last executing test programs: 4.064331256s ago: executing program 1 (id=3415): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r0, 0x8990, 0x0) r1 = socket(0x18, 0x0, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0x2, @local, 'geneve1\x00'}}, 0x1e) sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x98, 0x0, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x38d4d9b}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8001}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}]}]}, @TIPC_NLA_NODE={0x3c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x2b, 0x3, "7060d1cc19228ec77a67efee8b63bf3b4b9ab7988de7438cde18eb5bb48f980a9e079a77e263b8"}, @TIPC_NLA_NODE_ADDR={0x8}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x80}, 0x40040) sendmsg$nl_xfrm(r1, &(0x7f00000006c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000300)=@updsa={0xf0, 0x1a, 0x20, 0x70bd29, 0x25dfdbfd, {{@in=@local, @in=@loopback, 0x4e21, 0x100, 0x4e20, 0x6, 0xa, 0x80, 0xc0, 0x2b, 0x0, 0xee01}, {@in=@remote, 0x4d2, 0x2b}, @in=@dev={0xac, 0x14, 0x14, 0x19}, {0x7fffffff, 0x6, 0x4, 0x8, 0x5, 0x2, 0xd89, 0x2}, {0x5, 0x1, 0x6a, 0x5}, {0x0, 0x53688d2b, 0x4}, 0x70bd26, 0x3503, 0x2, 0x2, 0x6f, 0x2}}, 0xf0}, 0x1, 0x0, 0x0, 0x40000c0}, 0x4) 3.978685099s ago: executing program 1 (id=3417): r0 = socket(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x806, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@RTM_DELMDB={0x18, 0x55, 0x1, 0x0, 0x0, {0x7, r4}}, 0x18}}, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r1, 0x3) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000140)=@filter={'filter\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x300, 0x300, 0x300, 0xffffffff, 0x4, &(0x7f0000000080), {[{{@uncond, 0x0, 0x108, 0x130, 0x0, {}, [@common=@srh={{0x30}, {0x2c, 0x8, 0x5, 0x2, 0x4, 0x1a0a, 0xa03}}, @common=@frag={{0x30}, {[0x9, 0x1], 0xfffffffe, 0xa, 0x1}}]}, @REJECT={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x1a}, [0xffffff00, 0xff000000, 0xff000000, 0xffffffff], [0xffffffff, 0xff, 0xffffffff], 'veth0_virt_wifi\x00', 'wg1\x00', {}, {0xff}, 0x8, 0x2, 0x3, 0x23}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv4={'\x00', '\xff\xff', @multicast1}, [0xffffff00, 0xffffffff, 0x0, 0xffffffff], [0xffffff00, 0xffffff00, 0xffffff00, 0xffffff00], 'veth1_to_bridge\x00', 'veth0_to_team\x00', {0xff}, {}, 0x41, 0x1, 0x1, 0x20}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@srh={{0x30}, {0x2c, 0x80, 0x9e, 0x7, 0x3, 0x1000, 0x1c06}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x4}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x430) r5 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r5, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_TOL(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x68, r7, 0x1, 0x0, 0x0, {{}, {}, {0x4c, 0x18, {0x0, @link='broadcast-link\x00'}}}}, 0x68}}, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x30, r7, 0x2, 0x70bd2d, 0x25dfdbfd, {{}, {}, {0x14, 0x19, {0xaaf, 0x1ff, 0x80000001, 0x9756}}}, ["", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x200000c0}, 0xc4) socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000000)={0x7, 'veth0_macvtap\x00', {0x6}, 0x4}) r8 = socket$inet(0x2, 0x3, 0x33) getsockopt$inet_mreqsrc(r8, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x28) r9 = accept$phonet_pipe(r0, &(0x7f00000000c0), &(0x7f0000000580)=0x10) ioctl$SIOCPNADDRESOURCE(r9, 0x89e0, &(0x7f00000005c0)=0xf) close(0x4) 3.336318852s ago: executing program 0 (id=3423): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000180)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xaf}]}, &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) pipe(&(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x8003, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket(0x11, 0x800000003, 0x0) socket$netlink(0x10, 0x3, 0x0) pipe(&(0x7f0000000340)) socket(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540087001400b59500000000000000000a000000", @ANYRES32=r0, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa"], 0x54}, 0x1, 0x0, 0x0, 0x24008800}, 0x80) 2.75447252s ago: executing program 0 (id=3426): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000740)=ANY=[@ANYBLOB="140100002d0001000000000000000000040100800c0000000000000000000000140001000000000000000000000010000000000150bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b"], 0x114}], 0x1}, 0x0) r2 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000400)={0x1, {{0xa, 0x0, 0x6, @mcast1, 0x4000001}}, {{0xa, 0x1, 0xffffffff, @mcast2, 0x1}}}, 0xff75) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000007c0)=[@in6={0xa, 0x4e20, 0x0, @loopback, 0x4b26e94}, @in={0x2, 0x4e20, @local}], 0x2c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x2c, &(0x7f0000000900)=[@in6={0xa, 0x4e20, 0x0, @loopback}, @in={0x2, 0x4e20, @loopback=0xac1414aa}]}, &(0x7f00000002c0)=0x10) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x13, &(0x7f0000000100)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@map_fd={0x18, 0x2}, @initr0={0x18, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x6}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x2c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x2, 0x8, 0x4, 0x8000}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000300)=[0xffffffffffffffff, 0x1, 0x1, 0x1], &(0x7f0000000340)=[{0x2, 0x3, 0x8, 0x8}, {0x2, 0x3, 0x1}], 0x10, 0x9, @void, @value}, 0x94) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='cgroup.stat\x00', 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000440)={@fallback=r1, r3, 0x19, 0x2018, 0x0, @value=r4}, 0x20) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e23, 0x4, @local}, @in6={0xa, 0x4e20, 0x4, @loopback, 0x1ff}, @in={0x2, 0x4e21, @local}], 0x48) 2.678758473s ago: executing program 1 (id=3428): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f000083b000/0x13000)=nil, 0x13000, 0x0, 0x13, r1, 0x0) mmap(&(0x7f00004e7000/0x2000)=nil, 0x2000, 0x0, 0x13, r2, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) mmap$xdp(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r3, 0x0) mmap$xdp(&(0x7f0000ffe000/0x2000)=nil, 0x2002, 0x604, 0x11, r3, 0x80000000) 2.43908689s ago: executing program 2 (id=3433): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="260000000000000000ff"], 0x20) sendto$inet6(r0, &(0x7f0000000000)="c5", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x15}, 0x1c) setsockopt$inet6_mreq(r0, 0x29, 0x15, 0x0, 0x0) 2.438699629s ago: executing program 3 (id=3434): bind$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0xc7) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newlink={0x50, 0x10, 0x421, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x88a8ffad, 0x60e1}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0xe, 0xa}}, @IFLA_VLAN_ID={0x6, 0x1, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r3}]}, 0x50}}, 0xc2) 2.395638829s ago: executing program 0 (id=3435): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0x8, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4}}}]}, 0xffffffffffffffe6}}, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006080)=@newtfilter={0x40, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x8, 0xfffc}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_fw={{0x7}, {0x14, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x0, 0x10}}, @TCA_FW_MASK={0x8, 0x5, 0x3ff}]}}]}, 0x40}}, 0x400c084) 2.393364411s ago: executing program 1 (id=3436): r0 = socket$inet6(0xa, 0x2, 0x0) readv(r0, &(0x7f0000000300)=[{&(0x7f00000003c0)=""/4096, 0x1000}], 0x1) unshare(0xc020400) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000080)=[{}], 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@mcast2, @in=@remote, 0x4e21, 0x0, 0x4e24, 0x1, 0x2, 0x20, 0x20, 0x16, r2, 0xee01}, {0x100000000, 0x46, 0xdb8c, 0x5, 0x3, 0xe, 0x4, 0xff}, {0xffff, 0x100000000, 0x0, 0x2}, 0x2, 0x6e6bb1, 0x0, 0x1, 0x3}, {{@in6=@private1, 0x4d6, 0xff}, 0x2, @in6=@loopback, 0x3500, 0x1, 0x3, 0x5, 0x10000, 0x4, 0xf0}}, 0xe8) bind$inet6(r0, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="901240c26659aa66cdbf4f8f9f57ad7070c857acb9e3d346635baf03a38eef5a40288a17a2f80cdd5f9cfc6d8d9a9baba907c01998a0ab2660b9021822e432312b0fb31b", 0x44}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000013c0)="f8", 0x1}], 0x1}}], 0x2, 0x200c8000) sendmmsg(r0, &(0x7f00000092c0), 0x0, 0x10) 2.179913543s ago: executing program 3 (id=3439): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_pid(r0, &(0x7f0000000340), 0x12) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socket$isdn(0x22, 0x3, 0x21) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000140)={0x0, @local, @local}, &(0x7f0000000240)=0xc) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x14, 0x0, 0x1}, 0x14}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) r2 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="5400000010000304000000000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000003120100340012800b0001006272696467650000240002800800050001000000060027"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080), 0x10) sendmsg$L2TP_CMD_TUNNEL_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14200000", @ANYRES16=0x0, @ANYBLOB="000326bd7000fcdbdf2504000000"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x40080) getsockopt$inet_mptcp_buf(r0, 0x11c, 0x3, &(0x7f00000003c0)=""/161, &(0x7f0000000100)=0xa1) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000400000000000900020073797a31000000000500010007000000050005000000000014000780080011400000000005001500030000000d"], 0x5c}}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000580)=@file={0x1, './file0\x00'}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r7 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@ipv4_delrule={0x24, 0x21, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@FRA_FLOW={0x8, 0xb, 0x5}]}, 0x24}}, 0x0) 1.816435295s ago: executing program 4 (id=3440): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000dc0)=[{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000080)="4b7e67cf6995e4e649c71b7f35e97ded968fea4f29bfacfc5f49f00551d27613e6d1c495b5101c0c9ad54fb9e405b2af23c9b667a250dcde64327645bccece99dc6240c7e73a2e39751c2400f34a6b4d5f", 0x51}], 0x1, 0x0, 0x0, 0x404200d}], 0x1, 0x40091) recvmmsg(r1, &(0x7f0000003c80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x5100}, 0x5}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)=""/83, 0x53}], 0x1}, 0xffffff0b}], 0x2, 0x2001, 0x0) 1.726816348s ago: executing program 4 (id=3441): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000007c0)=[@in6={0xa, 0x4e20, 0x0, @loopback, 0x4b26e94}, @in={0x2, 0x4e20, @local}], 0x2c) r1 = socket$igmp(0x2, 0x3, 0x2) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0x8, 0x8, 0x0, 0x0, 0x101}}]}, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r4, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x4001, 0x3, 0x210, 0x0, 0x0, 0x148, 0x180, 0x148, 0x220, 0x240, 0x240, 0x220, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00', {}, {}, 0x11}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x270) setsockopt$inet_msfilter(r1, 0x0, 0x29, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000000000006112210000000000950bc9feeed587dec2b455daf5c4db0427f9f729427186cdf6573340"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1f00, 0x8, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000900)=[@in={0x2, 0x4e20, @loopback=0xac1414aa}]}, &(0x7f00000002c0)=0x10) setsockopt(r0, 0x1, 0x8000, &(0x7f0000000000)="6fe1e66e601ed078", 0x8) 1.673146638s ago: executing program 0 (id=3442): socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0xa, 0x3, 0x73) socket$packet(0x11, 0x2, 0x300) r0 = socket$netlink(0x10, 0x3, 0x14) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_0\x00'}}]}, 0x38}}, 0x0) (fail_nth: 7) 1.528187785s ago: executing program 4 (id=3443): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r0, 0x0) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, 0x0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r2 = accept(r0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x12, 0x4, 0x4, 0xa4, 0x0, 0xffffffffffffffff, 0x7fffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000300), &(0x7f00000002c0)=@tcp6=r2}, 0x47) recvmmsg(r2, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x12020, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000000c0)='sys_exit\x00', r4}, 0x18) r5 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) preadv(r5, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0x4}], 0x3e8, 0x0, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x48814}, 0x40810) 1.527503062s ago: executing program 3 (id=3444): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="662700000000000024001280090001007866726d0000000014000280040003"], 0x44}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[], 0xe8}}, 0x0) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) (async) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r3, 0x84, 0x7f, &(0x7f0000000080)="000000000d800000", 0x8) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB="1c0000002000170829bd7000ffdbdf250a00000d"], 0x1c}}, 0x0) (async) r4 = socket$isdn_base(0x22, 0x3, 0x0) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000000d030000000000000000000001050020008000000000000000000000030000000002000000"], 0x0, 0x4e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) (async) ioctl$sock_SIOCINQ(r6, 0x541b, 0x0) bind$bt_hci(r6, &(0x7f0000000040), 0x6) (async) ioctl$sock_bt_hci(r6, 0x400448e7, &(0x7f00000000c0)) (async, rerun: 32) r7 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32) getsockopt$sock_buf(r7, 0x1, 0x3b, 0x0, &(0x7f00000000c0)) (async, rerun: 64) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), 0xffffffffffffffff) (rerun: 64) sendmsg$DEVLINK_CMD_RELOAD(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000700)={0x64, r8, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x64}}, 0x0) (async) ioctl$IMGETCOUNT(r4, 0x80044943, &(0x7f0000000300)) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000100)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, &(0x7f00000001c0)=[0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0], 0x0, 0xc2, &(0x7f0000000340)=[{}, {}, {}], 0x18, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0xc0, 0x8, 0x8, &(0x7f0000000580)}}, 0x10) r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', r9, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r11 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x6, 0x5, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0x43}]}, &(0x7f0000000880)='syzkaller\x00', 0x4, 0x7f, &(0x7f00000008c0)=""/127, 0x40f00, 0x41, '\x00', 0x0, 0x25, r10, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[r10], 0x0, 0x10, 0x8, @void, @value}, 0x94) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x40}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r10}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r11, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r12, 0x0, 0x10, 0x10, &(0x7f00000006c0)="0000000000000005", &(0x7f0000000700)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 1.521085356s ago: executing program 2 (id=3445): syz_emit_ethernet(0x5e, &(0x7f0000000680)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}, @link_local, @val={@val={0x88a8, 0x6, 0x1}, {0x8100, 0x5, 0x0, 0x1}}, {@canfd={0xd, {{0x0, 0x1, 0x0, 0x1}, 0x16, 0x2, 0x0, 0x0, "0cd6782dd6466596f91c9aa03c60c42e34aa364d7de6099b8d7b838f2e4b995a6113f1a246b923b4d8cd3c664ce8c8f8708c3d3990d27c7c62cace3903b40794"}}}}, &(0x7f0000000100)={0x0, 0x4, [0xd53, 0xf20, 0xc57, 0x857]}) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_IGNORE_DF={0x5, 0x13, 0x1}, @IFLA_GRE_PMTUDISC={0x5}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x48}}, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000700)={0xffffffffffffffff, 0xe, 0x66db, 0x8000000000000000}) write$ppp(r1, &(0x7f0000000740)="5e8278784c8753ceb9601fdd123607ac72d89bd502e356f4b09ef337571c8e9d850715063f59e9dabe7fc3b1f821cbddcbacdaa922fa75bdcfb191f9d5b2b5c6c35fba16e36ab4f0f705d82149f3432b807e34ef8ea047bf46d1c28f4e8977325264dd36c9bbb8c6e1d7296e089ad838824fdf7e029d4df2b3b8d107c62da522bac36ef3568e0ce740a812f8545c542ad5702937c6b2dee3812eca74b06fe07ad990bc63693c3b224fb744b0e7abd7754419d7586bf00bdb2a7066e5f2a64aed", 0xc0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_dccp(0x2, 0x6, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r4, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) syz_emit_ethernet(0x7e, &(0x7f00000004c0)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x2b, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x4, 0x0, 0x0, 0x3, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @broadcast=0xac1414bb, {[@timestamp_addr={0x44, 0x34, 0x0, 0x1, 0x0, [{@local}, {@loopback}, {@dev}, {@empty}, {@dev}, {@broadcast}]}, @cipso={0x86, 0xa, 0x0, [{0x0, 0x2}, {0x0, 0x2}]}]}}}}}}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r2, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000340)={0x1c, r6, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4081}, 0x4) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r8, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @random="0100002010ff"}) sendmsg$NFNL_MSG_CTHELPER_DEL(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)={0x50, 0x2, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_IP={0x2d, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0) r9 = accept4$unix(0xffffffffffffffff, &(0x7f0000000040)=@abs, &(0x7f00000000c0)=0x6e, 0x80000) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x3c, r11, 0x1, 0x0, 0x0, {0x2f}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0) recvmsg$unix(r9, &(0x7f0000000400)={&(0x7f0000000600)=@abs, 0x6e, &(0x7f00000003c0)=[{&(0x7f0000000180)=""/253, 0xfd}, {&(0x7f0000000280)=""/62, 0x3e}, {&(0x7f0000000300)=""/63, 0x3f}, {&(0x7f0000000380)=""/55, 0x37}], 0x4, &(0x7f00000004c0)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0xb0}, 0x40000040) 1.04929041s ago: executing program 1 (id=3446): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) ioctl$sock_proto_private(0xffffffffffffffff, 0x8992, &(0x7f0000000000)) listen(r1, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) r2 = accept$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x0) close(r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), 0xffffffffffffffff) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)={0x28, r7, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) sendmsg$MPTCP_PM_CMD_REMOVE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r4, 0x1, 0x0, 0x0, {0x4, 0x0, 0x1fff}}, 0x14}, 0x1, 0xfcffffff00000000}, 0x0) 896.336379ms ago: executing program 3 (id=3447): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x7, 0x30}, &(0x7f0000000040)=0xc) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000080)={r3, @in6={{0xa, 0x4e21, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x70d6}}, [0x1, 0xfffffffffffff6d4, 0x5, 0xff8, 0x4, 0x1000000, 0x4, 0xbf8, 0x7fffffff, 0x7, 0x9, 0x800, 0x600, 0x4, 0xb]}, &(0x7f0000000280)=0x100) r4 = socket$inet_sctp(0x2, 0x5, 0x84) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={r6, 0x8}, 0x8) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f00000002c0)={r6, 0x1}, &(0x7f0000000400)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000440)=@assoc_value={r7, 0x6}, &(0x7f0000000340)=0x8) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)={0x54, r1, 0x5eae78d9c54e9d3f, 0x0, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_SEC_KEY={0x38, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "403d050c5baee20061f2b6d70100"}, @NL802154_KEY_ATTR_ID={0x18, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xfffc}]}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x81}]}]}, 0x54}}, 0x10) 876.783355ms ago: executing program 0 (id=3448): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x2, {0x0, 0x0, 0x0, 0x0, {0xb}, {0xffff, 0xffff}, {0x0, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge0\x00'}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x40004}, 0x10) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000340)={0xa, 0x4e20, 0xfffffffa, @mcast2}, 0x1c) setsockopt$inet6_udp_int(r2, 0x11, 0x66, &(0x7f0000000080)=0xa3d, 0x4) openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x2f01, 0x0) socket$kcm(0x2, 0xa, 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r4 = socket$xdp(0x2c, 0x3, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000800)={'batadv_slave_0\x00', 0x0}) r7 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r7, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r7, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) setsockopt$XDP_TX_RING(r4, 0x11b, 0x3, &(0x7f0000000300)=0x1000, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r7, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) bind$xdp(r7, &(0x7f0000000100)={0x2c, 