Call Trace: [ 2783.982333][T16725] dump_stack+0x16f/0x1f0 [ 2783.986697][T16725] should_fail.cold+0xa/0x15 [ 2783.991304][T16725] ? mark_lock+0xc0/0x11e0 [ 2783.995824][T16725] ? fault_create_debugfs_attr+0x180/0x180 [ 2784.001647][T16725] ? __kasan_check_read+0x11/0x20 [ 2784.006703][T16725] ? __lock_acquire+0x8a2/0x4c30 [ 2784.011657][T16725] ? legacy_get_tree+0x108/0x220 [ 2784.016612][T16725] ? vfs_get_tree+0x8e/0x390 [ 2784.021235][T16725] __should_failslab+0x121/0x190 [ 2784.026195][T16725] should_failslab+0x9/0x14 [ 2784.030723][T16725] kmem_cache_alloc+0x47/0x700 [ 2784.035507][T16725] ? ___might_sleep+0x131/0x280 [ 2784.040381][T16725] ? mempool_alloc+0x380/0x380 04:14:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x400000000000000}, 0x0) 04:14:11 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x141, 0xe00000000000000) [ 2784.045160][T16725] mempool_alloc_slab+0x47/0x60 [ 2784.050019][T16725] mempool_alloc+0x169/0x380 [ 2784.054631][T16725] ? mempool_destroy+0x40/0x40 [ 2784.059400][T16725] ? find_held_lock+0x35/0x130 [ 2784.064173][T16725] ? create_empty_buffers+0x5fc/0x8d0 [ 2784.069572][T16725] bio_alloc_bioset+0x3b9/0x680 [ 2784.074433][T16725] ? __kasan_check_read+0x11/0x20 [ 2784.079455][T16725] ? bvec_alloc+0x2f0/0x2f0 [ 2784.083948][T16725] ? create_empty_buffers+0x5fc/0x8d0 [ 2784.089333][T16725] submit_bh_wbc+0x1c5/0x900 [ 2784.093941][T16725] ? __kasan_check_write+0x14/0x20 [ 2784.099066][T16725] block_read_full_page+0xb91/0xe70 [ 2784.104268][T16725] ? bdev_evict_inode+0x590/0x590 [ 2784.109303][T16725] ? __bread_gfp+0x370/0x370 [ 2784.113908][T16725] ? add_to_page_cache_lru+0x368/0x790 [ 2784.119472][T16725] ? add_to_page_cache_locked+0x40/0x40 [ 2784.125035][T16725] blkdev_readpage+0x1d/0x30 [ 2784.129640][T16725] do_read_cache_page+0x70d/0xca0 [ 2784.134683][T16725] read_cache_page_gfp+0x28/0x30 [ 2784.139666][T16725] btrfs_scan_one_device+0x19b/0x710 [ 2784.144953][T16725] ? kfree+0x210/0x2a0 [ 2784.149040][T16725] ? device_list_add+0x14f0/0x14f0 [ 2784.154158][T16725] ? trace_hardirqs_on+0x30/0x220 [ 2784.159194][T16725] ? btrfs_mount_root+0xb2f/0x1290 [ 2784.164321][T16725] btrfs_mount_root+0x711/0x1290 [ 2784.169285][T16725] ? btrfs_decode_error+0x70/0x70 [ 2784.174314][T16725] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2784.180558][T16725] ? vfs_parse_fs_string+0x111/0x170 [ 2784.185842][T16725] ? vfs_parse_fs_string+0x111/0x170 [ 2784.191553][T16725] ? rcu_read_lock_sched_held+0x110/0x130 [ 2784.202878][T16725] ? kfree+0x271/0x2a0 [ 2784.206967][T16725] ? vfs_parse_fs_string+0x116/0x170 [ 2784.212265][T16725] ? vfs_parse_fs_param+0x540/0x540 [ 2784.217455][T16725] ? btrfs_decode_error+0x70/0x70 [ 2784.222486][T16725] legacy_get_tree+0x108/0x220 [ 2784.227263][T16725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2784.233535][T16725] vfs_get_tree+0x8e/0x390 [ 2784.237946][T16725] fc_mount+0x17/0xc0 [ 2784.241954][T16725] vfs_kern_mount.part.0+0xd8/0xf0 [ 2784.247089][T16725] vfs_kern_mount+0x40/0x60 [ 2784.251585][T16725] btrfs_mount+0x2b4/0x15e2 [ 2784.256087][T16725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2784.262336][T16725] ? should_fail+0x1de/0x852 [ 2784.266929][T16725] ? btrfs_remount+0x10f0/0x10f0 [ 2784.271854][T16725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2784.278097][T16725] ? refcount_sub_and_test_checked+0x154/0x200 [ 2784.284258][T16725] ? refcount_dec_not_one+0x1f0/0x1f0 [ 2784.289630][T16725] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2784.295869][T16725] ? vfs_parse_fs_string+0x111/0x170 [ 2784.301143][T16725] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2784.307126][T16725] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2784.313371][T16725] ? apparmor_capable+0x2ef/0x640 [ 2784.318379][T16725] ? cap_capable+0x205/0x270 [ 2784.322954][T16725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2784.329187][T16725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2784.335513][T16725] ? btrfs_remount+0x10f0/0x10f0 [ 2784.340434][T16725] legacy_get_tree+0x108/0x220 [ 2784.345194][T16725] ? legacy_get_tree+0x108/0x220 [ 2784.350148][T16725] vfs_get_tree+0x8e/0x390 [ 2784.354548][T16725] do_mount+0x13b3/0x1c30 [ 2784.358862][T16725] ? copy_mount_string+0x40/0x40 [ 2784.363808][T16725] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2784.370043][T16725] ? _copy_from_user+0x12c/0x1a0 [ 2784.374997][T16725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2784.381227][T16725] ? copy_mount_options+0x2e8/0x3f0 [ 2784.386409][T16725] ksys_mount+0xdb/0x150 [ 2784.390651][T16725] __x64_sys_mount+0xbe/0x150 [ 2784.395412][T16725] do_syscall_64+0xfd/0x6a0 [ 2784.399904][T16725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2784.405872][T16725] RIP: 0033:0x45c26a [ 2784.409767][T16725] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2784.429362][T16725] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2784.437785][T16725] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2784.445772][T16725] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2784.453737][T16725] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2784.461697][T16725] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2784.469662][T16725] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:14:11 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000060000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:14:11 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2784.652195][T17077] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:14:12 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a802000000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:14:12 executing program 3 (fault-call:0 fault-nth:79): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2784.899561][T17375] FAULT_INJECTION: forcing a failure. [ 2784.899561][T17375] name failslab, interval 1, probability 0, space 0, times 0 [ 2784.912368][T17375] CPU: 0 PID: 17375 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2784.920010][T17375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2784.930072][T17375] Call Trace: [ 2784.933380][T17375] dump_stack+0x16f/0x1f0 [ 2784.937734][T17375] should_fail.cold+0xa/0x15 [ 2784.942339][T17375] ? fault_create_debugfs_attr+0x180/0x180 [ 2784.948496][T17375] __should_failslab+0x121/0x190 [ 2784.953505][T17375] should_failslab+0x9/0x14 [ 2784.958017][T17375] kmem_cache_alloc+0x298/0x700 [ 2784.962881][T17375] ? vfs_get_tree+0x8e/0x390 [ 2784.967487][T17375] ? fc_mount+0x17/0xc0 [ 2784.971647][T17375] ? vfs_kern_mount.part.0+0xd8/0xf0 [ 2784.971669][T17375] ? vfs_kern_mount+0x40/0x60 [ 2784.981615][T17375] ? btrfs_mount+0x2b4/0x15e2 [ 2784.981637][T17375] ? legacy_get_tree+0x108/0x220 [ 2784.991227][T17375] ? vfs_get_tree+0x8e/0x390 04:14:12 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2110000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x500000000000000}, 0x0) [ 2784.995817][T17375] ? do_mount+0x13b3/0x1c30 [ 2785.000324][T17375] ? ksys_mount+0xdb/0x150 [ 2785.004758][T17375] getname_kernel+0x53/0x370 [ 2785.009358][T17375] kern_path+0x20/0x40 [ 2785.013454][T17375] lookup_bdev.part.0+0x7b/0x1b0 [ 2785.018406][T17375] ? blkdev_open+0x290/0x290 [ 2785.023006][T17375] ? __kasan_check_read+0x11/0x20 [ 2785.028049][T17375] blkdev_get_by_path+0x81/0x130 [ 2785.032998][T17375] btrfs_scan_one_device+0xd3/0x710 [ 2785.038193][T17375] ? kfree+0x210/0x2a0 [ 2785.042353][T17375] ? device_list_add+0x14f0/0x14f0 [ 2785.047486][T17375] ? trace_hardirqs_on+0x30/0x220 [ 2785.052512][T17375] ? btrfs_mount_root+0xb2f/0x1290 [ 2785.057627][T17375] btrfs_mount_root+0x711/0x1290 [ 2785.062574][T17375] ? btrfs_decode_error+0x70/0x70 [ 2785.067606][T17375] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2785.073852][T17375] ? vfs_parse_fs_string+0x111/0x170 [ 2785.079163][T17375] ? vfs_parse_fs_string+0x111/0x170 [ 2785.084464][T17375] ? rcu_read_lock_sched_held+0x110/0x130 [ 2785.090199][T17375] ? kfree+0x271/0x2a0 [ 2785.094287][T17375] ? vfs_parse_fs_string+0x116/0x170 [ 2785.099584][T17375] ? vfs_parse_fs_param+0x540/0x540 [ 2785.104806][T17375] ? btrfs_decode_error+0x70/0x70 [ 2785.109840][T17375] legacy_get_tree+0x108/0x220 [ 2785.114608][T17375] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2785.120858][T17375] vfs_get_tree+0x8e/0x390 [ 2785.127797][T17375] fc_mount+0x17/0xc0 [ 2785.131794][T17375] vfs_kern_mount.part.0+0xd8/0xf0 [ 2785.136933][T17375] vfs_kern_mount+0x40/0x60 [ 2785.141451][T17375] btrfs_mount+0x2b4/0x15e2 [ 2785.145961][T17375] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2785.152401][T17375] ? should_fail+0x1de/0x852 [ 2785.157028][T17375] ? btrfs_remount+0x10f0/0x10f0 [ 2785.162014][T17375] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2785.168293][T17375] ? refcount_sub_and_test_checked+0x154/0x200 [ 2785.174488][T17375] ? refcount_dec_not_one+0x1f0/0x1f0 [ 2785.179882][T17375] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2785.186153][T17375] ? vfs_parse_fs_string+0x111/0x170 [ 2785.191477][T17375] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2785.197497][T17375] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2785.203762][T17375] ? apparmor_capable+0x2ef/0x640 [ 2785.208807][T17375] ? cap_capable+0x205/0x270 [ 2785.213420][T17375] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2785.219685][T17375] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2785.225947][T17375] ? btrfs_remount+0x10f0/0x10f0 [ 2785.231161][T17375] legacy_get_tree+0x108/0x220 [ 2785.235942][T17375] ? legacy_get_tree+0x108/0x220 [ 2785.240899][T17375] vfs_get_tree+0x8e/0x390 [ 2785.245338][T17375] do_mount+0x13b3/0x1c30 [ 2785.249683][T17375] ? copy_mount_string+0x40/0x40 [ 2785.255285][T17375] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2785.261571][T17375] ? copy_mount_options+0x2e8/0x3f0 [ 2785.266794][T17375] ksys_mount+0xdb/0x150 [ 2785.271049][T17375] __x64_sys_mount+0xbe/0x150 [ 2785.275739][T17375] do_syscall_64+0xfd/0x6a0 [ 2785.280350][T17375] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2785.286264][T17375] RIP: 0033:0x45c26a [ 2785.290168][T17375] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2785.309777][T17375] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2785.318197][T17375] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2785.326175][T17375] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2785.334153][T17375] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2785.342128][T17375] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 04:14:12 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x142, 0xe00000000000000) [ 2785.350101][T17375] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:14:12 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000068000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:14:12 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2800000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:12 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9ac02000000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) 04:14:12 executing program 3 (fault-call:0 fault-nth:80): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2785.590873][T17494] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:14:13 