last executing test programs: 1m25.795300476s ago: executing program 4 (id=221): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000400000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x9b) 1m5.200809769s ago: executing program 4 (id=221): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000400000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x9b) 48.439881808s ago: executing program 4 (id=221): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000400000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x9b) 31.008529439s ago: executing program 4 (id=221): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000400000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x9b) 17.545504896s ago: executing program 4 (id=221): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000400000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x9b) 3.565556256s ago: executing program 2 (id=933): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000004100)=@base={0x12, 0x12, 0x8, 0x2}, 0x48) r1 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000140), &(0x7f0000000240)=@udp6=r1}, 0x20) openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x6b, 0x11, 0x32}]}, 0x0}, 0x90) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r3, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@delneigh={0x44, 0x1a, 0x1, 0x0, 0x0, {0xa}, [@NDA_CACHEINFO={0x14, 0x3, {0x7}}, @NDA_DST_IPV6={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @remote}}]}, 0x44}}, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r0, &(0x7f0000000140)="8d", 0x0}, 0x20) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r5}, 0x10) r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000), 0x35) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001740)={0x18, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}}]}, &(0x7f0000000300)='syzkaller\x00'}, 0x90) r8 = socket$unix(0x1, 0x5, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r10, @ANYBLOB="010005000000000000003900000008000300", @ANYRES32=r11, @ANYBLOB="70005a806c00018014000300000000000000000001000000000000004d00020008064110262838481128263f34193e2a1d4b55371c0328552927232b143d0b3e41501439421f19391b0f2d0d352c2e2b43322b461a2a3b4e0a2c11192c2d18080a472149280a215336000000040001"], 0x8c}}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r6}, &(0x7f00000000c0), &(0x7f0000000100)=r7}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r6}, &(0x7f0000000640), &(0x7f0000000180)=r7}, 0x20) 3.399557337s ago: executing program 2 (id=935): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000140)={'gre0\x00', &(0x7f0000000380)={'gre0\x00', 0x0, 0x10, 0x20, 0x800, 0x7f, {{0x9, 0x4, 0x1, 0x1, 0x24, 0x66, 0x0, 0x0, 0x2f, 0x0, @remote, @broadcast, {[@rr={0x7, 0xf, 0x27, [@rand_addr=0x64010100, @multicast1, @private=0xa010101]}]}}}}}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0xf000) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x0, 0x5, 0x7f, 0x0, 0x41, 0xffffffffffffffff, 0x40, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5}, 0x48) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1}, 0x48) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x20, 0x1ff, 0x23, 0x20000000, 0x822, 0xffffffffffffffff, 0x800, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x2}, 0x48) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000940)={0x6, 0x5, &(0x7f0000000080)=@raw=[@cb_func={0x18, 0x1, 0x4, 0x0, 0xdc6e}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @alu={0x4, 0x1, 0x9, 0xb, 0xb, 0x40, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}], &(0x7f00000000c0)='GPL\x00', 0x8, 0x36, &(0x7f0000000100)=""/54, 0x40f00, 0x10, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000540)={0x1, 0x0, 0x5, 0x6}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000580)=[r3, r4, r5, r6], &(0x7f00000008c0)=[{0x5, 0x4, 0x4, 0x4}, {0x2, 0x3, 0xd, 0x4}, {0x0, 0x4, 0xd, 0xb}, {0x3, 0x1, 0x9, 0xb}, {0x2, 0x4, 0x9, 0x8}, {0x2, 0x3, 0x1, 0x3}], 0x10, 0x7}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x4000000, 0x3c, 0x72, &(0x7f0000000040)="976d9023d56482cd284a63da539706d7009be646625bd75b025352ebe557df463106baeed6c2d75549b140f143fb8bb67bfe5b308b8d05758115c7ad", &(0x7f0000000180)=""/114, 0x0, 0x0, 0x6c, 0xc4, &(0x7f0000000400)="cf2240e6919817e49555d221b4e6c6ba11c4d974ddab2318db7b52cee499399a00be4b71119246d7bca28cc8346eb84414e45f3f4633f4acb77bf8cc38c4c16fe035905db79cdc0be634a915662c4cac58ae94706f86ea320f339c21399b5bb7607044916c63c528ab414971", &(0x7f0000000280)="bf049fd184f7b03c21d9bcddc4eef9ebb6a0da3eb91c56454e873dd7336ccf21a1eeb8da7adf80d6e06ef46c7f36222fadaed2103c286468b3f44adee51445bd1bedf8fcc1c0b9fdc8b3829b1bf0c9d2d409cdecb12ad033e299c029331993ae9760345bf7feb91ee96b0eee19454ad3dbce5019b68c114ff1921a9b4665744c7784ac6736101a70592d83c448a84c31ec60bb901d96ea99471d823ee523318878ee704a8d9502b566cad45587cb74ea8259c1c0a926fc09499395b2db5af40bb6f4c526", 0x0, 0x8000}, 0x50) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000680)=r7, 0x4) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000006c0), r1) sendmsg$IEEE802154_ADD_IFACE(r8, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x28, r9, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x28}}, 0x0) 3.356290704s ago: executing program 2 (id=937): r0 = socket$packet(0x11, 0x1, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) getsockname(0xffffffffffffffff, &(0x7f00000014c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001540)=0x80) sendmsg$nl_route_sched(r1, &(0x7f00000093c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@deltfilter={0x30, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xb, 0x1}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000040)={'ip6_vti0\x00', 0x0, 0x2f, 0xc1, 0x4, 0x9, 0x39, @loopback, @mcast2, 0x700, 0x7, 0xcce, 0x5}}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'macsec0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="2000000010000110000100000475000000000000", @ANYRES32=r3, @ANYBLOB="da"], 0x20}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000180)=0x14) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6_vti0\x00', &(0x7f00000001c0)={'syztnl1\x00', 0x0, 0x2f, 0x87, 0x8a, 0x7fff, 0x40, @remote, @mcast2, 0x7, 0x40, 0x1000, 0xbc61}}) r5 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r8, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev, 'lo\x00'}}, 0x1e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x6c}}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020022003505d25a806f8c6394f90435fc600400110a0a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) sendmmsg(r8, &(0x7f0000000080), 0x4000000000001f0, 0x0) sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR={0xa, 0x9, @dev}, @IFLA_MACVLAN_BC_QUEUE_LEN={0x8}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket$inet6(0xa, 0x2, 0x3a) unshare(0x20000400) bind$inet6(r10, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback={0x0, 0xa8a183fffe41dd5c}}, 0x1c) socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$nl_route(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000011000500000000000000000007000000", @ANYRES32, @ANYBLOB="000000000000000014001a80100004800c000480"], 0x34}}, 0x0) 2.916793447s ago: executing program 1 (id=943): r0 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r0, 0x10d, 0xb, 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) write$binfmt_misc(r1, &(0x7f0000000000)={'syz0', "f59cdee48380c36037490b121de521175468c22110696f20b5d90fbd6d5f85c4ca5655fe7f74e26669a96a729c6adc1d86a8477408b5a1d469ad75c3bf2e9a90ba40ef96ce5c247eba4f4772f74d78b2c304f688e0814371a852e3a9ced24140d3e63774a1f50cf2a9c6a05be56427b4761ed674c90616815e5b74c9b40a2bac9e94cbafc1489f786fe51b8332914a04abb104348cbd8c8e7ec102ab987713300d5f98c4b24aae1c04d106680ac8f869882377875010ae5bb9cfda4ef23e"}, 0xc2) 2.826205854s ago: executing program 0 (id=945): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@security={'security\x00', 0x4, 0x12, 0x3b8, 0xffffffff, 0xd0, 0x1a8, 0xd0, 0xffffffff, 0xffffffff, 0x2e8, 0x2e8, 0x2e8, 0xffffffff, 0x7fffffe, 0x0, {[{{@ipv6={@dev, @ipv4={'\x00', '\xff\xff', @multicast1}, [], [], 'bridge_slave_1\x00', 'geneve0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x3}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}, {{@ipv6={@private1, @mcast1, [], [], 'geneve1\x00', 'macvlan0\x00'}, 0x0, 0x118, 0x140, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'syz0\x00'}}, @common=@ipv6header={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x418) 2.743844806s ago: executing program 1 (id=946): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x60, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8}}, @IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x60}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x4, 0xffff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0x4, 0x0, 0x0, 0x41100, 0x61, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x0, 0xfffffffd, @mcast1, 0x9}, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @in={0x2, 0x0, @local}, @in6={0xa, 0x4e24, 0x401, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x80}], 0x64) r2 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) gettid() sendmsg$nl_route(r4, 0x0, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) r7 = socket$can_bcm(0x1d, 0x2, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000140), 0xc, &(0x7f0000000680)={&(0x7f0000000cc0)={0xb0, r8, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x80000000}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8}]}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4c}]}]}, @TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_BEARER={0x38, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0x11, 0x1, @l2={'eth', 0x3a, 'ip6_vti0\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_MEDIA={0x8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x4}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4c040}, 0x40) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) r10 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r10, &(0x7f0000000000)={0x1d, r9}, 0x10) bind$inet6(r6, &(0x7f0000000600)={0xa, 0x0, 0x7ff, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}, 0x1c) setsockopt$CAN_RAW_FILTER(r10, 0x65, 0x1, &(0x7f0000000040)=[{}, {}], 0x10) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x4888, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r9}}, 0x24}}, 0x0) 2.700454825s ago: executing program 0 (id=947): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000140)={'gre0\x00', &(0x7f0000000380)={'gre0\x00', 0x0, 0x10, 0x20, 0x800, 0x7f, {{0x9, 0x4, 0x1, 0x1, 0x24, 0x66, 0x0, 0x0, 0x2f, 0x0, @remote, @broadcast, {[@rr={0x7, 0xf, 0x27, [@rand_addr=0x64010100, @multicast1, @private=0xa010101]}]}}}}}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0xf000) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x0, 0x5, 0x7f, 0x0, 0x41, 0xffffffffffffffff, 0x40, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5}, 0x48) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1}, 0x48) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x20, 0x1ff, 0x23, 0x20000000, 0x822, 0xffffffffffffffff, 0x800, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x2}, 0x48) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000940)={0x6, 0x5, &(0x7f0000000080)=@raw=[@cb_func={0x18, 0x1, 0x4, 0x0, 0xdc6e}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @alu={0x4, 0x1, 0x9, 0xb, 0xb, 0x40, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}], &(0x7f00000000c0)='GPL\x00', 0x8, 0x36, &(0x7f0000000100)=""/54, 0x40f00, 0x10, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000540)={0x1, 0x0, 0x5, 0x6}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000580)=[r3, r4, r5, r6], &(0x7f00000008c0)=[{0x5, 0x4, 0x4, 0x4}, {0x2, 0x3, 0xd, 0x4}, {0x0, 0x4, 0xd, 0xb}, {0x3, 0x1, 0x9, 0xb}, {0x2, 0x4, 0x9, 0x8}, {0x2, 0x3, 0x1, 0x3}], 0x10, 0x7}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x4000000, 0x3c, 0x72, &(0x7f0000000040)="976d9023d56482cd284a63da539706d7009be646625bd75b025352ebe557df463106baeed6c2d75549b140f143fb8bb67bfe5b308b8d05758115c7ad", &(0x7f0000000180)=""/114, 0x0, 0x0, 0x6c, 0xc4, &(0x7f0000000400)="cf2240e6919817e49555d221b4e6c6ba11c4d974ddab2318db7b52cee499399a00be4b71119246d7bca28cc8346eb84414e45f3f4633f4acb77bf8cc38c4c16fe035905db79cdc0be634a915662c4cac58ae94706f86ea320f339c21399b5bb7607044916c63c528ab414971", &(0x7f0000000280)="bf049fd184f7b03c21d9bcddc4eef9ebb6a0da3eb91c56454e873dd7336ccf21a1eeb8da7adf80d6e06ef46c7f36222fadaed2103c286468b3f44adee51445bd1bedf8fcc1c0b9fdc8b3829b1bf0c9d2d409cdecb12ad033e299c029331993ae9760345bf7feb91ee96b0eee19454ad3dbce5019b68c114ff1921a9b4665744c7784ac6736101a70592d83c448a84c31ec60bb901d96ea99471d823ee523318878ee704a8d9502b566cad45587cb74ea8259c1c0a926fc09499395b2db5af40bb6f4c526", 0x0, 0x8000}, 0x50) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000680)=r7, 0x4) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000006c0), r1) sendmsg$IEEE802154_ADD_IFACE(r8, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x28, r9, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x28}}, 0x0) 2.562772027s ago: executing program 0 (id=949): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="cbceb2e078bd4338bc12f9d1ab20a503709b03cfc22e6432576b01d6eb78653c640aa8bc2dfd495c0000877d3c33758511911fd3855be1c67da6517819162c6d750eb234d3c75183ae90e817b113e9ecf9d055635d17810e1768eafce9ea7c6ede7d9a2a43cf856d2bef4899ab8cb24bf9d4f4295fe78006aacdb6ed7ba08ac5087e49a6fe74f469046c72cea25522471ca9e4b4143a738930bf3aa85a56fee068cfca2073d0c5f71f4b9b48da5443ffa3eb6e27656b9bcdc7838a996b57ee3ac0365e53e309e219496734d7b0b708b893d305f3a90600ff2b74cde13b6f67e560d0cd74ea83b29163d1e66e5a34acce6461d3d77be49c85c3dcf3e5f13a863ef557e7a1d4c57a8c0baa3e1afd293b3bc91524b92db57daa7eee2a89a43dc59e3d5e9f6ed6574e6d8922a1570000000000"], 0x14}}, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet_tcp_int(r1, 0x6, 0x1b, &(0x7f0000000080)=0x3, 0x17) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x4e20, @broadcast}, 0x10) ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000140)) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x31}}, 0x10) bind$netlink(0xffffffffffffffff, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r2, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000a00)={0x14, 0x3, 0x1, 0x101}, 0x14}}, 0x0) recvfrom(r2, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000001e40)='syz0\x00', 0x1ff) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000280), 0x9) 2.504644283s ago: executing program 1 (id=950): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) unshare(0x22020600) setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4) sendmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@cred={{0x1c}}], 0x20}, 0x0) poll(&(0x7f0000000040), 0x55, 0x500) 2.261564346s ago: executing program 2 (id=951): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000000c0)="5c00000015006b05c84e21000ab16d6e230675f803000000440002005817d30461bc24eeb556a705251e6182149a36c23d3b48dfd8cdbf9367b098fa51f60a64c9f408000000e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 2.260842047s ago: executing program 2 (id=952): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendto(0xffffffffffffffff, &(0x7f0000000600)="78f01fdd318b3d303d0d32d4c0c82be8c1c2cb3ba95bdfe21be037ee42bd8eb4459e4b2a0faa334b41b1c8924bee84548e169ac08c55ff8e2e5ef42003e755a0d716e7824aa2a96b03f3172cfe5e991de0866ac3a573e9675c74165a777e98", 0x5f, 0x80, &(0x7f0000000680)=@phonet={0x23, 0x81, 0x6, 0x80}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) r3 = socket(0x400000000010, 0x0, 0x0) write(r3, &(0x7f0000000040)="3a03000019002551075c0165ff0ffc02", 0x10) socket(0x10, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@ifindex, 0xffffffffffffffff, 0x0, 0x0, 0x0, @link_id}, 0x20) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) r4 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x54) socket(0xa, 0x5, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$MRT_TABLE(0xffffffffffffffff, 0x0, 0x6, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0x60, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x2c, 0x2, [@TCA_FQ_CODEL_LIMIT={0x8}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x1}, @TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x5}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x2e, 0xb, 0x44}, @TCA_FQ_CODEL_TARGET={0x8}]}}]}, 0x60}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@broadcast, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {0x1000}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @void, @val={0x1, 0x5, [{0x2}, {}, {0xb, 0x1}, {0x0, 0x1}, {0xc}]}, @void, @val={0x4, 0x6, {0x5, 0x40, 0x7}}, @void, @void, @void, @void}, 0x33) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) 2.207934479s ago: executing program 1 (id=953): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendto(0xffffffffffffffff, &(0x7f0000000600)="78f01fdd318b3d303d0d32d4c0c82be8c1c2cb3ba95bdfe21be037ee42bd8eb4459e4b2a0faa334b41b1c8924bee84548e169ac08c55ff8e2e5ef42003e755a0d716e7824aa2a96b03f3172cfe5e991de0866ac3a573e9675c74165a777e98", 0x5f, 0x80, &(0x7f0000000680)=@phonet={0x23, 0x81, 0x6, 0x80}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r3 = socket(0x400000000010, 0x0, 0x0) write(r3, &(0x7f0000000040)="3a03000019002551075c0165ff0ffc02", 0x10) socket(0x10, 0x0, 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@ifindex, 0xffffffffffffffff, 0x0, 0x0, 0x0, @link_id}, 0x20) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) r4 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x54) socket(0xa, 0x5, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$MRT_TABLE(0xffffffffffffffff, 0x0, 0x6, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0x60, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x2c, 0x2, [@TCA_FQ_CODEL_LIMIT={0x8}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x1}, @TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x5}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x2e, 0xb, 0x44}, @TCA_FQ_CODEL_TARGET={0x8}]}}]}, 0x60}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@broadcast, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {0x1000}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @void, @val={0x1, 0x5, [{0x2}, {}, {0xb, 0x1}, {0x0, 0x1}, {0xc}]}, @void, @val={0x4, 0x6, {0x5, 0x40, 0x7}}, @void, @void, @void, @void}, 0x33) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) 2.161061467s ago: executing program 0 (id=954): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = syz_init_net_socket$ax25(0x3, 0x5, 0xca) sendto(r2, &(0x7f0000000600)="78f01fdd318b3d303d0d32d4c0c82be8c1c2cb3ba95bdfe21be037ee42bd8eb4459e4b2a0faa334b41b1c8924bee84548e169ac08c55ff8e2e5ef42003e755a0d716e7824aa2a96b03f3172cfe5e991de0866ac3a573e9675c74165a777e98", 