0x0, r9, 0x22}, 0x10) bind$xdp(r4, &(0x7f0000000240)={0x2c, 0x1, r6, 0x0, r7}, 0x10) setsockopt$bt_BT_CHANNEL_POLICY(r3, 0x112, 0xa, &(0x7f0000005380), 0x4) socket$inet_sctp(0x2, 0x1, 0x84) r10 = socket$inet_udplite(0x2, 0x2, 0x88) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000071122a00000000009500000700000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) setsockopt$IPT_SO_SET_REPLACE(r10, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x238, 0x108, 0x11, 0x148, 0x0, 0x10, 0x1a0, 0x2a8, 0x2a8, 0x1a0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xc0, 0x108, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x588, 0x548, 0x7}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x5, 0x3, 'syz0\x00', {0x4d}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0xffffffff, 'batadv_slave_1\x00', 'veth1_to_batadv\x00', {}, {}, 0x73, 0x2}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0xdb, 0x4}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298) 832.189139ms ago: executing program 2 (id=3449): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x80000) syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r1) sendmsg$DCCPDIAG_GETSOCK(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x15c, 0x13, 0x200, 0x70bd2d, 0x25dfdbfb, {0xb, 0x2, 0x1, 0x1b, {0x4e23, 0x4e22, [0xfffffffc, 0x8, 0x400, 0x4], [0x6, 0x0, 0x1, 0x8], 0x0, [0x2, 0x1000000]}, 0x4, 0xfff}, [@INET_DIAG_REQ_BYTECODE={0x25, 0x1, "ca905b00a698336ac3a55cea1ae64c41f58a9af930ff7c7bdbea0ed8cc850e2ee5"}, @INET_DIAG_REQ_BYTECODE={0xe7, 0x1, "4615416cd5d1be0da2507395e100cafaa64c9bef48038198c345820230cadc62be96f4d4af06dad8b6bac9b64ba61d7fe2ff83a10cde6e51f5665345eeebf81a396973cf8b3912b9f5d2d5a961a0603425b9fc89bfd5ea3f84524c1f0b473d2618d3abab98bd9a3e7246422b33541143f64e4a19e26c1ad7bd3dcdd78524b0f425a9c987ddd7f257f44865ebf68d5060a7f937821b953ae7b062fd75b2da6db2bea2b688aeaab363beda068e720f72bea25f744ca878e79cf69498abfa5f528a77fd8e783e00b21a9f0a100f247ded4855a6216d666bbf3c9f4dd19ad52a9b1bd34715"}]}, 0x15c}, 0x1, 0x0, 0x0, 0x2000}, 0x24008840) 609.876917ms ago: executing program 2 (id=3450): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, 0x13, 0xa, 0x201, 0x0, 0x0, {0x5}, [@NFTA_OBJ_USERDATA={0x18, 0x8, "2ba4fdfd04c74f4feb17dab1ad4a5527036631a1"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x44000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x2c8, 0x30, 0x400, 0x70bd29, 0x25dfdbff, {}, [{0x2b4, 0x1, [@m_nat={0xe4, 0x15, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x5, 0x800, 0x0, 0x6, 0x5}, @broadcast, @private=0xa010101, 0xff, 0x1}}]}, {0x91, 0x6, "10e888c9612e2e34f2a5c0d7a87138e300765dba5074c9d374932654344b0c3962c5b1337fa6db0058e4c409791d8494eb4f1d5e393184346fed949d96f5daa0ce947de3daaa6e95d07edeca20c84c34c3d590793d972426d03baeb20ac6787db577296c99e3e931b99974120505982554b03c14cf350d002b5185962405187e60822f26f3d3d50fc809abad8c"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_gact={0xcc, 0x8, 0x0, 0x0, {{0x9}, {0x4}, {0x9d, 0x6, "0f617356f0a663079ab7576a2846e5b3b3d9b048dc90bac2c3b40552dc14f7774371c98d6e2763d4fda783e36f45e224484cc6a0e6a530d841c87c70bbf3448d6187a58197fa3ffb0b318a51cc59415ac311a355fe1d08f8de9966d8ba89a56bfbc37c6af7d37dcdeb618f98f29bf3b05a23cefbbf51193614c08c162352d9eaad342b2f307dd8babd71ab8a1c4f80bbbbccc8ce4d369a33f9"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_sample={0xa4, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x76, 0x6, "b994bedd346bce0500000000000000d115251a878473985c1ed7a3d4fca80601598de37da823754e06000000b3a3c993afbb7ebbbe1526dab34d44b5c23c87b684ba0a43c6d997aa4921c5a813b871326a35619082cefce7336f46644321281eb0d25aefbb3a49f1569225f999328fd102ad"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ctinfo={0x5c, 0x10, 0x0, 0x0, {{0xb}, {0x4}, {0x2e, 0x6, "244f1d5e491793fe299ae91a500c9cc02390a453351e3b982d0e4762ca9b14a043390c938c41ebe65abf"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x2c8}}, 0x48000) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000540)=""/100, 0x64}, {&(0x7f0000000280)=""/74, 0xe}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000300)=""/155, 0x9b}, {&(0x7f00000001c0)=""/17, 0x11}, {&(0x7f0000000880)=""/218, 0xda}, {&(0x7f0000001fc0)=""/4096, 0x1000}], 0xa, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, 0x13, 0xa, 0x201, 0x0, 0x0, {0x5}, [@NFTA_OBJ_USERDATA={0x18, 0x8, "2ba4fdfd04c74f4feb17dab1ad4a5527036631a1"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x44000) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x2c8, 0x30, 0x400, 0x70bd29, 0x25dfdbff, {}, [{0x2b4, 0x1, [@m_nat={0xe4, 0x15, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x5, 0x800, 0x0, 0x6, 0x5}, @broadcast, @private=0xa010101, 0xff, 0x1}}]}, {0x91, 0x6, "10e888c9612e2e34f2a5c0d7a87138e300765dba5074c9d374932654344b0c3962c5b1337fa6db0058e4c409791d8494eb4f1d5e393184346fed949d96f5daa0ce947de3daaa6e95d07edeca20c84c34c3d590793d972426d03baeb20ac6787db577296c99e3e931b99974120505982554b03c14cf350d002b5185962405187e60822f26f3d3d50fc809abad8c"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_gact={0xcc, 0x8, 0x0, 0x0, {{0x9}, {0x4}, {0x9d, 0x6, "0f617356f0a663079ab7576a2846e5b3b3d9b048dc90bac2c3b40552dc14f7774371c98d6e2763d4fda783e36f45e224484cc6a0e6a530d841c87c70bbf3448d6187a58197fa3ffb0b318a51cc59415ac311a355fe1d08f8de9966d8ba89a56bfbc37c6af7d37dcdeb618f98f29bf3b05a23cefbbf51193614c08c162352d9eaad342b2f307dd8babd71ab8a1c4f80bbbbccc8ce4d369a33f9"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_sample={0xa4, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x76, 0x6, "b994bedd346bce0500000000000000d115251a878473985c1ed7a3d4fca80601598de37da823754e06000000b3a3c993afbb7ebbbe1526dab34d44b5c23c87b684ba0a43c6d997aa4921c5a813b871326a35619082cefce7336f46644321281eb0d25aefbb3a49f1569225f999328fd102ad"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ctinfo={0x5c, 0x10, 0x0, 0x0, {{0xb}, {0x4}, {0x2e, 0x6, "244f1d5e491793fe299ae91a500c9cc02390a453351e3b982d0e4762ca9b14a043390c938c41ebe65abf"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x2c8}}, 0x48000) (async) socket(0x10, 0x803, 0x0) (async) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) (async) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000540)=""/100, 0x64}, {&(0x7f0000000280)=""/74, 0xe}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000300)=""/155, 0x9b}, {&(0x7f00000001c0)=""/17, 0x11}, {&(0x7f0000000880)=""/218, 0xda}, {&(0x7f0000001fc0)=""/4096, 0x1000}], 0xa, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) (async) 480.126506ms ago: executing program 4 (id=3451): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f00000002c0)={'wg0\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x5, &(0x7f0000000900)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41000, 0x36, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94) r3 = socket$igmp6(0xa, 0x3, 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000840)='notify_on_release\x00', 0x2, 0x0) write$cgroup_int(r5, &(0x7f00000002c0)=0x6, 0x12) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000001780)=@raw={'raw\x00', 0x8, 0x3, 0x400, 0x0, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x330, 0xffffffff, 0xffffffff, 0x330, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x1c, 0x3, 0x2, 0x5, 'snmp_trap\x00', 'syz0\x00', {0x7ff}}}}, {{@ipv6={@empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0x0, 0x0, 0x0, 0xffffff00], [], 'rose0\x00', 'gre0\x00'}, 0x0, 0xf8, 0x220, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xf}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0xa, 'system_u:object_r:iptables_unit_file_t:s0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x460) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000980)=ANY=[@ANYRES64=r3], 0x0, 0x45, 0x0, 0x0, 0xa, 0x0, @void, @value}, 0x28) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5c0000fb", @ANYRES16=r7, @ANYBLOB="1709000000000000000001000000050007000000000008000900000000001400200000000000000000000000ffff7f00000108000a0000000000060002000100000014001f00"/86], 0x5c}, 0x1, 0x620b}, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$tun(r8, &(0x7f0000000000)=ANY=[], 0x38) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="680100000001010400000000000000000a00ffff3c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c0002800500010000000000440002802c000180140003000000000000080000000000000000000114000400fe8800000000000000000000000000010c000280050001000000000006000340000000000800074000000000cc0006801400000000bb14000400fe02000000000000000000000000003c14000500fc02000000000000000000000000000014000500fe880000000000000000000000000001080001007f0000012c000380060002004e200000060002004e24000044a90600020000030000060001004e220000060001004e22000014000400fe80000000000000000000197e205e2bc88d2b272ec6baf4000000002014000500fe8000000000000000000000000000aa08000200ac14142414000400fc0000000000000000000000000000014d50d7830a443929f86894b97c32aa1aaec97eddafa6bcc700318a0b810fbc8078fd817fa474311599026aebc241fcb7748e8d0554fabb8e84fffea62a5315609430065e6a99ac0211c6709129a9086bde17"], 0x168}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r8, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) r10 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r10, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e21, @multicast2}, 0x2, 0x4, 0x2}}, 0x26) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) socket(0x8, 0x80000, 0x53) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000c80)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000002000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ac1414aa00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ac1e0001000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007f000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x590) setsockopt$inet_group_source_req(r0, 0x0, 0x2c, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r8, 0x0, 0x30, &(0x7f00000011c0)=ANY=[@ANYBLOB="030000000000000002004e22ac141427000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000002004e207f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e23ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e3d04c7b216f1aa0ca6ea2df5ec537a3a589cbae488381f283c1a35ad351e2e8ff433ec66d7dabdb811324549c61279c2acb0da5b11c5b7d6f254b0296ef9551a45b5d47b155eea001ea7bcd074296575fad7b016a6969f0d70c805c7a59f40901ed5f09c93063406e8767c2379be33b7a35a6f3fc759526cae35285d894775bb37ee378b8710ec09ea3037412f1d65e9de5a6a89c054c6050a8c6ad9c21b6b45b61d6db308c6d130b92d01f0bc3615d484fe1eead5a77c0c1b48de34737dc75c759fb5185"], 0x190) 473.195451ms ago: executing program 0 (id=3452): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) ioctl$sock_proto_private(0xffffffffffffffff, 0x8992, 0x0) listen(r1, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) r2 = accept$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x0) close(r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), 0xffffffffffffffff) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) mmap$xdp(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000002, 0x13, r5, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_procs(r6, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0) readv(r7, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/185, 0xb9}], 0x1) close(r7) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_REMOVE(r3, 0x0, 0x0) 369.022296ms ago: executing program 3 (id=3453): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$kcm(0x29, 0x2, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000040), 0x4) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x1e) write(r2, &(0x7f0000000080)="0b000300010001", 0x7) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r0) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, r3, 0x607, 0x70bd28, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8801}, 0x4810) 252.056303ms ago: executing program 4 (id=3454): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWCHAIN={0xe4, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TYPE={0xb, 0x7, 'filter\x00'}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffe}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_CHAIN_COUNTERS={0x28, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x5}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x401}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x7}]}, @NFTA_CHAIN_HOOK={0x38, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x45326ba}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x7452847e}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth0_to_bond\x00'}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3192e0d}]}, @NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_CHAIN_HOOK={0x48, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x76dae347}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x58225696}, @NFTA_HOOK_DEV={0x14, 0x3, 'erspan0\x00'}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x572a57b0}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x196de7a8}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x114af10b}]}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_COMPAT={0x2c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0xa01}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x5e}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x33}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x200}]}]}], {0x14}}, 0x1a4}}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r1, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000180)="aabbcc", 0x3}], 0x1}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000240)="aabbcc", 0x3}], 0x1}}], 0x2, 0x0) pselect6(0x40, &(0x7f0000000000)={0xb26, 0x2b, 0x2, 0x6, 0xfffffffffffffffe, 0x1, 0x1, 0x1ff}, &(0x7f0000000080)={0x9, 0x7, 0x80000000, 0xffffffffffffffc0, 0x9, 0x5, 0x7, 0x401}, &(0x7f0000000100)={0xf0, 0x1, 0x80, 0x81, 0xffffffffffffb053, 0x8d, 0x150, 0xf9d}, &(0x7f0000000140), &(0x7f00000001c0)={&(0x7f0000000180)={[0x8]}, 0x8}) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWCHAIN={0xe4, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TYPE={0xb, 0x7, 'filter\x00'}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffe}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_CHAIN_COUNTERS={0x28, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x5}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x401}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x7}]}, @NFTA_CHAIN_HOOK={0x38, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x45326ba}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x7452847e}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth0_to_bond\x00'}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3192e0d}]}, @NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_CHAIN_HOOK={0x48, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x76dae347}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x58225696}, @NFTA_HOOK_DEV={0x14, 0x3, 'erspan0\x00'}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x572a57b0}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x196de7a8}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x114af10b}]}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_COMPAT={0x2c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0xa01}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x5e}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x33}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x200}]}]}], {0x14}}, 0x1a4}}, 0x0) (async) socket$inet6(0xa, 0x2, 0x0) (async) sendmmsg$inet6(r1, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000180)="aabbcc", 0x3}], 0x1}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000240)="aabbcc", 0x3}], 0x1}}], 0x2, 0x0) (async) pselect6(0x40, &(0x7f0000000000)={0xb26, 0x2b, 0x2, 0x6, 0xfffffffffffffffe, 0x1, 0x1, 0x1ff}, &(0x7f0000000080)={0x9, 0x7, 0x80000000, 0xffffffffffffffc0, 0x9, 0x5, 0x7, 0x401}, &(0x7f0000000100)={0xf0, 0x1, 0x80, 0x81, 0xffffffffffffb053, 0x8d, 0x150, 0xf9d}, &(0x7f0000000140), &(0x7f00000001c0)={&(0x7f0000000180)={[0x8]}, 0x8}) (async) 251.801195ms ago: executing program 2 (id=3455): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(r0, &(0x7f00000000c0)="8f2a0a65bd8c002b03043a0e0580a7b6070d63e286a5cefe", 0x5ac) 166.887285ms ago: executing program 3 (id=3456): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0b040000000000000000020000002400048020d6bae75ad307b4d5f96b577db020000180070001006374000014000280080002400000000208000140000000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a82984c49e314a9b032bd14ef375888499bc71ddf96aa670633190972c3487e64d8b162d044c3601091658bcc320b8d5e84716bbdaf14b893aca666f987093872ed2d0b8b27054eefc7243700a368e4cd0e903ded14444dce38404bec340845005154f73e15e7235cd5a5"], 0x78}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x4, &(0x7f0000000140)=@framed={{}, [@jmp={0x5, 0x0, 0x0, 0x0, 0xa, 0x0, 0xfffffffffffffff0}]}, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000008c0)=ANY=[@ANYBLOB="540100001800010000000000000000001d0100001500030000000000000000008ca5be073cff296e040000001e0106000000fe000071ec6d721744cd5200080000f8cfcad4c4ec6511ec028c5028564abce83afe14c93e15e556c2baed7f897fe841c155a2b2a4b9f3052995cdf66a9c7922ff0300005b6c67281f1519cd7c32c2bf7563b9452575505da99ea128d37616896be8764a2c78edbad5bde7a5e405bdc893770338925f824bd24689c0d11a5568fc3aaa9ad0df766d8ea8d3bf1006e3df494e2f373148ecb4adafdd39874e9808b118301f1e76054a64c6d243523f5de7b347f3b740e105d0ed18fae7289635301ebd8949268090b3bcd4cbed5f1cfe93cff41a9630802f96defe9e8ea850529827c5e301953a8abaafa1f121e590f74e28233f4129d4587eee87ec5d42c3ef0619022c005c8d586b2a88d81866930fca15c8a95d29e5b2ea00000800050091"], 0x154}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x1, &(0x7f0000000100)=0x8, 0x4) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000003c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4309(aegis128)\x00'}, 0x6e) close(r2) socket$nl_xfrm(0x10, 0x3, 0x6) syz_emit_ethernet(0x6e, &(0x7f00000003c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001040", 0x38, 0x6, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], {{0x4, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0xe, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "345f8cf949a01b515682f44cecac91ba"}, @md5sig={0x1d, 0x12, "d243471da14ff23d079da4ca814b7d7b"}]}}}}}}}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x4a, 0x3ab3666c4349b199, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x30, r4, 0x200, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x9, 0x3c}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xa}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x6e}]}, 0x30}, 0x1, 0x0, 0x0, 0x18091}, 0x8080) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x0, 0x0, 0x0, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) connect$ax25(r5, &(0x7f0000000100)={{0x3, @bcast, 0x4}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x48) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) syz_emit_ethernet(0x8e, &(0x7f0000000640)={@multicast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x17, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @local, {[@rr={0x7, 0x3}, @rr={0x7, 0x7, 0x0, [@multicast2]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@private=0xa01012f}, {@multicast1}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@local}, {}, {@dev={0xac, 0x14, 0x14, 0x15}}, {@private}]}]}}, "770400000088e934"}}}}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000180)={0x0, 0x3b, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0) syz_emit_ethernet(0x123, &(0x7f0000000440)=ANY=[@ANYBLOB="0180c20000010180c200000e080045000115006800008011"], 0x0) ioctl$SIOCAX25NOUID(r5, 0x89e3, &(0x7f00000001c0)) sendmsg$key(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x17, 0x8, 0x7, 0x5, 0x0, 0x70bd28, 0x25dfdbfd, [@sadb_address={0x3, 0x7, 0x32, 0xa0, 0x0, @in={0x2, 0x4e20, @empty}}]}, 0x28}}, 0x240440c8) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x9084) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)={0x18, 0x24, 0x301, 0x0, 0x0, {0x1}, [@nested={0x4, 0xae}]}, 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) sendmsg$key(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x10}}, 0x4000040) socket$inet_udplite(0x2, 0x2, 0x88) 136.396056ms ago: executing program 4 (id=3457): bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000480)=ANY=[@ANYBLOB="0a00000016000000b30000007f00000000000000", @ANYRES32, @ANYBLOB="00013100000100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f00000000c0)={'ip6tnl0\x00', 0x0, 0x95a0cef96f795630, 0x0, 0xd, 0x3, 0x2, @remote, @mcast2, 0x20, 0x8000, 0x3, 0x9}}) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, 0x0, 0x4004) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20}, {}, {0x0, 0x0, 0x0, 0xfffffffffffffffe}}}, 0xb8}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0x437, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r4, 