program: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x44000) r1 = socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000001c0)={[{@user_xattr}, {@grpjquota}, {@nodelalloc}]}, 0x1, 0x4a3, &(0x7f0000000580)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9IE3XjSl0UxIIbhRqTaayZZEJmUpvQRaq7LlyIoiAu3PsXuLEriyCudS8upKI1ggrCyDkzk+Zr4qBpBnJ+Pzid95z3dJ73zfC8nHnPOXMCyKyzyT+5iMGI+DwijjZWN+9wtvGydv/mVLLkol6//F0u3S9Zb+3a+n9HImI1Ivoi4tknI17KbY9bXV6ZnSyXS4vN9WJtbqFYXV65cG1ucqY0U5ofGb84MTE+PDY6sWd9vf3GK7cvffR074c/vX7v7puffJw0a7BZt7Efe6nR9Z44vmHboYh4/GEE64JCsz/93W4If0jy+f0tIs6l+X80CumnCWRBvV6v/1o/3K56tQ4cWPn0GDiXH4qIRjmfHxpqHMP/PQby5Uq19v+rlaX56cax8rHoyV+9Vi4NN78rHIueXLI+kpYfrI9uWR+LSI+B3yr0p+tDU5Xy9P4OdcAWR7bk/4+FRv4DGeErP2SX/Ifskv+QXfIfskv+Q3bJf8gu+Q/ZJf8hu+Q/ZJf8h+yS/5BJz1y6lCz11v3v09eXl2Yr1y9Ml6qzQ3NLU0NTlcWFoZlKZSa9Z2fu996vXKksjDwSSzeKtVK1Vqwur1yZqyzN166k9/VfKfXsS6+AThw/c+fLXESsPtqfLoneZp1chYOtXs9Ft+9BBrqj0O0BCOgaU3+QXb7jAzv8RO8mfe0qFva+LcD+yHe7AUDXnD/l/B9klfl/yC7z/5BdjvEB8/+QPeb/IbsG2zz/6y8bnt01HBF/jYgvCj2HW8/6Ag6C/De55vH/+aP/Htxa25v7OT1F0BsRr753+Z0bk7Xa4kiy/fv17bV3m9tHu9F+oFOtPG3lMQCQXWv3b061lv2M++0TjYsQtsc/1Jyb7EvPUQ6s5TZdq5Dbo2sXVm9FxMmd4ueazztvnPkYWCtsi3+i+ZprvEXa3kPpc9P3J/6pDfH/tSH+6T/9V4FsuJOMP8M75V8+zelYz7/N48/gHl070X78y6+Pf4U249+ZDmO8/P5rX7eNfyvi9I7xW/H60lhb4ydtO99h/HsvPPePdnX1Dxrvs1P8lqRUrM0tFKvLKxfS35GbKc2PjF+cmBgfHhudKKZz1MXWTPV2j5387O5u/R9oE3+3/ifb/tth/3/556fPn90l/n/O7fz5n9glfn9E/K/D+D+MfvViu7ok/nSb/ud3iZ9sG+swfvXtpw53uCsAsA+qyyuzk+VyaVFBQUFhvdDtkQl42B4kfbdbAgAAAAAAAAAAAHRqPy4n7nYfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOgt8CAAD//1kn1ls=") r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101442, 0x1ff) fallocate(r2, 0x8, 0x1, 0x3) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x3c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x44000) (async) socket$nl_route(0x10, 0x3, 0x0) (async) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000001c0)={[{@user_xattr}, {@grpjquota}, {@nodelalloc}]}, 0x1, 0x4a3, &(0x7f0000000580)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9IE3XjSl0UxIIbhRqTaayZZEJmUpvQRaq7LlyIoiAu3PsXuLEriyCudS8upKI1ggrCyDkzk+Zr4qBpBnJ+Pzid95z3dJ73zfC8nHnPOXMCyKyzyT+5iMGI+DwijjZWN+9wtvGydv/mVLLkol6//F0u3S9Zb+3a+n9HImI1Ivoi4tknI17KbY9bXV6ZnSyXS4vN9WJtbqFYXV65cG1ucqY0U5ofGb84MTE+PDY6sWd9vf3GK7cvffR074c/vX7v7puffJw0a7BZt7Efe6nR9Z44vmHboYh4/GEE64JCsz/93W4If0jy+f0tIs6l+X80CumnCWRBvV6v/1o/3K56tQ4cWPn0GDiXH4qIRjmfHxpqHMP/PQby5Uq19v+rlaX56cax8rHoyV+9Vi4NN78rHIueXLI+kpYfrI9uWR+LSI+B3yr0p+tDU5Xy9P4OdcAWR7bk/4+FRv4DGeErP2SX/Ifskv+QXfIfskv+Q3bJf8gu+Q/ZJf8hu+Q/ZJf8h+yS/5BJz1y6lCz11v3v09eXl2Yr1y9Ml6qzQ3NLU0NTlcWFoZlKZSa9Z2fu996vXKksjDwSSzeKtVK1Vqwur1yZqyzN166k9/VfKfXsS6+AThw/c+fLXESsPtqfLoneZp1chYOtXs9Ft+9BBrqj0O0BCOgaU3+QXb7jAzv8RO8mfe0qFva+LcD+yHe7AUDXnD/l/B9klfl/yC7z/5BdjvEB8/+QPeb/IbsG2zz/6y8bnt01HBF/jYgvCj2HW8/6Ag6C/De55vH/+aP/Htxa25v7OT1F0BsRr753+Z0bk7Xa4kiy/fv17bV3m9tHu9F+oFOtPG3lMQCQXWv3b061lv2M++0TjYsQtsc/1Jyb7EvPUQ6s5TZdq5Dbo2sXVm9FxMmd4ueazztvnPkYWCtsi3+i+ZprvEXa3kPpc9P3J/6pDfH/