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2785.836892][T17760] FAULT_INJECTION: forcing a failure. [ 2785.836892][T17760] name failslab, interval 1, probability 0, space 0, times 0 [ 2785.849931][T17760] CPU: 0 PID: 17760 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2785.857578][T17760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2785.867650][T17760] Call Trace: [ 2785.870971][T17760] dump_stack+0x16f/0x1f0 [ 2785.875332][T17760] should_fail.cold+0xa/0x15 [ 2785.879953][T17760] ? fault_create_debugfs_attr+0x180/0x180 04:14:13 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x143, 0xe00000000000000) 04:14:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x600000000000000}, 0x0) [ 2785.885786][T17760] ? __kasan_check_read+0x11/0x20 [ 2785.890840][T17760] ? __lock_acquire+0x8a2/0x4c30 [ 2785.895937][T17760] __should_failslab+0x121/0x190 [ 2785.901253][T17760] should_failslab+0x9/0x14 [ 2785.905814][T17760] kmem_cache_alloc+0x47/0x700 [ 2785.910612][T17760] ? ___might_sleep+0x131/0x280 [ 2785.915498][T17760] ? mempool_alloc+0x380/0x380 [ 2785.920278][T17760] mempool_alloc_slab+0x47/0x60 [ 2785.925147][T17760] mempool_alloc+0x169/0x380 [ 2785.929775][T17760] ? mempool_destroy+0x40/0x40 [ 2785.934608][T17760] ? mark_held_locks+0xa4/0xf0 [ 2785.939420][T17760] ? __find_get_block+0x9bc/0xd10 [ 2785.944486][T17760] ? __getblk_gfp+0x1b5/0xa10 [ 2785.949185][T17760] ? __find_get_block+0x9bc/0xd10 [ 2785.954233][T17760] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2785.959625][T17760] bio_alloc_bioset+0x3b9/0x680 [ 2785.964477][T17760] ? __find_get_block+0x300/0xd10 [ 2785.969495][T17760] ? bvec_alloc+0x2f0/0x2f0 [ 2785.974015][T17760] submit_bh_wbc+0x1c5/0x900 [ 2785.978733][T17760] __bread_gfp+0x164/0x370 [ 2785.983167][T17760] btrfs_read_dev_one_super+0xb6/0x2a0 [ 2785.988615][T17760] btrfs_read_dev_super+0x6c/0xd0 [ 2785.993655][T17760] ? btrfs_read_dev_one_super+0x2a0/0x2a0 [ 2785.999481][T17760] btrfs_get_bdev_and_sb+0xff/0x300 [ 2786.004690][T17760] open_fs_devices+0x6e7/0xc40 [ 2786.009539][T17760] ? btrfs_uuid_rescan_kthread+0x60/0x60 [ 2786.015211][T17760] btrfs_open_devices+0x140/0x160 [ 2786.020253][T17760] btrfs_mount_root+0x793/0x1290 [ 2786.025200][T17760] ? btrfs_decode_error+0x70/0x70 [ 2786.030400][T17760] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2786.036668][T17760] ? vfs_parse_fs_string+0x111/0x170 [ 2786.041976][T17760] ? vfs_parse_fs_string+0x111/0x170 [ 2786.047336][T17760] ? rcu_read_lock_sched_held+0x110/0x130 [ 2786.053083][T17760] ? kfree+0x271/0x2a0 [ 2786.057191][T17760] ? vfs_parse_fs_string+0x116/0x170 [ 2786.062519][T17760] ? vfs_parse_fs_param+0x540/0x540 [ 2786.067761][T17760] ? btrfs_decode_error+0x70/0x70 [ 2786.072794][T17760] legacy_get_tree+0x108/0x220 [ 2786.077570][T17760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2786.083831][T17760] vfs_get_tree+0x8e/0x390 [ 2786.088263][T17760] fc_mount+0x17/0xc0 [ 2786.092260][T17760] vfs_kern_mount.part.0+0xd8/0xf0 [ 2786.097569][T17760] vfs_kern_mount+0x40/0x60 [ 2786.102117][T17760] btrfs_mount+0x2b4/0x15e2 [ 2786.106632][T17760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2786.112884][T17760] ? should_fail+0x1de/0x852 [ 2786.117484][T17760] ? btrfs_remount+0x10f0/0x10f0 [ 2786.122436][T17760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2786.128678][T17760] ? refcount_sub_and_test_checked+0x154/0x200 [ 2786.134831][T17760] ? refcount_dec_not_one+0x1f0/0x1f0 [ 2786.140227][T17760] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2786.146471][T17760] ? vfs_parse_fs_string+0x111/0x170 [ 2786.151858][T17760] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2786.157845][T17760] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2786.164179][T17760] ? apparmor_capable+0x2ef/0x640 [ 2786.169393][T17760] ? cap_capable+0x205/0x270 [ 2786.174014][T17760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2786.180276][T17760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2786.186534][T17760] ? btrfs_remount+0x10f0/0x10f0 [ 2786.191858][T17760] legacy_get_tree+0x108/0x220 [ 2786.200369][T17760] ? legacy_get_tree+0x108/0x220 [ 2786.205425][T17760] vfs_get_tree+0x8e/0x390 [ 2786.209859][T17760] do_mount+0x13b3/0x1c30 [ 2786.214218][T17760] ? copy_mount_string+0x40/0x40 [ 2786.219185][T17760] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2786.225441][T17760] ? _copy_from_user+0x12c/0x1a0 [ 2786.230388][T17760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2786.236632][T17760] ? copy_mount_options+0x2e8/0x3f0 [ 2786.241844][T17760] ksys_mount+0xdb/0x150 [ 2786.246080][T17760] __x64_sys_mount+0xbe/0x150 [ 2786.250751][T17760] do_syscall_64+0xfd/0x6a0 [ 2786.255259][T17760] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2786.261149][T17760] RIP: 0033:0x45c26a [ 2786.265037][T17760] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2786.284681][T17760] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2786.293098][T17760] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2786.301060][T17760] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2786.309029][T17760] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2786.317000][T17760] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2786.324979][T17760] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 04:14:13 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000006c000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() 04:14:13 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a002100000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2786.493581][T17832] x_tables: eb_tables: snat target: only valid in nat table, not nat 04:14:13 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 04:14:13 executing program 3 (fault-call:0 fault-nth:81): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b009213fd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2786.586257][ C1] net_ratelimit: 17 callbacks suppressed [ 2786.586265][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2786.597917][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:14:14 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffce7, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') preadv(r0, &(0x7f00000017c0), 0x144, 0xe00000000000000) 04:14:14 executing program 4: socket$packet(0x11, 0x2, 0x300) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x20000500, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000074000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffffff0000e0000000500100008801000073747000000000000000000000000000000000000000000000000000000000004800000000000000020000000200006e8700ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffffff00004e234e21040071ac0600ff7f382803000500070000080100736e6174000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f74756e000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000000000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000010000000000000007000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff0000adcc"]}, 0x608) socket$inet6(0xa, 0x0, 0x0) restart_syscall() [ 2786.843071][T18115] FAULT_INJECTION: forcing a failure. [ 2786.843071][T18115] name failslab, interval 1, probability 0, space 0, times 0 [ 2786.856098][T18115] CPU: 1 PID: 18115 Comm: syz-executor.3 Not tainted 5.2.0+ #71 [ 2786.863753][T18115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2786.873828][T18115] Call Trace: [ 2786.877147][T18115] dump_stack+0x16f/0x1f0 [ 2786.881507][T18115] should_fail.cold+0xa/0x15 [ 