0x54583, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TOS={0x5, 0x4, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmmsg$inet(r1, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @empty}}}], 0x20}}], 0x1, 0x80) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00'}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000200)={@loopback}, &(0x7f0000000240)=0x14) socket(0x400000000010, 0x3, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000140)=@framed={{}, [@printk={@i, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}, @call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001b40)={r6, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r7 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r8 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000000440)={'tunl0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @private}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r8, 0x89f3, &(0x7f0000000240)={'syztnl0\x00', &(0x7f0000000140)={'gretap0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0xffffffffffffffb2, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}}}) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020695aa571c6f4551cd3ef8c47dbeb93162500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000850000000e0000009500000000000000c9cf7722f7ebda01a7546e448744ef164aa5b21fb72a898b59686b4cd316c76378dbb42635c7424849fe61075eebe8ad76da6e1e75f38a3d7e31448e772ae47f2678a29fd24882e17d5b4f7936b962a51574bc173513a271097b3a296e1c7177882a3022df3664ef6c052244876e9045d0d346f142bd1184767d5442248674e337cc5a50d590ad1e979ec9ed75e671dbcf735515a1b33c6ed12179a1db398955a545c635510149d907c78801ccced0721659faefba002b9b466343217fa5c400259d54a6d0b7a5ef661281bdc30eb8e45ac3f1af88140364e43f2b3b038bf5ba2e812e604781595819423bbd3c4add994defba971288a1a4b80448a3b99cb096000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001b40)={r9, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 394.841µs ago: executing program 2 (id=3458): sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000", @ANYRES16, @ANYBLOB="0503000000000000f7ff0c000000080003004b3441444a21286a1f2ae42e5929b72b379767feccada8a4a36d09a310852b1415f634a4", @ANYRES32=0x0], 0x1c}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="001c86dd0700100000004000000060ec970000e03c00e18000000000000000000000000000aaff020000000000000000000000000701"], 0xffe) 0s ago: executing program 1 (id=3459): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x58}}, 0x0) kernel console output (not intermixed with test programs): ] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 288.548333][T13765] FAULT_INJECTION: forcing a failure. [ 288.548333][T13765] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 288.607072][T13765] CPU: 1 UID: 0 PID: 13765 Comm: syz.3.3062 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 288.607105][T13765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 288.607119][T13765] Call Trace: [ 288.607126][T13765] [ 288.607135][T13765] dump_stack_lvl+0x241/0x360 [ 288.607167][T13765] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.607191][T13765] ? __pfx__printk+0x10/0x10 [ 288.607213][T13765] ? __pfx_lock_release+0x10/0x10 [ 288.607255][T13765] should_fail_ex+0x40a/0x550 [ 288.607292][T13765] _copy_from_user+0x2d/0xb0 [ 288.607321][T13765] copy_msghdr_from_user+0xae/0x680 [ 288.607357][T13765] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 288.607385][T13765] ? __fget_files+0x2a/0x410 [ 288.607420][T13765] ? __fget_files+0x2a/0x410 [ 288.607466][T13765] __sys_sendmsg+0x209/0x350 [ 288.607496][T13765] ? __pfx___sys_sendmsg+0x10/0x10 [ 288.607533][T13765] ? do_sys_openat2+0x17a/0x1d0 [ 288.607590][T13765] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 288.607624][T13765] ? do_syscall_64+0x100/0x230 [ 288.607660][T13765] ? do_syscall_64+0xb6/0x230 [ 288.607702][T13765] do_syscall_64+0xf3/0x230 [ 288.607734][T13765] ? clear_bhb_loop+0x35/0x90 [ 288.607767][T13765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.607795][T13765] RIP: 0033:0x7f9d0dd8d169 [ 288.607814][T13765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 288.607832][T13765] RSP: 002b:00007f9d0ec39038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 288.607856][T13765] RAX: ffffffffffffffda RBX: 00007f9d0dfa5fa0 RCX: 00007f9d0dd8d169 [ 288.607872][T13765] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000006 [ 288.607885][T13765] RBP: 00007f9d0ec39090 R08: 0000000000000000 R09: 0000000000000000 [ 288.607899][T13765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 288.607911][T13765] R13: 0000000000000000 R14: 00007f9d0dfa5fa0 R15: 00007ffed7ce2b38 [ 288.607942][T13765] [ 288.858370][T13648] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 288.871825][T13648] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 289.091076][T13769] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 289.131526][T13769] team0: Port device batadv1 added [ 289.402869][T13648] 8021q: adding VLAN 0 to HW filter on device bond0 [ 289.469639][T13648] 8021q: adding VLAN 0 to HW filter on device team0 [ 289.495118][ T6598] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.503312][ T6598] bridge0: port 1(bridge_slave_0) entered forwarding state [ 289.507463][ T5841] Bluetooth: hci1: command tx timeout [ 289.552927][ T6598] bridge0: port 2(bridge_slave_1) entered blocking state [ 289.560161][ T6598] bridge0: port 2(bridge_slave_1) entered forwarding state [ 290.418668][T13648] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 290.649295][T13648] veth0_vlan: entered promiscuous mode [ 290.730255][T13817] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3077'. [ 290.731163][T13648] veth1_vlan: entered promiscuous mode [ 290.769868][T13817] macsec0: entered promiscuous mode [ 290.933166][T13648] veth0_macvtap: entered promiscuous mode [ 290.996312][T13648] veth1_macvtap: entered promiscuous mode [ 291.023420][T13821] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3078'. [ 291.053189][T13821] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3078'. [ 291.063968][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.090486][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.100639][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.131360][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.145897][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.168776][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.186541][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.215953][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.245916][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.286571][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.320577][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.342235][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.345709][T13833] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3081'. [ 291.360528][T13648] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 291.362505][T13833] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3081'. [ 291.410949][T13821] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3078'. [ 291.432520][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 291.476034][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.502825][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 291.528223][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.551438][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 291.568601][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.578718][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 291.586350][ T5841] Bluetooth: hci1: command tx timeout [ 291.589890][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.604831][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 291.615612][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.628439][T13648] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 291.645220][T13821] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3078'. [ 291.713005][T13821] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3078'. [ 291.724868][T13648] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.753616][T13648] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.773029][T13648] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.785808][T13648] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.794133][T13839] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 291.807961][T13821] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3078'. [ 291.898863][T13840] netlink: 'syz.3.3083': attribute type 12 has an invalid length. [ 291.970108][ T6590] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.991703][ T6590] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 292.061613][ T3015] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 292.085147][ T3015] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 292.182231][T13844] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3084'. [ 292.424934][T13852] FAULT_INJECTION: forcing a failure. [ 292.424934][T13852] name failslab, interval 1, probability 0, space 0, times 0 [ 292.457994][T13852] CPU: 0 UID: 0 PID: 13852 Comm: syz.3.3087 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 292.458026][T13852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 292.458040][T13852] Call Trace: [ 292.458048][T13852] [ 292.458057][T13852] dump_stack_lvl+0x241/0x360 [ 292.458090][T13852] ? __pfx_dump_stack_lvl+0x10/0x10 [ 292.458119][T13852] ? __pfx__printk+0x10/0x10 [ 292.458143][T13852] ? __kmalloc_cache_noprof+0x48/0x390 [ 292.458175][T13852] ? __pfx___might_resched+0x10/0x10 [ 292.458208][T13852] should_fail_ex+0x40a/0x550 [ 292.458246][T13852] should_failslab+0xac/0x100 [ 292.458277][T13852] __kmalloc_cache_noprof+0x70/0x390 [ 292.458306][T13852] ? sctp_transport_new+0x7e/0x660 [ 292.458339][T13852] sctp_transport_new+0x7e/0x660 [ 292.458371][T13852] sctp_assoc_add_peer+0x225/0x1360 [ 292.458404][T13852] ? sctp_endpoint_is_peeled_off+0xc1/0x100 [ 292.458433][T13852] sctp_connect_add_peer+0x4af/0x5b0 [ 292.458464][T13852] ? __pfx_sctp_connect_add_peer+0x10/0x10 [ 292.458493][T13852] ? sctp_endpoint_lookup_assoc+0x7c/0x250 [ 292.458528][T13852] ? sctp_endpoint_lookup_assoc+0x217/0x250 [ 292.458551][T13852] ? sctp_endpoint_lookup_assoc+0x7c/0x250 [ 292.458579][T13852] __sctp_connect+0x864/0xe30 [ 292.458616][T13852] ? __pfx___sctp_connect+0x10/0x10 [ 292.458639][T13852] ? __might_fault+0xaa/0x120 [ 292.458659][T13852] ? __might_fault+0xc6/0x120 [ 292.458682][T13852] ? _copy_from_user+0x95/0xb0 [ 292.458707][T13852] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 292.458739][T13852] sctp_getsockopt_connectx3+0x46c/0x730 [ 292.458770][T13852] ? __local_bh_enable_ip+0x168/0x200 [ 292.458798][T13852] ? __pfx_sctp_getsockopt_connectx3+0x10/0x10 [ 292.458829][T13852] ? __local_bh_enable_ip+0x168/0x200 [ 292.458854][T13852] ? sctp_getsockopt+0x13a/0xbb0 [ 292.458877][T13852] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 292.458913][T13852] sctp_getsockopt+0x8de/0xbb0 [ 292.458935][T13852] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 292.458968][T13852] do_sock_getsockopt+0x38e/0x740 [ 292.458998][T13852] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 292.459018][T13852] ? __fget_files+0x2a/0x410 [ 292.459051][T13852] ? __fget_files+0x395/0x410 [ 292.459079][T13852] ? __fget_files+0x2a/0x410 [ 292.459117][T13852] __x64_sys_getsockopt+0x2a1/0x370 [ 292.459148][T13852] ? __pfx___x64_sys_getsockopt+0x10/0x10 [ 292.459171][T13852] ? do_syscall_64+0x100/0x230 [ 292.459205][T13852] ? do_syscall_64+0xb6/0x230 [ 292.459238][T13852] do_syscall_64+0xf3/0x230 [ 292.459269][T13852] ? clear_bhb_loop+0x35/0x90 [ 292.459301][T13852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.459329][T13852] RIP: 0033:0x7f9d0dd8d169 [ 292.459348][T13852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.459367][T13852] RSP: 002b:00007f9d0ec39038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 292.459390][T13852] RAX: ffffffffffffffda RBX: 00007f9d0dfa5fa0 RCX: 00007f9d0dd8d169 [ 292.459406][T13852] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000003 [ 292.459419][T13852] RBP: 00007f9d0ec39090 R08: 00002000000002c0 R09: 0000000000000000 [ 292.459433][T13852] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000002 [ 292.459446][T13852] R13: 0000000000000000 R14: 00007f9d0dfa5fa0 R15: 00007ffed7ce2b38 [ 292.459478][T13852] [ 292.464266][T13854] tipc: Can't bind to reserved service type 2 [ 292.999632][T13863] FAULT_INJECTION: forcing a failure. [ 292.999632][T13863] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 293.049270][T13863] CPU: 0 UID: 0 PID: 13863 Comm: syz.1.3092 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 293.049305][T13863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 293.049317][T13863] Call Trace: [ 293.049324][T13863] [ 293.049332][T13863] dump_stack_lvl+0x241/0x360 [ 293.049362][T13863] ? __pfx_dump_stack_lvl+0x10/0x10 [ 293.049384][T13863] ? __pfx__printk+0x10/0x10 [ 293.049410][T13863] ? snprintf+0xda/0x120 [ 293.049437][T13863] should_fail_ex+0x40a/0x550 [ 293.049470][T13863] _copy_to_user+0x31/0xb0 [ 293.049500][T13863] simple_read_from_buffer+0xca/0x150 [ 293.049531][T13863] proc_fail_nth_read+0x1e9/0x250 [ 293.049562][T13863] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 293.049592][T13863] ? rw_verify_area+0x243/0x630 [ 293.049612][T13863] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 293.049640][T13863] vfs_read+0x1f8/0xb40 [ 293.049661][T13863] ? fdget_pos+0x254/0x320 [ 293.049697][T13863] ? __pfx___mutex_lock+0x10/0x10 [ 293.049728][T13863] ? __pfx_vfs_read+0x10/0x10 [ 293.049752][T13863] ? __fget_files+0x2a/0x410 [ 293.049781][T13863] ? __fget_files+0x395/0x410 [ 293.049808][T13863] ? __fget_files+0x2a/0x410 [ 293.049845][T13863] ksys_read+0x18f/0x2b0 [ 293.049866][T13863] ? __pfx_ksys_read+0x10/0x10 [ 293.049888][T13863] ? do_syscall_64+0x100/0x230 [ 293.049920][T13863] ? do_syscall_64+0xb6/0x230 [ 293.049952][T13863] do_syscall_64+0xf3/0x230 [ 293.049982][T13863] ? clear_bhb_loop+0x35/0x90 [ 293.050012][T13863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.050039][T13863] RIP: 0033:0x7fe3a858bb7c [ 293.050057][T13863] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 293.050074][T13863] RSP: 002b:00007fe3a932a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 293.050096][T13863] RAX: ffffffffffffffda RBX: 00007fe3a87a5fa0 RCX: 00007fe3a858bb7c [ 293.050110][T13863] RDX: 000000000000000f RSI: 00007fe3a932a0a0 RDI: 0000000000000009 [ 293.050123][T13863] RBP: 00007fe3a932a090 R08: 0000000000000000 R09: 0000000000000000 [ 293.050136][T13863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 293.050147][T13863] R13: 0000000000000000 R14: 00007fe3a87a5fa0 R15: 00007ffd2e1a0198 [ 293.050178][T13863] [ 293.431845][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 293.441069][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 293.450565][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 293.472766][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 293.481996][ T5846] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 293.491521][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 293.598775][ T6590] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.666951][ T5846] Bluetooth: hci1: command tx timeout [ 293.772984][ T6590] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.840824][T13886] FAULT_INJECTION: forcing a failure. [ 293.840824][T13886] name failslab, interval 1, probability 0, space 0, times 0 [ 293.862972][T13886] CPU: 1 UID: 0 PID: 13886 Comm: syz.1.3099 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 293.863002][T13886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 293.863015][T13886] Call Trace: [ 293.863022][T13886] [ 293.863031][T13886] dump_stack_lvl+0x241/0x360 [ 293.863063][T13886] ? __pfx_dump_stack_lvl+0x10/0x10 [ 293.863087][T13886] ? __pfx__printk+0x10/0x10 [ 293.863110][T13886] ? __kmalloc_cache_noprof+0x48/0x390 [ 293.863142][T13886] ? __pfx___might_resched+0x10/0x10 [ 293.863176][T13886] should_fail_ex+0x40a/0x550 [ 293.863213][T13886] should_failslab+0xac/0x100 [ 293.863242][T13886] __kmalloc_cache_noprof+0x70/0x390 [ 293.863271][T13886] ? __genradix_ptr_alloc+0x39b/0x500 [ 293.863305][T13886] __genradix_ptr_alloc+0x39b/0x500 [ 293.863344][T13886] __genradix_prealloc+0x45/0x90 [ 293.863376][T13886] sctp_stream_alloc_out+0x8c/0x110 [ 293.863412][T13886] sctp_send_add_streams+0x1fe/0x400 [ 293.863455][T13886] sctp_setsockopt+0x6d9/0x11c0 [ 293.863483][T13886] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 293.863514][T13886] do_sock_setsockopt+0x3af/0x720 [ 293.863543][T13886] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 293.863571][T13886] ? __fget_files+0x395/0x410 [ 293.863600][T13886] ? __fget_files+0x2a/0x410 [ 293.863640][T13886] __x64_sys_setsockopt+0x1ee/0x280 [ 293.863669][T13886] do_syscall_64+0xf3/0x230 [ 293.863708][T13886] ? clear_bhb_loop+0x35/0x90 [ 293.863742][T13886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.863771][T13886] RIP: 0033:0x7fe3a858d169 [ 293.863789][T13886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 293.863808][T13886] RSP: 002b:00007fe3a9309038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 293.863830][T13886] RAX: ffffffffffffffda RBX: 00007fe3a87a6080 RCX: 00007fe3a858d169 [ 293.863846][T13886] RDX: 0000000000000079 RSI: 0000000000000084 RDI: 0000000000000003 [ 293.863863][T13886] RBP: 00007fe3a9309090 R08: 0000000000000008 R09: 0000000000000000 [ 293.863876][T13886] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000002 [ 293.863889][T13886] R13: 0000000000000001 R14: 00007fe3a87a6080 R15: 00007ffd2e1a0198 [ 293.863921][T13886] [ 294.243866][ T6590] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.366896][ T6590] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.407377][T13902] skbuff: bad partial csum: csum=65506/2 headroom=178 headlen=65526 [ 294.654736][T13872] chnl_net:caif_netlink_parms(): no params data found [ 294.788095][T13912] FAULT_INJECTION: forcing a failure. [ 294.788095][T13912] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 294.813321][ T6590] bridge_slave_1: left allmulticast mode [ 294.823148][T13912] CPU: 1 UID: 0 PID: 13912 Comm: syz.2.3106 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 294.823175][T13912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 294.823187][T13912] Call Trace: [ 294.823194][T13912] [ 294.823202][T13912] dump_stack_lvl+0x241/0x360 [ 294.823234][T13912] ? __pfx_dump_stack_lvl+0x10/0x10 [ 294.823257][T13912] ? __pfx__printk+0x10/0x10 [ 294.823280][T13912] ? __pfx_lock_release+0x10/0x10 [ 294.823326][T13912] should_fail_ex+0x40a/0x550 [ 294.823358][T13912] _copy_from_user+0x2d/0xb0 [ 294.823383][T13912] copy_msghdr_from_user+0xae/0x680 [ 294.823414][T13912] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 294.823437][T13912] ? __fget_files+0x2a/0x410 [ 294.823465][T13912] ? __fget_files+0x2a/0x410 [ 294.823498][T13912] __sys_sendmsg+0x209/0x350 [ 294.823522][T13912] ? __pfx___sys_sendmsg+0x10/0x10 [ 294.823553][T13912] ? do_sys_openat2+0x17a/0x1d0 [ 294.823607][T13912] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 294.823639][T13912] ? do_syscall_64+0x100/0x230 [ 294.823672][T13912] ? do_syscall_64+0xb6/0x230 [ 294.823710][T13912] do_syscall_64+0xf3/0x230 [ 294.823740][T13912] ? clear_bhb_loop+0x35/0x90 [ 294.823771][T13912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.823797][T13912] RIP: 0033:0x7f3bdcf8d169 [ 294.823815][T13912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.823835][T13912] RSP: 002b:00007f3bdde67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 294.823857][T13912] RAX: ffffffffffffffda RBX: 00007f3bdd1a5fa0 RCX: 00007f3bdcf8d169 [ 294.823872][T13912] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000003 [ 294.823884][T13912] RBP: 00007f3bdde67090 R08: 0000000000000000 R09: 0000000000000000 [ 294.823896][T13912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 294.823908][T13912] R13: 0000000000000000 R14: 00007f3bdd1a5fa0 R15: 00007ffc2d556078 [ 294.823938][T13912] [ 294.838150][ T6590] bridge_slave_1: left promiscuous mode [ 295.053729][ T6590] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.072682][ T6590] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.387744][ T6590] batman_adv: batadv0: Removing interface: gretap1 [ 295.546096][ T6590] bond2 (unregistering): (slave bridge1): Releasing backup interface [ 295.554856][ T6590] bridge1 (unregistering): left promiscuous mode [ 295.586402][ T5846] Bluetooth: hci2: command tx timeout [ 295.609690][ T6590] bond8 (unregistering): (slave bridge2): Releasing backup interface [ 295.618238][ T6590] bridge2 (unregistering): left promiscuous mode [ 295.793116][ T6590] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 295.804388][ T6590] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 