0x5f, 0x80, &(0x7f0000000680)=@phonet={0x23, 0x81, 0x6}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) r4 = socket(0x400000000010, 0x0, 0x0) write(r4, &(0x7f0000000040)="3a03000019002551075c0165ff0ffc02", 0x10) socket(0x10, 0x0, 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@ifindex, 0xffffffffffffffff, 0x0, 0x0, 0x0, @link_id}, 0x20) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) r5 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x54) socket(0xa, 0x5, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$MRT_TABLE(0xffffffffffffffff, 0x0, 0x6, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r6 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0x60, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x2c, 0x2, [@TCA_FQ_CODEL_LIMIT={0x8}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x1}, @TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x5}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x2e, 0xb, 0x44}, @TCA_FQ_CODEL_TARGET={0x8}]}}]}, 0x60}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@broadcast, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {0x1000}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @void, @val={0x1, 0x5, [{0x2}, {}, {0xb, 0x1}, {0x0, 0x1}, {0xc}]}, @void, @val={0x4, 0x6, {0x5, 0x40, 0x7}}, @void, @void, @void, @void}, 0x33) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) 1.729488781s ago: executing program 3 (id=955): r0 = socket$kcm(0xa, 0x2, 0x73) sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @multicast2}, 0x3c, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0x1000}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71", 0x33}], 0x2, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x34}}, @ip_tos_u8={{0x18, 0x29, 0x4}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @remote}}}], 0x14}, 0x0) (async) sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @multicast2}, 0x3c, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0x1000}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71", 0x33}], 0x2, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x34}}, @ip_tos_u8={{0x18, 0x29, 0x4}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @remote}}}], 0x14}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="270400000900000000fcc70000000000"], 0x18}}, 0x0) 1.656311903s ago: executing program 3 (id=956): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x12, &(0x7f0000000580)={&(0x7f0000000340)=@newlink={0x48, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}, @IFLA_VLAN_FLAGS={0xc}]}}}]}, 0x48}}, 0x0) 1.655874606s ago: executing program 3 (id=957): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x80a, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000040)) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=r2, @ANYBLOB="00000000000000001400128009000100052ba4af5d29d509040002800c001a80080002"], 0x40}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) socket(0x11, 0x80a, 0x0) (async) ioctl$sock_inet_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000040)) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00'}) (async) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=r2, @ANYBLOB="00000000000000001400128009000100052ba4af5d29d509040002800c001a80080002"], 0x40}}, 0x0) (async) 1.620336613s ago: executing program 4 (id=221): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000400000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x9b) 789.923499ms ago: executing program 0 (id=958): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e"], 0x70}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) (fail_nth: 26) 789.140587ms ago: executing program 1 (id=959): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) socketpair$nbd(0x1, 0x1, 0x0, 0x0) (async) close(0xffffffffffffffff) (async) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000140)={@remote}, 0x20) (async) syz_emit_ethernet(0x4a, &(0x7f00000014c0)=ANY=[@ANYBLOB], 0x0) (async) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) (async) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000006c0)={&(0x7f0000000500)=ANY=[], 0x0, 0x91}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0xfeffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000000740)={0x10, 0x0, 0x0, 0x200}, 0xc) (async) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r3, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) (async) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_DEV(r4, &(0x7f0000000680)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x14}, 0x14}}, 0x0) (async) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) (async) listen(0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000005001700fa0008000300", @ANYRES32=r7, @ANYBLOB="4800308014000400403a050c5bae9c544ef2b6d713459a7a2800018008000100000000001c000380060001000000000008000200020000000800020002000000050002"], 0x64}}, 0x0) 784.629756ms ago: executing program 2 (id=960): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x60, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8}}, @IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x60}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x4, 0xffff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0x4, 0x0, 0x0, 0x41100, 0x61, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x0, 0xfffffffd, @mcast1, 0x9}, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @in={0x2, 0x0, @local}, @in6={0xa, 0x4e24, 0x401, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x80}], 0x64) r2 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) gettid() sendmsg$nl_route(r4, 0x0, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) r7 = socket$can_bcm(0x1d, 0x2, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000140), 0xc, &(0x7f0000000680)={&(0x7f0000000cc0)={0xb0, r8, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x80000000}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8}]}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4c}]}]}, @TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_BEARER={0x38, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0x11, 0x1, @l2={'eth', 0x3a, 'ip6_vti0\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_MEDIA={0x8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x4}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4c040}, 0x40) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) r10 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r10, &(0x7f0000000000)={0x1d, r9}, 0x10) bind$inet6(r6, &(0x7f0000000600)={0xa, 0x0, 0x7ff, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}, 0x1c) setsockopt$CAN_RAW_FILTER(r10, 0x65, 0x1, &(0x7f0000000040)=[{}, {}], 0x10) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x4888, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r9}}, 0x24}}, 0x0) 783.611482ms ago: executing program 3 (id=961): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000780)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x28}, @printk={@llx}]}, &(0x7f0000000080)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x3000, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 476.806463ms ago: executing program 3 (id=962): r0 = socket$inet6(0xa, 0x6, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x4, 0x358, 0xffffffff, 0x110, 0x1e0, 0x0, 0xffffffff, 0xffffffff, 0x340, 0x340, 0x340, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "790d4f053ac830c68008c5ea5cf666f0e6aaf3d093b738359174aead424e"}}}, {{@ipv6={@mcast2, @mcast1, [], [], 'bridge_slave_1\x00', 'wlan1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}, {{@ipv6={@local, @mcast1, [], [], 'team0\x00', 'veth1_to_team\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffb}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b8) (fail_nth: 4) 471.716694ms ago: executing program 1 (id=963): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x46, &(0x7f0000000180)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000240)=0x10) socket$inet_sctp(0x2, 0x5, 0x84) socket$inet(0x2, 0x80001, 0x84) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2}, 0x48) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$team(&(0x7f0000000080), r3) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xf, 0x20, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8f0, 0x0, 0x0, 0x0, 0x9}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}, @map_fd={0x18, 0x4, 0x1, 0x0, r2}, @jmp={0x5, 0x0, 0xc, 0x9, 0x7, 0x0, 0x1}, @exit, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x6}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2dc7}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x90) 394.791872ms ago: executing program 0 (id=964): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x30, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc}]}]}, 0x30}}, 0x0) (fail_nth: 7) 0s ago: executing program 3 (id=965): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x48) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10, 0x0}, 0x0) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x48) r2 = socket(0x2, 0x80802, 0x0) r3 = epoll_create1(0x0) epoll_pwait(r3, &(0x7f00000001c0)=[{}], 0x1, 0xc79, &(0x7f0000000240)={[0x2]}, 0x8) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x2001}) epoll_pwait(r3, &(0x7f00000002c0)=[{}, {}, {}, {}, {}], 0x5, 0x8, &(0x7f0000000300)={[0x9]}, 0x8) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f00000000c0), &(0x7f0000000000)=""/8, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f0000000140)='P', &(0x7f0000000000)=""/8, 0x2}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000b00)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x20000000}, {0x85, 0x0, 0x0, 0x72}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) kernel console output (not intermixed with test programs): e+0x10/0x10 [ 136.342303][ T7676] ? sanity_check_pinned_pages+0x12c2/0x13c0 [ 136.348457][ T7676] ? gup_fast_fallback+0x220d/0x2b40 [ 136.353784][ T7676] gup_fast_fallback+0x2732/0x2b40 [ 136.358942][ T7676] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 136.364960][ T7676] ? __pfx_gup_fast_fallback+0x10/0x10 [ 136.370454][ T7676] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 136.376447][ T7676] ? __pfx___schedule+0x10/0x10 [ 136.381297][ T7676] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 136.387284][ T7676] ? is_valid_gup_args+0x124/0x200 [ 136.392391][ T7676] pin_user_pages_fast+0xcc/0x160 [ 136.397413][ T7676] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 136.403084][ T7676] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 136.409806][ T7676] iov_iter_extract_pages+0x3db/0x720 [ 136.415205][ T7676] extract_iter_to_sg+0x890/0x22b0 [ 136.420342][ T7676] ? __pfx_extract_iter_to_sg+0x10/0x10 [ 136.426451][ T7676] ? unpin_user_page+0xe0/0x1e0 [ 136.431315][ T7676] ? __pfx_unpin_user_page+0x10/0x10 [ 136.436620][ T7676] ? __local_bh_enable_ip+0x168/0x200 [ 136.442336][ T7676] ? __asan_memset+0x23/0x50 [ 136.446920][ T7676] ? __asan_memset+0x23/0x50 [ 136.452137][ T7676] hash_sendmsg+0x513/0x1110 [ 136.456760][ T7676] ? __pfx_hash_sendmsg+0x10/0x10 [ 136.461779][ T7676] __sock_sendmsg+0x221/0x270 [ 136.466462][ T7676] __sys_sendto+0x3a4/0x4f0 [ 136.470987][ T7676] ? __pfx___sys_sendto+0x10/0x10 [ 136.476025][ T7676] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 136.482003][ T7676] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 136.488332][ T7676] __x64_sys_sendto+0xde/0x100 [ 136.493096][ T7676] do_syscall_64+0xf3/0x230 [ 136.497601][ T7676] ? clear_bhb_loop+0x35/0x90 [ 136.502271][ T7676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.509032][ T7676] RIP: 0033:0x7fd266f75b99 [ 136.514086][ T7676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.534578][ T7676] RSP: 002b:00007fd267de8048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 136.543316][ T7676] RAX: ffffffffffffffda RBX: 00007fd267103f60 RCX: 00007fd266f75b99 [ 136.551312][ T7676] RDX: fffffffffffffe20 RSI: 00000000200002c0 RDI: 0000000000000004 [ 136.559311][ T7676] RBP: 00007fd267de80a0 R08: 0000000000000000 R09: 0000000000000000 [ 136.567296][ T7676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.575808][ T7676] R13: 000000000000000b R14: 00007fd267103f60 R15: 00007ffd8238a308 [ 136.583822][ T7676] [ 136.605379][ T5101] Bluetooth: hci1: command tx timeout [ 136.700505][ T7450] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 136.737432][ T7450] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 136.790515][ T7450] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 136.844899][ T7684] netlink: 12 bytes leftover after parsing attributes in process `syz.3.654'. [ 136.893427][ T7651] chnl_net:caif_netlink_parms(): no params data found [ 136.905810][ T7450] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 136.945635][ T7685] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 137.109600][ T7688] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 137.136664][ T7694] netlink: 16 bytes leftover after parsing attributes in process `syz.2.653'. [ 137.176096][ T7688] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 137.399436][ T5101] Bluetooth: hci0: command tx timeout [ 137.412208][ T2817] dvmrp0 (unregistering): left allmulticast mode [ 137.573054][ T2817] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 137.588094][ T2817] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 137.603966][ T2817] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 137.616656][ T2817] bond0 (unregistering): Released all slaves [ 137.725505][ T7714] FAULT_INJECTION: forcing a failure. [ 137.725505][ T7714] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 137.739273][ T7714] CPU: 0 PID: 7714 Comm: syz.3.658 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 137.749548][ T7714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 137.759639][ T7714] Call Trace: [ 137.762925][ T7714] [ 137.766046][ T7714] dump_stack_lvl+0x241/0x360 [ 137.770744][ T7714] ? __pfx_dump_stack_lvl+0x10/0x10 [ 137.775942][ T7714] ? __pfx__printk+0x10/0x10 [ 137.780606][ T7714] ? __pfx_lock_release+0x10/0x10 [ 137.785651][ T7714] ? rcu_is_watching+0x15/0xb0 [ 137.790449][ T7714] should_fail_ex+0x3b0/0x4e0 [ 137.795153][ T7714] _copy_from_iter+0x1f6/0x1960 [ 137.800043][ T7714] ? alloc_pages_mpol_noprof+0x417/0x680 [ 137.805686][ T7714] ? __pfx__copy_from_iter+0x10/0x10 [ 137.810984][ T7714] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 137.817083][ T7714] ? alloc_pages_noprof+0xef/0x170 [ 137.822906][ T7714] ? page_copy_sane+0x46/0x260 [ 137.827682][ T7714] copy_page_from_iter+0x7a/0x100 [ 137.832747][ T7714] tun_get_user+0x1f48/0x4560 [ 137.837441][ T7714] ? tun_get_user+0x84c/0x4560 [ 137.842254][ T7714] ? __pfx_tun_get_user+0x10/0x10 [ 137.847288][ T7714] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 137.852747][ T7714] ? tun_get+0x1e/0x2f0 [ 137.856938][ T7714] ? tun_get+0x1e/0x2f0 [ 137.861107][ T7714] ? tun_get+0x27d/0x2f0 [ 137.865432][ T7714] tun_chr_write_iter+0x113/0x1f0 [ 137.870484][ T7714] vfs_write+0xa72/0xc90 [ 137.874795][ T7714] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 137.880352][ T7714] ? __pfx_vfs_write+0x10/0x10 [ 137.885153][ T7714] ksys_write+0x1a0/0x2c0 [ 137.889510][ T7714] ? __pfx_ksys_write+0x10/0x10 [ 137.894363][ T7714] ? do_syscall_64+0x100/0x230 [ 137.899215][ T7714] ? do_syscall_64+0xb6/0x230 [ 137.903899][ T7714] do_syscall_64+0xf3/0x230 [ 137.908462][ T7714] ? clear_bhb_loop+0x35/0x90 [ 137.913134][ T7714] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.919025][ T7714] RIP: 0033:0x7fd266f7471f [ 137.923539][ T7714] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 137.943259][ T7714] RSP: 002b:00007fd267de8010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 137.951719][ T7714] RAX: ffffffffffffffda RBX: 00007fd267103f60 RCX: 00007fd266f7471f [ 137.959786][ T7714] RDX: 00000000000000ae RSI: 0000000020000080 RDI: 00000000000000c8 [ 137.967961][ T7714] RBP: 00007fd267de80a0 R08: 0000000000000000 R09: 0000000000000000 [ 137.975953][ T7714] R10: 00000000000000ae R11: 0000000000000293 R12: 0000000000000001 [ 137.983918][ T7714] R13: 000000000000000b R14: 00007fd267103f60 R15: 00007ffd8238a308 [ 137.991916][ T7714] [ 138.042677][ T7651] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.082341][ T7651] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.102597][ T7651] bridge_slave_0: entered allmulticast mode [ 138.125006][ T7651] bridge_slave_0: entered promiscuous mode [ 138.144974][ T7651] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.167761][ T7651] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.187726][ T7651] bridge_slave_1: entered allmulticast mode [ 138.208695][ T7651] bridge_slave_1: entered promiscuous mode [ 138.401394][ T7724] netlink: 'syz.3.661': attribute type 10 has an invalid length. [ 138.439974][ T7724] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 138.488209][ T7651] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 138.531511][ T7651] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 138.638767][ T7742] netlink: 44 bytes leftover after parsing attributes in process `syz.3.666'. [ 138.653798][ T7743] netlink: 44 bytes leftover after parsing attributes in process `syz.3.666'. [ 138.687856][ T5101] Bluetooth: hci1: command tx timeout [ 138.953449][ T7651] team0: Port device team_slave_0 added [ 139.221797][ T7771] netlink: 4 bytes leftover after parsing attributes in process `syz.1.669'. [ 139.249286][ T7651] team0: Port device team_slave_1 added [ 139.263718][ T7751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 139.309589][ T7759] bridge0: port 3(team0) entered disabled state [ 139.317300][ T7759] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.324970][ T7759] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.342138][ T7769] netlink: 16 bytes leftover after parsing attributes in process `syz.3.668'. [ 139.399326][ T7651] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 139.416150][ T7651] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.450352][ T7651] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 139.472193][ T7651] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 139.480858][ T7651] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.507338][ T5101] Bluetooth: hci0: command tx timeout [ 139.522647][ T7651] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 139.563185][ T2817] hsr_slave_0: left promiscuous mode [ 139.582372][ T2817] hsr_slave_1: left promiscuous mode [ 139.592173][ T2817] batman_adv: batadv0: Removing interface: team0 [ 139.600754][ T2817] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 139.609415][ T2817] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 139.623422][ T2817] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 139.633923][ T2817] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 139.676772][ T2817] veth1_macvtap: left promiscuous mode [ 139.693363][ T2817] veth1_vlan: left promiscuous mode [ 139.701730][ T2817] veth0_vlan: left promiscuous mode [ 140.099979][ T7796] netlink: 'syz.2.674': attribute type 11 has an invalid length. [ 140.128889][ T7796] netlink: 8 bytes leftover after parsing attributes in process `syz.2.674'. [ 140.725146][ T2817] team0 (unregistering): Port device team_slave_1 removed [ 140.801142][ T2817] team0 (unregistering): Port device team_slave_0 removed [ 141.371629][ T7834] netlink: 'syz.2.676': attribute type 10 has an invalid length. [ 141.400306][ T7834] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 141.408097][ T7834] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 141.416318][ T7834] team0: Port device netdevsim0 added [ 141.461449][ T7836] netlink: 'syz.2.676': attribute type 10 has an invalid length. [ 141.513399][ T7836] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 141.526365][ T7836] netdevsim netdevsim2 netdevsim0: left allmulticast mode [ 141.548571][ T7836] team0: Port device netdevsim0 removed [ 141.557362][ T5101] Bluetooth: hci0: command tx timeout [ 141.559739][ T7836] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 141.596383][ T7651] hsr_slave_0: entered promiscuous mode [ 141.609067][ T7651] hsr_slave_1: entered promiscuous mode [ 141.616213][ T7834] netlink: 'syz.2.676': attribute type 39 has an invalid length. [ 141.682542][ T7450] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.814131][ T7450] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.881019][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.888258][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.030241][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.037444][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.139468][ T2817] IPVS: stop unused estimator thread 0... [ 142.287120][ T7870] netlink: 16 bytes leftover after parsing attributes in process `syz.1.682'. [ 142.392753][ T7856] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 142.822482][ T7450] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.882199][ T7651] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 142.901829][ T7651] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 142.919148][ T7651] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 142.944393][ T7651] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 143.044325][ T7903] netlink: 16 bytes leftover after parsing attributes in process `syz.3.688'. [ 143.076289][ T7896] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 143.153774][ T7899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 143.192298][ T7906] netlink: 16 bytes leftover after parsing attributes in process `syz.1.689'. [ 143.228230][ T7906] netlink: 16 bytes leftover after parsing attributes in process `syz.1.689'. [ 143.242480][ T7906] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 143.264306][ T7906] (unnamed net_device) (uninitialized): option arp_validate: invalid value (103) [ 143.310123][ T7651] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.369478][ T7651] 8021q: adding VLAN 0 to HW filter on device team0 [ 143.396485][ T5140] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.403713][ T5140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 143.415602][ T5140] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.422948][ T5140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 143.481394][ T7450] veth0_vlan: entered promiscuous mode [ 143.536185][ T7450] veth1_vlan: entered promiscuous mode [ 143.602392][ T7926] netlink: 'syz.1.694': attribute type 84 has an invalid length. [ 143.635672][ T7450] veth0_macvtap: entered promiscuous mode [ 143.637358][ T5101] Bluetooth: hci0: command tx timeout [ 143.676995][ T7450] veth1_macvtap: entered promiscuous mode [ 143.741237][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.781807][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.813334][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.835563][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.846583][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.857852][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.870837][ T7450] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 143.896196][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.906967][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.922896][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.934287][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.944668][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.955652][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.975368][ T7450] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 144.049718][ T7450] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.081009][ T7450] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.097871][ T7450] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.115272][ T7450] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.136506][ T7941] netlink: 16 bytes leftover after parsing attributes in process `syz.3.698'. [ 144.175726][ T7941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 144.186771][ T7953] netlink: 16 bytes leftover after parsing attributes in process `syz.2.701'. [ 144.244917][ T7651] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 144.344811][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 144.361615][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 144.385426][ T7651] veth0_vlan: entered promiscuous mode [ 144.392860][ T7956] FAULT_INJECTION: forcing a failure. [ 144.392860][ T7956] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 144.406891][ T7956] CPU: 1 PID: 7956 Comm: syz.1.702 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 144.416910][ T7956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 144.426981][ T7956] Call Trace: [ 144.430261][ T7956] [ 144.433186][ T7956] dump_stack_lvl+0x241/0x360 [ 144.437865][ T7956] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.443059][ T7956] ? __pfx__printk+0x10/0x10 [ 144.447670][ T7956] should_fail_ex+0x3b0/0x4e0 [ 144.452372][ T7956] _copy_from_user+0x2f/0xe0 [ 144.456973][ T7956] copy_from_sockptr+0x62/0xa0 [ 144.461741][ T7956] packet_setsockopt+0xb3c/0x1970 [ 144.466761][ T7956] ? __pfx___might_resched+0x10/0x10 [ 144.472047][ T7956] ? __pfx_packet_setsockopt+0x10/0x10 [ 144.477513][ T7956] ? aa_sk_perm+0x967/0xab0 [ 144.482018][ T7956] ? __pfx_aa_sk_perm+0x10/0x10 [ 144.486865][ T7956] ? __pfx_lock_acquire+0x10/0x10 [ 144.491888][ T7956] ? aa_sock_opt_perm+0x79/0x120 [ 144.496860][ T7956] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 144.502397][ T7956] ? security_socket_setsockopt+0x87/0xb0 [ 144.508114][ T7956] ? __pfx_packet_setsockopt+0x10/0x10 [ 144.513578][ T7956] do_sock_setsockopt+0x3af/0x720 [ 144.518605][ T7956] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 144.524144][ T7956] ? __fget_files+0x29/0x470 [ 144.528737][ T7956] ? __fget_files+0x3f6/0x470 [ 144.533414][ T7956] __sys_setsockopt+0x1ae/0x250 [ 144.538280][ T7956] __x64_sys_setsockopt+0xb5/0xd0 [ 144.543321][ T7956] do_syscall_64+0xf3/0x230 [ 144.547839][ T7956] ? clear_bhb_loop+0x35/0x90 [ 144.552520][ T7956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.558411][ T7956] RIP: 0033:0x7f6d9a575b99 [ 144.562820][ T7956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.582419][ T7956] RSP: 002b:00007f6d9b378048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 144.590829][ T7956] RAX: ffffffffffffffda RBX: 00007f6d9a703f60 RCX: 00007f6d9a575b99 [ 144.598795][ T7956] RDX: 0000000000000005 RSI: 0000000000000107 RDI: 0000000000000003 [ 144.606840][ T7956] RBP: 00007f6d9b3780a0 R08: 000000000000001c R09: 0000000000000000 [ 144.614802][ T7956] R10: 0000000020000540 R11: 0000000000000246 R12: 0000000000000001 [ 144.623024][ T7956] R13: 000000000000000b R14: 00007f6d9a703f60 R15: 00007ffe88bf3288 [ 144.631000][ T7956] [ 144.694315][ T7651] veth1_vlan: entered promiscuous mode [ 144.708934][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 144.724873][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 144.822434][ T7651] veth0_macvtap: entered promiscuous mode [ 144.905032][ T7962] ip_vti0: entered promiscuous mode [ 144.914302][ T7962] vlan2: entered promiscuous mode [ 144.925125][ T7962] ip_vti0: left promiscuous mode [ 144.954056][ T7651] veth1_macvtap: entered promiscuous mode [ 144.988514][ T7651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 145.008381][ T7651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.026961][ T7651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 145.038556][ T7651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.057371][ T7651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 145.079133][ T7651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.101615][ T7651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 145.115325][ T7651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.132850][ T7973] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 145.135638][ T7651] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 145.166706][ T7968] netlink: 16 bytes leftover after parsing attributes in process `syz.1.707'. [ 145.196435][ T7651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.211627][ T7651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.228178][ T7968] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 145.242257][ T7651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.256880][ T7651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.277547][ T7651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.286216][ T7980] netlink: 16 bytes leftover after parsing attributes in process `syz.3.712'. [ 145.294962][ T7651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.307395][ T7651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.321564][ T7651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.333443][ T7651] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 145.359675][ T7651] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.369239][ T7651] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.379716][ T7651] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.388994][ T7651] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.514710][ T2817] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.530810][ T2817] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.561599][ T2817] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.570777][ T2817] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.656424][ T7991] Bluetooth: hci3: invalid length 0, exp 2 for type 22 [ 145.713269][ T7997] netlink: 8 bytes leftover after parsing attributes in process `syz.0.717'. [ 145.759014][ T8000] Bluetooth: MGMT ver 1.22 [ 145.895104][ T2419] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.712235][ T2419] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.768994][ T8018] netlink: 16 bytes leftover after parsing attributes in process `syz.3.721'. [ 146.780923][ T8010] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 146.821469][ T2419] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.841919][ T8010] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 146.853538][ T5090] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 146.863704][ T5090] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 146.872054][ T5090] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 146.883164][ T5090] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 146.903146][ T5090] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 146.913337][ T5090] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 146.923737][ T2419] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.951904][ T8020] netlink: 'syz.0.723': attribute type 29 has an invalid length. [ 146.974167][ T8020] netlink: 'syz.0.723': attribute type 29 has an invalid length. [ 146.985274][ T8020] netlink: 'syz.0.723': attribute type 29 has an invalid length. [ 147.008327][ T8020] netlink: 'syz.0.723': attribute type 29 has an invalid length. [ 147.016903][ T8020] netlink: 'syz.0.723': attribute type 29 has an invalid length. [ 147.035869][ T8020] unsupported nlmsg_type 40 [ 147.052395][ T8020] xt_l2tp: missing protocol rule (udp|l2tpip) [ 147.146386][ T2419] bridge_slave_1: left allmulticast mode [ 147.152315][ T2419] bridge_slave_1: left promiscuous mode [ 147.159047][ T2419] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.170823][ T2419] bridge_slave_0: left allmulticast mode [ 147.176688][ T2419] bridge_slave_0: left promiscuous mode [ 147.183478][ T2419] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.584651][ T8046] FAULT_INJECTION: forcing a failure. [ 147.584651][ T8046] name failslab, interval 1, probability 0, space 0, times 0 [ 147.597818][ T8046] CPU: 0 PID: 8046 Comm: syz.1.729 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 147.607830][ T8046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 147.617903][ T8046] Call Trace: [ 147.621203][ T8046] [ 147.624139][ T8046] dump_stack_lvl+0x241/0x360 [ 147.628813][ T8046] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.634004][ T8046] ? __pfx__printk+0x10/0x10 [ 147.638586][ T8046] ? netlink_insert+0x10b7/0x14b0 [ 147.643601][ T8046] should_fail_ex+0x3b0/0x4e0 [ 147.648268][ T8046] ? __alloc_skb+0x1c3/0x440 [ 147.652849][ T8046] should_failslab+0x9/0x20 [ 147.657365][ T8046] kmem_cache_alloc_node_noprof+0x71/0x320 [ 147.663195][ T8046] __alloc_skb+0x1c3/0x440 [ 147.667612][ T8046] ? __pfx___alloc_skb+0x10/0x10 [ 147.672541][ T8046] ? netlink_autobind+0xd6/0x2f0 [ 147.677472][ T8046] ? netlink_autobind+0x2b0/0x2f0 [ 147.682491][ T8046] netlink_sendmsg+0x631/0xcb0 [ 147.687253][ T8046] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.692534][ T8046] ? __import_iovec+0x536/0x820 [ 147.697369][ T8046] ? aa_sock_msg_perm+0x91/0x160 [ 147.702311][ T8046] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 147.707590][ T8046] ? security_socket_sendmsg+0x87/0xb0 [ 147.713053][ T8046] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.718329][ T8046] __sock_sendmsg+0x221/0x270 [ 147.723001][ T8046] ____sys_sendmsg+0x525/0x7d0 [ 147.727763][ T8046] ? __pfx_____sys_sendmsg+0x10/0x10 [ 147.733054][ T8046] __sys_sendmsg+0x2b0/0x3a0 [ 147.737637][ T8046] ? __pfx___sys_sendmsg+0x10/0x10 [ 147.742734][ T8046] ? vfs_write+0x7c4/0xc90 [ 147.747169][ T8046] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 147.753488][ T8046] ? do_syscall_64+0x100/0x230 [ 147.758249][ T8046] ? do_syscall_64+0xb6/0x230 [ 147.762923][ T8046] do_syscall_64+0xf3/0x230 [ 147.767424][ T8046] ? clear_bhb_loop+0x35/0x90 [ 147.772093][ T8046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.777984][ T8046] RIP: 0033:0x7f6d9a575b99 [ 147.782397][ T8046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.801991][ T8046] RSP: 002b:00007f6d9b378048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 147.810400][ T8046] RAX: ffffffffffffffda RBX: 00007f6d9a703f60 RCX: 00007f6d9a575b99 [ 147.818367][ T8046] RDX: 0000000000000000 RSI: 00000000200005c0 RDI: 0000000000000003 [ 147.826326][ T8046] RBP: 00007f6d9b3780a0 R08: 0000000000000000 R09: 0000000000000000 [ 147.834295][ T8046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 147.842251][ T8046] R13: 000000000000000b R14: 00007f6d9a703f60 R15: 00007ffe88bf3288 [ 147.850231][ T8046] [ 147.861769][ T5101] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 147.870919][ T5101] Bluetooth: hci0: command 0x0c1a tx timeout [ 147.926645][ T2419] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 147.941481][ T2419] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 147.954095][ T2419] bond0 (unregistering): Released all slaves [ 147.984743][ T8037] bond0: (slave netdevsim0): Releasing backup interface [ 148.003271][ T8037] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 148.239826][ T8053] __nla_validate_parse: 1 callbacks suppressed [ 148.239846][ T8053] netlink: 16 bytes leftover after parsing attributes in process `syz.1.730'. [ 148.269781][ T8052] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 148.364666][ T8052] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 148.447767][ T2419] hsr_slave_0: left promiscuous mode [ 148.470616][ T2419] hsr_slave_1: left promiscuous mode [ 148.472535][ T8071] Cannot find add_set index 0 as target [ 148.494138][ T2419] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 148.501795][ T2419] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 148.523839][ T2419] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 148.533335][ T2419] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 148.569210][ T2419] veth1_macvtap: left promiscuous mode [ 148.575235][ T2419] veth0_macvtap: left promiscuous mode [ 148.582094][ T2419] veth1_vlan: left promiscuous mode [ 148.588740][ T2419] veth0_vlan: left promiscuous mode [ 148.773646][ T8080] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 148.860133][ T8090] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 148.997787][ T5101] Bluetooth: hci1: command tx timeout [ 149.030518][ T8096] netlink: 8 bytes leftover after parsing attributes in process `syz.1.739'. [ 149.040784][ T8096] FAULT_INJECTION: forcing a failure. [ 149.040784][ T8096] name failslab, interval 1, probability 0, space 0, times 0 [ 149.058011][ T8096] CPU: 1 PID: 8096 Comm: syz.1.739 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 149.068037][ T8096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 149.078122][ T8096] Call Trace: [ 149.081421][ T8096] [ 149.084362][ T8096] dump_stack_lvl+0x241/0x360 [ 149.089064][ T8096] ? __pfx_dump_stack_lvl+0x10/0x10 [ 149.094271][ T8096] ? __pfx__printk+0x10/0x10 [ 149.098880][ T8096] should_fail_ex+0x3b0/0x4e0 [ 149.103544][ T8096] ? __alloc_skb+0x1c3/0x440 [ 149.108137][ T8096] should_failslab+0x9/0x20 [ 149.112667][ T8096] kmem_cache_alloc_node_noprof+0x71/0x320 [ 149.118477][ T8096] __alloc_skb+0x1c3/0x440 [ 149.122892][ T8096] ? __pfx___alloc_skb+0x10/0x10 [ 149.127821][ T8096] ? nla_policy_len+0x320/0x330 [ 149.132667][ T8096] netlbl_mgmt_listdef+0xa7/0x530 [ 149.137694][ T8096] genl_rcv_msg+0xb14/0xec0 [ 149.142185][ T8096] ? mark_lock+0x9a/0x350 [ 149.146511][ T8096] ? __pfx_genl_rcv_msg+0x10/0x10 [ 149.151546][ T8096] ? __pfx_lock_acquire+0x10/0x10 [ 149.156562][ T8096] ? __pfx_netlbl_mgmt_listdef+0x10/0x10 [ 149.162213][ T8096] ? __pfx___might_resched+0x10/0x10 [ 149.167512][ T8096] netlink_rcv_skb+0x1e3/0x430 [ 149.172280][ T8096] ? __pfx_genl_rcv_msg+0x10/0x10 [ 149.177308][ T8096] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 