2786.886133][T18115] ? fault_create_debugfs_attr+0x180/0x180 [ 2786.891978][T18115] __should_failslab+0x121/0x190 [ 2786.896947][T18115] should_failslab+0x9/0x14 [ 2786.901486][T18115] __kmalloc+0x2ce/0x760 [ 2786.905850][T18115] ? bio_alloc_bioset+0x40f/0x680 [ 2786.910898][T18115] bio_alloc_bioset+0x40f/0x680 [ 2786.915789][T18115] ? btrfs_alloc_device+0xb4/0x720 [ 2786.920933][T18115] ? rcu_read_lock_sched_held+0x110/0x130 [ 2786.926689][T18115] ? bvec_alloc+0x2f0/0x2f0 [ 2786.931230][T18115] ? bd_set_size+0xb0/0xb0 [ 2786.935727][T18115] ? wait_for_completion+0x440/0x440 [ 2786.941074][T18115] btrfs_alloc_device+0xd3/0x720 [ 2786.946235][T18115] ? btrfs_find_device_by_devspec+0x620/0x620 [ 2786.952341][T18115] ? blkdev_put+0x98/0x560 [ 2786.956810][T18115] close_fs_devices.part.0+0x1f2/0x7d0 [ 2786.962327][T18115] btrfs_close_devices+0xa0/0x200 [ 2786.967402][T18115] btrfs_mount_root+0xf42/0x1290 [ 2786.972384][T18115] ? btrfs_decode_error+0x70/0x70 [ 2786.977479][T18115] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2786.983754][T18115] ? vfs_parse_fs_string+0x111/0x170 [ 2786.989073][T18115] ? vfs_parse_fs_string+0x111/0x170 [ 2786.994390][T18115] ? rcu_read_lock_sched_held+0x110/0x130 [ 2787.000129][T18115] ? kfree+0x271/0x2a0 [ 2787.004237][T18115] ? vfs_parse_fs_string+0x116/0x170 [ 2787.009549][T18115] ? vfs_parse_fs_param+0x540/0x540 [ 2787.014769][T18115] ? btrfs_decode_error+0x70/0x70 [ 2787.019836][T18115] legacy_get_tree+0x108/0x220 [ 2787.024628][T18115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2787.030900][T18115] vfs_get_tree+0x8e/0x390 [ 2787.035429][T18115] fc_mount+0x17/0xc0 [ 2787.039443][T18115] vfs_kern_mount.part.0+0xd8/0xf0 [ 2787.044728][T18115] vfs_kern_mount+0x40/0x60 [ 2787.049260][T18115] btrfs_mount+0x2b4/0x15e2 [ 2787.053795][T18115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2787.060059][T18115] ? should_fail+0x1de/0x852 [ 2787.064684][T18115] ? btrfs_remount+0x10f0/0x10f0 [ 2787.069645][T18115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2787.075906][T18115] ? refcount_sub_and_test_checked+0x154/0x200 [ 2787.082090][T18115] ? refcount_dec_not_one+0x1f0/0x1f0 [ 2787.087484][T18115] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2787.093753][T18115] ? vfs_parse_fs_string+0x111/0x170 [ 2787.099065][T18115] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2787.105061][T18115] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2787.111324][T18115] ? apparmor_capable+0x2ef/0x640 [ 2787.116410][T18115] ? cap_capable+0x205/0x270 [ 2787.121099][T18115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2787.128200][T18115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2787.134472][T18115] ? btrfs_remount+0x10f0/0x10f0 [ 2787.139457][T18115] legacy_get_tree+0x108/0x220 [ 2787.144247][T18115] ? legacy_get_tree+0x108/0x220 [ 2787.149199][T18115] vfs_get_tree+0x8e/0x390 [ 2787.153636][T18115] do_mount+0x13b3/0x1c30 [ 2787.157988][T18115] ? copy_mount_string+0x40/0x40 [ 2787.162962][T18115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2787.169239][T18115] ? copy_mount_options+0x2e8/0x3f0 [ 2787.174461][T18115] ksys_mount+0xdb/0x150 [ 2787.178721][T18115] __x64_sys_mount+0xbe/0x150 [ 2787.183501][T18115] do_syscall_64+0xfd/0x6a0 [ 2787.188023][T18115] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2787.193921][T18115] RIP: 0033:0x45c26a [ 2787.197826][T18115] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2787.217479][T18115] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2787.225915][T18115] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2787.233900][T18115] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 04:14:14 executing program 1: syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x3a, 