last executing test programs: 3.355722151s ago: executing program 2 (id=3658): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) close(r1) socket$alg(0x26, 0x5, 0x0) writev(r1, 0x0, 0x0) 3.202602887s ago: executing program 2 (id=3660): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) unshare(0x22020400) r2 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r2, 0x0, 0xcf, 0x0, &(0x7f0000000440)) 3.12386591s ago: executing program 0 (id=3662): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001840)={&(0x7f0000000000)=ANY=[@ANYBLOB="580000000206050000000000000000000000000005000400000000000900020073797a30000004000c00078008000600000000000500050002000000050001000600000014000300686173"], 0x58}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x6) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={0x0}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x6c}, 0x1, 0x0, 0x0, 0x8005}, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000480)={'vxcan0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1d, 0x2, 0x6) bind$can_j1939(r5, &(0x7f0000000080)={0x1d, r3, 0x3}, 0x18) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000002300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r6], 0x20}}, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x5f, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe80500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x5c}}, 0x0) 2.919911121s ago: executing program 2 (id=3663): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbe, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000180), &(0x7f00000001c0), 0x8, 0x55, 0x8, 0x8, &(0x7f0000000300)}}, 0x10) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0x7c}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) sendmsg$NFT_BATCH(r1, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, 0x0, 0x50) vmsplice(r4, &(0x7f0000000180)=[{&(0x7f00000000c0)="f6", 0x1}], 0x1, 0x1) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000005c0)=@can_newroute={0x34, 0x18, 0x1, 0x0, 0x0, {0x1d, 0x1, 0x8}, [@CGW_MOD_XOR={0x15, 0x3, {{{}, 0x0, 0x0, 0x0, 0x0, "2090b6699f71b7da"}}}, @CGW_LIM_HOPS={0x5, 0xd, 0x1}]}, 0x34}}, 0x0) write$binfmt_elf64(r4, 0x0, 0x78) close(r4) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000000)) pwritev(r6, &(0x7f00000004c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="db", 0xfffff000}], 0x3, 0x8040000, 0x0) splice(r3, 0x0, r4, 0x0, 0xfdef, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) sendfile(r5, r2, &(0x7f0000000240)=0x401, 0xfffffffffffffff9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={0xffffffffffffffff, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000003c0)=[0x0], &(0x7f0000000400)=[0x0], 0x0, 0x80000df, &(0x7f0000000500)=[{}], 0x8, 0x10, &(0x7f0000000540), &(0x7f0000000580), 0x8, 0x54, 0x8, 0x8, &(0x7f0000000600)}}, 0x10) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', r7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000181180006eb637fbd0faf85488ca3204ee2edcdea5bc4a9615ecd3e3d0d6c5164a533e959291846ba82e1cee1e3f7ba9b8ba6515ccb66aaa652e79ff6ae5ae6e82c4de30dd932335769f96165674db1c0cf1a8af2cf24e16a93b93c7970ddbd8e08291019627b8926679d426c189d344555e9430560f122b29d20417b9f0282f79ebadf93f2395b1a207b857", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) 2.42145627s ago: executing program 0 (id=3666): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) socket$packet(0x11, 0x3, 0x300) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002, 0x0, @private2, 0x2}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) splice(r2, 0x0, r1, 0x0, 0x406f413, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) setsockopt$inet6_group_source_req(r4, 0x29, 0x2f, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x8, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, 0x108) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) r7 