149.182623][ T8096] genl_rcv+0x28/0x40 [ 149.186596][ T8096] netlink_unicast+0x7ea/0x980 [ 149.191363][ T8096] ? __pfx_netlink_unicast+0x10/0x10 [ 149.196664][ T8096] ? __virt_addr_valid+0x183/0x520 [ 149.201771][ T8096] ? __check_object_size+0x49c/0x900 [ 149.207053][ T8096] ? bpf_lsm_netlink_send+0x9/0x10 [ 149.212164][ T8096] netlink_sendmsg+0x8db/0xcb0 [ 149.216931][ T8096] ? __pfx_netlink_sendmsg+0x10/0x10 [ 149.222209][ T8096] ? __import_iovec+0x536/0x820 [ 149.227054][ T8096] ? aa_sock_msg_perm+0x91/0x160 [ 149.231988][ T8096] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 149.237313][ T8096] ? security_socket_sendmsg+0x87/0xb0 [ 149.242773][ T8096] ? __pfx_netlink_sendmsg+0x10/0x10 [ 149.248060][ T8096] __sock_sendmsg+0x221/0x270 [ 149.252737][ T8096] ____sys_sendmsg+0x525/0x7d0 [ 149.257509][ T8096] ? __pfx_____sys_sendmsg+0x10/0x10 [ 149.262799][ T8096] __sys_sendmsg+0x2b0/0x3a0 [ 149.267381][ T8096] ? __pfx___sys_sendmsg+0x10/0x10 [ 149.272492][ T8096] ? vfs_write+0x7c4/0xc90 [ 149.276933][ T8096] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 149.283258][ T8096] ? do_syscall_64+0x100/0x230 [ 149.288024][ T8096] ? do_syscall_64+0xb6/0x230 [ 149.292697][ T8096] do_syscall_64+0xf3/0x230 [ 149.297197][ T8096] ? clear_bhb_loop+0x35/0x90 [ 149.301863][ T8096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.307765][ T8096] RIP: 0033:0x7f6d9a575b99 [ 149.312177][ T8096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.331867][ T8096] RSP: 002b:00007f6d9b378048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 149.340365][ T8096] RAX: ffffffffffffffda RBX: 00007f6d9a703f60 RCX: 00007f6d9a575b99 [ 149.348329][ T8096] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000006 [ 149.356285][ T8096] RBP: 00007f6d9b3780a0 R08: 0000000000000000 R09: 0000000000000000 [ 149.364245][ T8096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.372204][ T8096] R13: 000000000000000b R14: 00007f6d9a703f60 R15: 00007ffe88bf3288 [ 149.380180][ T8096] [ 149.518998][ T2419] team0 (unregistering): Port device team_slave_1 removed [ 149.551455][ T2419] team0 (unregistering): Port device team_slave_0 removed [ 149.889858][ T8083] netlink: 16 bytes leftover after parsing attributes in process `syz.3.736'. [ 149.899230][ T8089] bridge0: entered allmulticast mode [ 149.906215][ T8093] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 149.943302][ T8023] chnl_net:caif_netlink_parms(): no params data found [ 150.046274][ T8101] FAULT_INJECTION: forcing a failure. [ 150.046274][ T8101] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 150.068264][ T8101] CPU: 1 PID: 8101 Comm: syz.0.741 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 150.078299][ T8101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 150.088386][ T8101] Call Trace: [ 150.091689][ T8101] [ 150.094636][ T8101] dump_stack_lvl+0x241/0x360 [ 150.099351][ T8101] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.104590][ T8101] ? __pfx__printk+0x10/0x10 [ 150.109217][ T8101] ? bpf_cgroup_storage_free+0x8f/0xb0 [ 150.114705][ T8101] ? __pfx_lock_release+0x10/0x10 [ 150.119758][ T8101] ? bpf_test_run+0x840/0x910 [ 150.124470][ T8101] should_fail_ex+0x3b0/0x4e0 [ 150.129189][ T8101] _copy_to_user+0x2f/0xb0 [ 150.133635][ T8101] bpf_test_finish+0x593/0x8b0 [ 150.138436][ T8101] ? __might_fault+0xaa/0x120 [ 150.143158][ T8101] ? __pfx_bpf_test_finish+0x10/0x10 [ 150.148479][ T8101] ? _copy_from_user+0xa6/0xe0 [ 150.153272][ T8101] ? bpf_test_init+0x15a/0x180 [ 150.158078][ T8101] bpf_prog_test_run_xdp+0x905/0x11b0 [ 150.163487][ T8101] ? __pfx_lock_release+0x10/0x10 [ 150.168555][ T8101] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 150.174391][ T8101] ? __fget_files+0x29/0x470 [ 150.179010][ T8101] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 150.184823][ T8101] bpf_prog_test_run+0x33a/0x3b0 [ 150.189760][ T8101] __sys_bpf+0x48d/0x810 [ 150.194006][ T8101] ? __pfx___sys_bpf+0x10/0x10 [ 150.198775][ T8101] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 150.204758][ T8101] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 150.211094][ T8101] ? do_syscall_64+0x100/0x230 [ 150.215861][ T8101] __x64_sys_bpf+0x7c/0x90 [ 150.220282][ T8101] do_syscall_64+0xf3/0x230 [ 150.224779][ T8101] ? clear_bhb_loop+0x35/0x90 [ 150.229446][ T8101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.235352][ T8101] RIP: 0033:0x7f1d12175b99 [ 150.239759][ T8101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.259358][ T8101] RSP: 002b:00007f1d12e8d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 150.267764][ T8101] RAX: ffffffffffffffda RBX: 00007f1d12303f60 RCX: 00007f1d12175b99 [ 150.275742][ T8101] RDX: 0000000000000050 RSI: 0000000020000340 RDI: 000000000000000a [ 150.283712][ T8101] RBP: 00007f1d12e8d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 150.291700][ T8101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 150.299663][ T8101] R13: 000000000000000b R14: 00007f1d12303f60 R15: 00007ffcd091a6f8 [ 150.307640][ T8101] [ 150.311011][ T5101] Bluetooth: hci0: command 0x0c1a tx timeout [ 150.321586][ T5090] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 150.372415][ T8023] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.385364][ T8023] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.407746][ T8023] bridge_slave_0: entered allmulticast mode [ 150.421975][ T8023] bridge_slave_0: entered promiscuous mode [ 150.469611][ T8023] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.484473][ T8120] Cannot find add_set index 0 as target [ 150.490639][ T8023] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.507296][ T8023] bridge_slave_1: entered allmulticast mode [ 150.522155][ T8023] bridge_slave_1: entered promiscuous mode [ 150.663747][ T8023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 150.709933][ T8023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 150.782983][ T8023] team0: Port device team_slave_0 added [ 150.806114][ T8023] team0: Port device team_slave_1 added [ 150.878769][ T8023] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 150.896536][ T8023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.926809][ T8023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 150.955423][ T8023] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 150.971785][ T8023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.001115][ T8023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 151.074797][ T8150] netlink: 16 bytes leftover after parsing attributes in process `syz.2.754'. [ 151.083832][ T5101] Bluetooth: hci1: command tx timeout [ 151.110600][ T8144] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 151.151632][ T8023] hsr_slave_0: entered promiscuous mode [ 151.167894][ T8023] hsr_slave_1: entered promiscuous mode [ 151.176128][ T8147] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 151.177565][ T8023] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 151.193847][ T8023] Cannot create hsr debugfs directory [ 151.332342][ T8152] netlink: 16 bytes leftover after parsing attributes in process `syz.3.756'. [ 151.364987][ T8152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 151.458548][ T8156] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 151.476811][ T8167] netlink: 244 bytes leftover after parsing attributes in process `syz.0.762'. [ 151.488758][ T8167] FAULT_INJECTION: forcing a failure. [ 151.488758][ T8167] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 151.502374][ T8167] CPU: 1 PID: 8167 Comm: syz.0.762 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 151.512389][ T8167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 151.522458][ T8167] Call Trace: [ 151.525753][ T8167] [ 151.528679][ T8167] dump_stack_lvl+0x241/0x360 [ 151.533352][ T8167] ? __pfx_dump_stack_lvl+0x10/0x10 [ 151.538555][ T8167] ? __pfx__printk+0x10/0x10 [ 151.543150][ T8167] ? __pfx_lock_release+0x10/0x10 [ 151.548171][ T8167] ? __lock_acquire+0x1346/0x1fd0 [ 151.553220][ T8167] should_fail_ex+0x3b0/0x4e0 [ 151.557986][ T8167] _copy_from_user+0x2f/0xe0 [ 151.562570][ T8167] kstrtouint_from_user+0xc6/0x190 [ 151.567678][ T8167] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 151.573397][ T8167] ? __pfx_lock_acquire+0x10/0x10 [ 151.578422][ T8167] proc_fail_nth_write+0xaa/0x2d0 [ 151.583437][ T8167] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 151.589324][ T8167] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 151.594953][ T8167] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 151.600579][ T8167] vfs_write+0x2a2/0xc90 [ 151.604823][ T8167] ? __pfx_vfs_write+0x10/0x10 [ 151.609585][ T8167] ? __fget_files+0x29/0x470 [ 151.614170][ T8167] ? __fget_files+0x3f6/0x470 [ 151.618854][ T8167] ksys_write+0x1a0/0x2c0 [ 151.623183][ T8167] ? __pfx_ksys_write+0x10/0x10 [ 151.628026][ T8167] ? do_syscall_64+0x100/0x230 [ 151.632788][ T8167] ? do_syscall_64+0xb6/0x230 [ 151.637461][ T8167] do_syscall_64+0xf3/0x230 [ 151.641966][ T8167] ? clear_bhb_loop+0x35/0x90 [ 151.646657][ T8167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.652552][ T8167] RIP: 0033:0x7f1d1217471f [ 151.656962][ T8167] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 151.676560][ T8167] RSP: 002b:00007f1d12e8d040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 151.684969][ T8167] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1d1217471f [ 151.692932][ T8167] RDX: 0000000000000001 RSI: 00007f1d12e8d0b0 RDI: 0000000000000004 [ 151.700892][ T8167] RBP: 00007f1d12e8d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 151.708857][ T8167] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 151.716816][ T8167] R13: 000000000000000b R14: 00007f1d12303f60 R15: 00007ffcd091a6f8 [ 151.724794][ T8167] [ 151.808940][ T8176] Cannot find set identified by id 0 to match [ 152.078813][ T8023] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 152.091712][ T8023] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 152.109148][ T8023] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 152.135787][ T8023] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 152.185543][ T8197] netlink: 4 bytes leftover after parsing attributes in process `syz.0.772'. [ 152.303191][ T8199] netlink: 4 bytes leftover after parsing attributes in process `syz.2.773'. [ 152.305180][ T8201] netlink: 'syz.3.774': attribute type 1 has an invalid length. [ 152.343521][ T8201] netlink: 4 bytes leftover after parsing attributes in process `syz.3.774'. [ 152.455135][ T8023] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.534472][ T8023] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.552288][ T5139] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.559530][ T5139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.593499][ T8211] FAULT_INJECTION: forcing a failure. [ 152.593499][ T8211] name failslab, interval 1, probability 0, space 0, times 0 [ 152.604006][ T8207] netlink: 'syz.3.776': attribute type 2 has an invalid length. [ 152.615934][ T5101] Bluetooth: hci0: command 0x0c1a tx timeout [ 152.615985][ T8211] CPU: 0 PID: 8211 Comm: syz.2.778 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 152.622882][ T5090] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 152.631865][ T8211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 152.631879][ T8211] Call Trace: [ 152.631887][ T8211] [ 152.631897][ T8211] dump_stack_lvl+0x241/0x360 [ 152.631931][ T8211] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.664080][ T8211] ? __pfx__printk+0x10/0x10 [ 152.668688][ T8211] ? __pfx___might_resched+0x10/0x10 [ 152.673970][ T8211] ? trace_contention_end+0x3c/0x120 [ 152.679255][ T8211] ? __mutex_lock+0x2ef/0xd70 [ 152.683966][ T8211] should_fail_ex+0x3b0/0x4e0 [ 152.688645][ T8211] ? genl_start+0x1cb/0x6d0 [ 152.693139][ T8211] should_failslab+0x9/0x20 [ 152.697638][ T8211] kmalloc_trace_noprof+0x6c/0x2c0 [ 152.702765][ T8211] genl_start+0x1cb/0x6d0 [ 152.707102][ T8211] __netlink_dump_start+0x45c/0x780 [ 152.712319][ T8211] genl_rcv_msg+0x88c/0xec0 [ 152.716815][ T8211] ? mark_lock+0x9a/0x350 [ 152.721146][ T8211] ? __pfx_genl_rcv_msg+0x10/0x10 [ 152.726167][ T8211] ? __pfx_genl_start+0x10/0x10 [ 152.731046][ T8211] ? __pfx_genl_dumpit+0x10/0x10 [ 152.735978][ T8211] ? __pfx_genl_done+0x10/0x10 [ 152.740745][ T8211] ? __pfx_lock_acquire+0x10/0x10 [ 152.745763][ T8211] ? __pfx_nl80211_dump_wiphy+0x10/0x10 [ 152.751302][ T8211] ? __pfx_nl80211_dump_wiphy_done+0x10/0x10 [ 152.757284][ T8211] ? __pfx___might_resched+0x10/0x10 [ 152.762579][ T8211] netlink_rcv_skb+0x1e3/0x430 [ 152.767341][ T8211] ? __pfx_genl_rcv_msg+0x10/0x10 [ 152.772362][ T8211] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 152.777654][ T8211] ? __netlink_deliver_tap+0x77e/0x7c0 [ 152.783121][ T8211] genl_rcv+0x28/0x40 [ 152.787098][ T8211] netlink_unicast+0x7ea/0x980 [ 152.791864][ T8211] ? __pfx_netlink_unicast+0x10/0x10 [ 152.797142][ T8211] ? __virt_addr_valid+0x183/0x520 [ 152.802250][ T8211] ? __check_object_size+0x49c/0x900 [ 152.807533][ T8211] ? bpf_lsm_netlink_send+0x9/0x10 [ 152.812645][ T8211] netlink_sendmsg+0x8db/0xcb0 [ 152.817415][ T8211] ? __pfx_netlink_sendmsg+0x10/0x10 [ 152.822696][ T8211] ? __import_iovec+0x536/0x820 [ 152.827538][ T8211] ? aa_sock_msg_perm+0x91/0x160 [ 152.832473][ T8211] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 152.837747][ T8211] ? security_socket_sendmsg+0x87/0xb0 [ 152.843199][ T8211] ? __pfx_netlink_sendmsg+0x10/0x10 [ 152.848492][ T8211] __sock_sendmsg+0x221/0x270 [ 152.853189][ T8211] ____sys_sendmsg+0x525/0x7d0 [ 152.857965][ T8211] ? __pfx_____sys_sendmsg+0x10/0x10 [ 152.863290][ T8211] __sys_sendmsg+0x2b0/0x3a0 [ 152.867897][ T8211] ? __pfx___sys_sendmsg+0x10/0x10 [ 152.873016][ T8211] ? vfs_write+0x7c4/0xc90 [ 152.877466][ T8211] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 152.883793][ T8211] ? do_syscall_64+0x100/0x230 [ 152.888558][ T8211] ? do_syscall_64+0xb6/0x230 [ 152.893233][ T8211] do_syscall_64+0xf3/0x230 [ 152.897737][ T8211] ? clear_bhb_loop+0x35/0x90 [ 152.902411][ T8211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.908303][ T8211] RIP: 0033:0x7f3e02f75b99 [ 152.912713][ T8211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.932313][ T8211] RSP: 002b:00007f3e03ce4048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 152.940720][ T8211] RAX: ffffffffffffffda RBX: 00007f3e03103f60 RCX: 00007f3e02f75b99 [ 152.948684][ T8211] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 152.956646][ T8211] RBP: 00007f3e03ce40a0 R08: 0000000000000000 R09: 0000000000000000 [ 152.964611][ T8211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 152.972600][ T8211] R13: 000000000000000b R14: 00007f3e03103f60 R15: 00007ffd90801968 [ 152.980681][ T8211] [ 153.018869][ T8212] netlink: 'syz.3.776': attribute type 2 has an invalid length. [ 153.049416][ T5139] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.056587][ T5139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.157413][ T5090] Bluetooth: hci1: command tx timeout [ 153.231846][ T8220] vlan2: entered promiscuous mode [ 153.241082][ T8220] batman_adv: batadv0: Adding interface: vlan2 [ 153.249077][ T8220] batman_adv: batadv0: Not using interface vlan2 (retrying later): interface not active [ 153.283203][ T8023] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 153.381046][ T8218] netlink: 'syz.2.781': attribute type 29 has an invalid length. [ 153.393244][ T8231] netlink: 12 bytes leftover after parsing attributes in process `syz.3.785'. [ 153.426116][ T8218] netlink: 'syz.2.781': attribute type 29 has an invalid length. [ 153.456021][ T8222] netlink: 'syz.2.781': attribute type 29 has an invalid length. [ 153.531280][ T8231] team0: Port device bridge2 added [ 153.538722][ T8218] netlink: 'syz.2.781': attribute type 29 has an invalid length. [ 153.571511][ T8239] netlink: 16 bytes leftover after parsing attributes in process `syz.0.784'. [ 153.596442][ T8243] netlink: 8 bytes leftover after parsing attributes in process `syz.3.785'. [ 153.608085][ T8227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 153.620844][ T8218] netlink: 256 bytes leftover after parsing attributes in process `syz.2.781'. [ 153.632061][ T8218] xt_l2tp: missing protocol rule (udp|l2tpip) [ 153.648401][ T8222] netlink: 'syz.2.781': attribute type 29 has an invalid length. [ 153.677565][ T8227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 153.853006][ T8023] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 154.030028][ T8265] netlink: 12 bytes leftover after parsing attributes in process `syz.1.793'. [ 154.211448][ T8273] netlink: 12 bytes leftover after parsing attributes in process `syz.2.795'. [ 154.246175][ T8275] netlink: 12 bytes leftover after parsing attributes in process `syz.1.796'. [ 154.303515][ T8275] IPVS: Error joining to the multicast group [ 154.316803][ T8282] FAULT_INJECTION: forcing a failure. [ 154.316803][ T8282] name failslab, interval 1, probability 0, space 0, times 0 [ 154.366301][ T8282] CPU: 0 PID: 8282 Comm: syz.3.798 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 154.376346][ T8282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 154.386517][ T8282] Call Trace: [ 154.389819][ T8282] [ 154.392764][ T8282] dump_stack_lvl+0x241/0x360 [ 154.397477][ T8282] ? __pfx_dump_stack_lvl+0x10/0x10 [ 154.402708][ T8282] ? __pfx__printk+0x10/0x10 [ 154.407336][ T8282] ? __pfx___might_resched+0x10/0x10 [ 154.412663][ T8282] should_fail_ex+0x3b0/0x4e0 [ 154.417385][ T8282] ? nft_trans_table_add+0x53/0x270 [ 154.422628][ T8282] should_failslab+0x9/0x20 [ 154.427167][ T8282] kmalloc_trace_noprof+0x6c/0x2c0 [ 154.432311][ T8282] ? rhashtable_init_noprof+0x748/0xa60 [ 154.437896][ T8282] nft_trans_table_add+0x53/0x270 [ 154.442954][ T8282] nf_tables_newtable+0x10f6/0x1dc0 [ 154.448198][ T8282] ? __pfx_nf_tables_newtable+0x10/0x10 [ 154.453784][ T8282] ? __nla_parse+0x40/0x60 [ 154.458224][ T8282] nfnetlink_rcv+0x1427/0x2a80 [ 154.463012][ T8282] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 154.469400][ T8282] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 154.474555][ T8282] ? __dev_queue_xmit+0x2d2/0x3d30 [ 154.479740][ T8282] ? netlink_deliver_tap+0x2e/0x1b0 [ 154.484972][ T8282] ? skb_clone+0x240/0x390 [ 154.489422][ T8282] ? __pfx_lock_release+0x10/0x10 [ 154.494487][ T8282] ? netlink_deliver_tap+0x2e/0x1b0 [ 154.499722][ T8282] netlink_unicast+0x7ea/0x980 [ 154.504527][ T8282] ? __pfx_netlink_unicast+0x10/0x10 [ 154.509846][ T8282] ? __virt_addr_valid+0x183/0x520 [ 154.514995][ T8282] ? __check_object_size+0x49c/0x900 [ 154.520309][ T8282] ? bpf_lsm_netlink_send+0x9/0x10 [ 154.525470][ T8282] netlink_sendmsg+0x8db/0xcb0 [ 154.530279][ T8282] ? __pfx_netlink_sendmsg+0x10/0x10 [ 154.535615][ T8282] ? __mutex_trylock_common+0x183/0x2e0 [ 154.541199][ T8282] ? aa_sock_msg_perm+0x91/0x160 [ 154.546168][ T8282] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 154.551473][ T8282] ? security_socket_sendmsg+0x87/0xb0 [ 154.556964][ T8282] ? __pfx_netlink_sendmsg+0x10/0x10 [ 154.560139][ T8023] veth0_vlan: entered promiscuous mode [ 154.562253][ T8282] __sock_sendmsg+0x221/0x270 [ 154.572495][ T8282] sock_sendmsg+0x134/0x200 [ 154.577035][ T8282] ? __pfx_sock_sendmsg+0x10/0x10 [ 154.582103][ T8282] ? iov_iter_bvec+0x4e/0x180 [ 154.586152][ T8023] veth1_vlan: entered promiscuous mode [ 154.586783][ T8282] splice_to_socket+0xa13/0x10b0 [ 154.597166][ T8282] ? __pfx_lock_release+0x10/0x10 [ 154.602240][ T8282] ? __pfx_splice_to_socket+0x10/0x10 [ 154.607757][ T8282] ? __lock_acquire+0x1346/0x1fd0 [ 154.612839][ T8282] ? bpf_lsm_file_permission+0x9/0x10 [ 154.618245][ T8282] ? security_file_permission+0x7f/0xa0 [ 154.623827][ T8282] ? rw_verify_area+0x1d2/0x6b0 [ 154.628723][ T8282] ? __pfx_splice_to_socket+0x10/0x10 [ 154.634128][ T8282] do_splice+0xd77/0x1900 [ 154.638538][ T8282] ? __pfx_lock_release+0x10/0x10 [ 154.643606][ T8282] ? vfs_write+0x7c4/0xc90 [ 154.648066][ T8282] ? __mutex_unlock_slowpath+0x21d/0x750 [ 154.653743][ T8282] ? pipe_clear_nowait+0x196/0x220 [ 154.658897][ T8282] ? __pfx_do_splice+0x10/0x10 [ 154.663710][ T8282] __se_sys_splice+0x331/0x4a0 [ 154.666731][ T8023] veth0_macvtap: entered promiscuous mode [ 154.668490][ T8282] ? __pfx___se_sys_splice+0x10/0x10 [ 154.668520][ T8282] ? do_syscall_64+0x100/0x230 [ 154.668549][ T8282] ? __x64_sys_splice+0x21/0xf0 [ 154.668572][ T8282] do_syscall_64+0xf3/0x230 [ 154.689662][ T8023] veth1_macvtap: entered promiscuous mode [ 154.693635][ T8282] ? clear_bhb_loop+0x35/0x90 [ 154.693664][ T8282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.710236][ T8282] RIP: 0033:0x7fd266f75b99 [ 154.714674][ T8282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.734922][ T8282] RSP: 002b:00007fd267dc7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 154.737195][ T8023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.743343][ T8282] RAX: ffffffffffffffda RBX: 00007fd267104038 RCX: 00007fd266f75b99 [ 154.743363][ T8282] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 154.743376][ T8282] RBP: 00007fd267dc70a0 R08: 0000000000007fff R09: 0000000000000000 [ 154.743388][ T8282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 154.743400][ T8282] R13: 000000000000006e R14: 00007fd267104038 R15: 00007ffd8238a308 [ 154.770918][ T8023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.777778][ T8282] [ 154.850449][ T8023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.864579][ T8023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.875470][ T8023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.886498][ T8023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.922433][ T8023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.946629][ T8023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.966964][ T8023] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 154.986551][ T8298] FAULT_INJECTION: forcing a failure. [ 154.986551][ T8298] name failslab, interval 1, probability 0, space 0, times 0 [ 155.008382][ T8298] CPU: 1 PID: 8298 Comm: syz.1.802 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 155.018416][ T8298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 155.028499][ T8298] Call Trace: [ 155.031808][ T8298] [ 155.034765][ T8298] dump_stack_lvl+0x241/0x360 [ 155.039484][ T8298] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.044719][ T8298] ? __pfx__printk+0x10/0x10 [ 155.049345][ T8298] ? __pfx___might_resched+0x10/0x10 [ 155.054663][ T8298] should_fail_ex+0x3b0/0x4e0 [ 155.059372][ T8298] ? ieee80211_start_roc_work+0x196/0xfe0 [ 155.065122][ T8298] should_failslab+0x9/0x20 [ 155.069652][ T8298] kmalloc_trace_noprof+0x6c/0x2c0 [ 155.074808][ T8298] ieee80211_start_roc_work+0x196/0xfe0 [ 155.080405][ T8298] ieee80211_remain_on_channel+0xda/0x120 [ 155.086164][ T8298] rdev_remain_on_channel+0x12f/0x300 [ 155.091573][ T8298] nl80211_remain_on_channel+0x48b/0x6f0 [ 155.097228][ T8298] ? __pfx_netdev_run_todo+0x10/0x10 [ 155.102546][ T8298] ? __pfx_nl80211_remain_on_channel+0x10/0x10 [ 155.108759][ T8298] genl_rcv_msg+0xb14/0xec0 [ 155.113286][ T8298] ? mark_lock+0x9a/0x350 [ 155.117651][ T8298] ? __pfx_genl_rcv_msg+0x10/0x10 [ 155.122775][ T8298] ? __pfx_lock_acquire+0x10/0x10 [ 155.127825][ T8298] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 155.133237][ T8298] ? __pfx_nl80211_remain_on_channel+0x10/0x10 [ 155.139417][ T8298] ? __pfx_nl80211_post_doit+0x10/0x10 [ 155.144912][ T8298] ? __pfx___might_resched+0x10/0x10 [ 155.150239][ T8298] netlink_rcv_skb+0x1e3/0x430 [ 155.155037][ T8298] ? __pfx_genl_rcv_msg+0x10/0x10 [ 155.160087][ T8298] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 155.165424][ T8298] ? __netlink_deliver_tap+0x77e/0x7c0 [ 155.170926][ T8298] genl_rcv+0x28/0x40 [ 155.174928][ T8298] netlink_unicast+0x7ea/0x980 [ 155.179727][ T8298] ? __pfx_netlink_unicast+0x10/0x10 [ 155.185036][ T8298] ? __virt_addr_valid+0x183/0x520 [ 155.190184][ T8298] ? __check_object_size+0x49c/0x900 [ 155.195507][ T8298] ? bpf_lsm_netlink_send+0x9/0x10 [ 155.200661][ T8298] netlink_sendmsg+0x8db/0xcb0 [ 155.205478][ T8298] ? __pfx_netlink_sendmsg+0x10/0x10 [ 155.210807][ T8298] ? __import_iovec+0x536/0x820 [ 155.215760][ T8298] ? aa_sock_msg_perm+0x91/0x160 [ 155.220734][ T8298] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 155.226042][ T8298] ? security_socket_sendmsg+0x87/0xb0 [ 155.229509][ T8023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.231511][ T8298] ? __pfx_netlink_sendmsg+0x10/0x10 [ 155.244143][ T8023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.247180][ T8298] __sock_sendmsg+0x221/0x270 [ 155.247221][ T8298] ____sys_sendmsg+0x525/0x7d0 [ 155.247252][ T8298] ? __pfx_____sys_sendmsg+0x10/0x10 [ 155.247289][ T8298] __sys_sendmsg+0x2b0/0x3a0 [ 155.276417][ T8298] ? __pfx___sys_sendmsg+0x10/0x10 [ 155.278738][ T8023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.281551][ T8298] ? vfs_write+0x7c4/0xc90 [ 155.295931][ T8023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.296369][ T8298] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 155.313070][ T8298] ? do_syscall_64+0x100/0x230 [ 155.314473][ T8023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.317855][ T8298] ? do_syscall_64+0xb6/0x230 [ 155.317886][ T8298] do_syscall_64+0xf3/0x230 [ 155.317911][ T8298] ? clear_bhb_loop+0x35/0x90 [ 155.317931][ T8298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.317956][ T8298] RIP: 0033:0x7f6d9a575b99 [ 155.317973][ T8298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.317988][ T8298] RSP: 002b:00007f6d9b378048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 155.318009][ T8298] RAX: ffffffffffffffda RBX: 00007f6d9a703f60 RCX: 00007f6d9a575b99 [ 155.318022][ T8298] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000007 [ 155.318034][ T8298] RBP: 00007f6d9b3780a0 R08: 0000000000000000 R09: 0000000000000000 [ 155.318047][ T8298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 155.318059][ T8298] R13: 000000000000000b R14: 00007f6d9a703f60 R15: 00007ffe88bf3288 [ 155.318091][ T8298] [ 155.337592][ T5090] Bluetooth: hci1: command tx timeout [ 155.436111][ T8023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.446067][ T8023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.457060][ T8023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.468867][ T8023] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 155.529103][ T8304] netlink: 4 bytes leftover after parsing attributes in process `syz.3.804'. [ 155.574307][ T8304] netlink: 14 bytes leftover after parsing attributes in process `syz.3.804'. [ 155.615838][ T8306] netlink: 4 bytes leftover after parsing attributes in process `syz.3.804'. [ 155.656097][ T8023] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.676378][ T8023] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.686699][ T8023] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.718351][ T8023] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.772875][ T8313] netlink: 'syz.0.807': attribute type 10 has an invalid length. [ 155.813450][ T8313] geneve0: entered promiscuous mode [ 155.860494][ T8313] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 156.011385][ T8327] sctp: [Deprecated]: syz.3.811 (pid 8327) Use of struct sctp_assoc_value in delayed_ack socket option. [ 156.011385][ T8327] Use struct sctp_sack_info instead [ 156.032815][ T8319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.112365][ T8325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.236587][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.269336][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.326665][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.363684][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.873941][ T8356] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.952109][ T8362] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.980952][ T8368] netlink: 'syz.0.821': attribute type 13 has an invalid length. [ 156.991106][ T8368] veth0_macvtap: left promiscuous mode [ 156.996788][ T8368] macvtap0: entered allmulticast mode [ 157.023969][ T8368] macvtap0: refused to change device tx_queue_len [ 157.088184][ T8376] atomic_op ffff8880531bd998 conn xmit_atomic 0000000000000000 [ 157.544009][ T8380] FAULT_INJECTION: forcing a failure. [ 157.544009][ T8380] name failslab, interval 1, probability 0, space 0, times 0 [ 157.557233][ T8380] CPU: 1 PID: 8380 Comm: syz.2.826 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 157.567259][ T8380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 157.577333][ T8380] Call Trace: [ 157.580614][ T8380] [ 157.583537][ T8380] dump_stack_lvl+0x241/0x360 [ 157.588658][ T8380] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.593853][ T8380] ? __pfx__printk+0x10/0x10 [ 157.598448][ T8380] should_fail_ex+0x3b0/0x4e0 [ 157.603125][ T8380] ? __alloc_skb+0x1c3/0x440 [ 157.607713][ T8380] should_failslab+0x9/0x20 [ 157.612211][ T8380] kmem_cache_alloc_node_noprof+0x71/0x320 [ 157.618018][ T8380] ? __kasan_kmalloc+0x98/0xb0 [ 157.622776][ T8380] __alloc_skb+0x1c3/0x440 [ 157.627181][ T8380] ? nfnetlink_rcv+0x297/0x2a80 [ 157.632025][ T8380] ? netlink_unicast+0x7ea/0x980 [ 157.636954][ T8380] ? netlink_sendmsg+0x8db/0xcb0 [ 157.641892][ T8380] ? __sock_sendmsg+0x221/0x270 [ 157.646747][ T8380] ? __pfx___alloc_skb+0x10/0x10 [ 157.651702][ T8380] netlink_dump+0x233/0xe50 [ 157.656211][ T8380] ? __pfx_netlink_dump+0x10/0x10 [ 157.661251][ T8380] ? trace_kmalloc+0x1f/0xd0 [ 157.665852][ T8380] ? kmalloc_node_track_caller_noprof+0x242/0x440 [ 157.672278][ T8380] ? kmemdup_noprof+0x45/0x60 [ 157.676970][ T8380] ? __asan_memcpy+0x40/0x70 [ 157.681574][ T8380] ? kmemdup_noprof+0x45/0x60 [ 157.686256][ T8380] __netlink_dump_start+0x59d/0x780 [ 157.691456][ T8380] ? nft_netlink_dump_start_rcu+0xcd/0x200 [ 157.697259][ T8380] nft_netlink_dump_start_rcu+0x139/0x200 [ 157.702975][ T8380] nf_tables_getset+0x73f/0xd10 [ 157.707817][ T8380] ? __pfx___nla_validate_parse+0x10/0x10 [ 157.713539][ T8380] ? __pfx_nf_tables_getset+0x10/0x10 [ 157.718908][ T8380] ? __pfx_nf_tables_dump_sets_start+0x10/0x10 [ 157.725093][ T8380] ? __pfx_nf_tables_dump_sets+0x10/0x10 [ 157.730726][ T8380] ? __pfx_nf_tables_dump_sets_done+0x10/0x10 [ 157.736794][ T8380] ? __nla_parse+0x40/0x60 [ 157.741201][ T8380] ? nfnetlink_rcv_msg+0x225/0x1180 [ 157.746391][ T8380] ? __pfx_nf_tables_getset+0x10/0x10 [ 157.751754][ T8380] nfnetlink_rcv_msg+0x8a2/0x1180 [ 157.756773][ T8380] ? nfnetlink_rcv_msg+0x225/0x1180 [ 157.761983][ T8380] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 157.767432][ T8380] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 157.773420][ T8380] ? __schedule+0x17f0/0x4a20 [ 157.778094][ T8380] ? __netlink_deliver_tap+0x54d/0x7c0 [ 157.783556][ T8380] ? netlink_sendmsg+0x8db/0xcb0 [ 157.788489][ T8380] ? ____sys_sendmsg+0x525/0x7d0 [ 157.793437][ T8380] netlink_rcv_skb+0x1e3/0x430 [ 157.798199][ T8380] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 157.803652][ T8380] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 157.808940][ T8380] ? apparmor_capable+0x138/0x1b0 [ 157.813957][ T8380] ? bpf_lsm_capable+0x9/0x10 [ 157.818625][ T8380] ? security_capable+0x90/0xb0 [ 157.823477][ T8380] nfnetlink_rcv+0x297/0x2a80 [ 157.828341][ T8380] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 157.834320][ T8380] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 157.840645][ T8380] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 157.846530][ T8380] ? lockdep_hardirqs_on+0x99/0x150 [ 157.851722][ T8380] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 157.856826][ T8380] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 157.862708][ T8380] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 157.869034][ T8380] ? rcu_preempt_deferred_qs_irqrestore+0x87b/0xc70 [ 157.875632][ T8380] ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10 [ 157.882574][ T8380] ? rcu_is_watching+0x15/0xb0 [ 157.887338][ T8380] ? rcu_read_unlock_special+0x470/0x550 [ 157.892967][ T8380] ? skb_clone+0x240/0x390 [ 157.897463][ T8380] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 157.903458][ T8380] ? __netlink_deliver_tap+0x77e/0x7c0 [ 157.908920][ T8380] ? __rcu_read_unlock+0xa1/0x110 [ 157.913946][ T8380] netlink_unicast+0x7ea/0x980 [ 157.918710][ T8380] ? __pfx_netlink_unicast+0x10/0x10 [ 157.923986][ T8380] ? __virt_addr_valid+0x183/0x520 [ 157.929096][ T8380] ? __check_object_size+0x49c/0x900 [ 157.934391][ T8380] ? bpf_lsm_netlink_send+0x9/0x10 [ 157.939516][ T8380] netlink_sendmsg+0x8db/0xcb0 [ 157.944337][ T8380] ? __pfx_netlink_sendmsg+0x10/0x10 [ 157.949618][ T8380] ? __import_iovec+0x536/0x820 [ 157.954457][ T8380] ? aa_sock_msg_perm+0x91/0x160 [ 157.959399][ T8380] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 157.964762][ T8380] ? security_socket_sendmsg+0x87/0xb0 [ 157.970219][ T8380] ? __pfx_netlink_sendmsg+0x10/0x10 [ 157.975524][ T8380] __sock_sendmsg+0x221/0x270 [ 157.980243][ T8380] ____sys_sendmsg+0x525/0x7d0 [ 157.985084][ T8380] ? __pfx_____sys_sendmsg+0x10/0x10 [ 157.990392][ T8380] __sys_sendmsg+0x2b0/0x3a0 [ 157.994988][ T8380] ? __pfx___sys_sendmsg+0x10/0x10 [ 158.000107][ T8380] ? vfs_write+0x7c4/0xc90 [ 158.004556][ T8380] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 158.010879][ T8380] ? do_syscall_64+0x100/0x230 [ 158.015647][ T8380] ? do_syscall_64+0xb6/0x230 [ 158.020408][ T8380] do_syscall_64+0xf3/0x230 [ 158.024928][ T8380] ? clear_bhb_loop+0x35/0x90 [ 158.029597][ T8380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.035488][ T8380] RIP: 0033:0x7f3e02f75b99 [ 158.039900][ T8380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.059502][ T8380] RSP: 002b:00007f3e03ce4048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 158.067909][ T8380] RAX: ffffffffffffffda RBX: 00007f3e03103f60 RCX: 00007f3e02f75b99 [ 158.075872][ T8380] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000006 [ 158.083855][ T8380] RBP: 00007f3e03ce40a0 R08: 0000000000000000 R09: 0000000000000000 [ 158.091831][ T8380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.099795][ T8380] R13: 000000000000000b R14: 00007f3e03103f60 R15: 00007ffd90801968 [ 158.107773][ T8380] [ 158.435208][ T8388] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.476537][ T8400] sctp: [Deprecated]: syz.3.831 (pid 8400) Use of struct sctp_assoc_value in delayed_ack socket option. [ 158.476537][ T8400] Use struct sctp_sack_info instead [ 158.530198][ T8388] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.704261][ T8403] sctp: [Deprecated]: syz.0.833 (pid 8403) Use of struct sctp_assoc_value in delayed_ack socket option. [ 158.704261][ T8403] Use struct sctp_sack_info instead [ 159.010454][ T8415] __nla_validate_parse: 5 callbacks suppressed [ 159.010476][ T8415] netlink: 16 bytes leftover after parsing attributes in process `syz.2.836'. [ 159.067783][ T8412] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 159.147310][ T8410] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 159.271470][ T8419] FAULT_INJECTION: forcing a failure. [ 159.271470][ T8419] name failslab, interval 1, probability 0, space 0, times 0 [ 159.284509][ T8419] CPU: 1 PID: 8419 Comm: syz.1.838 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 159.294557][ T8419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 159.304674][ T8419] Call Trace: [ 159.307980][ T8419] [ 159.310923][ T8419] dump_stack_lvl+0x241/0x360 [ 159.315636][ T8419] ? __pfx_dump_stack_lvl+0x10/0x10 [ 159.320867][ T8419] ? __pfx__printk+0x10/0x10 [ 159.325489][ T8419] ? tipc_conn_lookup+0x7f/0x380 [ 159.330465][ T8419] should_fail_ex+0x3b0/0x4e0 [ 159.335183][ T8419] ? tipc_topsrv_queue_evt+0xf1/0x300 [ 159.340587][ T8419] should_failslab+0x9/0x20 [ 159.345128][ T8419] kmalloc_trace_noprof+0x6c/0x2c0 [ 159.350266][ T8419] ? tipc_net+0x45/0x270 [ 159.354541][ T8419] tipc_topsrv_queue_evt+0xf1/0x300 [ 159.359777][ T8419] tipc_sub_report_overlap+0x4c9/0x840 [ 159.365279][ T8419] tipc_nametbl_insert_publ+0xfcc/0x1510 [ 159.370978][ T8419] tipc_nametbl_publish+0xc7/0x1e0 [ 159.376132][ T8419] tipc_sk_publish+0x205/0x480 [ 159.380931][ T8419] ? tipc_group_create_member+0x3fe/0x580 [ 159.386693][ T8419] ? __pfx_tipc_sk_publish+0x10/0x10 [ 159.392017][ T8419] ? tipc_nametbl_build_group+0x482/0x4c0 [ 159.397767][ T8419] ? tipc_nametbl_build_group+0x2e/0x4c0 [ 159.403429][ T8419] tipc_sk_join+0x42b/0x8a0 [ 159.407952][ T8419] ? __local_bh_enable_ip+0x168/0x200 [ 159.413318][ T8419] ? lockdep_hardirqs_on+0x99/0x150 [ 159.418700][ T8419] ? __pfx_tipc_sk_join+0x10/0x10 [ 159.423726][ T8419] tipc_setsockopt+0x831/0xc00 [ 159.428501][ T8419] ? __pfx_tipc_setsockopt+0x10/0x10 [ 159.430268][ T8421] sctp: [Deprecated]: syz.3.839 (pid 8421) Use of struct sctp_assoc_value in delayed_ack socket option. [ 159.430268][ T8421] Use struct sctp_sack_info instead [ 159.433788][ T8419] ? __pfx_lock_acquire+0x10/0x10 [ 159.455000][ T8419] ? aa_sock_opt_perm+0x79/0x120 [ 159.459976][ T8419] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 159.465550][ T8419] ? security_socket_setsockopt+0x87/0xb0 [ 159.471304][ T8419] ? __pfx_tipc_setsockopt+0x10/0x10 [ 159.476618][ T8419] do_sock_setsockopt+0x3af/0x720 [ 159.481685][ T8419] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 159.487254][ T8419] ? __fget_files+0x29/0x470 [ 159.491885][ T8419] ? __fget_files+0x3f6/0x470 [ 159.496580][ T8419] __sys_setsockopt+0x1ae/0x250 [ 159.501452][ T8419] __x64_sys_setsockopt+0xb5/0xd0 [ 159.506591][ T8419] do_syscall_64+0xf3/0x230 [ 159.511123][ T8419] ? clear_bhb_loop+0x35/0x90 [ 159.515834][ T8419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.521827][ T8419] RIP: 0033:0x7f6d9a575b99 [ 159.526340][ T8419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.546040][ T8419] RSP: 002b:00007f6d9b378048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 159.554474][ T8419] RAX: ffffffffffffffda RBX: 00007f6d9a703f60 RCX: 00007f6d9a575b99 [ 159.562452][ T8419] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000006 [ 159.570418][ T8419] RBP: 00007f6d9b3780a0 R08: 00000000000004bd R09: 0000000000000000 [ 159.578388][ T8419] R10: 0000000020000180 R11: 0000000000000246 R12: 0000000000000001 [ 159.586354][ T8419] R13: 000000000000000b R14: 00007f6d9a703f60 R15: 00007ffe88bf3288 [ 159.594327][ T8419] [ 159.626838][ T2817] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.083688][ T8428] FAULT_INJECTION: forcing a failure. [ 160.083688][ T8428] name failslab, interval 1, probability 0, space 0, times 0 [ 160.100514][ T8428] CPU: 0 PID: 8428 Comm: syz.1.841 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 160.110545][ T8428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 160.120620][ T8428] Call Trace: [ 160.123897][ T8428] [ 160.126822][ T8428] dump_stack_lvl+0x241/0x360 [ 160.131506][ T8428] ? __pfx_dump_stack_lvl+0x10/0x10 [ 160.136790][ T8428] ? __pfx__printk+0x10/0x10 [ 160.141379][ T8428] ? __pfx___might_resched+0x10/0x10 [ 160.146659][ T8428] ? __asan_memset+0x23/0x50 [ 160.151245][ T8428] ? lockdep_init_map_type+0xa1/0x910 [ 160.157058][ T8428] should_fail_ex+0x3b0/0x4e0 [ 160.161737][ T8428] should_failslab+0x9/0x20 [ 160.166259][ T8428] __kmalloc_node_noprof+0xdf/0x440 [ 160.171469][ T8428] ? kvmalloc_node_noprof+0x72/0x190 [ 160.176766][ T8428] kvmalloc_node_noprof+0x72/0x190 [ 160.181881][ T8428] alloc_netdev_mqs+0xa21/0xf80 [ 160.186738][ T8428] rtnl_create_link+0x2f9/0xc20 [ 160.191592][ T8428] rtnl_newlink+0x1421/0x20a0 [ 160.196286][ T8428] ? __kernel_text_address+0xd/0x40 [ 160.201495][ T8428] ? rtnl_newlink+0xaf1/0x20a0 [ 160.206278][ T8428] ? __pfx_rtnl_newlink+0x10/0x10 [ 160.211310][ T8428] ? __pfx___mutex_trylock_common+0x10/0x10 [ 160.217207][ T8428] ? rcu_is_watching+0x15/0xb0 [ 160.221966][ T8428] ? trace_contention_end+0x3c/0x120 [ 160.227294][ T8428] ? __mutex_lock+0x2ef/0xd70 [ 160.231976][ T8428] ? __pfx_lock_release+0x10/0x10 [ 160.237019][ T8428] ? __pfx_rtnl_newlink+0x10/0x10 [ 160.242045][ T8428] rtnetlink_rcv_msg+0x89b/0x1180 [ 160.247101][ T8428] ? rtnetlink_rcv_msg+0x208/0x1180 [ 160.252313][ T8428] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 160.257774][ T8428] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 160.263767][ T8428] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 160.270112][ T8428] ? __local_bh_enable_ip+0x168/0x200 [ 160.275525][ T8428] ? lockdep_hardirqs_on+0x99/0x150 [ 160.280751][ T8428] ? __local_bh_enable_ip+0x168/0x200 [ 160.286131][ T8428] ? dev_hard_start_xmit+0x773/0x7e0 [ 160.291423][ T8428] ? __dev_queue_xmit+0x2d2/0x3d30 [ 160.296537][ T8428] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 160.302259][ T8428] ? __dev_queue_xmit+0x2d2/0x3d30 [ 160.307387][ T8428] ? __dev_queue_xmit+0x16c9/0x3d30 [ 160.312794][ T8428] ? __dev_queue_xmit+0x2d2/0x3d30 [ 160.317929][ T8428] ? ref_tracker_free+0x643/0x7e0 [ 160.322967][ T8428] netlink_rcv_skb+0x1e3/0x430 [ 160.327736][ T8428] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 160.333200][ T8428] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 160.338498][ T8428] ? netlink_deliver_tap+0x2e/0x1b0 [ 160.343804][ T8428] netlink_unicast+0x7ea/0x980 [ 160.349095][ T8428] ? __pfx_netlink_unicast+0x10/0x10 [ 160.354374][ T8428] ? __virt_addr_valid+0x183/0x520 [ 160.359504][ T8428] ? __check_object_size+0x49c/0x900 [ 160.364812][ T8428] ? bpf_lsm_netlink_send+0x9/0x10 [ 160.369932][ T8428] netlink_sendmsg+0x8db/0xcb0 [ 160.374708][ T8428] ? __pfx_netlink_sendmsg+0x10/0x10 [ 160.379990][ T8428] ? __import_iovec+0x536/0x820 [ 160.384832][ T8428] ? aa_sock_msg_perm+0x91/0x160 [ 160.389881][ T8428] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 160.395156][ T8428] ? security_socket_sendmsg+0x87/0xb0 [ 160.400609][ T8428] ? __pfx_netlink_sendmsg+0x10/0x10 [ 160.405888][ T8428] __sock_sendmsg+0x221/0x270 [ 160.410567][ T8428] ____sys_sendmsg+0x525/0x7d0 [ 160.415353][ T8428] ? __pfx_____sys_sendmsg+0x10/0x10 [ 160.420759][ T8428] __sys_sendmsg+0x2b0/0x3a0 [ 160.425382][ T8428] ? __pfx___sys_sendmsg+0x10/0x10 [ 160.430502][ T8428] ? vfs_write+0x7c4/0xc90 [ 160.434955][ T8428] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 160.441281][ T8428] ? do_syscall_64+0x100/0x230 [ 160.446054][ T8428] ? do_syscall_64+0xb6/0x230 [ 160.450837][ T8428] do_syscall_64+0xf3/0x230 [ 160.455341][ T8428] ? clear_bhb_loop+0x35/0x90 [ 160.460015][ T8428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.465905][ T8428] RIP: 0033:0x7f6d9a575b99 [ 160.470319][ T8428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.489925][ T8428] RSP: 002b:00007f6d9b378048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 160.498336][ T8428] RAX: ffffffffffffffda RBX: 00007f6d9a703f60 RCX: 00007f6d9a575b99 [ 160.506300][ T8428] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 000000000000000a [ 160.514263][ T8428] RBP: 00007f6d9b3780a0 R08: 0000000000000000 R09: 0000000000000000 [ 160.522239][ T8428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 160.530203][ T8428] R13: 000000000000000b R14: 00007f6d9a703f60 R15: 00007ffe88bf3288 [ 160.538181][ T8428] [ 160.681911][ T2817] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.800726][ T8440] bond_slave_0: entered promiscuous mode [ 160.806812][ T8440] bond_slave_1: entered promiscuous mode [ 160.813562][ T8440] batadv0: entered promiscuous mode [ 160.890482][ T8440] vlan3: entered promiscuous mode [ 160.914994][ T8440] bond0: entered promiscuous mode [ 160.955467][ T8440] bond0: left promiscuous mode [ 161.013303][ T8440] bond_slave_0: left promiscuous mode [ 161.018875][ T8440] bond_slave_1: left promiscuous mode [ 161.024389][ T8440] batadv0: left promiscuous mode [ 161.068887][ T5101] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 161.079666][ T5101] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 161.088350][ T5101] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 161.100498][ T5101] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 161.119744][ T5101] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 161.128112][ T5101] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 161.308524][ T2817] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.505465][ T8465] netlink: 44 bytes leftover after parsing attributes in process `syz.2.851'. [ 161.506567][ T2817] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.565180][ T5090] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 161.576411][ T5090] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 161.591868][ T5090] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 161.608487][ T5090] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 161.616309][ T5090] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 161.629944][ T5090] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 161.852724][ T8479] netlink: 'syz.0.856': attribute type 4 has an invalid length. [ 161.917496][ T2817] bridge_slave_1: left allmulticast mode [ 161.923334][ T2817] bridge_slave_1: left promiscuous mode [ 161.929651][ T2817] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.941403][ T2817] bridge_slave_0: left allmulticast mode [ 161.947517][ T2817] bridge_slave_0: left promiscuous mode [ 161.953335][ T2817] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.244362][ T2817] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 162.255566][ T2817] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 162.273357][ T2817] bond0 (unregistering): Released all slaves [ 162.315478][ T8482] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 162.329088][ T8482] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.366896][ T8479] netlink: 'syz.0.856': attribute type 4 has an invalid length. [ 162.401642][ T8486] netlink: 'syz.0.856': attribute type 10 has an invalid length. [ 162.409891][ T8486] netlink: 2 bytes leftover after parsing attributes in process `syz.0.856'. [ 162.418850][ T8486] team0: entered promiscuous mode [ 162.423883][ T8486] team_slave_0: entered promiscuous mode [ 162.429869][ T8486] team_slave_1: entered promiscuous mode [ 162.435781][ T8486] bridge0: port 3(team0) entered blocking state [ 162.442723][ T8486] bridge0: port 3(team0) entered disabled state [ 162.449548][ T8486] team0: entered allmulticast mode [ 162.454688][ T8486] team_slave_0: entered allmulticast mode [ 162.460485][ T8486] team_slave_1: entered allmulticast mode [ 162.469736][ T8486] bridge0: port 3(team0) entered blocking state [ 162.476065][ T8486] bridge0: port 3(team0) entered forwarding state [ 162.592966][ T8482] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 162.604301][ T8482] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.734037][ T8482] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 162.755194][ T8482] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.810152][ T2817] hsr_slave_0: left promiscuous mode [ 162.823595][ T2817] hsr_slave_1: left promiscuous mode [ 162.832321][ T2817] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 162.840762][ T2817] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 162.850198][ T2817] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 162.859510][ T2817] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 162.883703][ T2817] veth1_macvtap: left promiscuous mode [ 162.889390][ T2817] veth0_macvtap: left promiscuous mode [ 162.894964][ T2817] veth1_vlan: left promiscuous mode [ 162.900335][ T2817] veth0_vlan: left promiscuous mode [ 163.139405][ T8502] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 163.202036][ T8502] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 163.237360][ T5101] Bluetooth: hci1: command tx timeout [ 163.355665][ T2817] team0 (unregistering): Port device team_slave_1 removed [ 163.393170][ T2817] team0 (unregistering): Port device team_slave_0 removed [ 163.717656][ T5101] Bluetooth: hci2: command tx timeout [ 163.774596][ T8482] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 163.785411][ T8482] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.804739][ T8499] netlink: 16 bytes leftover after parsing attributes in process `syz.0.861'. [ 163.814221][ T8455] chnl_net:caif_netlink_parms(): no params data found [ 163.978032][ T8455] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.985671][ T8455] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.993460][ T8455] bridge_slave_0: entered allmulticast mode [ 164.008176][ T8455] bridge_slave_0: entered promiscuous mode [ 164.016743][ T8455] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.024064][ T8455] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.031919][ T8455] bridge_slave_1: entered allmulticast mode [ 164.040209][ T8455] bridge_slave_1: entered promiscuous mode [ 164.091974][ T8482] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.106846][ T8482] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.158961][ T8482] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.168402][ T8482] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.187346][ T8455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 164.206304][ T8482] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.231177][ T8482] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.248376][ T8466] chnl_net:caif_netlink_parms(): no params data found [ 164.319627][ T8455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 164.347591][ T8482] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.355830][ T8482] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.356874][ T8521] FAULT_INJECTION: forcing a failure. [ 164.356874][ T8521] name failslab, interval 1, probability 0, space 0, times 0 [ 164.377368][ T8513] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 164.382660][ T8516] netlink: 16 bytes leftover after parsing attributes in process `syz.2.863'. [ 164.427468][ T8521] CPU: 1 PID: 8521 Comm: syz.0.864 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 164.430322][ T8513] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 164.437468][ T8521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 164.437486][ T8521] Call Trace: [ 164.437496][ T8521] [ 164.437505][ T8521] dump_stack_lvl+0x241/0x360 [ 164.437539][ T8521] ? __pfx_dump_stack_lvl+0x10/0x10 [ 164.473538][ T8521] ? __pfx__printk+0x10/0x10 [ 164.478162][ T8521] ? __pfx___might_resched+0x10/0x10 [ 164.483474][ T8521] should_fail_ex+0x3b0/0x4e0 [ 164.488164][ T8521] ? nft_trans_table_add+0x53/0x270 [ 164.493381][ T8521] should_failslab+0x9/0x20 [ 164.497882][ T8521] kmalloc_trace_noprof+0x6c/0x2c0 [ 164.502983][ T8521] ? rhashtable_init_noprof+0x748/0xa60 [ 164.508526][ T8521] nft_trans_table_add+0x53/0x270 [ 164.513565][ T8521] nf_tables_newtable+0x10f6/0x1dc0 [ 164.518774][ T8521] ? __pfx_nf_tables_newtable+0x10/0x10 [ 164.524320][ T8521] ? __nla_parse+0x40/0x60 [ 164.528758][ T8521] nfnetlink_rcv+0x1427/0x2a80 [ 164.533524][ T8521] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 164.539896][ T8521] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 164.545018][ T8521] ? __dev_queue_xmit+0x2d2/0x3d30 [ 164.550156][ T8521] ? netlink_deliver_tap+0x2e/0x1b0 [ 164.555344][ T8521] ? skb_clone+0x240/0x390 [ 164.559753][ T8521] ? __pfx_lock_release+0x10/0x10 [ 164.564778][ T8521] ? netlink_deliver_tap+0x2e/0x1b0 [ 164.569973][ T8521] netlink_unicast+0x7ea/0x980 [ 164.574737][ T8521] ? __pfx_netlink_unicast+0x10/0x10 [ 164.580016][ T8521] ? __virt_addr_valid+0x183/0x520 [ 164.585121][ T8521] ? __check_object_size+0x49c/0x900 [ 164.590400][ T8521] ? bpf_lsm_netlink_send+0x9/0x10 [ 164.595510][ T8521] netlink_sendmsg+0x8db/0xcb0 [ 164.600282][ T8521] ? __pfx_netlink_sendmsg+0x10/0x10 [ 164.605650][ T8521] ? __mutex_trylock_common+0x183/0x2e0 [ 164.611191][ T8521] ? aa_sock_msg_perm+0x91/0x160 [ 164.616128][ T8521] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 164.621401][ T8521] ? security_socket_sendmsg+0x87/0xb0 [ 164.626855][ T8521] ? __pfx_netlink_sendmsg+0x10/0x10 [ 164.632132][ T8521] __sock_sendmsg+0x221/0x270 [ 164.636811][ T8521] sock_sendmsg+0x134/0x200 [ 164.641315][ T8521] ? __pfx_sock_sendmsg+0x10/0x10 [ 164.646352][ T8521] ? iov_iter_bvec+0x4e/0x180 [ 164.651028][ T8521] splice_to_socket+0xa13/0x10b0 [ 164.655955][ T8521] ? __pfx_lock_release+0x10/0x10 [ 164.660989][ T8521] ? __pfx_splice_to_socket+0x10/0x10 [ 164.666371][ T8521] ? __lock_acquire+0x1346/0x1fd0 [ 164.671401][ T8521] ? bpf_lsm_file_permission+0x9/0x10 [ 164.676766][ T8521] ? security_file_permission+0x7f/0xa0 [ 164.682308][ T8521] ? rw_verify_area+0x1d2/0x6b0 [ 164.687158][ T8521] ? __pfx_splice_to_socket+0x10/0x10 [ 164.692542][ T8521] do_splice+0xd77/0x1900 [ 164.696870][ T8521] ? __pfx_lock_release+0x10/0x10 [ 164.701887][ T8521] ? vfs_write+0x7c4/0xc90 [ 164.706300][ T8521] ? __mutex_unlock_slowpath+0x21d/0x750 [ 164.711928][ T8521] ? pipe_clear_nowait+0x196/0x220 [ 164.717131][ T8521] ? __pfx_do_splice+0x10/0x10 [ 164.721893][ T8521] __se_sys_splice+0x331/0x4a0 [ 164.726655][ T8521] ? __pfx___se_sys_splice+0x10/0x10 [ 164.732019][ T8521] ? do_syscall_64+0x100/0x230 [ 164.736783][ T8521] ? __x64_sys_splice+0x21/0xf0 [ 164.741626][ T8521] do_syscall_64+0xf3/0x230 [ 164.746126][ T8521] ? clear_bhb_loop+0x35/0x90 [ 164.750793][ T8521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.756700][ T8521] RIP: 0033:0x7f1d12175b99 [ 164.761165][ T8521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.780770][ T8521] RSP: 002b:00007f1d12e6c048 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 164.789189][ T8521] RAX: ffffffffffffffda RBX: 00007f1d12304038 RCX: 00007f1d12175b99 [ 164.797152][ T8521] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 164.805110][ T8521] RBP: 00007f1d12e6c0a0 R08: 0000000000007fff R09: 0000000000000000 [ 164.813067][ T8521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 164.821044][ T8521] R13: 000000000000006e R14: 00007f1d12304038 R15: 00007ffcd091a6f8 [ 164.829038][ T8521] [ 164.891597][ T8523] netlink: 12 bytes leftover after parsing attributes in process `syz.1.865'. [ 164.913466][ T8523] bond2: entered allmulticast mode [ 164.972311][ T8455] team0: Port device team_slave_0 added [ 164.991175][ T8455] team0: Port device team_slave_1 added [ 165.001232][ T8531] netlink: 20 bytes leftover after parsing attributes in process `syz.1.866'. [ 165.031525][ T2817] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.080535][ T8531] netlink: 20 bytes leftover after parsing attributes in process `syz.1.866'. [ 165.090340][ T8466] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.098844][ T8466] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.106160][ T8466] bridge_slave_0: entered allmulticast mode [ 165.143145][ T8466] bridge_slave_0: entered promiscuous mode [ 165.187308][ T2817] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.202846][ T8466] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.210523][ T8466] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.222618][ T8466] bridge_slave_1: entered allmulticast mode [ 165.231435][ T8466] bridge_slave_1: entered promiscuous mode [ 165.247713][ T8455] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 165.277428][ T8455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.317725][ T5101] Bluetooth: hci1: command tx timeout [ 165.320503][ T8455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 165.358465][ T2817] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.424537][ T8455] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 165.446211][ T8455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.480114][ T8455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 165.527417][ T2817] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.565968][ T8466] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.627423][ T8466] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.764624][ T8466] team0: Port device team_slave_0 added [ 165.785837][ T8466] team0: Port device team_slave_1 added [ 165.797799][ T5101] Bluetooth: hci2: command tx timeout [ 165.856018][ T8455] hsr_slave_0: entered promiscuous mode [ 165.917497][ T8455] hsr_slave_1: entered promiscuous mode [ 165.925981][ T8455] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 165.937505][ T8455] Cannot create hsr debugfs directory [ 166.063848][ T8466] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 