295.815371][ T6590] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 295.833141][ T6590] bond0 (unregistering): (slave team0): Releasing backup interface [ 295.846577][ T6590] bond0 (unregistering): Released all slaves [ 295.973326][ T6590] bond1 (unregistering): Released all slaves [ 296.090428][ T6590] bond2 (unregistering): Released all slaves [ 296.206230][ T6590] bond3 (unregistering): Released all slaves [ 296.325860][ T6590] bond4 (unregistering): Released all slaves [ 296.444203][ T6590] bond5 (unregistering): Released all slaves [ 296.567522][ T6590] bond6 (unregistering): Released all slaves [ 296.688757][ T6590] bond7 (unregistering): Released all slaves [ 296.799128][ T6590] bond8 (unregistering): Released all slaves [ 297.021057][T13872] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.035931][T13872] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.043427][T13872] bridge_slave_0: entered allmulticast mode [ 297.052536][T13872] bridge_slave_0: entered promiscuous mode [ 297.062854][ T6590] tipc: Left network mode [ 297.069767][T13933] netlink: 'syz.0.3112': attribute type 1 has an invalid length. [ 297.101926][T13872] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.126067][T13872] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.144508][T13940] __nla_validate_parse: 3 callbacks suppressed [ 297.144528][T13940] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3111'. [ 297.176273][T13872] bridge_slave_1: entered allmulticast mode [ 297.183468][T13872] bridge_slave_1: entered promiscuous mode [ 297.219097][T13942] netlink: 'syz.3.3114': attribute type 1 has an invalid length. [ 297.242229][T13944] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3111'. [ 297.256077][T13942] netlink: 'syz.3.3114': attribute type 2 has an invalid length. [ 297.352794][T13949] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3114'. [ 297.675040][ T6590] IPVS: stopping backup sync thread 12184 ... [ 297.682851][ T5846] Bluetooth: hci2: command tx timeout [ 297.723202][T13949] netlink: 'syz.3.3114': attribute type 21 has an invalid length. [ 297.737291][T13949] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3114'. [ 297.753292][T13959] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3117'. [ 297.794828][T13959] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3117'. [ 297.827158][T13959] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3117'. [ 297.864051][T13959] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3117'. [ 297.912245][T13872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 297.938141][T13872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 298.163782][T13970] netlink: 'syz.3.3120': attribute type 11 has an invalid length. [ 298.211594][T13872] team0: Port device team_slave_0 added [ 298.240100][T13979] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3123'. [ 298.258374][T13979] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3123'. [ 298.269724][T13872] team0: Port device team_slave_1 added [ 298.406970][T13872] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 298.434594][T13872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.483279][T13872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 298.516538][T13872] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 298.541987][T13872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.571855][T13872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 298.721274][ T6590] hsr_slave_0: left promiscuous mode [ 298.727879][ T6590] hsr_slave_1: left promiscuous mode [ 298.733717][ T6590] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 298.741570][ T6590] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 298.751731][ T6590] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 298.759370][ T6590] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 298.794854][ T6590] veth1_macvtap: left promiscuous mode [ 298.801635][ T6590] veth0_macvtap: left promiscuous mode [ 298.809323][ T6590] veth1_vlan: left promiscuous mode [ 298.829627][ T6590] veth0_vlan: left promiscuous mode [ 298.973121][ T6590] team0 (unregistering): Port device batadv1 removed [ 299.123121][T13999] netlink: 'syz.0.3129': attribute type 1 has an invalid length. [ 299.714078][ T6590] team0 (unregistering): Port device team_slave_1 removed [ 299.746486][ T5846] Bluetooth: hci2: command tx timeout [ 299.828299][ T6590] team0 (unregistering): Port device team_slave_0 removed [ 300.475908][T13872] hsr_slave_0: entered promiscuous mode [ 300.491698][T13872] hsr_slave_1: entered promiscuous mode [ 300.504063][T13872] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 300.517582][T13872] Cannot create hsr debugfs directory [ 300.624703][T14025] sctp: [Deprecated]: syz.1.3138 (pid 14025) Use of struct sctp_assoc_value in delayed_ack socket option. [ 300.624703][T14025] Use struct sctp_sack_info instead [ 301.027330][T14044] FAULT_INJECTION: forcing a failure. [ 301.027330][T14044] name failslab, interval 1, probability 0, space 0, times 0 [ 301.077820][T14044] CPU: 0 UID: 0 PID: 14044 Comm: syz.2.3142 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 301.077852][T14044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 301.077866][T14044] Call Trace: [ 301.077874][T14044] [ 301.077883][T14044] dump_stack_lvl+0x241/0x360 [ 301.077925][T14044] ? __pfx_dump_stack_lvl+0x10/0x10 [ 301.077948][T14044] ? __pfx__printk+0x10/0x10 [ 301.077971][T14044] ? fs_reclaim_acquire+0x93/0x130 [ 301.077994][T14044] ? __pfx___might_resched+0x10/0x10 [ 301.078020][T14044] ? dynamic_dname+0x144/0x1b0 [ 301.078045][T14044] should_fail_ex+0x40a/0x550 [ 301.078081][T14044] should_failslab+0xac/0x100 [ 301.078110][T14044] __kmalloc_noprof+0xdd/0x4c0 [ 301.078137][T14044] ? tomoyo_encode+0x26f/0x540 [ 301.078162][T14044] tomoyo_encode+0x26f/0x540 [ 301.078184][T14044] ? __pfx_sockfs_dname+0x10/0x10 [ 301.078215][T14044] tomoyo_realpath_from_path+0x59e/0x5e0 [ 301.078250][T14044] tomoyo_path_number_perm+0x239/0x770 [ 301.078277][T14044] ? __lock_acquire+0x1397/0x2100 [ 301.078312][T14044] ? tomoyo_path_number_perm+0x209/0x770 [ 301.078345][T14044] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 301.078417][T14044] ? __fget_files+0x2a/0x410 [ 301.078451][T14044] ? __fget_files+0x2a/0x410 [ 301.078487][T14044] security_file_ioctl+0xc6/0x2a0 [ 301.078517][T14044] __se_sys_ioctl+0x46/0x170 [ 301.078542][T14044] do_syscall_64+0xf3/0x230 [ 301.078575][T14044] ? clear_bhb_loop+0x35/0x90 [ 301.078607][T14044] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.078635][T14044] RIP: 0033:0x7f3bdcf8d169 [ 301.078654][T14044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 301.078672][T14044] RSP: 002b:00007f3bdde25038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 301.078695][T14044] RAX: ffffffffffffffda RBX: 00007f3bdd1a6160 RCX: 00007f3bdcf8d169 [ 301.078711][T14044] RDX: 00002000000000c0 RSI: 000000000000890b RDI: 000000000000000b [ 301.078724][T14044] RBP: 00007f3bdde25090 R08: 0000000000000000 R09: 0000000000000000 [ 301.078737][T14044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 301.078750][T14044] R13: 0000000000000001 R14: 00007f3bdd1a6160 R15: 00007ffc2d556078 [ 301.078782][T14044] [ 301.078799][T14044] ERROR: Out of memory at tomoyo_realpath_from_path. [ 301.186070][T14048] FAULT_INJECTION: forcing a failure. [ 301.186070][T14048] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 301.331611][T14048] CPU: 1 UID: 0 PID: 14048 Comm: syz.0.3145 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 301.331641][T14048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 301.331654][T14048] Call Trace: [ 301.331662][T14048] [ 301.331670][T14048] dump_stack_lvl+0x241/0x360 [ 301.331701][T14048] ? __pfx_dump_stack_lvl+0x10/0x10 [ 301.331724][T14048] ? __pfx__printk+0x10/0x10 [ 301.331751][T14048] ? snprintf+0xda/0x120 [ 301.331780][T14048] should_fail_ex+0x40a/0x550 [ 301.331818][T14048] _copy_to_user+0x31/0xb0 [ 301.331849][T14048] simple_read_from_buffer+0xca/0x150 [ 301.331882][T14048] proc_fail_nth_read+0x1e9/0x250 [ 301.331915][T14048] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 301.331949][T14048] ? rw_verify_area+0x243/0x630 [ 301.331970][T14048] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 301.332001][T14048] vfs_read+0x1f8/0xb40 [ 301.332024][T14048] ? fdget_pos+0x254/0x320 [ 301.332056][T14048] ? __pfx___mutex_lock+0x10/0x10 [ 301.332089][T14048] ? __pfx_vfs_read+0x10/0x10 [ 301.332114][T14048] ? __fget_files+0x2a/0x410 [ 301.332156][T14048] ? __fget_files+0x395/0x410 [ 301.332183][T14048] ? __fget_files+0x2a/0x410 [ 301.332213][T14046] netlink: 'syz.1.3144': attribute type 1 has an invalid length. [ 301.332221][T14048] ksys_read+0x18f/0x2b0 [ 301.332247][T14048] ? __pfx_ksys_read+0x10/0x10 [ 301.332267][T14048] ? do_syscall_64+0x100/0x230 [ 301.332303][T14048] ? do_syscall_64+0xb6/0x230 [ 301.332341][T14048] do_syscall_64+0xf3/0x230 [ 301.332376][T14048] ? clear_bhb_loop+0x35/0x90 [ 301.332412][T14048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.332443][T14048] RIP: 0033:0x7f4c71d8bb7c [ 301.332463][T14048] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 301.332483][T14048] RSP: 002b:00007f4c72b3b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 301.332507][T14048] RAX: ffffffffffffffda RBX: 00007f4c71fa5fa0 RCX: 00007f4c71d8bb7c [ 301.332523][T14048] RDX: 000000000000000f RSI: 00007f4c72b3b0a0 RDI: 0000000000000005 [ 301.332538][T14048] RBP: 00007f4c72b3b090 R08: 0000000000000000 R09: 0000000000000000 [ 301.332561][T14048] R10: 0000000000002001 R11: 0000000000000246 R12: 0000000000000001 [ 301.332575][T14048] R13: 0000000000000000 R14: 00007f4c71fa5fa0 R15: 00007ffdf95a9d18 [ 301.332608][T14048] [ 301.659575][ T6590] IPVS: stop unused estimator thread 0... [ 301.827819][ T5846] Bluetooth: hci2: command tx timeout [ 301.904538][T14066] xfrm1: entered allmulticast mode [ 301.941993][T13872] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 301.967283][T13872] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 301.991364][T13872] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 302.009891][T13872] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 302.080092][T14072] FAULT_INJECTION: forcing a failure. [ 302.080092][T14072] name failslab, interval 1, probability 0, space 0, times 0 [ 302.109958][T14072] CPU: 1 UID: 0 PID: 14072 Comm: syz.0.3154 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 302.109989][T14072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 302.110002][T14072] Call Trace: [ 302.110010][T14072] [ 302.110020][T14072] dump_stack_lvl+0x241/0x360 [ 302.110052][T14072] ? __pfx_dump_stack_lvl+0x10/0x10 [ 302.110075][T14072] ? __pfx__printk+0x10/0x10 [ 302.110098][T14072] ? __kmalloc_noprof+0xb5/0x4c0 [ 302.110127][T14072] ? __pfx___might_resched+0x10/0x10 [ 302.110160][T14072] should_fail_ex+0x40a/0x550 [ 302.110197][T14072] should_failslab+0xac/0x100 [ 302.110226][T14072] __kmalloc_noprof+0xdd/0x4c0 [ 302.110252][T14072] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 302.110275][T14072] ? sock_kmalloc+0xd7/0x160 [ 302.110304][T14072] sock_kmalloc+0xd7/0x160 [ 302.110332][T14072] af_alg_sendmsg+0x1147/0x24d0 [ 302.110393][T14072] ? __pfx_af_alg_sendmsg+0x10/0x10 [ 302.110426][T14072] ? __pfx_aa_sk_perm+0x10/0x10 [ 302.110457][T14072] ? __fget_files+0x2a/0x410 [ 302.110488][T14072] ? aa_sock_msg_perm+0x91/0x160 [ 302.110521][T14072] ? skcipher_sendmsg+0x28/0xf0 [ 302.110556][T14072] ? __pfx_skcipher_sendmsg+0x10/0x10 [ 302.110586][T14072] __sock_sendmsg+0x221/0x270 [ 302.110619][T14072] __sys_sendto+0x363/0x4c0 [ 302.110646][T14072] ? __pfx___sys_sendto+0x10/0x10 [ 302.110695][T14072] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 302.110730][T14072] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 302.110763][T14072] ? exc_page_fault+0x590/0x8b0 [ 302.110797][T14072] __x64_sys_sendto+0xde/0x100 [ 302.110821][T14072] do_syscall_64+0xf3/0x230 [ 302.110862][T14072] ? clear_bhb_loop+0x35/0x90 [ 302.110896][T14072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.110925][T14072] RIP: 0033:0x7f4c71d8effc [ 302.110944][T14072] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 302.110962][T14072] RSP: 002b:00007f4c72b39ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 302.110985][T14072] RAX: ffffffffffffffda RBX: 00007f4c72b39fc0 RCX: 00007f4c71d8effc [ 302.111001][T14072] RDX: 0000000000000020 RSI: 00007f4c72b3a010 RDI: 0000000000000004 [ 302.111014][T14072] RBP: 0000000000000000 R08: 00007f4c72b39f14 R09: 000000000000000c [ 302.111026][T14072] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 302.111038][T14072] R13: 00007f4c72b39f68 R14: 00007f4c72b3a010 R15: 0000000000000000 [ 302.111071][T14072] [ 302.436733][T13872] 8021q: adding VLAN 0 to HW filter on device bond0 [ 302.453245][T13872] 8021q: adding VLAN 0 to HW filter on device team0 [ 302.509178][T14076] IPVS: sync thread started: state = MASTER, mcast_ifn = dummy0, syncid = 3, id = 0 [ 302.522166][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 302.529326][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 302.551036][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 302.558260][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 302.584332][T14079] IPVS: stopping master sync thread 14082 ... [ 302.925471][T13872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 303.101211][T14103] __nla_validate_parse: 5 callbacks suppressed [ 303.101233][T14103] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3163'. [ 303.426179][T13872] veth0_vlan: entered promiscuous mode [ 303.460390][T13872] veth1_vlan: entered promiscuous mode [ 303.475710][T14121] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3167'. [ 303.544799][T13872] veth0_macvtap: entered promiscuous mode [ 303.571217][T13872] veth1_macvtap: entered promiscuous mode [ 303.619452][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.622950][T14124] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3165'. [ 303.630754][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.659184][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.682159][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.703468][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.732752][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.748162][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.759567][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.769550][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.781888][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.791877][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.803060][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.814539][T13872] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 303.855037][T14126] syzkaller1: entered promiscuous mode [ 303.872532][T14126] syzkaller1: entered allmulticast mode [ 303.887805][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.898496][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.908985][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.920039][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.931196][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.942300][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.952514][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.963680][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.974074][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.985093][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.997940][T13872] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 304.010628][T13872] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.019800][T13872] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.028929][T13872] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.038858][T13872] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.209241][ T6590] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 304.236718][ T6590] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 304.366608][ T6586] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 304.374492][ T6586] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 304.612185][T14151] netlink: 'syz.0.3178': attribute type 1 has an invalid length. [ 304.689831][T14151] bond1: entered promiscuous mode [ 304.695394][T14151] 8021q: adding VLAN 0 to HW filter on device bond1 [ 305.287143][T14172] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3185'. [ 305.341862][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 305.352724][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 305.366499][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 305.391125][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 305.400198][ T5841] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 305.408236][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 305.800272][T14173] chnl_net:caif_netlink_parms(): no params data found [ 305.800861][T14191] netlink: 100 bytes leftover after parsing attributes in process `syz.1.3189'. [ 305.836099][T14193] netlink: 'syz.4.3190': attribute type 1 has an invalid length. [ 305.849113][T14193] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3190'. [ 305.878651][T14196] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3192'. [ 305.888473][T14196] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3192'. [ 305.924737][T14196] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3192'. [ 306.023512][T14173] bridge0: port 1(bridge_slave_0) entered blocking state [ 306.032564][T14173] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.040225][T14173] bridge_slave_0: entered allmulticast mode [ 306.047569][T14173] bridge_slave_0: entered promiscuous mode [ 306.061135][T14173] bridge0: port 2(bridge_slave_1) entered blocking state [ 306.069510][T14173] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.078882][T14173] bridge_slave_1: entered allmulticast mode [ 306.086768][T14173] bridge_slave_1: entered promiscuous mode [ 306.177640][T14173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 306.221195][T14173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 306.317303][T14173] team0: Port device team_slave_0 added [ 306.351763][T14173] team0: Port device team_slave_1 added [ 306.423784][T14212] ax25_connect(): syz.4.3197 uses autobind, please contact jreuter@yaina.de [ 306.446741][T14173] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 306.453741][T14173] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 306.499017][T14173] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 306.584273][T14173] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 306.600501][T14173] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 306.641176][T14173] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 306.750013][T14173] hsr_slave_0: entered promiscuous mode [ 306.767429][T14173] hsr_slave_1: entered promiscuous mode [ 306.773592][T14173] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 306.809358][T14173] Cannot create hsr debugfs directory [ 307.136669][T14240] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3205'. [ 307.299828][T14173] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.467948][T14173] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.507081][ T5841] Bluetooth: hci3: command tx timeout [ 307.620409][T14173] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.722059][T14173] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.949408][T14173] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 307.967659][T14173] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 307.992723][T14173] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 308.020843][T14173] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 308.200136][T14173] 8021q: adding VLAN 0 to HW filter on device bond0 [ 308.246561][T14284] __nla_validate_parse: 1 callbacks suppressed [ 308.246583][T14284] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3221'. [ 308.270014][T14173] 8021q: adding VLAN 0 to HW filter on device team0 [ 308.286878][ T6586] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.294080][ T6586] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.325154][ T6586] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.332379][ T6586] bridge0: port 2(bridge_slave_1) entered forwarding state [ 308.675215][T14173] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 308.757158][T14301] FAULT_INJECTION: forcing a failure. [ 308.757158][T14301] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 308.798234][T14173] veth0_vlan: entered promiscuous mode [ 308.806021][T14301] CPU: 1 UID: 0 PID: 14301 Comm: syz.4.3227 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 308.806051][T14301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 308.806065][T14301] Call Trace: [ 308.806074][T14301] [ 308.806083][T14301] dump_stack_lvl+0x241/0x360 [ 