tSH+6T/9V4FsuJOMP8M75V8+zelYz7/N48/gHl070X78y6+Pf4U249+ZDmO8/P5rX7eNfyvi9I7xW/H60lhb4ydtO99h/HsvPPePdnX1Dxrvs1P8lqRUrM0tFKvLKxfS35GbKc2PjF+cmBgfHhudKKZz1MXWTPV2j5387O5u/R9oE3+3/ifb/tth/3/556fPn90l/n/O7fz5n9glfn9E/K/D+D+MfvViu7ok/nSb/ud3iZ9sG+swfvXtpw53uCsAsA+qyyuzk+VyaVFBQUFhvdDtkQl42B4kfbdbAgAAAAAAAAAAAHRqPy4n7nYfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOgt8CAAD//1kn1ls=") (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101442, 0x1ff) (async) fallocate(r2, 0x8, 0x1, 0x3) (async) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)) (async) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x3c}}, 0x0) (async) [ 92.913515][ T785] cfg80211: failed to load regulatory.db [ 92.921311][ T4681] Bluetooth: hci0: command tx timeout [ 93.123472][ T5337] bridge_slave_0: left allmulticast mode [ 93.126011][ T5337] bridge_slave_0: left promiscuous mode [ 93.131154][ T5337] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.140246][ T5337] bridge_slave_1: left allmulticast mode [ 93.142670][ T5337] bridge_slave_1: left promiscuous mode [ 93.145040][ T5337] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.152326][ T5337] bond0: (slave bond_slave_0): Releasing backup interface [ 93.160003][ T5337] bond0: (slave bond_slave_1): Releasing backup interface [ 93.172229][ T5337] team0: Port device team_slave_0 removed [ 93.183674][ T5338] loop0: detected capacity change from 0 to 512 [ 93.192279][ T5337] team0: Port device team_slave_1 removed [ 93.195350][ T5337] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.261494][ T5338] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 93.270726][ T5337] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.279326][ T5337] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 93.282465][ T5337] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.290860][ T5337] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 93.304173][ T5338] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.314080][ T5338] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.329147][ T5337] ip6gre0: entered promiscuous mode [ 93.336711][ T5337] team0: Port device ip6gre0 added [ 93.348038][ T5338] team0: Port device ip6gre0 removed [ 93.356588][ T5338] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 93.379408][ T785] skbuff: skb_under_panic: text:ffffffff8a28f9c8 len:136 put:40 head:ffff8880403ba000 data:ffff8880403b9fe8 tail:0x70 end:0x6c0 dev:team0 [ 93.386178][ T785] ------------[ cut here ]------------ [ 93.388632][ T785] kernel BUG at net/core/skbuff.c:213! [ 93.392688][ T785] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 93.395377][ T785] CPU: 0 UID: 0 PID: 785 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full) [ 93.399200][ T785] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.403570][ T785] Workqueue: mld mld_ifc_work [ 93.405686][ T785] RIP: 0010:skb_panic+0x157/0x160 [ 93.407849][ T785] Code: c7 60 4b 8f 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 6e 67 