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r7, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000073013600000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x100, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}], 0x1c) sendmsg$inet6(r7, &(0x7f00000001c0)={&(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f0000001580)=[{&(0x7f0000000080)="10", 0x1}], 0x1}, 0x40) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x74, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x47, 0xe, {{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @random, 0x0, @void, @val, @val={0x3, 0x1}, @void, @val={0x6, 0x2}, @val={0x5, 0x3}, @void, @void, @void, @void, @void, @val={0x71, 0x7}, @val={0x76, 0x6}}}], @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x74}}, 0x0) unshare(0x26020480) unshare(0x2040000) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) r9 = openat$cgroup_ro(r0, &(0x7f0000000580)='cpuacct.stat\x00', 0x7a05, 0x1700) ioctl$PPPIOCGIDLE64(r9, 0x8010743f, &(0x7f0000000540)) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_PORT_GET(r10, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000005c0)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01000000000000000000390000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008007300000000000e0001006e657464727673696d0000000f0002006e657464657673e96d30000008000300ffffffffe2f0669e1c203ae6aed81fba9a3a00165154e32e6b7d2799a14ac451312b4bb18f2907aeac163dd2c91a8518dbb1b43babf72774b8d780b2542df3f671697852fbbfc5f5c1b1b2084faa27b1a2acdd5f1bf5c944214b48d1123fd4eb35e5de115d3f40e1e84f864fbb97f494eac9"], 0x64}}, 0x0) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r3, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000040)={&(0x7f0000000240)={0x164, r8, 0x1, 0x70bd26, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}]}, 0x164}, 0x1, 0x0, 0x0, 0x48}, 0x4000000) socket$inet6_udp(0xa, 0x2, 0x0) 2.161169942s ago: executing program 3 (id=3668): r0 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc}, 0x90) r1 = socket$netlink(0x10, 0x3, 0x0) accept$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @dev}, &(0x7f00000003c0)=0x10) bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000600)='rcu_utilization\x00'}, 0x10) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14}, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x400000000000284, 0x0, 0x0) accept4$inet6(r2, &(0x7f0000000580)={0xa, 0x0, 0x0, @loopback}, &(0x7f00000005c0)=0x1c, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="5c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e000100697036677265746170000000200002801400060020010000000000000000000000000002050008000000000008000a00", @ANYRES32=r3, @ANYBLOB="48e9b3b7cf88c4c7ed12010c13676fdb188326be3b518e5e393566d2cf8c27f0c6ec67026ef0729aefbb51154b93514082211c41171365ff2604ac8ef255c467cecba70910791fb484694037692a8f67441a7cf752d67a4b37366990302236fff520e2582fce1261d19f5ec4816019949db2c769949397ae9398310b268d9d9d204a7c52b50c76d0d73fe0f57a2015353034bbfc4debf0a4abab4be071884de0be2662b68a17cc2e9d52951beb600aaacd53a33269bb1c"], 0x5c}}, 0x0) 1.987385589s ago: executing program 2 (id=3670): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) getpid() r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x60, &(0x7f0000000580)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0xf}]}, 0x34}}, 0x0) 1.812584063s ago: executing program 1 (id=3672): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000000070000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r0, 0x2000012, 0x100e, 0x2, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.768128917s ago: executing program 3 (id=3673): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000003c0)={0x0, 0x371, &(0x7f0000000380)={&(0x7f0000000040)={0x20, r1, 