0xf0ffff, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff89, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x3], [], @broadcast}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4305000000000000], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 2787.241887][T18115] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2787.249899][T18115] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2787.259379][T18115] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2787.267764][T18115] ------------[ cut here ]------------ [ 2787.273235][T18115] kernel BUG at fs/btrfs/volumes.c:1275! [ 2787.278951][T18115] invalid opcode: 0000 [#1] SMP KASAN [ 2787.284924][T18115] CPU: 1 PID: 18115 Comm: syz-executor.3 Not tainted 5.2.0+ #71 04:14:14 executing program 0: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a402100000000000001000000000000005f42485266535f4dd2", 0x49, 0x10000}], 0x0, 0x0) [ 2787.292664][T18115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2787.293597][ T3902] kobject: 'loop5' (0000000064361c09): kobject_uevent_env [ 2787.302735][T18115] RIP: 0010:close_fs_devices.part.0+0x5fe/0x7d0 [ 2787.302750][T18115] Code: 3c 03 0f 8e 57 01 00 00 48 8b 45 b8 c7 80 20 01 00 00 00 00 00 00 48 83 c4 50 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e2 d9 c1 fe <0f> 0b e8 db d9 c1 fe 0f 0b 48 8b 7d c0 e8 10 9b fb fe e9 3d fd ff [ 2787.302756][T18115] RSP: 0018:ffff88805ca87798 EFLAGS: 00010246 04:14:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7bf070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x37f, &(0x7f00000007c0)={0x0}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [], @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}, 0x1, 0x0, 0x800000000000000}, 0x0) [ 2787.302767][T18115] RAX: 0000000000040000 RBX: ffff8880a5c93300 RCX: ffffc90013425000 [ 2787.302774][T18115] RDX: 0000000000040000 RSI: ffffffff82af7c9e RDI: 0000000000000007 [ 2787.302791][T18115] RBP: ffff88805ca87810 R08: ffff888098f1e6c0 R09: fffffbfff14a6d6e [ 2787.309955][ T3902] kobject: 'loop5' (0000000064361c09): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2787.316117][T18115] R10: fffffbfff14a6d6d R11: ffffffff8a536b6f R12: 0000000000000000 [ 2787.316124][T18115] R13: ffff8880a5e76040 R14: dffffc0000000000 R15: fffffffffffffff4 [ 2787.316134][T18115] FS: 00007f4d26060700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 2787.316141][T18115] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2787.316149][T18115] CR2: 00007ffc9ee21ff8 CR3: 00000000197f3000 CR4: 00000000001426e0 [ 2787.316160][T18115] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2787.316176][T18115] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2787.431487][T18115] Call Trace: [ 2787.434804][T18115] btrfs_close_devices+0xa0/0x200 [ 2787.439856][T18115] btrfs_mount_root+0xf42/0x1290 [ 2787.444815][T18115] ? btrfs_decode_error+0x70/0x70 [ 2787.450079][T18115] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2787.456445][T18115] ? vfs_parse_fs_string+0x111/0x170 [ 2787.461757][T18115] ? vfs_parse_fs_string+0x111/0x170 [ 2787.467066][T18115] ? rcu_read_lock_sched_held+0x110/0x130 [ 2787.472811][T18115] ? kfree+0x271/0x2a0 [ 2787.476906][T18115] ? vfs_parse_fs_string+0x116/0x170 [ 2787.482206][T18115] ? vfs_parse_fs_param+0x540/0x540 [ 2787.487434][T18115] ? btrfs_decode_error+0x70/0x70 [ 2787.492471][T18115] legacy_get_tree+0x108/0x220 [ 2787.497351][T18115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2787.503612][T18115] vfs_get_tree+0x8e/0x390 [ 2787.508046][T18115] fc_mount+0x17/0xc0 [ 2787.512228][T18115] vfs_kern_mount.part.0+0xd8/0xf0 [ 2787.517366][T18115] vfs_kern_mount+0x40/0x60 [ 2787.521894][T18115] btrfs_mount+0x2b4/0x15e2 [ 