f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 93.415972][ T785] RSP: 0018:ffffc90001a57280 EFLAGS: 00010282 [ 93.418623][ T785] RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 0c3e97fd4200d200 [ 93.422047][ T785] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 93.425426][ T785] RBP: 00000000000006c0 R08: ffffc90001a56f87 R09: 1ffff9200034adf0 [ 93.428793][ T785] R10: dffffc0000000000 R11: fffff5200034adf1 R12: ffff8880405b98d0 [ 93.432399][ T785] R13: ffff8880403ba000 R14: ffff8880403b9fe8 R15: 0000000000000070 [ 93.436265][ T785] FS: 0000000000000000(0000) GS:ffff88808d239000(0000) knlGS:0000000000000000 [ 93.440254][ T785] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 93.443009][ T785] CR2: 0000000000000000 CR3: 0000000011b9d000 CR4: 0000000000352ef0 [ 93.446437][ T785] Call Trace: [ 93.447821][ T785] [ 93.449227][ T785] ? ip6gre_header+0xc8/0x790 [ 93.451275][ T785] ? ip6gre_header+0xc8/0x790 [ 93.453398][ T785] skb_push+0xc3/0xe0 [ 93.455102][ T785] ip6gre_header+0xc8/0x790 [ 93.456927][ T785] ? __pfx_ip6gre_header+0x10/0x10 [ 93.458960][ T785] ? read_seqbegin+0x1ac/0x250 [ 93.460861][ T785] ? __pfx_read_seqbegin+0x10/0x10 [ 93.462931][ T785] ? ___neigh_create+0x1c5f/0x2230 [ 93.464990][ T785] ? __pfx_ip6gre_header+0x10/0x10 [ 93.467041][ T785] neigh_connected_output+0x286/0x460 [ 93.469185][ T785] ip6_finish_output2+0xfb3/0x1480 [ 93.471391][ T785] ? __pfx_ip6_finish_output2+0x10/0x10 [ 93.473789][ T785] ? ip6_mtu+0x7d/0x490 [ 93.475481][ T785] ? ip6_mtu+0x7d/0x490 [ 93.477277][ T785] ip6_finish_output+0x234/0x7d0 [ 93.479368][ T785] ? ip6_output+0x126/0x550 [ 93.481362][ T785] ip6_output+0x340/0x550 [ 93.483398][ T785] NF_HOOK+0x9e/0x380 [ 93.485217][ T785] ? NF_HOOK+0x101/0x380 [ 93.487100][ T785] ? __pfx_NF_HOOK+0x10/0x10 [ 93.489159][ T785] ? __pfx_dst_output+0x10/0x10 [ 93.491305][ T785] ? icmp6_dst_alloc+0x3a5/0x420 [ 93.493541][ T785] ? icmp6_dst_alloc+0x3a5/0x420 [ 93.495844][ T785] mld_sendpack+0x8d4/0xe60 [ 93.498034][ T785] ? mld_sendpack+0x1e7/0xe60 [ 93.500138][ T785] ? __pfx_mld_sendpack+0x10/0x10 [ 93.502397][ T785] mld_ifc_work+0x83e/0xd60 [ 93.504529][ T785] ? _raw_spin_unlock_irq+0x23/0x50 [ 93.506836][ T785] ? process_scheduled_works+0x9ef/0x1770 [ 93.509344][ T785] process_scheduled_works+0xad1/0x1770 [ 93.511741][ T785] ? __pfx_process_scheduled_works+0x10/0x10 [ 93.514516][ T785] worker_thread+0x8a0/0xda0 [ 93.516527][ T785] kthread+0x711/0x8a0 [ 93.518387][ T785] ? __pfx_worker_thread+0x10/0x10 [ 93.520619][ T785] ? __pfx_kthread+0x10/0x10 [ 93.522679][ T785] ? _raw_spin_unlock_irq+0x23/0x50 [ 93.525139][ T785] ? lockdep_hardirqs_on+0x98/0x140 [ 93.528020][ T785] ? __pfx_kthread+0x10/0x10 [ 93.530139][ T785] ret_from_fork+0x599/0xb30 [ 93.532192][ T785] ? __pfx_ret_from_fork+0x10/0x10 [ 93.534460][ T785] ? __pfx_kthread+0x10/0x10 [ 93.536475][ T785] ret_from_fork_asm+0x1a/0x30 [ 93.538547][ T785] [ 93.539843][ T785] Modules linked in: [ 93.541923][ T785] ---[ end trace 0000000000000000 ]---