0x301, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x3000000}, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) 1.64685511s ago: executing program 4 (id=3674): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014001280090001007665746800000000040002800800030000bf1c000a000100aa"], 0x48}}, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) (async) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'erspan0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="48000000100005040000005f596da40000880900", @ANYRES32=r3, @ANYBLOB="0000000000000000280012800b00010065727370616e000018000280060011004e23000004001200080015"], 0x48}}, 0x0) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000100)={'syztnl1\x00', &(0x7f00000003c0)={'syztnl1\x00', 0x0, 0x80, 0x8000, 0x7e, 0x1, {{0x15, 0x4, 0x1, 0x3a, 0x54, 0x67, 0x0, 0x9, 0x4, 0x0, @broadcast, @local, {[@end, @ra={0x94, 0x4}, @timestamp={0x44, 0x24, 0xb5, 0x0, 0x5, [0x7, 0x0, 0x0, 0x6, 0x94, 0x3, 0x8, 0x70000]}, @end, @timestamp={0x44, 0x14, 0xc2, 0x0, 0x9, [0x80000000, 0x1, 0x2, 0xffffffff]}]}}}}}) sendmsg$DCCPDIAG_GETSOCK(r5, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000440)={0x25c, 0x13, 0x8, 0x70bd29, 0x25dfdbff, {0xa, 0x4f, 0x6d, 0x9, {0x4e21, 0x4e21, [0x39, 0x62, 0xfffffff2], [0x7, 0x7, 0x5, 0x6], r6, [0x9, 0x7]}, 0xd, 0x7}, [@INET_DIAG_REQ_BYTECODE={0xd1, 0x1, "9073d67448767461713711fe91514629bcaf1d813b11aaf2a7754aa9c5f90455c091782fb695c6814372117bd838fb58dfb0f4c1e2b8ab39ef70d9ec32adcf510e5bd057fa456bfc5786470e8f1326939acc289bfa07937a39973b1ef073121077d8e7400e0e034f7600775c2680943a5b6104e65f47ecbbb95a3f4155b4d363566ca47b730ccc85ecf91f02ba0a3309d4900bbeceb7ab9741d9dcd7e243d708aa3c9051556c788f768ebc1dd20c164eb84826e421e0aa0999121dfd3589546ca58813c85e6667c4fb034795c5"}, @INET_DIAG_REQ_BYTECODE={0x3b, 0x1, "e7502bf058120b32483ae00a647cda93c266fd3d3a54bd986f2ec605371cfd884591a202d2f38b37b2fd65a1880b9e3251058ec0e43ff0"}, @INET_DIAG_REQ_BYTECODE={0x4a, 0x1, "fee53813ef6068c2f20366753636fb4ab6dae79e8ea676815a61b139420ba3ac6c6e30e07b476b47336bed0bf28672a4487be430be350e01547086f7ddd803af498b9267be41"}, @INET_DIAG_REQ_BYTECODE={0x6f, 0x1, "f96af75c9c9b0ca7805eaea1490ca019fa98f5405b7904ed9e214a3cd4bfb7bee2b8c7391069cfe198f0c6d252a5569e1c9d3679e67d40c18eb16c31a98eeed3fbd79ad25086bc444ea1bad547b197b4dc632bf948d61b874af782e0dcc1e0d8d1d4a3fd703e9c638a792a"}, @INET_DIAG_REQ_BYTECODE={0x42, 0x1, "15f30c384342286f71e30664acba737c9aa99e09e765c9f095acc7bb8c8e94a635aaf36008bba1eb6778bb385b64aa242032e4e7f3cabbd25ce0400727f5"}]}, 0x25c}, 0x1, 0x0, 0x0, 0x8000}, 0x20040010) (async) r7 = syz_genetlink_get_family_id$team(&(0x7f0000000000), 0xffffffffffffffff) (async) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000380)={'team0\x00', 0x0}) (async) r9 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x12, 0x0, 0x0, 0x2000, 0x0, 0x1}, 0x48) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r10, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000ffffffff18110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b70200001400b664b7030000000000108500000008000000bc09000000000000550901000000000095000000c7119dedbf91000000000000b7020000000000008500000000000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x1003, &(0x7f0000001e40)=""/4099}, 0x90) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002340)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000000100000008000100", @ANYRES32=r8, @ANYBLOB="4400028040000100240001006c625f68000000005d1fea397300000000000100000000000000000000000000050003000b"], 0x60}}, 0x0) r11 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@enum={0x0, 0x0, 0x0, 0x4}, @volatile={0x0, 0x0, 0x0, 0x9, 0x1}]}}, 0x0, 0x32}, 0x20) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x0, '\x00', 0x0, r11, 0x1, 0x2}, 0x48) syz_init_net_socket$ax25(0x3, 0x3, 0x6) 1.634629038s ago: executing program 3 (id=3675): sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="9e", 