308.806115][T14301] ? __pfx_dump_stack_lvl+0x10/0x10 [ 308.806139][T14301] ? __pfx__printk+0x10/0x10 [ 308.806164][T14301] ? stack_depot_save_flags+0x37/0x940 [ 308.806204][T14301] should_fail_ex+0x40a/0x550 [ 308.806241][T14301] prepare_alloc_pages+0x1da/0x5b0 [ 308.806275][T14301] __alloc_frozen_pages_noprof+0x16f/0x710 [ 308.806305][T14301] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 308.806351][T14301] alloc_pages_mpol+0x311/0x660 [ 308.806387][T14301] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 308.806418][T14301] ? __kmalloc_noprof+0x2a5/0x4c0 [ 308.806455][T14301] ? sock_kmalloc+0xd7/0x160 [ 308.806485][T14301] alloc_pages_noprof+0x121/0x190 [ 308.806517][T14301] af_alg_sendmsg+0x145b/0x24d0 [ 308.806573][T14301] ? __pfx_af_alg_sendmsg+0x10/0x10 [ 308.806606][T14301] ? __pfx_aa_sk_perm+0x10/0x10 [ 308.806637][T14301] ? __fget_files+0x2a/0x410 [ 308.806669][T14301] ? aa_sock_msg_perm+0x91/0x160 [ 308.806701][T14301] ? skcipher_sendmsg+0x28/0xf0 [ 308.806735][T14301] ? __pfx_skcipher_sendmsg+0x10/0x10 [ 308.806765][T14301] __sock_sendmsg+0x221/0x270 [ 308.806797][T14301] __sys_sendto+0x363/0x4c0 [ 308.806824][T14301] ? __pfx___sys_sendto+0x10/0x10 [ 308.806872][T14301] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 308.806908][T14301] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 308.806941][T14301] ? exc_page_fault+0x590/0x8b0 [ 308.806975][T14301] __x64_sys_sendto+0xde/0x100 [ 308.807000][T14301] do_syscall_64+0xf3/0x230 [ 308.807032][T14301] ? clear_bhb_loop+0x35/0x90 [ 308.807066][T14301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.807095][T14301] RIP: 0033:0x7f4ed4b8effc [ 308.807114][T14301] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 308.807133][T14301] RSP: 002b:00007f4ed591aec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 308.807155][T14301] RAX: ffffffffffffffda RBX: 00007f4ed591afc0 RCX: 00007f4ed4b8effc [ 308.807171][T14301] RDX: 0000000000000020 RSI: 00007f4ed591b010 RDI: 0000000000000004 [ 308.807185][T14301] RBP: 0000000000000000 R08: 00007f4ed591af14 R09: 000000000000000c [ 308.807198][T14301] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 308.807211][T14301] R13: 00007f4ed591af68 R14: 00007f4ed591b010 R15: 0000000000000000 [ 308.807244][T14301] [ 308.812664][T14173] veth1_vlan: entered promiscuous mode [ 309.107548][T14305] sctp: [Deprecated]: syz.1.3228 (pid 14305) Use of int in maxseg socket option. [ 309.107548][T14305] Use struct sctp_assoc_value instead [ 309.318581][T14173] veth0_macvtap: entered promiscuous mode [ 309.379260][T14173] veth1_macvtap: entered promiscuous mode [ 309.460409][T14173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.495931][T14173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.533008][T14173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.555875][T14173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.592589][ T5841] Bluetooth: hci3: command tx timeout [ 309.610450][T14173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.621116][T14173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.631407][T14173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.642043][T14173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.652173][T14173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.664209][T14173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.674503][T14173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.685206][T14173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.695161][T14173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.705869][T14173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.717219][T14173] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 309.777428][T14173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 309.802764][T14173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.816034][T14173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 309.861863][T14173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.887900][T14173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 309.915462][T14173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.933014][T14173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 309.945905][T14173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.965493][T14173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 309.990853][T14173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.005915][T14173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.025009][T14173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.037981][T14173] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 310.052353][T14340] tipc: Invalid UDP bearer configuration [ 310.052395][T14340] tipc: Enabling of bearer rejected, failed to enable media [ 310.097571][T14173] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.122373][T14173] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.146368][T14173] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.155134][T14173] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.280716][T14351] netlink: 'syz.2.3241': attribute type 2 has an invalid length. [ 310.343130][T14352] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3242'. [ 310.367252][ T3015] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 310.392395][ T3015] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 310.461547][ T6594] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 310.490542][ T6594] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 310.580683][T14364] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3243'. [ 310.850795][T14371] netlink: 'syz.3.3179': attribute type 1 has an invalid length. [ 310.863744][T14371] netlink: 208292 bytes leftover after parsing attributes in process `syz.3.3179'. [ 310.884028][T14371] netlink: 'syz.3.3179': attribute type 2 has an invalid length. [ 310.906343][T14379] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3248'. [ 310.926289][T14371] netlink: 'syz.3.3179': attribute type 1 has an invalid length. [ 310.934350][T14379] netlink: 'syz.4.3248': attribute type 7 has an invalid length. [ 310.956410][T14379] netlink: 'syz.4.3248': attribute type 8 has an invalid length. [ 310.968808][T14379] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3248'. [ 311.128231][T14387] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3250'. [ 311.337442][T14396] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3255'. [ 311.348676][T14396] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3255'. [ 311.357864][T14396] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3255'. [ 311.369391][T14396] FAULT_INJECTION: forcing a failure. [ 311.369391][T14396] name failslab, interval 1, probability 0, space 0, times 0 [ 311.382992][T14396] CPU: 1 UID: 0 PID: 14396 Comm: syz.3.3255 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 311.383019][T14396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 311.383033][T14396] Call Trace: [ 311.383041][T14396] [ 311.383049][T14396] dump_stack_lvl+0x241/0x360 [ 311.383081][T14396] ? __pfx_dump_stack_lvl+0x10/0x10 [ 311.383104][T14396] ? __pfx__printk+0x10/0x10 [ 311.383129][T14396] ? fs_reclaim_acquire+0x93/0x130 [ 311.383152][T14396] ? __pfx___might_resched+0x10/0x10 [ 311.383177][T14396] ? lockdep_init_map_type+0xa1/0x910 [ 311.383214][T14396] should_fail_ex+0x40a/0x550 [ 311.383251][T14396] should_failslab+0xac/0x100 [ 311.383308][T14396] ? security_inode_alloc+0x37/0x310 [ 311.383330][T14396] kmem_cache_alloc_noprof+0x70/0x380 [ 311.383367][T14396] security_inode_alloc+0x37/0x310 [ 311.383391][T14396] inode_init_always_gfp+0xa0f/0xd90 [ 311.383424][T14396] ? __pfx_sock_alloc_inode+0x10/0x10 [ 311.383458][T14396] alloc_inode+0x9f/0x1a0 [ 311.383490][T14396] __sock_create+0x127/0xa30 [ 311.383533][T14396] mptcp_subflow_create_socket+0x125/0xcb0 [ 311.383569][T14396] ? mark_lock+0x9a/0x360 [ 311.383596][T14396] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 311.383641][T14396] __mptcp_subflow_connect+0x2ce/0x1e10 [ 311.383692][T14396] ? __pfx___mptcp_subflow_connect+0x10/0x10 [ 311.383741][T14396] ? mptcp_pm_create_subflow_or_signal_addr+0x127f/0x2570 [ 311.383775][T14396] ? mptcp_pm_create_subflow_or_signal_addr+0xebd/0x2570 [ 311.383810][T14396] mptcp_pm_create_subflow_or_signal_addr+0x12d4/0x2570 [ 311.383834][T14396] ? mark_lock+0x9a/0x360 [ 311.383885][T14396] ? __pfx_mptcp_pm_create_subflow_or_signal_addr+0x10/0x10 [ 311.383963][T14396] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 311.383995][T14396] ? mptcp_pm_nl_add_addr_doit+0xee8/0x1760 [ 311.384029][T14396] ? mptcp_addresses_equal+0x2ea/0x420 [ 311.384064][T14396] mptcp_pm_nl_add_addr_doit+0xf81/0x1760 [ 311.384103][T14396] ? do_trace_netlink_extack+0x8b/0x1f0 [ 311.384128][T14396] ? genl_rcv+0x28/0x40 [ 311.384155][T14396] ? netlink_unicast+0x7f6/0x990 [ 311.384176][T14396] ? netlink_sendmsg+0x8de/0xcb0 [ 311.384205][T14396] ? __pfx_mptcp_pm_nl_add_addr_doit+0x10/0x10 [ 311.384311][T14396] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 311.384355][T14396] genl_rcv_msg+0xb1f/0xec0 [ 311.384398][T14396] ? __pfx_genl_rcv_msg+0x10/0x10 [ 311.384462][T14396] ? __pfx_lock_acquire+0x10/0x10 [ 311.384494][T14396] ? __pfx_mptcp_pm_nl_add_addr_doit+0x10/0x10 [ 311.384530][T14396] ? __pfx___might_resched+0x10/0x10 [ 311.384571][T14396] netlink_rcv_skb+0x206/0x480 [ 311.384598][T14396] ? __pfx_genl_rcv_msg+0x10/0x10 [ 311.384633][T14396] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 311.384674][T14396] ? __netlink_deliver_tap+0x7b0/0x7f0 [ 311.384718][T14396] genl_rcv+0x28/0x40 [ 311.384748][T14396] netlink_unicast+0x7f6/0x990 [ 311.384782][T14396] ? __pfx_netlink_unicast+0x10/0x10 [ 311.384803][T14396] ? __virt_addr_valid+0x45f/0x530 [ 311.384825][T14396] ? __phys_addr_symbol+0x2f/0x70 [ 311.384846][T14396] ? __check_object_size+0x47a/0x730 [ 311.384881][T14396] netlink_sendmsg+0x8de/0xcb0 [ 311.384936][T14396] ? __pfx_netlink_sendmsg+0x10/0x10 [ 311.384968][T14396] ? aa_sock_msg_perm+0x91/0x160 [ 311.385007][T14396] ? __pfx_netlink_sendmsg+0x10/0x10 [ 311.385030][T14396] __sock_sendmsg+0x221/0x270 [ 311.385063][T14396] ____sys_sendmsg+0x53a/0x860 [ 311.385096][T14396] ? __pfx_____sys_sendmsg+0x10/0x10 [ 311.385116][T14396] ? __fget_files+0x2a/0x410 [ 311.385151][T14396] ? __fget_files+0x2a/0x410 [ 311.385191][T14396] __sys_sendmsg+0x269/0x350 [ 311.385216][T14396] ? __pfx___sys_sendmsg+0x10/0x10 [ 311.385246][T14396] ? do_sys_openat2+0x17a/0x1d0 [ 311.385311][T14396] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 311.385344][T14396] ? do_syscall_64+0x100/0x230 [ 311.385379][T14396] ? do_syscall_64+0xb6/0x230 [ 311.385414][T14396] do_syscall_64+0xf3/0x230 [ 311.385445][T14396] ? clear_bhb_loop+0x35/0x90 [ 311.385478][T14396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.385506][T14396] RIP: 0033:0x7fe7bf78d169 [ 311.385525][T14396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.385543][T14396] RSP: 002b:00007fe7c0690038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 311.385565][T14396] RAX: ffffffffffffffda RBX: 00007fe7bf9a5fa0 RCX: 00007fe7bf78d169 [ 311.385581][T14396] RDX: 0000000000000000 RSI: 0000200000000a80 RDI: 0000000000000006 [ 311.385594][T14396] RBP: 00007fe7c0690090 R08: 0000000000000000 R09: 0000000000000000 [ 311.385606][T14396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.385618][T14396] R13: 0000000000000000 R14: 00007fe7bf9a5fa0 R15: 00007ffdc610d748 [ 311.385651][T14396] [ 311.846346][ T5841] Bluetooth: hci3: command tx timeout [ 311.884468][T14396] socket: no more sockets [ 312.054438][T14406] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.199492][T14414] FAULT_INJECTION: forcing a failure. [ 312.199492][T14414] name failslab, interval 1, probability 0, space 0, times 0 [ 312.279844][T14413] vlan3: entered allmulticast mode [ 312.285001][T14413] macsec0: entered allmulticast mode [ 312.301984][T14413] veth1_macvtap: entered allmulticast mode [ 312.310341][T14414] CPU: 1 UID: 0 PID: 14414 Comm: syz.3.3260 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 312.310372][T14414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 312.310387][T14414] Call Trace: [ 312.310395][T14414] [ 312.310404][T14414] dump_stack_lvl+0x241/0x360 [ 312.310437][T14414] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.310461][T14414] ? __pfx__printk+0x10/0x10 [ 312.310490][T14414] ? ref_tracker_alloc+0x332/0x490 [ 312.310526][T14414] should_fail_ex+0x40a/0x550 [ 312.310564][T14414] should_failslab+0xac/0x100 [ 312.310594][T14414] ? skb_clone+0x20c/0x390 [ 312.310617][T14414] kmem_cache_alloc_noprof+0x70/0x380 [ 312.310654][T14414] skb_clone+0x20c/0x390 [ 312.310683][T14414] __netlink_deliver_tap+0x3c4/0x7f0 [ 312.310723][T14414] ? netlink_deliver_tap+0x2e/0x1b0 [ 312.310748][T14414] netlink_deliver_tap+0x19d/0x1b0 [ 312.310775][T14414] netlink_sendskb+0x68/0x140 [ 312.310800][T14414] netlink_unicast+0x39d/0x990 [ 312.310820][T14414] ? __asan_memcpy+0x40/0x70 [ 312.310850][T14414] ? __pfx_netlink_unicast+0x10/0x10 [ 312.310885][T14414] netlink_rcv_skb+0x294/0x480 [ 312.310912][T14414] ? __pfx_genl_rcv_msg+0x10/0x10 [ 312.310947][T14414] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 312.310987][T14414] ? __netlink_deliver_tap+0x7b0/0x7f0 [ 312.311029][T14414] genl_rcv+0x28/0x40 [ 312.311059][T14414] netlink_unicast+0x7f6/0x990 [ 312.311091][T14414] ? __pfx_netlink_unicast+0x10/0x10 [ 312.311112][T14414] ? __virt_addr_valid+0x45f/0x530 [ 312.311135][T14414] ? __phys_addr_symbol+0x2f/0x70 [ 312.311155][T14414] ? __check_object_size+0x47a/0x730 [ 312.311189][T14414] netlink_sendmsg+0x8de/0xcb0 [ 312.311230][T14414] ? __pfx_netlink_sendmsg+0x10/0x10 [ 312.311262][T14414] ? aa_sock_msg_perm+0x91/0x160 [ 312.311302][T14414] ? __pfx_netlink_sendmsg+0x10/0x10 [ 312.311326][T14414] __sock_sendmsg+0x221/0x270 [ 312.311360][T14414] ____sys_sendmsg+0x53a/0x860 [ 312.311393][T14414] ? __pfx_____sys_sendmsg+0x10/0x10 [ 312.311415][T14414] ? __fget_files+0x2a/0x410 [ 312.311449][T14414] ? __fget_files+0x2a/0x410 [ 312.311491][T14414] __sys_sendmsg+0x269/0x350 [ 312.311527][T14414] ? __pfx___sys_sendmsg+0x10/0x10 [ 312.311566][T14414] ? do_sys_openat2+0x17a/0x1d0 [ 312.311627][T14414] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 312.311662][T14414] ? do_syscall_64+0x100/0x230 [ 312.311699][T14414] ? do_syscall_64+0xb6/0x230 [ 312.311734][T14414] do_syscall_64+0xf3/0x230 [ 312.311767][T14414] ? clear_bhb_loop+0x35/0x90 [ 312.311802][T14414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.311831][T14414] RIP: 0033:0x7fe7bf78d169 [ 312.311851][T14414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.311870][T14414] RSP: 002b:00007fe7c066f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 312.311893][T14414] RAX: ffffffffffffffda RBX: 00007fe7bf9a6080 RCX: 00007fe7bf78d169 [ 312.311909][T14414] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000004 [ 312.311923][T14414] RBP: 00007fe7c066f090 R08: 0000000000000000 R09: 0000000000000000 [ 312.311936][T14414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 312.311950][T14414] R13: 0000000000000000 R14: 00007fe7bf9a6080 R15: 00007ffdc610d748 [ 312.311983][T14414] [ 312.346586][T14413] bridge0: port 3(vlan3) entered blocking state [ 312.674598][T14413] bridge0: port 3(vlan3) entered disabled state [ 312.684139][T14413] vlan3: entered promiscuous mode [ 312.690494][T14413] bridge0: port 3(vlan3) entered blocking state [ 312.698265][T14413] bridge0: port 3(vlan3) entered forwarding state [ 312.883429][T14432] FAULT_INJECTION: forcing a failure. [ 312.883429][T14432] name failslab, interval 1, probability 0, space 0, times 0 [ 312.932923][T14432] CPU: 0 UID: 0 PID: 14432 Comm: syz.2.3267 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 312.932961][T14432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 312.932974][T14432] Call Trace: [ 312.932982][T14432] [ 312.932992][T14432] dump_stack_lvl+0x241/0x360 [ 312.933025][T14432] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.933049][T14432] ? __pfx__printk+0x10/0x10 [ 312.933074][T14432] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 312.933106][T14432] ? __pfx___might_resched+0x10/0x10 [ 312.933140][T14432] should_fail_ex+0x40a/0x550 [ 312.933178][T14432] should_failslab+0xac/0x100 [ 312.933208][T14432] __kmalloc_node_noprof+0xe1/0x4d0 [ 312.933239][T14432] ? __kvmalloc_node_noprof+0x72/0x190 [ 312.933278][T14432] __kvmalloc_node_noprof+0x72/0x190 [ 312.933313][T14432] alloc_netdev_mqs+0xcec/0x1210 [ 312.933349][T14432] rtnl_create_link+0x2f9/0xc90 [ 312.933382][T14432] rtnl_newlink_create+0x210/0xa40 [ 312.933421][T14432] ? __pfx___mutex_lock+0x10/0x10 [ 312.933455][T14432] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 312.933501][T14432] ? ns_capable+0x8a/0xf0 [ 312.933531][T14432] rtnl_newlink+0x17cc/0x1d30 [ 312.933576][T14432] ? __pfx_rtnl_newlink+0x10/0x10 [ 312.933602][T14432] ? __netlink_deliver_tap+0x561/0x7f0 [ 312.933629][T14432] ? __pfx_validate_chain+0x10/0x10 [ 312.933651][T14432] ? __sock_sendmsg+0x221/0x270 [ 312.933678][T14432] ? ____sys_sendmsg+0x53a/0x860 [ 312.933699][T14432] ? __sys_sendmsg+0x269/0x350 [ 312.933720][T14432] ? do_syscall_64+0xf3/0x230 [ 312.933751][T14432] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.933803][T14432] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 312.933840][T14432] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 312.933882][T14432] ? mark_lock+0x9a/0x360 [ 312.933907][T14432] ? __lock_acquire+0x1397/0x2100 [ 312.933975][T14432] ? __pfx_lock_release+0x10/0x10 [ 312.934023][T14432] ? __pfx_rtnl_newlink+0x10/0x10 [ 312.934054][T14432] rtnetlink_rcv_msg+0x791/0xcf0 [ 312.934080][T14432] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 312.934113][T14432] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 312.934150][T14432] ? ref_tracker_free+0x643/0x7e0 [ 312.934179][T14432] netlink_rcv_skb+0x206/0x480 [ 312.934205][T14432] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 312.934236][T14432] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 312.934288][T14432] ? netlink_deliver_tap+0x2e/0x1b0 [ 312.934317][T14432] netlink_unicast+0x7f6/0x990 [ 312.934350][T14432] ? __pfx_netlink_unicast+0x10/0x10 [ 312.934370][T14432] ? __virt_addr_valid+0x45f/0x530 [ 312.934392][T14432] ? __phys_addr_symbol+0x2f/0x70 [ 312.934411][T14432] ? __check_object_size+0x47a/0x730 [ 312.934445][T14432] netlink_sendmsg+0x8de/0xcb0 [ 312.934492][T14432] ? __pfx_netlink_sendmsg+0x10/0x10 [ 312.934523][T14432] ? aa_sock_msg_perm+0x91/0x160 [ 312.934563][T14432] ? __pfx_netlink_sendmsg+0x10/0x10 [ 312.934587][T14432] __sock_sendmsg+0x221/0x270 [ 312.934620][T14432] ____sys_sendmsg+0x53a/0x860 [ 312.934654][T14432] ? __pfx_____sys_sendmsg+0x10/0x10 [ 312.934676][T14432] ? __fget_files+0x2a/0x410 [ 312.934710][T14432] ? __fget_files+0x2a/0x410 [ 312.934752][T14432] __sys_sendmsg+0x269/0x350 [ 312.934781][T14432] ? __pfx___sys_sendmsg+0x10/0x10 [ 312.934821][T14432] ? do_sys_openat2+0x17a/0x1d0 [ 312.934893][T14432] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 312.934926][T14432] ? do_syscall_64+0x100/0x230 [ 312.934961][T14432] ? do_syscall_64+0xb6/0x230 [ 312.934996][T14432] do_syscall_64+0xf3/0x230 [ 312.935028][T14432] ? clear_bhb_loop+0x35/0x90 [ 312.935060][T14432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.935088][T14432] RIP: 0033:0x7f3bdcf8d169 [ 312.935124][T14432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.935143][T14432] RSP: 002b:00007f3bdde67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 312.935166][T14432] RAX: ffffffffffffffda RBX: 00007f3bdd1a5fa0 RCX: 00007f3bdcf8d169 [ 312.935183][T14432] RDX: 00000000000000c2 RSI: 0000200000000280 RDI: 0000000000000006 [ 312.935197][T14432] RBP: 00007f3bdde67090 R08: 0000000000000000 R09: 0000000000000000 [ 312.935211][T14432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 312.935224][T14432] R13: 0000000000000000 R14: 00007f3bdd1a5fa0 R15: 00007ffc2d556078 [ 312.935257][T14432] [ 313.639402][T14441] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.719289][T14453] __nla_validate_parse: 3 callbacks suppressed [ 313.719312][T14453] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3271'. [ 313.771259][T14441] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.845082][T14441] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.916872][ T5841] Bluetooth: hci3: command tx timeout [ 313.931907][T14441] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.677385][T14473] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3280'. [ 316.080304][T14457] : renamed from bridge_slave_0 (while UP) [ 316.178736][T14475] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.243836][T14441] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.272120][T14441] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.343439][T14475] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.376018][T14490] netlink: 