2787.526415][T18115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2787.532662][T18115] ? should_fail+0x1de/0x852 [ 2787.537267][T18115] ? btrfs_remount+0x10f0/0x10f0 [ 2787.542223][T18115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2787.548481][T18115] ? refcount_sub_and_test_checked+0x154/0x200 [ 2787.554822][T18115] ? refcount_dec_not_one+0x1f0/0x1f0 [ 2787.560210][T18115] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2787.566472][T18115] ? vfs_parse_fs_string+0x111/0x170 [ 2787.571768][T18115] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2787.577847][T18115] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2787.584093][T18115] ? apparmor_capable+0x2ef/0x640 [ 2787.589119][T18115] ? cap_capable+0x205/0x270 [ 2787.593714][T18115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2787.599959][T18115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2787.606226][T18115] ? btrfs_remount+0x10f0/0x10f0 [ 2787.611166][T18115] legacy_get_tree+0x108/0x220 [ 2787.615929][T18115] ? legacy_get_tree+0x108/0x220 [ 2787.620863][T18115] vfs_get_tree+0x8e/0x390 [ 2787.625439][T18115] do_mount+0x13b3/0x1c30 [ 2787.629773][T18115] ? copy_mount_string+0x40/0x40 [ 2787.634993][T18115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2787.641523][T18115] ? copy_mount_options+0x2e8/0x3f0 [ 2787.646937][T18115] ksys_mount+0xdb/0x150 [ 2787.651186][T18115] __x64_sys_mount+0xbe/0x150 [ 2787.655877][T18115] do_syscall_64+0xfd/0x6a0 [ 2787.660386][T18115] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2787.666282][T18115] RIP: 0033:0x45c26a [ 2787.670178][T18115] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2787.689799][T18115] RSP: 002b:00007f4d2605fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2787.698303][T18115] RAX: ffffffffffffffda RBX: 00007f4d2605fb40 RCX: 000000000045c26a [ 2787.706274][T18115] RDX: 00007f4d2605fae0 RSI: 0000000020000100 RDI: 00007f4d2605fb00 [ 2787.714332][T18115] RBP: 0000000000000001 R08: 00007f4d2605fb40 R09: 00007f4d2605fae0 [ 2787.722307][T18115] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2787.730292][T18115] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 2787.738273][T18115] Modules linked in: [ 2787.742317][T18115] ---[ end trace 7f81b4ab809de3c7 ]--- [ 2787.747858][T18115] RIP: 0010:close_fs_devices.part.0+0x5fe/0x7d0 [ 2787.754150][T18115] Code: 3c 03 0f 8e 57 01 00 00 48 8b 45 b8 c7 80 20 01 00 00 00 00 00 00 48 83 c4 50 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e2 d9 c1 fe <0f> 0b e8 db d9 c1 fe 0f 0b 48 8b 7d c0 e8 10 9b fb fe e9 3d fd ff [ 2787.773965][T18115] RSP: 0018:ffff88805ca87798 EFLAGS: 00010246 [ 2787.780073][T18115] RAX: 0000000000040000 RBX: ffff8880a5c93300 RCX: ffffc90013425000 [ 2787.788107][T18115] RDX: 0000000000040000 RSI: ffffffff82af7c9e RDI: 0000000000000007 [ 2787.796125][T18115] RBP: ffff88805ca87810 R08: ffff888098f1e6c0 R09: fffffbfff14a6d6e [ 2787.796302][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2787.804266][T18115] R10: fffffbfff14a6d6d R11: ffffffff8a536b6f R12: 0000000000000000 [ 2787.804285][T18115] R13: ffff8880a5e76040 R14: dffffc0000000000 R15: fffffffffffffff4 [ 2787.810207][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2787.818098][T18115] FS: 00007f4d26060700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 2787.840806][T18115] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2787.847452][T18115] CR2: 00007ffc9ee21ff8 CR3: 00000000197f3000 CR4: 00000000001426e0 [ 2787.855467][T18115] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2787.863537][T18115] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2787.871578][T18115] Kernel panic - not syncing: Fatal exception [ 2787.878716][T18115] Kernel Offset: disabled [ 2787.883072][T18115] Rebooting in 86400 seconds..