0x1, 0x0, 0x0, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)='h', 0x1}], 0x1}, 0x0) close(0x3) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) bind$can_raw(r0, &(0x7f0000000000)={0x1d, r2}, 0x10) 1.445012868s ago: executing program 2 (id=3676): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002d40), 0xffffffffffffffff) sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000280)={0xfdef, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x1c}}, 0x0) 1.418100908s ago: executing program 1 (id=3677): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x0, 0x4d, 0x0, "8ddbb51a3cfd954e41e8ccb2650fa60067fb9bbcf0feeee4dc036d0675af58b39fa8d54ee8323507a61a95cf134ce8f605671338c7f8838a00bdfba71b43b828c7de258b6b9ca1fc52bcc83e2a016a00"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x0, 0x32, 0x0, "8f1fe8e324a001046c0d00009a410f000099a8fe7ad7bbc6b2526c34dee955d7ea58c164db01f97b48056b08c17f7abc0f475a000000000000ecffffffffffffff0000004d6700"}, 0xd8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$packet(0x11, 0x2, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000440)=0x14) sendmsg$NFT_BATCH(r1, 0x0, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0) close(0xffffffffffffffff) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r3, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, 0x140d, 0x4, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0xc0000) socket$inet6(0xa, 0x800000000000002, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r4 = socket$kcm(0xa, 0x2, 0x0) sendmsg$sock(r4, &(0x7f0000000040)={&(0x7f0000000180)=@in6={0x2, 0x4e28, 0x0, @rand_addr=' \x01\x00'}, 0x80, 0x0, 0x0, &(0x7f0000000880)=[@timestamping={{0x14, 0x1, 0x25, 0x3ff}}], 0x18}, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020a0002070000000000ffffffff000005001a00ff020000000000000000000000000001ac1414bb000000000000000000000000000000e3"], 0x38}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000280)={@private1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r6, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) setsockopt$inet6_buf(r6, 0x29, 0x2d, &(0x7f0000000300)="68980547e510a02fbf7ad556336532e3247d5eebe0e03daca6957286b748e394090ec63fe7f4d9efbc8afcdf9615e4ace38ef0ff3c49fb654620c93cf4a6ac8a2fe96a0dca7abab87b96f2be2fccd3d57f887f61d71787eff3d3a5308d57f8f5af16eeba30941a7de312e5ebcb75466c8b2a866a69b6d8f9d07d47e06f8448e0e95268d52e6490d5d2d41c364ead945255869dbd6eaaca0ec3caa47a7dc122dafd16584ebda50b6baf3fa161079ea63ab9ff4e182ce16eee5dab9a557f596478ab4f42c32b7b784f77fb29ea0bb7b3edd89cde479b4857cd6ff5497f5bf7", 0xde) sendmsg$inet6(r6, &(0x7f0000000140)={&(0x7f0000000080)={0xa, 0x4e22, 0x80000, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000070018000000090000002900000004000000000000"], 0x30}, 0x0) socket$key(0xf, 0x3, 0x2) socket$kcm(0x11, 0x3, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r6, 0x29, 0x3b, &(0x7f0000000200)={0x3b, 0x5, '\x00', [@hao={0xc9, 0x10, @mcast1}, @pad1, @ra={0x5, 0x2, 0x7ff}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x38) 1.379378192s ago: executing program 3 (id=3678): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f0000000240)=0x9, 0x4) setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f00000002c0)=0xffff, 0x4) syz_emit_ethernet(0x2f8, &(0x7f0000000d40)={@link_local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x2c2, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, [{0x5, 0xa, "a78c000005dc8080a2030003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af0502"}, {0x0, 0x1, "000005060000000000000000"}, {0x2, 