166.071080][ T8466] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 166.101774][ T8466] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 166.150566][ T8567] netlink: 176 bytes leftover after parsing attributes in process `syz.1.873'. [ 166.169176][ T8466] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 166.193793][ T8466] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 166.241309][ T8466] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 166.283331][ T8564] netlink: 16 bytes leftover after parsing attributes in process `syz.0.875'. [ 166.304252][ T8574] netlink: 12 bytes leftover after parsing attributes in process `syz.2.876'. [ 166.347712][ T8564] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 166.365432][ T2817] vlan2: left allmulticast mode [ 166.375303][ T2817] vlan2: left promiscuous mode [ 166.381525][ T2817] bridge0: port 3(vlan2) entered disabled state [ 166.391262][ T2817] bridge_slave_1: left allmulticast mode [ 166.396946][ T2817] bridge_slave_1: left promiscuous mode [ 166.403330][ T2817] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.414111][ T2817] bridge_slave_0: left allmulticast mode [ 166.420225][ T2817] bridge_slave_0: left promiscuous mode [ 166.428668][ T2817] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.685250][ T2817] bond1 (unregistering): (slave bridge1): Releasing backup interface [ 166.746017][ T2817] team0: Port device bridge2 removed [ 166.882053][ T2817] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 166.894211][ T2817] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 166.905558][ T2817] bond0 (unregistering): Released all slaves [ 166.925150][ T2817] bond1 (unregistering): Released all slaves [ 167.024432][ T8466] hsr_slave_0: entered promiscuous mode [ 167.042205][ T8466] hsr_slave_1: entered promiscuous mode [ 167.061249][ T8466] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.079249][ T8466] Cannot create hsr debugfs directory [ 167.312037][ T8592] delete_channel: no stack [ 167.329030][ T8594] netlink: 28 bytes leftover after parsing attributes in process `syz.1.884'. [ 167.382223][ T8592] netlink: 'syz.2.883': attribute type 4 has an invalid length. [ 167.399946][ T5101] Bluetooth: hci1: command tx timeout [ 167.406672][ T8592] netlink: 17 bytes leftover after parsing attributes in process `syz.2.883'. [ 167.425096][ T8598] Cannot find add_set index 0 as target [ 167.564915][ T8603] netlink: 68 bytes leftover after parsing attributes in process `syz.1.887'. [ 167.690487][ T2817] hsr_slave_0: left promiscuous mode [ 167.712253][ T2817] hsr_slave_1: left promiscuous mode [ 167.730655][ T2817] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 167.743575][ T2817] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 167.752072][ T2817] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 167.759881][ T2817] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 167.779951][ T2817] veth1_macvtap: left promiscuous mode [ 167.785486][ T2817] veth0_macvtap: left promiscuous mode [ 167.791483][ T2817] veth1_vlan: left promiscuous mode [ 167.796872][ T2817] veth0_vlan: left promiscuous mode [ 167.849563][ T8608] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 167.878026][ T5101] Bluetooth: hci2: command tx timeout [ 168.239618][ T2817] team0 (unregistering): Port device team_slave_1 removed [ 168.282872][ T2817] team0 (unregistering): Port device team_slave_0 removed [ 168.862304][ T8622] FAULT_INJECTION: forcing a failure. [ 168.862304][ T8622] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 168.886639][ T8622] CPU: 0 PID: 8622 Comm: syz.1.894 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 168.896681][ T8622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 168.906758][ T8622] Call Trace: [ 168.910063][ T8622] [ 168.913063][ T8622] dump_stack_lvl+0x241/0x360 [ 168.917783][ T8622] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.923105][ T8622] ? __pfx__printk+0x10/0x10 [ 168.927737][ T8622] should_fail_ex+0x3b0/0x4e0 [ 168.932450][ T8622] _copy_from_user+0x2f/0xe0 [ 168.937060][ T8622] move_addr_to_kernel+0x82/0x150 [ 168.939158][ T8455] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 168.942097][ T8622] __sys_sendto+0x2a3/0x4f0 [ 168.953288][ T8622] ? __pfx___sys_sendto+0x10/0x10 [ 168.958377][ T8622] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 168.964386][ T8622] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 168.970736][ T8622] ? exc_page_fault+0x590/0x8c0 [ 168.975602][ T8622] __x64_sys_sendto+0xde/0x100 [ 168.980372][ T8622] do_syscall_64+0xf3/0x230 [ 168.984874][ T8622] ? clear_bhb_loop+0x35/0x90 [ 168.989546][ T8622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.995436][ T8622] RIP: 0033:0x7f6d9a57792c [ 168.999845][ T8622] Code: 2a 5a 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5a 02 00 48 8b [ 169.019450][ T8622] RSP: 002b:00007f6d9b376ed0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 169.027859][ T8622] RAX: ffffffffffffffda RBX: 00007f6d9b376fd0 RCX: 00007f6d9a57792c [ 169.035822][ T8622] RDX: 0000000000000020 RSI: 00007f6d9b377020 RDI: 0000000000000005 [ 169.043781][ T8622] RBP: 0000000000000000 R08: 00007f6d9b376f24 R09: 000000000000000c [ 169.051745][ T8622] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 169.059705][ T8622] R13: 00007f6d9b376f78 R14: 00007f6d9b377020 R15: 0000000000000000 [ 169.067680][ T8622] [ 169.166038][ T8455] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 169.195330][ T8455] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 169.215679][ T8629] FAULT_INJECTION: forcing a failure. [ 169.215679][ T8629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 169.219061][ T8630] Cannot find add_set index 0 as target [ 169.238716][ T8629] CPU: 1 PID: 8629 Comm: syz.1.896 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 169.242975][ T8455] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 169.248715][ T8629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 169.248730][ T8629] Call Trace: [ 169.248739][ T8629] [ 169.248747][ T8629] dump_stack_lvl+0x241/0x360 [ 169.248778][ T8629] ? __pfx_dump_stack_lvl+0x10/0x10 [ 169.248801][ T8629] ? __pfx__printk+0x10/0x10 [ 169.248826][ T8629] ? __pfx_lock_release+0x10/0x10 [ 169.291294][ T8629] should_fail_ex+0x3b0/0x4e0 [ 169.296039][ T8629] _copy_from_iter+0x1f6/0x1960 [ 169.300918][ T8629] ? __virt_addr_valid+0x183/0x520 [ 169.306066][ T8629] ? __pfx_lock_release+0x10/0x10 [ 169.311125][ T8629] ? __alloc_skb+0x28f/0x440 [ 169.315751][ T8629] ? __pfx__copy_from_iter+0x10/0x10 [ 169.321072][ T8629] ? __virt_addr_valid+0x183/0x520 [ 169.326211][ T8629] ? __virt_addr_valid+0x183/0x520 [ 169.331356][ T8629] ? __virt_addr_valid+0x44e/0x520 [ 169.336498][ T8629] ? __check_object_size+0x49c/0x900 [ 169.341814][ T8629] netlink_sendmsg+0x743/0xcb0 [ 169.346594][ T8629] ? __pfx_netlink_sendmsg+0x10/0x10 [ 169.351884][ T8629] ? __import_iovec+0x536/0x820 [ 169.356728][ T8629] ? aa_sock_msg_perm+0x91/0x160 [ 169.361669][ T8629] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 169.366943][ T8629] ? security_socket_sendmsg+0x87/0xb0 [ 169.372397][ T8629] ? __pfx_netlink_sendmsg+0x10/0x10 [ 169.377673][ T8629] __sock_sendmsg+0x221/0x270 [ 169.382347][ T8629] ____sys_sendmsg+0x525/0x7d0 [ 169.387117][ T8629] ? __pfx_____sys_sendmsg+0x10/0x10 [ 169.392416][ T8629] __sys_sendmsg+0x2b0/0x3a0 [ 169.397004][ T8629] ? __pfx___sys_sendmsg+0x10/0x10 [ 169.402112][ T8629] ? vfs_write+0x7c4/0xc90 [ 169.406548][ T8629] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 169.412869][ T8629] ? do_syscall_64+0x100/0x230 [ 169.417633][ T8629] ? do_syscall_64+0xb6/0x230 [ 169.422304][ T8629] do_syscall_64+0xf3/0x230 [ 169.426803][ T8629] ? clear_bhb_loop+0x35/0x90 [ 169.431472][ T8629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.437362][ T8629] RIP: 0033:0x7f6d9a575b99 [ 169.441768][ T8629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.461365][ T8629] RSP: 002b:00007f6d9b378048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 169.469771][ T8629] RAX: ffffffffffffffda RBX: 00007f6d9a703f60 RCX: 00007f6d9a575b99 [ 169.477733][ T8629] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000004 [ 169.485692][ T8629] RBP: 00007f6d9b3780a0 R08: 0000000000000000 R09: 0000000000000000 [ 169.493661][ T8629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 169.501623][ T8629] R13: 000000000000000b R14: 00007f6d9a703f60 R15: 00007ffe88bf3288 [ 169.509597][ T8629] [ 169.517387][ T5101] Bluetooth: hci1: command tx timeout [ 169.774776][ T8455] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.856931][ T8455] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.924172][ T5136] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.931396][ T5136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.958267][ T5101] Bluetooth: hci2: command tx timeout [ 169.978534][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.985702][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.051191][ T8466] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 170.078245][ T8656] netlink: 'syz.2.905': attribute type 21 has an invalid length. [ 170.086919][ T8656] __nla_validate_parse: 2 callbacks suppressed [ 170.086935][ T8656] netlink: 128 bytes leftover after parsing attributes in process `syz.2.905'. [ 170.110686][ T8656] netlink: 'syz.2.905': attribute type 4 has an invalid length. [ 170.128394][ T8656] netlink: 'syz.2.905': attribute type 5 has an invalid length. [ 170.136079][ T8656] netlink: 3 bytes leftover after parsing attributes in process `syz.2.905'. [ 170.148753][ T8649] netlink: 16 bytes leftover after parsing attributes in process `syz.1.904'. [ 170.158283][ T8466] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 170.168598][ T8466] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 170.181319][ T8649] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 170.196401][ T8466] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 170.199416][ T8661] netlink: 'syz.0.907': attribute type 1 has an invalid length. [ 170.211307][ T8661] netlink: 'syz.0.907': attribute type 1 has an invalid length. [ 170.220914][ T8661] netlink: 9328 bytes leftover after parsing attributes in process `syz.0.907'. [ 170.230744][ T8661] netlink: 'syz.0.907': attribute type 1 has an invalid length. [ 170.306563][ T8662] netlink: 'syz.0.907': attribute type 4 has an invalid length. [ 170.314508][ T8662] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.907'. [ 170.523944][ T8466] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.572668][ T8466] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.594212][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.601557][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.630496][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.637707][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.695680][ T8455] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.725789][ T8466] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 170.746195][ T8466] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 170.871164][ T8680] netlink: 'syz.1.912': attribute type 4 has an invalid length. [ 170.892125][ T8680] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.912'. [ 171.061456][ T8466] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 171.118417][ T8695] netlink: 16 bytes leftover after parsing attributes in process `syz.0.913'. [ 171.136600][ T8684] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 171.206679][ T8466] veth0_vlan: entered promiscuous mode [ 171.234806][ T8466] veth1_vlan: entered promiscuous mode [ 171.242356][ T8684] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 171.292429][ T8699] netlink: 'syz.1.916': attribute type 1 has an invalid length. [ 171.296853][ T8455] veth0_vlan: entered promiscuous mode [ 171.310155][ T8699] netlink: 9352 bytes leftover after parsing attributes in process `syz.1.916'. [ 171.327632][ T8455] veth1_vlan: entered promiscuous mode [ 171.333184][ T8699] netlink: 4 bytes leftover after parsing attributes in process `syz.1.916'. [ 171.372177][ T8466] veth0_macvtap: entered promiscuous mode [ 171.408373][ T8466] veth1_macvtap: entered promiscuous mode [ 171.416032][ T8455] veth0_macvtap: entered promiscuous mode [ 171.432813][ T8455] veth1_macvtap: entered promiscuous mode [ 171.459704][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.471191][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.481678][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.492309][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.502195][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.515001][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.527930][ T8466] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.544977][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.556937][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.568220][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.579044][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.589150][ T8466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.599754][ T8466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.611154][ T8466] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 171.626625][ T8455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.638068][ T8455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.648033][ T8455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.659017][ T8455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.669385][ T8455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.680269][ T8455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.690856][ T8455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.701492][ T8455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.713340][ T8455] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.722166][ T8705] netlink: 16 bytes leftover after parsing attributes in process `syz.1.917'. [ 171.733488][ T8705] bridge0: entered promiscuous mode [ 171.746223][ T8466] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.756826][ T8466] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.766300][ T8466] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.775310][ T8466] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.785929][ T8455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.798536][ T8455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.809014][ T8455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.819866][ T8455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.830099][ T8455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.840769][ T8455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.851274][ T8455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.865403][ T8455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.882821][ T8455] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 171.922011][ T8455] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.933765][ T8455] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.942660][ T8455] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.953111][ T8455] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.084053][ T1035] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.094545][ T1035] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.153258][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.175222][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.201172][ T2419] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.212353][ T2419] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.252164][ T1035] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.264349][ T1035] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.388485][ T8719] FAULT_INJECTION: forcing a failure. [ 172.388485][ T8719] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 172.422859][ T8719] CPU: 0 PID: 8719 Comm: syz.1.922 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 172.432916][ T8719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 172.442997][ T8719] Call Trace: [ 172.446304][ T8719] [ 172.449272][ T8719] dump_stack_lvl+0x241/0x360 [ 172.453983][ T8719] ? __pfx_dump_stack_lvl+0x10/0x10 [ 172.459215][ T8719] ? __pfx__printk+0x10/0x10 [ 172.463841][ T8719] ? snprintf+0xda/0x120 [ 172.468128][ T8719] should_fail_ex+0x3b0/0x4e0 [ 172.472856][ T8719] _copy_to_user+0x2f/0xb0 [ 172.477313][ T8719] simple_read_from_buffer+0xca/0x150 [ 172.482736][ T8719] proc_fail_nth_read+0x1e9/0x250 [ 172.487811][ T8719] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 172.493393][ T8719] ? rw_verify_area+0x514/0x6b0 [ 172.498268][ T8719] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 172.503838][ T8719] vfs_read+0x204/0xbd0 [ 172.508028][ T8719] ? __pfx_lock_release+0x10/0x10 [ 172.513087][ T8719] ? __pfx_vfs_read+0x10/0x10 [ 172.517801][ T8719] ? __fget_files+0x29/0x470 [ 172.522422][ T8719] ? __fget_files+0x3f6/0x470 [ 172.527137][ T8719] ksys_read+0x1a0/0x2c0 [ 172.531415][ T8719] ? __pfx_ksys_read+0x10/0x10 [ 172.536207][ T8719] ? do_syscall_64+0x100/0x230 [ 172.541011][ T8719] ? do_syscall_64+0xb6/0x230 [ 172.545727][ T8719] do_syscall_64+0xf3/0x230 [ 172.550266][ T8719] ? clear_bhb_loop+0x35/0x90 [ 172.554976][ T8719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.560909][ T8719] RIP: 0033:0x7f6d9a57467c [ 172.565357][ T8719] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 172.585342][ T8719] RSP: 002b:00007f6d9b378040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 172.593792][ T8719] RAX: ffffffffffffffda RBX: 00007f6d9a703f60 RCX: 00007f6d9a57467c [ 172.601890][ T8719] RDX: 000000000000000f RSI: 00007f6d9b3780b0 RDI: 0000000000000004 [ 172.609896][ T8719] RBP: 00007f6d9b3780a0 R08: 0000000000000000 R09: 0000000000000000 [ 172.617900][ T8719] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 172.625891][ T8719] R13: 000000000000000b R14: 00007f6d9a703f60 R15: 00007ffe88bf3288 [ 172.633983][ T8719] [ 172.670327][ T8728] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.754452][ T8718] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.863823][ T8740] FAULT_INJECTION: forcing a failure. [ 172.863823][ T8740] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 172.877683][ T8740] CPU: 0 PID: 8740 Comm: syz.0.929 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 172.887701][ T8740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 172.897783][ T8740] Call Trace: [ 172.901079][ T8740] [ 172.904018][ T8740] dump_stack_lvl+0x241/0x360 [ 172.908793][ T8740] ? __pfx_dump_stack_lvl+0x10/0x10 [ 172.913993][ T8740] ? __pfx__printk+0x10/0x10 [ 172.918593][ T8740] should_fail_ex+0x3b0/0x4e0 [ 172.923277][ T8740] _copy_from_user+0x2f/0xe0 [ 172.927868][ T8740] move_addr_to_kernel+0x82/0x150 [ 172.932930][ T8740] copy_msghdr_from_user+0x43e/0x680 [ 172.938212][ T8740] ? _parse_integer_limit+0x1b5/0x200 [ 172.943583][ T8740] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 172.949423][ T8740] __sys_sendmmsg+0x374/0x740 [ 172.954122][ T8740] ? __pfx___sys_sendmmsg+0x10/0x10 [ 172.959360][ T8740] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 172.965257][ T8740] ? ksys_write+0x23e/0x2c0 [ 172.969760][ T8740] ? __pfx_lock_release+0x10/0x10 [ 172.974783][ T8740] ? vfs_write+0x7c4/0xc90 [ 172.979226][ T8740] ? __mutex_unlock_slowpath+0x21d/0x750 [ 172.984870][ T8740] ? __pfx_vfs_write+0x10/0x10 [ 172.989653][ T8740] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 172.995669][ T8740] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 173.002004][ T8740] ? do_syscall_64+0x100/0x230 [ 173.006775][ T8740] __x64_sys_sendmmsg+0xa0/0xb0 [ 173.011629][ T8740] do_syscall_64+0xf3/0x230 [ 173.016128][ T8740] ? clear_bhb_loop+0x35/0x90 [ 173.020798][ T8740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.026693][ T8740] RIP: 0033:0x7f1d12175b99 [ 173.031101][ T8740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.050704][ T8740] RSP: 002b:00007f1d12e8d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 173.059110][ T8740] RAX: ffffffffffffffda RBX: 00007f1d12303f60 RCX: 00007f1d12175b99 [ 173.067071][ T8740] RDX: 0000000000000001 RSI: 0000000020001740 RDI: 0000000000000003 [ 173.075030][ T8740] RBP: 00007f1d12e8d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 173.083087][ T8740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.091057][ T8740] R13: 000000000000000b R14: 00007f1d12303f60 R15: 00007ffcd091a6f8 [ 173.099035][ T8740] [ 173.242439][ T8749] validate_nla: 3 callbacks suppressed [ 173.242458][ T8749] netlink: 'syz.2.933': attribute type 3 has an invalid length. [ 173.605196][ T8767] FAULT_INJECTION: forcing a failure. [ 173.605196][ T8767] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.627339][ T8767] CPU: 1 PID: 8767 Comm: syz.0.942 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 173.637641][ T8767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 173.647804][ T8767] Call Trace: [ 173.651181][ T8767] [ 173.654129][ T8767] dump_stack_lvl+0x241/0x360 [ 173.658848][ T8767] ? __pfx_dump_stack_lvl+0x10/0x10 [ 173.664160][ T8767] ? __pfx__printk+0x10/0x10 [ 173.668782][ T8767] ? snprintf+0xda/0x120 [ 173.673049][ T8767] should_fail_ex+0x3b0/0x4e0 [ 173.677758][ T8767] _copy_to_user+0x2f/0xb0 [ 173.682199][ T8767] simple_read_from_buffer+0xca/0x150 [ 173.687606][ T8767] proc_fail_nth_read+0x1e9/0x250 [ 173.692654][ T8767] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 173.698228][ T8767] ? rw_verify_area+0x514/0x6b0 [ 173.703100][ T8767] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 173.708677][ T8767] vfs_read+0x204/0xbd0 [ 173.712862][ T8767] ? __pfx_lock_release+0x10/0x10 [ 173.718000][ T8767] ? do_sock_setsockopt+0x3e2/0x720 [ 173.723230][ T8767] ? __pfx_vfs_read+0x10/0x10 [ 173.727935][ T8767] ? __fget_files+0x29/0x470 [ 173.732565][ T8767] ? __fget_files+0x3f6/0x470 [ 173.737289][ T8767] ksys_read+0x1a0/0x2c0 [ 173.741566][ T8767] ? __pfx_ksys_read+0x10/0x10 [ 173.746353][ T8767] ? do_syscall_64+0x100/0x230 [ 173.751122][ T8767] ? do_syscall_64+0xb6/0x230 [ 173.755798][ T8767] do_syscall_64+0xf3/0x230 [ 173.760313][ T8767] ? clear_bhb_loop+0x35/0x90 [ 173.764985][ T8767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.770963][ T8767] RIP: 0033:0x7f1d1217467c [ 173.775368][ T8767] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 173.794973][ T8767] RSP: 002b:00007f1d12e8d040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 173.803389][ T8767] RAX: ffffffffffffffda RBX: 00007f1d12303f60 RCX: 00007f1d1217467c [ 173.811352][ T8767] RDX: 000000000000000f RSI: 00007f1d12e8d0b0 RDI: 0000000000000004 [ 173.819310][ T8767] RBP: 00007f1d12e8d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 173.827276][ T8767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.835236][ T8767] R13: 000000000000000b R14: 00007f1d12303f60 R15: 00007ffcd091a6f8 [ 173.843214][ T8767] [ 174.023102][ T8758] netlink: 'syz.2.937': attribute type 9 has an invalid length. [ 174.366079][ T8795] netlink: 'syz.2.951': attribute type 2 has an invalid length. [ 174.564708][ T8802] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 174.647731][ T8799] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 174.714257][ T8818] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 174.748000][ T8819] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 174.802090][ T8813] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 174.813503][ T8810] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 175.106377][ T8826] __nla_validate_parse: 8 callbacks suppressed [ 175.106390][ T8826] netlink: 4 bytes leftover after parsing attributes in process `syz.3.957'. [ 175.126185][ T8826] netlink: 4 bytes leftover after parsing attributes in process `syz.3.957'. [ 175.178659][ T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.013124][ T8832] FAULT_INJECTION: forcing a failure. [ 176.013124][ T8832] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 176.057414][ T8832] CPU: 1 PID: 8832 Comm: syz.0.958 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 176.067446][ T8832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 176.077525][ T8832] Call Trace: [ 176.080819][ T8832] [ 176.083762][ T8832] dump_stack_lvl+0x241/0x360 [ 176.088481][ T8832] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.093798][ T8832] ? __pfx__printk+0x10/0x10 [ 176.098427][ T8832] ? __pfx_lock_release+0x10/0x10 [ 176.103495][ T8832] should_fail_ex+0x3b0/0x4e0 [ 176.108226][ T8832] _copy_from_user+0x2f/0xe0 [ 176.112846][ T8832] copy_msghdr_from_user+0xae/0x680 [ 176.118071][ T8832] ? __pfx___might_resched+0x10/0x10 [ 176.123384][ T8832] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 176.129316][ T8832] ? __might_fault+0xaa/0x120 [ 176.134027][ T8832] __sys_sendmmsg+0x374/0x740 [ 176.138748][ T8832] ? __pfx___sys_sendmmsg+0x10/0x10 [ 176.143994][ T8832] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 176.149891][ T8832] ? ksys_write+0x23e/0x2c0 [ 176.154418][ T8832] ? __pfx_lock_release+0x10/0x10 [ 176.159452][ T8832] ? vfs_write+0x7c4/0xc90 [ 176.163894][ T8832] ? __mutex_unlock_slowpath+0x21d/0x750 [ 176.169537][ T8832] ? __pfx_vfs_write+0x10/0x10 [ 176.174328][ T8832] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 176.180319][ T8832] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 176.186649][ T8832] ? do_syscall_64+0x100/0x230 [ 176.191421][ T8832] __x64_sys_sendmmsg+0xa0/0xb0 [ 176.196274][ T8832] do_syscall_64+0xf3/0x230 [ 176.200829][ T8832] ? clear_bhb_loop+0x35/0x90 [ 176.205511][ T8832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.211424][ T8832] RIP: 0033:0x7f1d12175b99 [ 176.215843][ T8832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.235482][ T8832] RSP: 002b:00007f1d12e8d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 176.243896][ T8832] RAX: ffffffffffffffda RBX: 00007f1d12303f60 RCX: 00007f1d12175b99 [ 176.251863][ T8832] RDX: 00000000000003ef RSI: 0000000020000180 RDI: 0000000000000003 [ 176.259826][ T8832] RBP: 00007f1d12e8d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 176.267790][ T8832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 176.275835][ T8832] R13: 000000000000000b R14: 00007f1d12303f60 R15: 00007ffcd091a6f8 [ 176.283816][ T8832] [ 176.345563][ T8843] FAULT_INJECTION: forcing a failure. [ 176.345563][ T8843] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 176.361957][ T8839] netlink: 4 bytes leftover after parsing attributes in process `syz.2.960'. [ 176.369605][ T5090] Bluetooth: hci4: command 0x0405 tx timeout [ 176.387883][ T8843] CPU: 0 PID: 8843 Comm: syz.3.962 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 176.397911][ T8843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 176.407989][ T8843] Call Trace: [ 176.411284][ T8843] [ 176.414233][ T8843] dump_stack_lvl+0x241/0x360 [ 176.418943][ T8843] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.424171][ T8843] ? __pfx__printk+0x10/0x10 [ 176.428792][ T8843] ? __pfx_lock_release+0x10/0x10 [ 176.433851][ T8843] should_fail_ex+0x3b0/0x4e0 [ 176.438565][ T8843] _copy_from_user+0x2f/0xe0 [ 176.443184][ T8843] copy_from_sockptr_offset+0x6b/0xb0 [ 176.448587][ T8843] do_ip6t_set_ctl+0xbe6/0x1270 [ 176.453477][ T8843] ? __pfx___might_resched+0x10/0x10 [ 176.458798][ T8843] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 176.464119][ T8843] ? __pfx_lock_release+0x10/0x10 [ 176.469187][ T8843] ? __mutex_unlock_slowpath+0x21d/0x750 [ 176.474858][ T8843] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 176.480879][ T8843] nf_setsockopt+0x295/0x2c0 [ 176.485501][ T8843] dccp_setsockopt+0x17c/0x12c0 [ 176.490381][ T8843] ? __pfx_aa_sk_perm+0x10/0x10 [ 176.495355][ T8843] ? __pfx_dccp_setsockopt+0x10/0x10 [ 176.500675][ T8843] ? aa_sock_opt_perm+0x79/0x120 [ 176.505644][ T8843] ? sock_common_setsockopt+0x37/0xc0 [ 176.511036][ T8843] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 176.513681][ T5097] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 176.516924][ T8843] do_sock_setsockopt+0x3af/0x720 [ 176.516962][ T8843] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 176.516981][ T8843] ? __fget_files+0x29/0x470 [ 176.517007][ T8843] ? __fget_files+0x3f6/0x470 [ 176.529380][ T5097] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 176.534607][ T8843] __sys_setsockopt+0x1ae/0x250 [ 176.534644][ T8843] __x64_sys_setsockopt+0xb5/0xd0 [ 176.542647][ T5097] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 176.543869][ T8843] do_syscall_64+0xf3/0x230 [ 176.543902][ T8843] ? clear_bhb_loop+0x35/0x90 [ 176.559259][ T5097] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 176.560664][ T8843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.560700][ T8843] RIP: 0033:0x7f1b30f75b99 [ 176.568993][ T5097] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 176.572110][ T8843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.572130][ T8843] RSP: 002b:00007f1b31d9c048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 176.572153][ T8843] RAX: ffffffffffffffda RBX: 00007f1b31103f60 RCX: 00007f1b30f75b99 [ 176.577575][ T5097] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 176.583715][ T8843] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 176.583733][ T8843] RBP: 00007f1b31d9c0a0 R08: 00000000000003b8 R09: 0000000000000000 [ 176.583745][ T8843] R10: 0000000020000800 R11: 0000000000000246 R12: 0000000000000001 [ 176.583757][ T8843] R13: 000000000000000b R14: 00007f1b31103f60 R15: 00007ffcba7d29d8 [ 176.583786][ T8843] [ 176.713449][ T8846] tipc: Started in network mode [ 176.731416][ T8846] tipc: Node identity , cluster identity 4711 [ 176.740277][ T8846] FAULT_INJECTION: forcing a failure. [ 176.740277][ T8846] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 176.755167][ T8846] CPU: 0 PID: 8846 Comm: syz.0.964 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 176.765180][ T8846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 176.775248][ T8846] Call Trace: [ 176.778553][ T8846] [ 176.781477][ T8846] dump_stack_lvl+0x241/0x360 [ 176.786149][ T8846] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.791342][ T8846] ? __pfx__printk+0x10/0x10 [ 176.795956][ T8846] ? snprintf+0xda/0x120 [ 176.800227][ T8846] should_fail_ex+0x3b0/0x4e0 [ 176.804924][ T8846] _copy_to_user+0x2f/0xb0 [ 176.809381][ T8846] simple_read_from_buffer+0xca/0x150 [ 176.814786][ T8846] proc_fail_nth_read+0x1e9/0x250 [ 176.815062][ T8854] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 176.819819][ T8846] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 176.832465][ T8854] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 176.837990][ T8846] ? rw_verify_area+0x514/0x6b0 [ 176.846373][ T8854] CPU: 1 PID: 8854 Comm: syz.3.965 Not tainted 6.10.0-rc5-syzkaller-00194-g8905a2c7d39b #0 [ 176.851197][ T8846] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 176.861150][ T8854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 176.866664][ T8846] vfs_read+0x204/0xbd0 [ 176.876690][ T8854] RIP: 0010:dev_map_enqueue+0x31/0x3e0 [ 176.880818][ T8846] ? __pfx_lock_release+0x10/0x10 [ 176.886245][ T8854] Code: 41 56 41 55 41 54 53 48 83 ec 18 49 89 d4 49 89 f5 48 89 fd 49 be 00 00 00 00 00 fc ff df e8 f6 a0 d7 ff 48 89 e8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 ef e8 50 56 3d 00 4c 8b 7d 00 48 83 c5 [ 176.891241][ T8846] ? __pfx_vfs_read+0x10/0x10 [ 176.910811][ T8854] RSP: 0018:ffffc900a8787678 EFLAGS: 00010246 [ 176.915458][ T8846] ? __fget_files+0x29/0x470 [ 176.921510][ T8854] [ 176.926078][ T8846] ? __fget_files+0x3f6/0x470 [ 176.928392][ T8854] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000 [ 176.933051][ T8846] ksys_read+0x1a0/0x2c0 [ 176.940995][ T8854] RDX: ffffc90012300000 RSI: 00000000000008ef RDI: 00000000000008f0 [ 176.945236][ T8846] ? __pfx_ksys_read+0x10/0x10 [ 176.953175][ T8854] RBP: 0000000000000000 R08: ffffffff8961aa26 R09: ffffffff8961a9e3 [ 176.957914][ T8846] ? do_syscall_64+0x100/0x230 [ 176.965857][ T8854] R10: 0000000000000004 R11: ffff88802efd9e00 R12: ffff88802ad00000 [ 176.970611][ T8846] ? do_syscall_64+0xb6/0x230 [ 176.978553][ T8854] R13: ffff88805251f070 R14: dffffc0000000000 R15: 0000000000000000 [ 176.983383][ T8846] do_syscall_64+0xf3/0x230 [ 176.991346][ T8854] FS: 00007f1b31d7b6c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 176.995831][ T8846] ? clear_bhb_loop+0x35/0x90 [ 177.007092][ T8854] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.012106][ T8846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.018920][ T8854] CR2: 000000110c356c05 CR3: 000000005571c000 CR4: 00000000003506f0 [ 177.024802][ T8846] RIP: 0033:0x7f1d1217467c [ 177.032751][ T8854] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 177.037256][ T8846] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 177.045218][ T8854] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 177.064818][ T8846] RSP: 002b:00007f1d12e8d040 EFLAGS: 00000246 [ 177.072768][ T8854] Call Trace: [ 177.072782][ T8854] [ 177.078819][ T8846] ORIG_RAX: 0000000000000000 [ 177.082176][ T8854] ? __die_body+0x88/0xe0 [ 177.085084][ T8846] RAX: ffffffffffffffda RBX: 00007f1d12303f60 RCX: 00007f1d1217467c [ 177.089734][ T8854] ? die_addr+0x108/0x140 [ 177.094144][ T8846] RDX: 000000000000000f RSI: 00007f1d12e8d0b0 RDI: 0000000000000004 [ 177.103985][ T8854] ? exc_general_protection+0x3dd/0x5d0 [ 177.109303][ T8846] RBP: 00007f1d12e8d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 177.117357][ T8854] ? asm_exc_general_protection+0x26/0x30 [ 177.122955][ T8846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 177.131060][ T8854] ? xdp_do_redirect_frame+0x243/0x660 [ 177.136755][ T8846] R13: 000000000000000b R14: 00007f1d12303f60 R15: 00007ffcd091a6f8 [ 177.144789][ T8854] ? xdp_do_redirect_frame+0x286/0x660 [ 177.150231][ T8846] [ 177.158277][ T8854] ? dev_map_enqueue+0x31/0x3e0 [ 177.172308][ T8854] ? dev_map_enqueue+0x2a/0x3e0 [ 177.177171][ T8854] xdp_do_redirect_frame+0x2a6/0x660 [ 177.182463][ T8854] bpf_test_run_xdp_live+0xe60/0x1e60 [ 177.188381][ T8854] ? bpf_test_run_xdp_live+0x724/0x1e60 [ 177.194361][ T8854] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 177.200215][ T8854] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 177.206143][ T8854] ? __might_fault+0xaa/0x120 [ 177.210931][ T8854] ? __might_fault+0xc6/0x120 [ 177.215607][ T8854] ? _copy_from_user+0xa6/0xe0 [ 177.220402][ T8854] ? bpf_test_init+0x15a/0x180 [ 177.225432][ T8854] ? xdp_convert_md_to_buff+0x5b/0x330 [ 177.231330][ T8854] bpf_prog_test_run_xdp+0x80e/0x11b0 [ 177.237393][ T8854] ? __pfx_lock_release+0x10/0x10 [ 177.243116][ T8854] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 177.248944][ T8854] ? __fget_files+0x29/0x470 [ 177.253544][ T8854] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 177.259417][ T8854] bpf_prog_test_run+0x33a/0x3b0 [ 177.264353][ T8854] __sys_bpf+0x48d/0x810 [ 177.268614][ T8854] ? __pfx___sys_bpf+0x10/0x10 [ 177.273570][ T8854] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 177.279563][ T8854] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 177.286000][ T8854] ? do_syscall_64+0x100/0x230 [ 177.290801][ T8854] __x64_sys_bpf+0x7c/0x90 [ 177.295257][ T8854] do_syscall_64+0xf3/0x230 [ 177.300441][ T8854] ? clear_bhb_loop+0x35/0x90 [ 177.305999][ T8854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.312090][ T8854] RIP: 0033:0x7f1b30f75b99 [ 177.316707][ T8854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.336440][ T8854] RSP: 002b:00007f1b31d7b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 177.344866][ T8854] RAX: ffffffffffffffda RBX: 00007f1b31104038 RCX: 00007f1b30f75b99 [ 177.352935][ T8854] RDX: 0000000000000050 RSI: 0000000020000240 RDI: 000000000000000a [ 177.360902][ T8854] RBP: 00007f1b30fe4a7a R08: 0000000000000000 R09: 0000000000000000 [ 177.368895][ T8854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 177.376905][ T8854] R13: 000000000000006e R14: 00007f1b31104038 R15: 00007ffcba7d29d8 [ 177.384962][ T8854] [ 177.387969][ T8854] Modules linked in: [ 177.392033][ T8854] ---[ end trace 0000000000000000 ]--- [ 177.397541][ T8854] RIP: 0010:dev_map_enqueue+0x31/0x3e0 [ 177.403052][ T8854] Code: 41 56 41 55 41 54 53 48 83 ec 18 49 89 d4 49 89 f5 48 89 fd 49 be 00 00 00 00 00 fc ff df e8 f6 a0 d7 ff 48 89 e8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 ef e8 50 56 3d 00 4c 8b 7d 00 48 83 c5 [ 177.422720][ T8854] RSP: 0018:ffffc900a8787678 EFLAGS: 00010246 [ 177.428840][ T8854] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000 [ 177.436824][ T8854] RDX: ffffc90012300000 RSI: 00000000000008ef RDI: 00000000000008f0 [ 177.445288][ T8854] RBP: 0000000000000000 R08: ffffffff8961aa26 R09: ffffffff8961a9e3 [ 177.454113][ T8854] R10: 0000000000000004 R11: ffff88802efd9e00 R12: ffff88802ad00000 [ 177.462175][ T8854] R13: ffff88805251f070 R14: dffffc0000000000 R15: 0000000000000000 [ 177.470286][ T8854] FS: 00007f1b31d7b6c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 177.475096][ T8858] FAULT_INJECTION: forcing a failure. [ 177.475096][ T8858] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 177.479271][ T8854] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.479292][ T8854] CR2: 000000110c356c05 CR3: 000000005571c000 CR4: 00000000003506f0 [ 177.479308][ T8854] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 177.479319][ T8854] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 177.479333][ T8854] Kernel panic - not syncing: Fatal exception in interrupt [ 177.479662][ T8854] Kernel Offset: disabled