'syz.3.3283': attribute type 1 has an invalid length. [ 316.399662][T14490] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3283'. [ 316.413480][T14441] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.478978][T14475] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.508288][T14441] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.544709][T14494] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 316.618172][T14475] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.808289][T14475] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.842043][T14504] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3290'. [ 316.851249][T14475] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.876095][T14504] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3290'. [ 316.882371][T14475] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.954786][T14475] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.088438][T14511] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3292'. [ 317.523588][T14537] FAULT_INJECTION: forcing a failure. [ 317.523588][T14537] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 317.574958][T14537] CPU: 1 UID: 0 PID: 14537 Comm: syz.1.3302 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 317.574994][T14537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 317.575008][T14537] Call Trace: [ 317.575016][T14537] [ 317.575026][T14537] dump_stack_lvl+0x241/0x360 [ 317.575060][T14537] ? __pfx_dump_stack_lvl+0x10/0x10 [ 317.575084][T14537] ? __pfx__printk+0x10/0x10 [ 317.575109][T14537] ? __pfx_lock_release+0x10/0x10 [ 317.575157][T14537] should_fail_ex+0x40a/0x550 [ 317.575195][T14537] _copy_from_user+0x2d/0xb0 [ 317.575226][T14537] copy_msghdr_from_user+0xae/0x680 [ 317.575263][T14537] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 317.575291][T14537] ? __fget_files+0x2a/0x410 [ 317.575325][T14537] ? __fget_files+0x2a/0x410 [ 317.575365][T14537] __sys_sendmmsg+0x32b/0x720 [ 317.575401][T14537] ? __pfx___sys_sendmmsg+0x10/0x10 [ 317.575438][T14537] ? __pfx_lock_release+0x10/0x10 [ 317.575468][T14537] ? kstrtouint_from_user+0x128/0x190 [ 317.575516][T14537] ? ksys_write+0x22a/0x2b0 [ 317.575539][T14537] ? __pfx_lock_release+0x10/0x10 [ 317.575578][T14537] ? sb_end_write+0xe9/0x1c0 [ 317.575609][T14537] ? vfs_write+0x7fa/0xd10 [ 317.575634][T14537] ? __mutex_unlock_slowpath+0x227/0x800 [ 317.575696][T14537] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 317.575737][T14537] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 317.575770][T14537] ? do_syscall_64+0x100/0x230 [ 317.575806][T14537] __x64_sys_sendmmsg+0xa0/0xb0 [ 317.575832][T14537] do_syscall_64+0xf3/0x230 [ 317.575863][T14537] ? clear_bhb_loop+0x35/0x90 [ 317.575908][T14537] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.575935][T14537] RIP: 0033:0x7fe3a858d169 [ 317.575954][T14537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 317.575972][T14537] RSP: 002b:00007fe3a932a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 317.575993][T14537] RAX: ffffffffffffffda RBX: 00007fe3a87a5fa0 RCX: 00007fe3a858d169 [ 317.576027][T14537] RDX: 0000000000000003 RSI: 0000200000000cc0 RDI: 0000000000000003 [ 317.576041][T14537] RBP: 00007fe3a932a090 R08: 0000000000000000 R09: 0000000000000000 [ 317.576055][T14537] R10: 00000000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 317.576067][T14537] R13: 0000000000000000 R14: 00007fe3a87a5fa0 R15: 00007ffd2e1a0198 [ 317.576098][T14537] [ 317.993449][T14547] FAULT_INJECTION: forcing a failure. [ 317.993449][T14547] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 318.057228][T14547] CPU: 1 UID: 0 PID: 14547 Comm: syz.1.3305 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 318.057263][T14547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 318.057277][T14547] Call Trace: [ 318.057286][T14547] [ 318.057295][T14547] dump_stack_lvl+0x241/0x360 [ 318.057328][T14547] ? __pfx_dump_stack_lvl+0x10/0x10 [ 318.057353][T14547] ? __pfx__printk+0x10/0x10 [ 318.057380][T14547] ? __lock_acquire+0x1397/0x2100 [ 318.057417][T14547] should_fail_ex+0x40a/0x550 [ 318.057454][T14547] prepare_alloc_pages+0x1da/0x5b0 [ 318.057488][T14547] __alloc_frozen_pages_noprof+0x16f/0x710 [ 318.057517][T14547] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 318.057556][T14547] ? __pfx_lock_acquire+0x10/0x10 [ 318.057592][T14547] alloc_pages_mpol+0x311/0x660 [ 318.057620][T14547] ? __lock_acquire+0x1397/0x2100 [ 318.057656][T14547] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 318.057696][T14547] vma_alloc_folio_noprof+0x12b/0x260 [ 318.057729][T14547] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 318.057769][T14547] folio_prealloc+0x2e/0x170 [ 318.057793][T14547] __handle_mm_fault+0x32e6/0x6ef0 [ 318.057855][T14547] ? __pfx___handle_mm_fault+0x10/0x10 [ 318.057888][T14547] ? lock_vma_under_rcu+0x34b/0x790 [ 318.057937][T14547] ? __pfx_reacquire_held_locks+0x10/0x10 [ 318.057978][T14547] ? mtree_range_walk+0x6fd/0x8e0 [ 318.058009][T14547] ? lock_vma_under_rcu+0x1dd/0x790 [ 318.058042][T14547] ? __pfx_lock_release+0x10/0x10 [ 318.058072][T14547] ? lock_vma_under_rcu+0x34b/0x790 [ 318.058137][T14547] ? lock_vma_under_rcu+0x1dd/0x790 [ 318.058171][T14547] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 318.058203][T14547] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 318.058240][T14547] handle_mm_fault+0x3e5/0x8d0 [ 318.058287][T14547] exc_page_fault+0x459/0x8b0 [ 318.058325][T14547] asm_exc_page_fault+0x26/0x30 [ 318.058353][T14547] RIP: 0033:0x7fe3a8458b7b [ 318.058372][T14547] Code: 00 00 00 48 8d 3d 9d 33 19 00 48 89 c1 31 c0 e8 4b 44 ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d d1 33 19 00 48 89 34 24 48 8b 14 24 48 8b [ 318.058391][T14547] RSP: 002b:00007fe3a9328fb0 EFLAGS: 00010202 [ 318.058410][T14547] RAX: 0000000000000000 RBX: 00007fe3a87a5fa0 RCX: 0000000000000000 [ 318.058425][T14547] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000200000000180 [ 318.058445][T14547] RBP: 00007fe3a932a090 R08: 0000000000000000 R09: 0000000000000000 [ 318.058464][T14547] R10: 0000200000000180 R11: 0000000000000000 R12: 0000000000000001 [ 318.058476][T14547] R13: 0000000000000000 R14: 00007fe3a87a5fa0 R15: 00007ffd2e1a0198 [ 318.058508][T14547] [ 318.078085][T14547] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 318.160104][T14554] netlink: 'syz.2.3306': attribute type 10 has an invalid length. [ 318.390596][T14554] 8021q: adding VLAN 0 to HW filter on device team0 [ 318.399635][T14554] bond0: (slave team0): Enslaving as an active interface with an up link [ 318.632987][T14566] syzkaller1: entered promiscuous mode [ 318.642167][T14566] syzkaller1: entered allmulticast mode [ 318.814813][T14577] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3313'. [ 318.840638][T14578] netlink: 'syz.2.3314': attribute type 1 has an invalid length. [ 318.860209][T14577] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3313'. [ 318.926889][T14578] bond1: entered promiscuous mode [ 318.932339][T14578] 8021q: adding VLAN 0 to HW filter on device bond1 [ 318.939395][T14577] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3313'. [ 318.964087][T14577] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3313'. [ 319.005505][T14585] bond1: (slave bridge2): making interface the new active one [ 319.035221][T14585] bridge2: entered promiscuous mode [ 319.060785][T14589] netlink: 88 bytes leftover after parsing attributes in process `syz.3.3318'. [ 319.073855][T14585] bond1: (slave bridge2): Enslaving as an active interface with an up link [ 319.149715][T14593] netlink: 'syz.4.3319': attribute type 10 has an invalid length. [ 319.198354][T14595] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 319.211534][T14596] FAULT_INJECTION: forcing a failure. [ 319.211534][T14596] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 319.239722][T14593] 8021q: adding VLAN 0 to HW filter on device team0 [ 319.273951][T14596] CPU: 0 UID: 0 PID: 14596 Comm: syz.2.3320 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 319.273981][T14596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 319.273995][T14596] Call Trace: [ 319.274011][T14596] [ 319.274021][T14596] dump_stack_lvl+0x241/0x360 [ 319.274055][T14596] ? __pfx_dump_stack_lvl+0x10/0x10 [ 319.274080][T14596] ? __pfx__printk+0x10/0x10 [ 319.274104][T14596] ? __pfx_lock_release+0x10/0x10 [ 319.274147][T14596] should_fail_ex+0x40a/0x550 [ 319.274175][T14596] _copy_from_user+0x2d/0xb0 [ 319.274196][T14596] move_addr_to_kernel+0x82/0x150 [ 319.274220][T14596] __sys_sendto+0x268/0x4c0 [ 319.274239][T14596] ? __pfx___sys_sendto+0x10/0x10 [ 319.274271][T14596] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 319.274296][T14596] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 319.274319][T14596] ? exc_page_fault+0x590/0x8b0 [ 319.274343][T14596] __x64_sys_sendto+0xde/0x100 [ 319.274361][T14596] do_syscall_64+0xf3/0x230 [ 319.274385][T14596] ? clear_bhb_loop+0x35/0x90 [ 319.274410][T14596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.274430][T14596] RIP: 0033:0x7f3bdcf8effc [ 319.274444][T14596] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 319.274457][T14596] RSP: 002b:00007f3bdde65ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 319.274474][T14596] RAX: ffffffffffffffda RBX: 00007f3bdde65fc0 RCX: 00007f3bdcf8effc [ 319.274491][T14596] RDX: 0000000000000020 RSI: 00007f3bdde66010 RDI: 0000000000000004 [ 319.274506][T14596] RBP: 0000000000000000 R08: 00007f3bdde65f14 R09: 000000000000000c [ 319.274519][T14596] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 319.274532][T14596] R13: 00007f3bdde65f68 R14: 00007f3bdde66010 R15: 0000000000000000 [ 319.274564][T14596] [ 319.486519][T14593] bond0: (slave team0): Enslaving as an active interface with an up link [ 319.498888][T14598] netlink: 'syz.3.3321': attribute type 3 has an invalid length. [ 319.537490][T14598] netlink: 766 bytes leftover after parsing attributes in process `syz.3.3321'. [ 319.570275][T14598] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3321'. [ 319.682621][T14604] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3322'. [ 319.696261][T14604] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3322'. [ 319.706610][T14604] FAULT_INJECTION: forcing a failure. [ 319.706610][T14604] name failslab, interval 1, probability 0, space 0, times 0 [ 319.744805][T14604] CPU: 0 UID: 0 PID: 14604 Comm: syz.2.3322 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 319.744837][T14604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 319.744851][T14604] Call Trace: [ 319.744860][T14604] [ 319.744870][T14604] dump_stack_lvl+0x241/0x360 [ 319.744902][T14604] ? __pfx_dump_stack_lvl+0x10/0x10 [ 319.744927][T14604] ? __pfx__printk+0x10/0x10 [ 319.744967][T14604] ? ref_tracker_alloc+0x332/0x490 [ 319.744994][T14604] should_fail_ex+0x40a/0x550 [ 319.745031][T14604] should_failslab+0xac/0x100 [ 319.745061][T14604] ? skb_clone+0x20c/0x390 [ 319.745084][T14604] kmem_cache_alloc_noprof+0x70/0x380 [ 319.745119][T14604] skb_clone+0x20c/0x390 [ 319.745147][T14604] __netlink_deliver_tap+0x3c4/0x7f0 [ 319.745186][T14604] ? netlink_deliver_tap+0x2e/0x1b0 [ 319.745209][T14604] netlink_deliver_tap+0x19d/0x1b0 [ 319.745237][T14604] netlink_sendskb+0x68/0x140 [ 319.745260][T14604] netlink_unicast+0x39d/0x990 [ 319.745280][T14604] ? __asan_memcpy+0x40/0x70 [ 319.745309][T14604] ? __pfx_netlink_unicast+0x10/0x10 [ 319.745343][T14604] netlink_rcv_skb+0x294/0x480 [ 319.745369][T14604] ? __pfx_genl_rcv_msg+0x10/0x10 [ 319.745402][T14604] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 319.745442][T14604] ? __netlink_deliver_tap+0x7b0/0x7f0 [ 319.745483][T14604] genl_rcv+0x28/0x40 [ 319.745511][T14604] netlink_unicast+0x7f6/0x990 [ 319.745543][T14604] ? __pfx_netlink_unicast+0x10/0x10 [ 319.745562][T14604] ? __virt_addr_valid+0x45f/0x530 [ 319.745582][T14604] ? __phys_addr_symbol+0x2f/0x70 [ 319.745599][T14604] ? __check_object_size+0x47a/0x730 [ 319.745631][T14604] netlink_sendmsg+0x8de/0xcb0 [ 319.745670][T14604] ? __pfx_netlink_sendmsg+0x10/0x10 [ 319.745701][T14604] ? aa_sock_msg_perm+0x91/0x160 [ 319.745750][T14604] ? __pfx_netlink_sendmsg+0x10/0x10 [ 319.745774][T14604] __sock_sendmsg+0x221/0x270 [ 319.745805][T14604] ____sys_sendmsg+0x53a/0x860 [ 319.745838][T14604] ? __pfx_____sys_sendmsg+0x10/0x10 [ 319.745859][T14604] ? __fget_files+0x2a/0x410 [ 319.745892][T14604] ? __fget_files+0x2a/0x410 [ 319.745930][T14604] __sys_sendmsg+0x269/0x350 [ 319.745958][T14604] ? __pfx___sys_sendmsg+0x10/0x10 [ 319.745995][T14604] ? do_sys_openat2+0x17a/0x1d0 [ 319.746055][T14604] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 319.746089][T14604] ? do_syscall_64+0x100/0x230 [ 319.746125][T14604] ? do_syscall_64+0xb6/0x230 [ 319.746160][T14604] do_syscall_64+0xf3/0x230 [ 319.746192][T14604] ? clear_bhb_loop+0x35/0x90 [ 319.746224][T14604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.746252][T14604] RIP: 0033:0x7f3bdcf8d169 [ 319.746271][T14604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.746289][T14604] RSP: 002b:00007f3bdde46038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 319.746312][T14604] RAX: ffffffffffffffda RBX: 00007f3bdd1a6080 RCX: 00007f3bdcf8d169 [ 319.746328][T14604] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000004 [ 319.746341][T14604] RBP: 00007f3bdde46090 R08: 0000000000000000 R09: 0000000000000000 [ 319.746354][T14604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 319.746366][T14604] R13: 0000000000000000 R14: 00007f3bdd1a6080 R15: 00007ffc2d556078 [ 319.746397][T14604] [ 319.747622][T14606] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0) [ 320.435263][T14622] FAULT_INJECTION: forcing a failure. [ 320.435263][T14622] name failslab, interval 1, probability 0, space 0, times 0 [ 320.502006][T14622] CPU: 0 UID: 0 PID: 14622 Comm: syz.1.3327 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 320.502047][T14622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 320.502061][T14622] Call Trace: [ 320.502070][T14622] [ 320.502081][T14622] dump_stack_lvl+0x241/0x360 [ 320.502113][T14622] ? __pfx_dump_stack_lvl+0x10/0x10 [ 320.502138][T14622] ? __pfx__printk+0x10/0x10 [ 320.502166][T14622] ? ref_tracker_alloc+0x332/0x490 [ 320.502192][T14622] should_fail_ex+0x40a/0x550 [ 320.502230][T14622] should_failslab+0xac/0x100 [ 320.502260][T14622] ? skb_clone+0x20c/0x390 [ 320.502283][T14622] kmem_cache_alloc_noprof+0x70/0x380 [ 320.502319][T14622] skb_clone+0x20c/0x390 [ 320.502349][T14622] __netlink_deliver_tap+0x3c4/0x7f0 [ 320.502388][T14622] ? netlink_deliver_tap+0x2e/0x1b0 [ 320.502413][T14622] netlink_deliver_tap+0x19d/0x1b0 [ 320.502441][T14622] netlink_sendskb+0x68/0x140 [ 320.502466][T14622] netlink_unicast+0x39d/0x990 [ 320.502486][T14622] ? __asan_memcpy+0x40/0x70 [ 320.502517][T14622] ? __pfx_netlink_unicast+0x10/0x10 [ 320.502551][T14622] netlink_rcv_skb+0x294/0x480 [ 320.502579][T14622] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 320.502610][T14622] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 320.502660][T14622] ? netlink_deliver_tap+0x2e/0x1b0 [ 320.502689][T14622] netlink_unicast+0x7f6/0x990 [ 320.502721][T14622] ? __pfx_netlink_unicast+0x10/0x10 [ 320.502742][T14622] ? __virt_addr_valid+0x45f/0x530 [ 320.502764][T14622] ? __phys_addr_symbol+0x2f/0x70 [ 320.502784][T14622] ? __check_object_size+0x47a/0x730 [ 320.502818][T14622] netlink_sendmsg+0x8de/0xcb0 [ 320.502858][T14622] ? __pfx_netlink_sendmsg+0x10/0x10 [ 320.502890][T14622] ? aa_sock_msg_perm+0x91/0x160 [ 320.502929][T14622] ? __pfx_netlink_sendmsg+0x10/0x10 [ 320.502954][T14622] __sock_sendmsg+0x221/0x270 [ 320.502989][T14622] ____sys_sendmsg+0x53a/0x860 [ 320.503030][T14622] ? __pfx_____sys_sendmsg+0x10/0x10 [ 320.503053][T14622] ? __fget_files+0x2a/0x410 [ 320.503087][T14622] ? __fget_files+0x2a/0x410 [ 320.503128][T14622] __sys_sendmsg+0x269/0x350 [ 320.503158][T14622] ? __pfx___sys_sendmsg+0x10/0x10 [ 320.503196][T14622] ? do_sys_openat2+0x17a/0x1d0 [ 320.503256][T14622] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 320.503292][T14622] ? do_syscall_64+0x100/0x230 [ 320.503328][T14622] ? do_syscall_64+0xb6/0x230 [ 320.503364][T14622] do_syscall_64+0xf3/0x230 [ 320.503397][T14622] ? clear_bhb_loop+0x35/0x90 [ 320.503431][T14622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.503460][T14622] RIP: 0033:0x7fe3a858d169 [ 320.503480][T14622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.503499][T14622] RSP: 002b:00007fe3a9309038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 320.503522][T14622] RAX: ffffffffffffffda RBX: 00007fe3a87a6080 RCX: 00007fe3a858d169 [ 320.503538][T14622] RDX: 0000000000000040 RSI: 0000200000000300 RDI: 0000000000000003 [ 320.503551][T14622] RBP: 00007fe3a9309090 R08: 0000000000000000 R09: 0000000000000000 [ 320.503564][T14622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.503577][T14622] R13: 0000000000000000 R14: 00007fe3a87a6080 R15: 00007ffd2e1a0198 [ 320.503609][T14622] [ 321.178233][T14632] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3330'. [ 321.197439][T14632] : renamed from bond0 (while UP) [ 321.623777][T14649] sctp: [Deprecated]: syz.3.3337 (pid 14649) Use of struct sctp_assoc_value in delayed_ack socket option. [ 321.623777][T14649] Use struct sctp_sack_info instead [ 322.503219][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880633f7400: rx timeout, send abort [ 322.513971][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880633f7400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 322.830070][T14668] FAULT_INJECTION: forcing a failure. [ 322.830070][T14668] name failslab, interval 1, probability 0, space 0, times 0 [ 322.873538][T14668] CPU: 0 UID: 0 PID: 14668 Comm: syz.2.3345 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 322.873570][T14668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 322.873583][T14668] Call Trace: [ 322.873592][T14668] [ 322.873602][T14668] dump_stack_lvl+0x241/0x360 [ 322.873641][T14668] ? __pfx_dump_stack_lvl+0x10/0x10 [ 322.873666][T14668] ? __pfx__printk+0x10/0x10 [ 322.873692][T14668] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 322.873729][T14668] ? __pfx___might_resched+0x10/0x10 [ 322.873764][T14668] should_fail_ex+0x40a/0x550 [ 322.873802][T14668] should_failslab+0xac/0x100 [ 322.873833][T14668] kmem_cache_alloc_node_noprof+0x77/0x380 [ 322.873863][T14668] ? __alloc_skb+0x1c3/0x440 [ 322.873881][T14668] ? __mutex_unlock_slowpath+0x227/0x800 [ 322.873920][T14668] __alloc_skb+0x1c3/0x440 [ 322.873947][T14668] ? __pfx___alloc_skb+0x10/0x10 [ 322.873966][T14668] ? rcu_is_watching+0x15/0xb0 [ 322.873991][T14668] ? trace_contention_end+0x3c/0x120 [ 322.874024][T14668] nl80211_tx_mgmt+0xb77/0x1190 [ 322.874062][T14668] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 322.874089][T14668] ? __pfx_netdev_run_todo+0x10/0x10 [ 322.874144][T14668] genl_rcv_msg+0xb1f/0xec0 [ 322.874187][T14668] ? __pfx_genl_rcv_msg+0x10/0x10 [ 322.874251][T14668] ? __pfx_lock_acquire+0x10/0x10 [ 322.874282][T14668] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 322.874305][T14668] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 322.874329][T14668] ? __pfx_nl80211_post_doit+0x10/0x10 [ 322.874355][T14668] ? __pfx___might_resched+0x10/0x10 [ 322.874395][T14668] netlink_rcv_skb+0x206/0x480 [ 322.874422][T14668] ? __pfx_genl_rcv_msg+0x10/0x10 [ 322.874456][T14668] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 322.874497][T14668] ? __netlink_deliver_tap+0x7b0/0x7f0 [ 322.874541][T14668] genl_rcv+0x28/0x40 [ 322.874575][T14668] netlink_unicast+0x7f6/0x990 [ 322.874608][T14668] ? __pfx_netlink_unicast+0x10/0x10 [ 322.874635][T14668] ? __virt_addr_valid+0x45f/0x530 [ 322.874657][T14668] ? __phys_addr_symbol+0x2f/0x70 [ 322.874676][T14668] ? __check_object_size+0x47a/0x730 [ 322.874710][T14668] netlink_sendmsg+0x8de/0xcb0 [ 322.874752][T14668] ? __pfx_netlink_sendmsg+0x10/0x10 [ 322.874784][T14668] ? aa_sock_msg_perm+0x91/0x160 [ 322.874824][T14668] ? __pfx_netlink_sendmsg+0x10/0x10 [ 322.874849][T14668] __sock_sendmsg+0x221/0x270 [ 322.874883][T14668] ____sys_sendmsg+0x53a/0x860 [ 322.874917][T14668] ? __pfx_____sys_sendmsg+0x10/0x10 [ 322.874939][T14668] ? __fget_files+0x2a/0x410 [ 322.874974][T14668] ? __fget_files+0x2a/0x410 [ 322.875016][T14668] __sys_sendmsg+0x269/0x350 [ 322.875046][T14668] ? __pfx___sys_sendmsg+0x10/0x10 [ 322.875102][T14668] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 322.875168][T14668] do_syscall_64+0xf3/0x230 [ 322.875200][T14668] ? clear_bhb_loop+0x35/0x90 [ 322.875235][T14668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.875264][T14668] RIP: 0033:0x7f3bdcf8d169 [ 322.875285][T14668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.875303][T14668] RSP: 002b:00007f3bdde67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 322.875326][T14668] RAX: ffffffffffffffda RBX: 00007f3bdd1a5fa0 RCX: 00007f3bdcf8d169 [ 322.875342][T14668] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 322.875355][T14668] RBP: 00007f3bdde67090 R08: 0000000000000000 R09: 0000000000000000 [ 322.875369][T14668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 322.875382][T14668] R13: 0000000000000000 R14: 00007f3bdd1a5fa0 R15: 00007ffc2d556078 [ 322.875416][T14668] [ 324.076116][T14702] __nla_validate_parse: 9 callbacks suppressed [ 324.076138][T14702] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3357'. [ 324.110479][T14702] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 324.131437][T14702] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 324.150674][T14705] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 324.197105][T14705] Bluetooth: MGMT ver 1.23 [ 324.389665][T14713] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3360'. [ 324.712398][T14720] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3364'. [ 324.737618][T14722] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280 [ 324.739171][T14721] erspan0: vlans aren't supported yet for dev_uc|mc_add() [ 325.117158][T14732] openvswitch: netlink: IP tunnel dst address not specified [ 325.436460][T14747] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3373'. [ 325.524248][T14751] FAULT_INJECTION: forcing a failure. [ 325.524248][T14751] name failslab, interval 1, probability 0, space 0, times 0 [ 325.564748][T14751] CPU: 1 UID: 0 PID: 14751 Comm: syz.3.3375 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 325.564784][T14751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 325.564798][T14751] Call Trace: [ 325.564806][T14751] [ 325.564815][T14751] dump_stack_lvl+0x241/0x360 [ 325.564849][T14751] ? __pfx_dump_stack_lvl+0x10/0x10 [ 325.564873][T14751] ? __pfx__printk+0x10/0x10 [ 325.564898][T14751] ? __kmalloc_noprof+0xb5/0x4c0 [ 325.564929][T14751] ? __pfx___might_resched+0x10/0x10 [ 325.564964][T14751] should_fail_ex+0x40a/0x550 [ 325.565002][T14751] should_failslab+0xac/0x100 [ 325.565034][T14751] __kmalloc_noprof+0xdd/0x4c0 [ 325.565061][T14751] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 325.565085][T14751] ? sock_kmalloc+0xd7/0x160 [ 325.565116][T14751] sock_kmalloc+0xd7/0x160 [ 325.565144][T14751] af_alg_sendmsg+0x1147/0x24d0 [ 325.565199][T14751] ? __pfx_af_alg_sendmsg+0x10/0x10 [ 325.565232][T14751] ? __pfx_aa_sk_perm+0x10/0x10 [ 325.565264][T14751] ? __fget_files+0x2a/0x410 [ 325.565294][T14751] ? aa_sock_msg_perm+0x91/0x160 [ 325.565328][T14751] ? skcipher_sendmsg+0x28/0xf0 [ 325.565363][T14751] ? __pfx_skcipher_sendmsg+0x10/0x10 [ 325.565394][T14751] __sock_sendmsg+0x221/0x270 [ 325.565427][T14751] __sys_sendto+0x363/0x4c0 [ 325.565462][T14751] ? __pfx___sys_sendto+0x10/0x10 [ 325.565510][T14751] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 325.565546][T14751] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 325.565579][T14751] ? exc_page_fault+0x590/0x8b0 [ 325.565613][T14751] __x64_sys_sendto+0xde/0x100 [ 325.565638][T14751] do_syscall_64+0xf3/0x230 [ 325.565671][T14751] ? clear_bhb_loop+0x35/0x90 [ 325.565704][T14751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.565738][T14751] RIP: 0033:0x7fe7bf78effc [ 325.565757][T14751] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 325.565775][T14751] RSP: 002b:00007fe7c068eec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 325.565798][T14751] RAX: ffffffffffffffda RBX: 00007fe7c068efc0 RCX: 00007fe7bf78effc [ 325.565814][T14751] RDX: 0000000000000020 RSI: 00007fe7c068f010 RDI: 0000000000000004 [ 325.565827][T14751] RBP: 0000000000000000 R08: 00007fe7c068ef14 R09: 000000000000000c [ 325.565840][T14751] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 325.565853][T14751] R13: 00007fe7c068ef68 R14: 00007fe7c068f010 R15: 0000000000000000 [ 325.565886][T14751] [ 326.294527][T14769] FAULT_INJECTION: forcing a failure. [ 326.294527][T14769] name failslab, interval 1, probability 0, space 0, times 0 [ 326.336011][T14769] CPU: 1 UID: 0 PID: 14769 Comm: syz.0.3380 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 326.336044][T14769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 326.336059][T14769] Call Trace: [ 326.336067][T14769] [ 326.336077][T14769] dump_stack_lvl+0x241/0x360 [ 326.336110][T14769] ? __pfx_dump_stack_lvl+0x10/0x10 [ 326.336135][T14769] ? __pfx__printk+0x10/0x10 [ 326.336172][T14769] should_fail_ex+0x40a/0x550 [ 326.336212][T14769] should_failslab+0xac/0x100 [ 326.336243][T14769] ? dst_alloc+0x12b/0x190 [ 326.336264][T14769] kmem_cache_alloc_noprof+0x70/0x380 [ 326.336302][T14769] dst_alloc+0x12b/0x190 [ 326.336343][T14769] ip_route_output_key_hash_rcu+0x1378/0x2290 [ 326.336392][T14769] ip_route_output_key_hash+0x193/0x2b0 [ 326.336425][T14769] ? ip_route_output_key_hash+0xdf/0x2b0 [ 326.336455][T14769] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 326.336498][T14769] ? lockdep_hardirqs_on+0x99/0x150 [ 326.336536][T14769] ip_route_output_flow+0x29/0x140 [ 326.336567][T14769] sctp_v4_get_dst+0x4be/0x1640 [ 326.336612][T14769] ? __asan_memset+0x23/0x50 [ 326.336636][T14769] ? __pfx_sctp_v4_get_dst+0x10/0x10 [ 326.336666][T14769] ? __asan_memset+0x23/0x50 [ 326.336707][T14769] ? __pfx_sctp_generate_proto_unreach_event+0x10/0x10 [ 326.336745][T14769] sctp_transport_route+0x12c/0x2e0 [ 326.336785][T14769] sctp_assoc_add_peer+0x611/0x1360 [ 326.336825][T14769] sctp_connect_new_asoc+0x31d/0x6c0 [ 326.336854][T14769] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 326.336889][T14769] ? sctp_endpoint_lookup_assoc+0x7c/0x250 [ 326.336914][T14769] ? sctp_endpoint_lookup_assoc+0x217/0x250 [ 326.336939][T14769] ? sctp_endpoint_lookup_assoc+0x7c/0x250 [ 326.336968][T14769] __sctp_connect+0x66d/0xe30 [ 326.337007][T14769] ? __pfx___sctp_connect+0x10/0x10 [ 326.337033][T14769] ? __might_fault+0xaa/0x120 [ 326.337054][T14769] ? __might_fault+0xc6/0x120 [ 326.337078][T14769] ? _copy_from_user+0x95/0xb0 [ 326.337106][T14769] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 326.337149][T14769] sctp_getsockopt_connectx3+0x46c/0x730 [ 326.337182][T14769] ? __local_bh_enable_ip+0x168/0x200 [ 326.337211][T14769] ? __pfx_sctp_getsockopt_connectx3+0x10/0x10 [ 326.337243][T14769] ? __local_bh_enable_ip+0x168/0x200 [ 326.337269][T14769] ? sctp_getsockopt+0x13a/0xbb0 [ 326.337293][T14769] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 326.337339][T14769] sctp_getsockopt+0x8de/0xbb0 [ 326.337363][T14769] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 326.337398][T14769] do_sock_getsockopt+0x38e/0x740 [ 326.337430][T14769] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 326.337452][T14769] ? __fget_files+0x2a/0x410 [ 326.337486][T14769] ? __fget_files+0x395/0x410 [ 326.337516][T14769] ? __fget_files+0x2a/0x410 [ 326.337556][T14769] __x64_sys_getsockopt+0x2a1/0x370 [ 326.337590][T14769] ? __pfx___x64_sys_getsockopt+0x10/0x10 [ 326.337616][T14769] ? do_syscall_64+0x100/0x230 [ 326.337653][T14769] ? do_syscall_64+0xb6/0x230 [ 326.337690][T14769] do_syscall_64+0xf3/0x230 [ 326.337722][T14769] ? clear_bhb_loop+0x35/0x90 [ 326.337757][T14769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.337786][T14769] RIP: 0033:0x7f4c71d8d169 [ 326.337805][T14769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 326.337824][T14769] RSP: 002b:00007f4c72b3b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 326.337848][T14769] RAX: ffffffffffffffda RBX: 00007f4c71fa5fa0 RCX: 00007f4c71d8d169 [ 326.337863][T14769] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000003 [ 326.337876][T14769] RBP: 00007f4c72b3b090 R08: 00002000000002c0 R09: 0000000000000000 [ 326.337890][T14769] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000002 [ 326.337904][T14769] R13: 0000000000000000 R14: 00007f4c71fa5fa0 R15: 00007ffdf95a9d18 [ 326.337937][T14769] [ 326.453497][T14775] netlink: 'syz.3.3384': attribute type 10 has an invalid length. [ 326.634364][T14776] FAULT_INJECTION: forcing a failure. [ 326.634364][T14776] name failslab, interval 1, probability 0, space 0, times 0 [ 326.768039][T14775] 8021q: adding VLAN 0 to HW filter on device team0 [ 326.779281][T14775] : (slave team0): Enslaving as an active interface with an up link [ 326.788395][T14776] CPU: 0 UID: 0 PID: 14776 Comm: syz.3.3384 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 326.788423][T14776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 326.788436][T14776] Call Trace: [ 326.788445][T14776] [ 326.788453][T14776] dump_stack_lvl+0x241/0x360 [ 326.788483][T14776] ? __pfx_dump_stack_lvl+0x10/0x10 [ 326.788506][T14776] ? __pfx__printk+0x10/0x10 [ 326.788533][T14776] ? __kmalloc_cache_noprof+0x48/0x390 [ 326.788572][T14776] ? __pfx___might_resched+0x10/0x10 [ 326.788604][T14776] should_fail_ex+0x40a/0x550 [ 326.788640][T14776] should_failslab+0xac/0x100 [ 326.788669][T14776] __kmalloc_cache_noprof+0x70/0x390 [ 326.788696][T14776] ? rdma_restrack_init+0x4f/0x4b0 [ 326.788723][T14776] ? trace_kmalloc+0x1f/0xd0 [ 326.788753][T14776] rdma_restrack_init+0x4f/0x4b0 [ 326.788782][T14776] _ib_alloc_device+0x4e/0x670 [ 326.788809][T14776] rxe_net_add+0x21/0xf0 [ 326.788832][T14776] rxe_newlink+0xde/0x1a0 [ 326.788861][T14776] nldev_newlink+0x5ea/0x680 [ 326.788887][T14776] ? __pfx_nldev_newlink+0x10/0x10 [ 326.788996][T14776] ? __pfx_aa_get_newest_label+0x10/0x10 [ 326.789029][T14776] ? __pfx_aa_get_newest_label+0x10/0x10 [ 326.789075][T14776] ? bpf_lsm_capable+0x9/0x10 [ 326.789104][T14776] ? security_capable+0x7e/0x2d0 [ 326.789136][T14776] ? __pfx_nldev_newlink+0x10/0x10 [ 326.789161][T14776] rdma_nl_rcv+0x6dd/0x9e0 [ 326.789197][T14776] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 326.789252][T14776] ? netlink_deliver_tap+0x2e/0x1b0 [ 326.789280][T14776] netlink_unicast+0x7f6/0x990 [ 326.789311][T14776] ? __pfx_netlink_unicast+0x10/0x10 [ 326.789331][T14776] ? __virt_addr_valid+0x45f/0x530 [ 326.789352][T14776] ? __phys_addr_symbol+0x2f/0x70 [ 326.789370][T14776] ? __check_object_size+0x47a/0x730 [ 326.789403][T14776] netlink_sendmsg+0x8de/0xcb0 [ 326.789441][T14776] ? __pfx_netlink_sendmsg+0x10/0x10 [ 326.789471][T14776] ? aa_sock_msg_perm+0x91/0x160 [ 326.789507][T14776] ? __pfx_netlink_sendmsg+0x10/0x10 [ 326.789529][T14776] __sock_sendmsg+0x221/0x270 [ 326.789568][T14776] ____sys_sendmsg+0x53a/0x860 [ 326.789600][T14776] ? __pfx_____sys_sendmsg+0x10/0x10 [ 326.789620][T14776] ? __fget_files+0x2a/0x410 [ 326.789653][T14776] ? __fget_files+0x2a/0x410 [ 326.789689][T14776] __sys_sendmsg+0x269/0x350 [ 326.789716][T14776] ? __pfx___sys_sendmsg+0x10/0x10 [ 326.789751][T14776] ? do_sys_openat2+0x17a/0x1d0 [ 326.789807][T14776] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 326.789839][T14776] ? do_syscall_64+0x100/0x230 [ 326.789873][T14776] ? do_syscall_64+0xb6/0x230 [ 326.789906][T14776] do_syscall_64+0xf3/0x230 [ 326.789937][T14776] ? clear_bhb_loop+0x35/0x90 [ 326.789970][T14776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.789997][T14776] RIP: 0033:0x7fe7bf78d169 [ 326.790015][T14776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 326.790032][T14776] RSP: 002b:00007fe7c066f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 326.790054][T14776] RAX: ffffffffffffffda RBX: 00007fe7bf9a6080 RCX: 00007fe7bf78d169 [ 326.790068][T14776] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000006 [ 326.790080][T14776] RBP: 00007fe7c066f090 R08: 0000000000000000 R09: 0000000000000000 [ 326.790092][T14776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 326.790103][T14776] R13: 0000000000000001 R14: 00007fe7bf9a6080 R15: 00007ffdc610d748 [ 326.790133][T14776] [ 326.790328][T14776] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 326.892608][T14779] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3383'. [ 327.285503][T14794] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3388'. [ 327.318540][T14794] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3388'. [ 327.335631][T14794] FAULT_INJECTION: forcing a failure. [ 327.335631][T14794] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 327.372069][T14794] CPU: 0 UID: 0 PID: 14794 Comm: syz.0.3388 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 327.372101][T14794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 327.372115][T14794] Call Trace: [ 327.372123][T14794] [ 327.372132][T14794] dump_stack_lvl+0x241/0x360 [ 327.372162][T14794] ? __pfx_dump_stack_lvl+0x10/0x10 [ 327.372186][T14794] ? __pfx__printk+0x10/0x10 [ 327.372208][T14794] ? __pfx_lock_release+0x10/0x10 [ 327.372238][T14794] ? __lock_acquire+0x1397/0x2100 [ 327.372276][T14794] should_fail_ex+0x40a/0x550 [ 327.372313][T14794] _copy_from_user+0x2d/0xb0 [ 327.372343][T14794] kstrtouint_from_user+0xc6/0x190 [ 327.372379][T14794] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 327.372408][T14794] ? __pfx_lock_acquire+0x10/0x10 [ 327.372450][T14794] proc_fail_nth_write+0xaa/0x2d0 [ 327.372481][T14794] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 327.372508][T14794] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 327.372544][T14794] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 327.372575][T14794] vfs_write+0x29f/0xd10 [ 327.372600][T14794] ? fdget_pos+0x254/0x320 [ 327.372630][T14794] ? preempt_schedule_common+0x84/0xd0 [ 327.372661][T14794] ? __pfx_vfs_write+0x10/0x10 [ 327.372686][T14794] ? __fget_files+0x2a/0x410 [ 327.372715][T14794] ? __fget_files+0x395/0x410 [ 327.372743][T14794] ? __fget_files+0x2a/0x410 [ 327.372783][T14794] ksys_write+0x18f/0x2b0 [ 327.372808][T14794] ? __pfx_ksys_write+0x10/0x10 [ 327.372832][T14794] ? do_syscall_64+0x100/0x230 [ 327.372867][T14794] ? do_syscall_64+0xb6/0x230 [ 327.372902][T14794] do_syscall_64+0xf3/0x230 [ 327.372934][T14794] ? clear_bhb_loop+0x35/0x90 [ 327.372968][T14794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.372996][T14794] RIP: 0033:0x7f4c71d8bc1f [ 327.373015][T14794] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 327.373033][T14794] RSP: 002b:00007f4c72b1a030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 327.373059][T14794] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4c71d8bc1f [ 327.373073][T14794] RDX: 0000000000000001 RSI: 00007f4c72b1a0a0 RDI: 0000000000000005 [ 327.373084][T14794] RBP: 00007f4c72b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 327.373097][T14794] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 327.373108][T14794] R13: 0000000000000000 R14: 00007f4c71fa6080 R15: 00007ffdf95a9d18 [ 327.373139][T14794] [ 328.032946][T14820] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3394'. [ 328.043047][T14820] (unnamed net_device) (uninitialized): option use_carrier: invalid value (4) [ 328.071621][T14821] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.3396'. [ 328.116519][T14821] netlink: zone id is out of range [ 328.142167][T14821] netlink: get zone limit has 8 unknown bytes [ 328.235501][T14825] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3396'. [ 328.687493][T14844] bridge: RTM_NEWNEIGH with invalid ether address [ 329.117402][T14855] FAULT_INJECTION: forcing a failure. [ 329.117402][T14855] name failslab, interval 1, probability 0, space 0, times 0 [ 329.134607][T14855] CPU: 0 UID: 0 PID: 14855 Comm: syz.0.3405 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 329.134640][T14855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 329.134654][T14855] Call Trace: [ 329.134662][T14855] [ 329.134671][T14855] dump_stack_lvl+0x241/0x360 [ 329.134703][T14855] ? __pfx_dump_stack_lvl+0x10/0x10 [ 329.134727][T14855] ? __pfx__printk+0x10/0x10 [ 329.134751][T14855] ? __kmalloc_cache_noprof+0x48/0x390 [ 329.134782][T14855] ? __pfx___might_resched+0x10/0x10 [ 329.134816][T14855] should_fail_ex+0x40a/0x550 [ 329.134852][T14855] should_failslab+0xac/0x100 [ 329.134882][T14855] __kmalloc_cache_noprof+0x70/0x390 [ 329.134910][T14855] ? vlan_vid_add+0x31c/0x760 [ 329.134940][T14855] vlan_vid_add+0x31c/0x760 [ 329.134985][T14855] register_vlan_dev+0x9f/0x810 [ 329.135011][T14855] ? vlan_changelink+0x4dd/0x570 [ 329.135046][T14855] vlan_newlink+0x476/0x5c0 [ 329.135077][T14855] ? __pfx_vlan_newlink+0x10/0x10 [ 329.135128][T14855] rtnl_newlink_create+0x2ee/0xa40 [ 329.135171][T14855] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 329.135212][T14855] ? ns_capable+0x8a/0xf0 [ 329.135241][T14855] rtnl_newlink+0x17cc/0x1d30 [ 329.135288][T14855] ? __pfx_rtnl_newlink+0x10/0x10 [ 329.135314][T14855] ? __netlink_deliver_tap+0x561/0x7f0 [ 329.135341][T14855] ? __pfx_validate_chain+0x10/0x10 [ 329.135366][T14855] ? __pfx_validate_chain+0x10/0x10 [ 329.135388][T14855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.135423][T14855] ? __pfx___schedule+0x10/0x10 [ 329.135477][T14855] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 329.135515][T14855] ? preempt_schedule+0xe1/0xf0 [ 329.135544][T14855] ? preempt_schedule_common+0x84/0xd0 [ 329.135580][T14855] ? mark_lock+0x9a/0x360 [ 329.135606][T14855] ? __lock_acquire+0x1397/0x2100 [ 329.135675][T14855] ? __pfx_lock_release+0x10/0x10 [ 329.135724][T14855] ? __pfx_rtnl_newlink+0x10/0x10 [ 329.135759][T14855] rtnetlink_rcv_msg+0x791/0xcf0 [ 329.135786][T14855] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 329.135817][T14855] ? rcu_preempt_deferred_qs_irqrestore+0x8c4/0xca0 [ 329.135851][T14855] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 329.135899][T14855] netlink_rcv_skb+0x206/0x480 [ 329.135926][T14855] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 329.135957][T14855] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 329.136010][T14855] ? __rcu_read_unlock+0xa1/0x110 [ 329.136045][T14855] netlink_unicast+0x7f6/0x990 [ 329.136078][T14855] ? __pfx_netlink_unicast+0x10/0x10 [ 329.136099][T14855] ? __virt_addr_valid+0x45f/0x530 [ 329.136121][T14855] ? __phys_addr_symbol+0x2f/0x70 [ 329.136141][T14855] ? __check_object_size+0x47a/0x730 [ 329.136176][T14855] netlink_sendmsg+0x8de/0xcb0 [ 329.136217][T14855] ? __pfx_netlink_sendmsg+0x10/0x10 [ 329.136250][T14855] ? aa_sock_msg_perm+0x91/0x160 [ 329.136289][T14855] ? __pfx_netlink_sendmsg+0x10/0x10 [ 329.136314][T14855] __sock_sendmsg+0x221/0x270 [ 329.136348][T14855] ____sys_sendmsg+0x53a/0x860 [ 329.136382][T14855] ? __pfx_____sys_sendmsg+0x10/0x10 [ 329.136404][T14855] ? __fget_files+0x2a/0x410 [ 329.136439][T14855] ? __fget_files+0x2a/0x410 [ 329.136486][T14855] __sys_sendmsg+0x269/0x350 [ 329.136517][T14855] ? __pfx___sys_sendmsg+0x10/0x10 [ 329.136557][T14855] ? do_sys_openat2+0x17a/0x1d0 [ 329.136620][T14855] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 329.136655][T14855] ? do_syscall_64+0x100/0x230 [ 329.136691][T14855] ? do_syscall_64+0xb6/0x230 [ 329.136727][T14855] do_syscall_64+0xf3/0x230 [ 329.136760][T14855] ? clear_bhb_loop+0x35/0x90 [ 329.136794][T14855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.136824][T14855] RIP: 0033:0x7f4c71d8d169 [ 329.136843][T14855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 329.136862][T14855] RSP: 002b:00007f4c72b3b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 329.136885][T14855] RAX: ffffffffffffffda RBX: 00007f4c71fa5fa0 RCX: 00007f4c71d8d169 [ 329.136902][T14855] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003 [ 329.136916][T14855] RBP: 00007f4c72b3b090 R08: 0000000000000000 R09: 0000000000000000 [ 329.136930][T14855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 329.136943][T14855] R13: 0000000000000000 R14: 00007f4c71fa5fa0 R15: 00007ffdf95a9d18 [ 329.136977][T14855] [ 329.729662][T14860] netlink: 'syz.1.3407': attribute type 10 has an invalid length. [ 329.863458][T14860] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 329.956899][T14867] __nla_validate_parse: 5 callbacks suppressed [ 329.956920][T14867] netlink: 7 bytes leftover after parsing attributes in process `syz.4.3408'. [ 329.973105][T14869] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 329.982049][T14871] FAULT_INJECTION: forcing a failure. [ 329.982049][T14871] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 330.062790][T14871] CPU: 1 UID: 0 PID: 14871 Comm: syz.1.3411 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 330.062823][T14871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 330.062837][T14871] Call Trace: [ 330.062845][T14871] [ 330.062855][T14871] dump_stack_lvl+0x241/0x360 [ 330.062887][T14871] ? __pfx_dump_stack_lvl+0x10/0x10 [ 330.062911][T14871] ? __pfx__printk+0x10/0x10 [ 330.062935][T14871] ? __pfx_lock_release+0x10/0x10 [ 330.062978][T14871] should_fail_ex+0x40a/0x550 [ 330.063015][T14871] _copy_from_user+0x2d/0xb0 [ 330.063045][T14871] copy_msghdr_from_user+0xae/0x680 [ 330.063075][T14871] ? __lock_acquire+0x1397/0x2100 [ 330.063109][T14871] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 330.063140][T14871] ? __fget_files+0x2a/0x410 [ 330.063173][T14871] ? __fget_files+0x2a/0x410 [ 330.063214][T14871] do_recvmmsg+0x3bd/0xab0 [ 