0x4a, "f952ef00c0fb2ad066f2ecbb6dae05b472c6821715f751cfd461cdbb28572d29bc8113b785017f38d9d942c293060ad88e4e7c0a90e39353c929650ecf765574e17b5be0459088986a0fe32c93ae7fbf9cd93a5178d619224776ddd5fe6ce769212219a9c462a1f61e40c5b3dc8fafedbeec6db2828264fa60288acad7a8915e906226ba0bc9349a158a3f68d244c1092a965b2751527e6a03d1095e65ffd2dd387b359fe500c6a35bb37596aa847b3392f0f04f89df714f1f3d89826b90ddfdc620b311b927dd9aecd235920167cd9fb979f467d2c9de0100000000000000a86eda7d90b5fa411fe56a800000004f19a3b3328c00c76d0370e89e16a4f67916ffb14ce9df279c06c7de0ea9e003627d2a38ad74b06f1fb1d135acfebd5ae7063a11947fbcdda651760520cdebee0b11319f216b7bc3d55532b8e5d03e111c82fa7eb4a02ed9d373c711211f02cb1f9f28258d66b2bc211c86eaf0843c2806d5a08e5853271197c087dffae6739f56175be56f249f0b2cfbda02c959634e71c500b8455f9015c0e2fcc406194da75c8d6f9edc04de7f7c7ea811edf5333fb72ef14a3ffc338df0849c9ed841ab21d663c2aab3cbcc22b9559a03a225331944669013c3bafbc38862ae509c605eb87621ee26cb9ca6df6965d0be6e6d58a40fc853bff41d54acc570abf50d438581e2ce71249a1a15626b7e98166d0047283e977c6953fb8c24e7903d736c30252dc91b40f098fef4860feee44f80111f9e5ce22e5352946ebfa558fac1d45dbba1e59b061ebe24b07e889302f811bfa0b75272b0c5a585e79b9407dc6a6a4fa475efa2"}]}}}}}}, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000001340)="d8000000100081044e81f782db44b904021d080006000000e8fe55a1180015000600142603600e120a000d0000000401a80016000a003a40f8ff070000000000004dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025cc049e00360db70100000040fad95667e006dcdf63951f215ce29bf1d809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) recvmsg$kcm(r2, &(0x7f0000000200)={&(0x7f0000000300)=@in={0x2, 0x0, @local}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000380)=""/124, 0x7c}, {&(0x7f0000000800)=""/238, 0xee}, {&(0x7f0000000400)=""/145, 0x91}, {&(0x7f0000000a00)=""/146, 0x92}, {&(0x7f0000000000)=""/52, 0x34}, {&(0x7f0000000ac0)=""/167, 0xa7}, {&(0x7f0000000b80)=""/215, 0xd7}], 0x7, &(0x7f0000000080)=""/46, 0x2e}, 0x2063) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000009c0)='m ', 0x2}], 0x1}, 0x8005) recvmsg$unix(r3, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002) recvmsg$unix(r3, &(0x7f0000000d00)={0x0, 0x0, 0x0}, 0x3) 1.327640746s ago: executing program 2 (id=3679): r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_aout(r0, &(0x7f00000002c0)=ANY=[], 0xc1) socket$inet_dccp(0x2, 0x6, 0x0) unshare(0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0x1, 0x0, 0x0) r1 = socket$phonet(0x23, 0x2, 0x1) listen(0xffffffffffffffff, 0x0) ioctl$SIOCX25SDTEFACILITIES(0xffffffffffffffff, 0x89eb, 0x0) close(r1) 1.325997529s ago: executing program 0 (id=3680): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2}, 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0xe, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0xc0}, @printk={@x}]}, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000200)="9e36d448b388dd965f7a33120800", 0x0, 0x0, 0xe8030000, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.238983332s ago: executing program 4 (id=3681): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb010018000000000000004000000040000000020000000000000000000003000000000300000003000000ff7f0000000000000000000105000000200000000000000000000003000000000200000002"], 0x0, 0x5a}, 0x20) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) ioctl$TUNSETOFFLOAD(r0, 0x4004743b, 0x2000000a) 1.238250242s ago: executing program 0 (id=3682): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) ioctl$TUNSETOFFLOAD(r0, 0x4004743b, 0x2000000a) (fail_nth: 2) 1.154523304s ago: executing program 1 (id=3683): r0 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc}, 0x90) r1 = socket$netlink(0x10, 0x3, 0x0) accept$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @dev}, &(0x7f00000003c0)=0x10) bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000600)='rcu_utilization\x00'}, 0x10) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14}, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x400000000000284, 0x0, 0x0) accept4$inet6(r2, &(0x7f0000000580)={0xa, 0x0, 