330.063251][T14871] ? __pfx_do_recvmmsg+0x10/0x10 [ 330.063298][T14871] ? ksys_write+0x22a/0x2b0 [ 330.063320][T14871] ? __pfx_lock_release+0x10/0x10 [ 330.063368][T14871] ? sb_end_write+0xe9/0x1c0 [ 330.063400][T14871] ? vfs_write+0x7fa/0xd10 [ 330.063425][T14871] ? __mutex_unlock_slowpath+0x227/0x800 [ 330.063469][T14871] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 330.063501][T14871] ? __fget_files+0x2a/0x410 [ 330.063548][T14871] __x64_sys_recvmmsg+0x199/0x250 [ 330.063577][T14871] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 330.063604][T14871] ? do_syscall_64+0x100/0x230 [ 330.063641][T14871] ? do_syscall_64+0xb6/0x230 [ 330.063676][T14871] do_syscall_64+0xf3/0x230 [ 330.063709][T14871] ? clear_bhb_loop+0x35/0x90 [ 330.063747][T14871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.063776][T14871] RIP: 0033:0x7fe3a858d169 [ 330.063795][T14871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 330.063815][T14871] RSP: 002b:00007fe3a932a038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 330.063838][T14871] RAX: ffffffffffffffda RBX: 00007fe3a87a5fa0 RCX: 00007fe3a858d169 [ 330.063855][T14871] RDX: 0000000000000002 RSI: 0000200000003c80 RDI: 0000000000000004 [ 330.063869][T14871] RBP: 00007fe3a932a090 R08: 0000000000000000 R09: 0000000000000000 [ 330.063883][T14871] R10: 0000000000002001 R11: 0000000000000246 R12: 0000000000000001 [ 330.063897][T14871] R13: 0000000000000000 R14: 00007fe3a87a5fa0 R15: 00007ffd2e1a0198 [ 330.063929][T14871] [ 330.825615][T14898] x_tables: duplicate underflow at hook 2 [ 331.069139][T14907] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check. [ 331.409634][T14918] FAULT_INJECTION: forcing a failure. [ 331.409634][T14918] name failslab, interval 1, probability 0, space 0, times 0 [ 331.456822][T14918] CPU: 0 UID: 0 PID: 14918 Comm: syz.4.3424 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 331.456854][T14918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 331.456869][T14918] Call Trace: [ 331.456877][T14918] [ 331.456887][T14918] dump_stack_lvl+0x241/0x360 [ 331.456919][T14918] ? __pfx_dump_stack_lvl+0x10/0x10 [ 331.456944][T14918] ? __pfx__printk+0x10/0x10 [ 331.456967][T14918] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 331.456999][T14918] ? __pfx___might_resched+0x10/0x10 [ 331.457033][T14918] should_fail_ex+0x40a/0x550 [ 331.457077][T14918] should_failslab+0xac/0x100 [ 331.457112][T14918] kmem_cache_alloc_node_noprof+0x77/0x380 [ 331.457141][T14918] ? __alloc_skb+0x1c3/0x440 [ 331.457161][T14918] ? stack_trace_save+0x118/0x1d0 [ 331.457192][T14918] __alloc_skb+0x1c3/0x440 [ 331.457218][T14918] ? __pfx___alloc_skb+0x10/0x10 [ 331.457245][T14918] ? netlink_ack_tlv_len+0x6e/0x200 [ 331.457274][T14918] netlink_ack+0x145/0xa60 [ 331.457297][T14918] ? netlink_sendmsg+0x8de/0xcb0 [ 331.457321][T14918] ? __sock_sendmsg+0x221/0x270 [ 331.457348][T14918] ? __sys_sendmsg+0x269/0x350 [ 331.457386][T14918] netlink_rcv_skb+0x294/0x480 [ 331.457412][T14918] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 331.457447][T14918] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 331.457487][T14918] ? apparmor_capable+0x13b/0x1b0 [ 331.457515][T14918] ? bpf_lsm_capable+0x9/0x10 [ 331.457546][T14918] ? security_capable+0x7e/0x2d0 [ 331.457585][T14918] nfnetlink_rcv+0x297/0x2ab0 [ 331.457622][T14918] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 331.457655][T14918] ? __dev_queue_xmit+0x2f4/0x3f50 [ 331.457683][T14918] ? __dev_queue_xmit+0x1775/0x3f50 [ 331.457707][T14918] ? kasan_save_track+0x51/0x80 [ 331.457737][T14918] ? ____sys_sendmsg+0x53a/0x860 [ 331.457763][T14918] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 331.457794][T14918] ? __dev_queue_xmit+0x2f4/0x3f50 [ 331.457823][T14918] ? __pfx___dev_queue_xmit+0x10/0x10 [ 331.457865][T14918] ? ref_tracker_free+0x643/0x7e0 [ 331.457888][T14918] ? __asan_memcpy+0x40/0x70 [ 331.457908][T14918] ? __pfx_ref_tracker_free+0x10/0x10 [ 331.457928][T14918] ? __skb_clone+0x5c/0x6c0 [ 331.457967][T14918] ? netlink_deliver_tap+0x2e/0x1b0 [ 331.457991][T14918] ? skb_clone+0x240/0x390 [ 331.458016][T14918] ? __pfx_lock_release+0x10/0x10 [ 331.458049][T14918] ? __netlink_deliver_tap+0x7b0/0x7f0 [ 331.458094][T14918] ? netlink_deliver_tap+0x2e/0x1b0 [ 331.458123][T14918] netlink_unicast+0x7f6/0x990 [ 331.458155][T14918] ? __pfx_netlink_unicast+0x10/0x10 [ 331.458176][T14918] ? __virt_addr_valid+0x45f/0x530 [ 331.458197][T14918] ? __phys_addr_symbol+0x2f/0x70 [ 331.458217][T14918] ? __check_object_size+0x47a/0x730 [ 331.458250][T14918] netlink_sendmsg+0x8de/0xcb0 [ 331.458290][T14918] ? __pfx_netlink_sendmsg+0x10/0x10 [ 331.458321][T14918] ? aa_sock_msg_perm+0x91/0x160 [ 331.458359][T14918] ? __pfx_netlink_sendmsg+0x10/0x10 [ 331.458384][T14918] __sock_sendmsg+0x221/0x270 [ 331.458416][T14918] ____sys_sendmsg+0x53a/0x860 [ 331.458449][T14918] ? __pfx_____sys_sendmsg+0x10/0x10 [ 331.458471][T14918] ? __fget_files+0x2a/0x410 [ 331.458506][T14918] ? __fget_files+0x2a/0x410 [ 331.458545][T14918] __sys_sendmsg+0x269/0x350 [ 331.458574][T14918] ? __pfx___sys_sendmsg+0x10/0x10 [ 331.458611][T14918] ? do_sys_openat2+0x17a/0x1d0 [ 331.458668][T14918] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 331.458702][T14918] ? do_syscall_64+0x100/0x230 [ 331.458738][T14918] ? do_syscall_64+0xb6/0x230 [ 331.458774][T14918] do_syscall_64+0xf3/0x230 [ 331.458806][T14918] ? clear_bhb_loop+0x35/0x90 [ 331.458840][T14918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.458895][T14918] RIP: 0033:0x7f4ed4b8d169 [ 331.458915][T14918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 331.458933][T14918] RSP: 002b:00007f4ed591c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 331.458956][T14918] RAX: ffffffffffffffda RBX: 00007f4ed4da5fa0 RCX: 00007f4ed4b8d169 [ 331.458972][T14918] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000003 [ 331.458985][T14918] RBP: 00007f4ed591c090 R08: 0000000000000000 R09: 0000000000000000 [ 331.458999][T14918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 331.459012][T14918] R13: 0000000000000000 R14: 00007f4ed4da5fa0 R15: 00007fffa04dc3a8 [ 331.459043][T14918] [ 332.011774][T14922] netlink: 'syz.0.3426': attribute type 1 has an invalid length. [ 332.046228][T14922] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3426'. [ 332.475869][T14946] FAULT_INJECTION: forcing a failure. [ 332.475869][T14946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 332.502529][T14946] CPU: 0 UID: 0 PID: 14946 Comm: syz.4.3438 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 332.502561][T14946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 332.502575][T14946] Call Trace: [ 332.502583][T14946] [ 332.502592][T14946] dump_stack_lvl+0x241/0x360 [ 332.502624][T14946] ? __pfx_dump_stack_lvl+0x10/0x10 [ 332.502648][T14946] ? __pfx__printk+0x10/0x10 [ 332.502672][T14946] ? __pfx_lock_release+0x10/0x10 [ 332.502714][T14946] should_fail_ex+0x40a/0x550 [ 332.502751][T14946] _copy_from_user+0x2d/0xb0 [ 332.502782][T14946] copy_msghdr_from_user+0xae/0x680 [ 332.502812][T14946] ? __pfx___might_resched+0x10/0x10 [ 332.502845][T14946] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 332.502881][T14946] ? do_recvmmsg+0x44e/0xab0 [ 332.502905][T14946] ? __might_fault+0xaa/0x120 [ 332.502932][T14946] do_recvmmsg+0x3bd/0xab0 [ 332.502969][T14946] ? __pfx_do_recvmmsg+0x10/0x10 [ 332.503015][T14946] ? ksys_write+0x22a/0x2b0 [ 332.503039][T14946] ? __pfx_lock_release+0x10/0x10 [ 332.503077][T14946] ? sb_end_write+0xe9/0x1c0 [ 332.503108][T14946] ? vfs_write+0x7fa/0xd10 [ 332.503134][T14946] ? __mutex_unlock_slowpath+0x227/0x800 [ 332.503177][T14946] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 332.503209][T14946] ? __fget_files+0x2a/0x410 [ 332.503261][T14946] __x64_sys_recvmmsg+0x199/0x250 [ 332.503290][T14946] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 332.503318][T14946] ? do_syscall_64+0x100/0x230 [ 332.503353][T14946] ? do_syscall_64+0xb6/0x230 [ 332.503388][T14946] do_syscall_64+0xf3/0x230 [ 332.503421][T14946] ? clear_bhb_loop+0x35/0x90 [ 332.503455][T14946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.503484][T14946] RIP: 0033:0x7f4ed4b8d169 [ 332.503508][T14946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 332.503525][T14946] RSP: 002b:00007f4ed591c038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 332.503548][T14946] RAX: ffffffffffffffda RBX: 00007f4ed4da5fa0 RCX: 00007f4ed4b8d169 [ 332.503564][T14946] RDX: 0000000000000a0d RSI: 00002000000066c0 RDI: 0000000000000005 [ 332.503578][T14946] RBP: 00007f4ed591c090 R08: 0000000000000000 R09: 0000000000000000 [ 332.503590][T14946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 332.503603][T14946] R13: 0000000000000000 R14: 00007f4ed4da5fa0 R15: 00007fffa04dc3a8 [ 332.503635][T14946] [ 332.837647][T14949] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3439'. [ 332.852014][T14949] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.861132][T14949] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.142869][T14956] netlink: 'syz.0.3442': attribute type 10 has an invalid length. [ 333.206586][T14958] FAULT_INJECTION: forcing a failure. [ 333.206586][T14958] name failslab, interval 1, probability 0, space 0, times 0 [ 333.238251][T14961] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3444'. [ 333.259316][T14956] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.273023][T14956] bond0: (slave team0): Enslaving as an active interface with an up link [ 333.283477][T14958] CPU: 0 UID: 0 PID: 14958 Comm: syz.0.3442 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 333.283506][T14958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 333.283521][T14958] Call Trace: [ 333.283529][T14958] [ 333.283539][T14958] dump_stack_lvl+0x241/0x360 [ 333.283582][T14958] ? __pfx_dump_stack_lvl+0x10/0x10 [ 333.283605][T14958] ? __pfx__printk+0x10/0x10 [ 333.283629][T14958] ? __kmalloc_noprof+0xb5/0x4c0 [ 333.283659][T14958] ? __pfx___might_resched+0x10/0x10 [ 333.283693][T14958] should_fail_ex+0x40a/0x550 [ 333.283735][T14958] should_failslab+0xac/0x100 [ 333.283783][T14958] __kmalloc_noprof+0xdd/0x4c0 [ 333.283811][T14958] ? alloc_port_data+0x10a/0x3c0 [ 333.283846][T14958] alloc_port_data+0x10a/0x3c0 [ 333.283885][T14958] ib_device_set_netdev+0xd1/0x6b0 [ 333.283916][T14958] ? debug_mutex_init+0x38/0x70 [ 333.283942][T14958] ? rxe_register_device+0x18b/0x350 [ 333.283962][T14958] ? ib_set_device_ops+0x3beb/0x3d20 [ 333.283998][T14958] rxe_register_device+0x1ea/0x350 [ 333.284025][T14958] rxe_net_add+0x74/0xf0 [ 333.284047][T14958] rxe_newlink+0xde/0x1a0 [ 333.284078][T14958] nldev_newlink+0x5ea/0x680 [ 333.284105][T14958] ? __pfx_nldev_newlink+0x10/0x10 [ 333.284230][T14958] ? __pfx_aa_get_newest_label+0x10/0x10 [ 333.284265][T14958] ? __pfx_aa_get_newest_label+0x10/0x10 [ 333.284315][T14958] ? bpf_lsm_capable+0x9/0x10 [ 333.284345][T14958] ? security_capable+0x7e/0x2d0 [ 333.284380][T14958] ? __pfx_nldev_newlink+0x10/0x10 [ 333.284406][T14958] rdma_nl_rcv+0x6dd/0x9e0 [ 333.284444][T14958] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 333.284509][T14958] ? netlink_deliver_tap+0x2e/0x1b0 [ 333.284539][T14958] netlink_unicast+0x7f6/0x990 [ 333.284572][T14958] ? __pfx_netlink_unicast+0x10/0x10 [ 333.284593][T14958] ? __virt_addr_valid+0x45f/0x530 [ 333.284615][T14958] ? __phys_addr_symbol+0x2f/0x70 [ 333.284635][T14958] ? __check_object_size+0x47a/0x730 [ 333.284669][T14958] netlink_sendmsg+0x8de/0xcb0 [ 333.284710][T14958] ? __pfx_netlink_sendmsg+0x10/0x10 [ 333.284742][T14958] ? aa_sock_msg_perm+0x91/0x160 [ 333.284780][T14958] ? __pfx_netlink_sendmsg+0x10/0x10 [ 333.284804][T14958] __sock_sendmsg+0x221/0x270 [ 333.284838][T14958] ____sys_sendmsg+0x53a/0x860 [ 333.284872][T14958] ? __pfx_____sys_sendmsg+0x10/0x10 [ 333.284893][T14958] ? __fget_files+0x2a/0x410 [ 333.284929][T14958] ? __fget_files+0x2a/0x410 [ 333.284970][T14958] __sys_sendmsg+0x269/0x350 [ 333.285000][T14958] ? __pfx___sys_sendmsg+0x10/0x10 [ 333.285039][T14958] ? do_sys_openat2+0x17a/0x1d0 [ 333.285100][T14958] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 333.285135][T14958] ? do_syscall_64+0x100/0x230 [ 333.285171][T14958] ? do_syscall_64+0xb6/0x230 [ 333.285217][T14958] do_syscall_64+0xf3/0x230 [ 333.285249][T14958] ? clear_bhb_loop+0x35/0x90 [ 333.285283][T14958] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.285312][T14958] RIP: 0033:0x7f4c71d8d169 [ 333.285331][T14958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 333.285349][T14958] RSP: 002b:00007f4c72b1a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 333.285371][T14958] RAX: ffffffffffffffda RBX: 00007f4c71fa6080 RCX: 00007f4c71d8d169 [ 333.285388][T14958] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000006 [ 333.285401][T14958] RBP: 00007f4c72b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 333.285415][T14958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 333.285428][T14958] R13: 0000000000000001 R14: 00007f4c71fa6080 R15: 00007ffdf95a9d18 [ 333.285461][T14958] [ 333.285591][T14958] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 333.589291][T14970] netlink: 'syz.2.3445': attribute type 1 has an invalid length. [ 333.600828][T14961] xfrm1: entered promiscuous mode [ 333.669287][T14961] xfrm1: entered allmulticast mode [ 333.717732][T14970] netlink: 'syz.2.3445': attribute type 1 has an invalid length. [ 333.989898][T14977] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT [ 334.290147][T14989] netlink: 180 bytes leftover after parsing attributes in process `syz.4.3451'. [ 334.396110][T14996] Bluetooth: MGMT ver 1.23 [ 334.629079][T15005] ax25_connect(): syz.3.3456 uses autobind, please contact jreuter@yaina.de [ 334.717572][T15002] ------------[ cut here ]------------ [ 334.723526][T15002] refcount_t: decrement hit 0; leaking memory. [ 334.733266][T15002] WARNING: CPU: 1 PID: 15002 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 [ 334.743135][T15002] Modules linked in: [ 334.747156][T15002] CPU: 1 UID: 0 PID: 15002 Comm: syz.3.3456 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 334.759024][T15002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 334.770026][T15002] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 334.776285][T15002] Code: b2 00 00 00 e8 17 38 cc fc 5b 5d c3 cc cc cc cc e8 0b 38 cc fc c6 05 35 6e 31 0b 01 90 48 c7 c7 40 b6 80 8c e8 37 f3 8b fc 90 <0f> 0b 90 90 eb d9 e8 eb 37 cc fc c6 05 12 6e 31 0b 01 90 48 c7 c7 [ 334.796623][T15002] RSP: 0018:ffffc9000be77b68 EFLAGS: 00010246 [ 334.802752][T15002] RAX: 8627373048d4bc00 RBX: ffff888024f8264c RCX: ffff88803f8bda00 [ 334.810905][T15002] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 334.819215][T15002] RBP: 0000000000000004 R08: ffffffff81819e52 R09: fffffbfff1d3a69c [ 334.827396][T15002] R10: dffffc0000000000 R11: fffffbfff1d3a69c R12: ffff888024f82608 [ 334.835413][T15002] R13: 0000000000000000 R14: ffff888024f8264c R15: dffffc0000000000 [ 334.843524][T15002] FS: 0000555568552500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 334.853474][T15002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 334.860962][T15002] CR2: 0000200000000040 CR3: 000000005d382000 CR4: 00000000003526f0 [ 334.869145][T15002] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 334.877249][T15002] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 334.885260][T15002] Call Trace: [ 334.888649][T15002] [ 334.891617][T15002] ? __warn+0x165/0x4d0 [ 334.895945][T15002] ? refcount_warn_saturate+0xfa/0x1d0 [ 334.901460][T15002] ? report_bug+0x2b3/0x500 [ 334.906119][T15002] ? refcount_warn_saturate+0xfa/0x1d0 [ 334.911638][T15002] ? handle_bug+0x60/0x90 [ 334.916111][T15002] ? exc_invalid_op+0x1a/0x50 [ 334.920837][T15002] ? asm_exc_invalid_op+0x1a/0x20 [ 334.926009][T15002] ? __warn_printk+0x292/0x360 [ 334.930948][T15002] ? refcount_warn_saturate+0xfa/0x1d0 [ 334.936564][T15002] ? refcount_warn_saturate+0xf9/0x1d0 [ 334.942132][T15002] ref_tracker_free+0x6af/0x7e0 [ 334.947238][T15002] ? __pfx_ref_tracker_free+0x10/0x10 [ 334.952681][T15002] ? ax25_destroy_socket+0x551/0x5c0 [ 334.959099][T15002] ax25_release+0x368/0x960 [ 334.963670][T15002] sock_close+0xbc/0x240 [ 334.968781][T15002] ? __pfx_sock_close+0x10/0x10 [ 334.973695][T15002] __fput+0x3e9/0x9f0 [ 334.977888][T15002] task_work_run+0x24f/0x310 [ 334.982530][T15002] ? _raw_spin_unlock+0x28/0x50 [ 334.987550][T15002] ? __pfx_task_work_run+0x10/0x10 [ 334.992706][T15002] ? syscall_exit_to_user_mode+0xa3/0x340 [ 334.998597][T15002] syscall_exit_to_user_mode+0x13f/0x340 [ 335.004321][T15002] do_syscall_64+0x100/0x230 [ 335.009071][T15002] ? clear_bhb_loop+0x35/0x90 [ 335.013799][T15002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.019856][T15002] RIP: 0033:0x7fe7bf78d169 [ 335.024319][T15002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.044174][T15002] RSP: 002b:00007ffdc610d8a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 335.052734][T15002] RAX: 0000000000000000 RBX: 00007fe7bf9a7ba0 RCX: 00007fe7bf78d169 [ 335.061753][T15002] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 335.070664][T15002] RBP: 00007fe7bf9a7ba0 R08: 0000000000000264 R09: 0000001ec610db9f [ 335.078815][T15002] R10: 00000000003ffb78 R11: 0000000000000246 R12: 0000000000051df8 [ 335.086901][T15002] R13: 00007fe7bf9a6080 R14: ffffffffffffffff R15: 00007ffdc610d9c0 [ 335.094931][T15002] [ 335.098065][T15002] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 335.105378][T15002] CPU: 1 UID: 0 PID: 15002 Comm: syz.3.3456 Not tainted 6.14.0-rc7-syzkaller-00140-ged3ba9b6e280 #0 [ 335.116168][T15002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 335.126436][T15002] Call Trace: [ 335.129749][T15002] [ 335.132711][T15002] dump_stack_lvl+0x241/0x360 [ 335.137431][T15002] ? __pfx_dump_stack_lvl+0x10/0x10 [ 335.142675][T15002] ? __pfx__printk+0x10/0x10 [ 335.147300][T15002] ? _printk+0xd5/0x120 [ 335.151491][T15002] ? __init_begin+0x41000/0x41000 [ 335.156560][T15002] ? vscnprintf+0x5d/0x90 [ 335.160926][T15002] panic+0x349/0x880 [ 335.164838][T15002] ? __warn+0x174/0x4d0 [ 335.169018][T15002] ? __pfx_panic+0x10/0x10 [ 335.173456][T15002] __warn+0x344/0x4d0 [ 335.177455][T15002] ? refcount_warn_saturate+0xfa/0x1d0 [ 335.182935][T15002] report_bug+0x2b3/0x500 [ 335.187341][T15002] ? refcount_warn_saturate+0xfa/0x1d0 [ 335.192848][T15002] handle_bug+0x60/0x90 [ 335.197025][T15002] exc_invalid_op+0x1a/0x50 [ 335.201547][T15002] asm_exc_invalid_op+0x1a/0x20 [ 335.206420][T15002] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 335.212537][T15002] Code: b2 00 00 00 e8 17 38 cc fc 5b 5d c3 cc cc cc cc e8 0b 38 cc fc c6 05 35 6e 31 0b 01 90 48 c7 c7 40 b6 80 8c e8 37 f3 8b fc 90 <0f> 0b 90 90 eb d9 e8 eb 37 cc fc c6 05 12 6e 31 0b 01 90 48 c7 c7 [ 335.232170][T15002] RSP: 0018:ffffc9000be77b68 EFLAGS: 00010246 [ 335.238255][T15002] RAX: 8627373048d4bc00 RBX: ffff888024f8264c RCX: ffff88803f8bda00 [ 335.246240][T15002] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 335.254307][T15002] RBP: 0000000000000004 R08: ffffffff81819e52 R09: fffffbfff1d3a69c [ 335.262289][T15002] R10: dffffc0000000000 R11: fffffbfff1d3a69c R12: ffff888024f82608 [ 335.270270][T15002] R13: 0000000000000000 R14: ffff888024f8264c R15: dffffc0000000000 [ 335.278254][T15002] ? __warn_printk+0x292/0x360 [ 335.283051][T15002] ? refcount_warn_saturate+0xf9/0x1d0 [ 335.288528][T15002] ref_tracker_free+0x6af/0x7e0 [ 335.293389][T15002] ? __pfx_ref_tracker_free+0x10/0x10 [ 335.298781][T15002] ? ax25_destroy_socket+0x551/0x5c0 [ 335.304090][T15002] ax25_release+0x368/0x960 [ 335.308614][T15002] sock_close+0xbc/0x240 [ 335.312870][T15002] ? __pfx_sock_close+0x10/0x10 [ 335.317737][T15002] __fput+0x3e9/0x9f0 [ 335.321751][T15002] task_work_run+0x24f/0x310 [ 335.326370][T15002] ? _raw_spin_unlock+0x28/0x50 [ 335.331245][T15002] ? __pfx_task_work_run+0x10/0x10 [ 335.336372][T15002] ? syscall_exit_to_user_mode+0xa3/0x340 [ 335.342110][T15002] syscall_exit_to_user_mode+0x13f/0x340 [ 335.347769][T15002] do_syscall_64+0x100/0x230 [ 335.352397][T15002] ? clear_bhb_loop+0x35/0x90 [ 335.357098][T15002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.363012][T15002] RIP: 0033:0x7fe7bf78d169 [ 335.367444][T15002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.387061][T15002] RSP: 002b:00007ffdc610d8a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 335.395585][T15002] RAX: 0000000000000000 RBX: 00007fe7bf9a7ba0 RCX: 00007fe7bf78d169 [ 335.403580][T15002] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 335.411565][T15002] RBP: 00007fe7bf9a7ba0 R08: 0000000000000264 R09: 0000001ec610db9f [ 335.419549][T15002] R10: 00000000003ffb78 R11: 0000000000000246 R12: 0000000000051df8 [ 335.427532][T15002] R13: 00007fe7bf9a6080 R14: ffffffffffffffff R15: 00007ffdc610d9c0 [ 335.435530][T15002] [ 335.438919][T15002] Kernel Offset: disabled [ 335.443312][T15002] Rebooting in 86400 seconds..