0x0, @loopback}, &(0x7f00000005c0)=0x1c, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="5c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e000100697036677265746170000000200002801400060020010000000000000000000000000002050008000000000008000a00", @ANYRES32=r3, @ANYBLOB="48e9b3b7cf88c4c7ed12010c13676fdb188326be3b518e5e393566d2cf8c27f0c6ec67026ef0729aefbb51154b93514082211c41171365ff2604ac8ef255c467cecba70910791fb484694037692a8f67441a7cf752d67a4b37366990302236fff520e2582fce1261d19f5ec4816019949db2c769949397ae9398310b268d9d9d204a7c52b50c76d0d73fe0f57a2015353034bbfc4debf0a4abab4be071884de0be2662b68a17cc2e9d52951beb600aaacd53a33269bb1c"], 0x5c}}, 0x0) 999.934851ms ago: executing program 4 (id=3684): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, 0x0, 0x50) vmsplice(r1, &(0x7f0000000180)=[{&(0x7f00000000c0)="f6", 0x1}], 0x1, 0x0) write$binfmt_elf64(r1, 0x0, 0x78) close(r1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) splice(r0, 0x0, r1, 0x0, 0xfdef, 0x900) 992.238543ms ago: executing program 1 (id=3685): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x10, &(0x7f0000000000)=@framed={{}, [@snprintf={{}, {}, {}, {}, {0x7, 0x1, 0xb, 0x1, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x8}}]}, &(0x7f0000000300)='GPL\x00', 0x5, 0xff8, &(0x7f0000001e00)=""/4088}, 0x90) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 945.39664ms ago: executing program 1 (id=3686): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000001000084000000000000000002000000000000000000000000000004"], 0x0, 0x3e}, 0x20) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000400)={0x1, 0x524, 0x2, &(0x7f0000000300)=""/2}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000500)={0x0, 0x1000}, &(0x7f0000000540)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080), 0x8) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x41, 0x3, 0x200, 0x98, 0x0, 0x0, 0x0, 0x0, 0x168, 0x1f0, 0x1f0, 0x168, 0x1f0, 0x3, 0x0, {[{{@ip={@dev, @broadcast, 0x0, 0x0, 'wlan1\x00', 'virt_wifi0\x00', {}, {}, 0x6, 0x0, 0x4c}, 0x0, 0x70, 0x98, 0x0, {0x0, 0xffffffffa0028000}}, @common=@inet=@SYNPROXY={0x28}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'vlan0\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x260) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000040)={0x0, 0x412}, &(0x7f00000000c0)=0x8) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'veth1_to_bridge\x00', 0x0}) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000002c0)=0x200000, 0x4) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f0000000240)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x0, 0x0, 0x100, 0xa9, 0x4400046, r4}) getpid() connect$unix(r1, &(0x7f0000000380)=@abs={0x1, 0x0, 0x4e21}, 0x6e) r6 = socket(0x10, 0x803, 0x0) r7 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r8}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0xf}]}, 0x34}}, 0x0) 612.076689ms ago: executing program 4 (id=3687): r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2}, 0x10, 0x0, 0xff38}, 0xd00) 595.897809ms ago: executing program 1 (id=3688): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000002740)=ANY=[@ANYBLOB], 0x14}], 0x1}, 0x0) sendmsg$RDMA_NLDEV_CMD_SYS_GET(0xffffffffffffffff, 0x0, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000280)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEV(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x2c, r2, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc}}]}, 0x2c}}, 0x0) (fail_nth: 4) 584.396439ms ago: executing program 0 (id=3689): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb010018"], 0x0, 0x5a}, 0x20) r0 = socket(0x1, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x20, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r2}, [@IFA_FLAGS={0x8, 0x8, 0x781}]}, 0x20}}, 0x0) 468.075285ms ago: executing program 4 (id=3690): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x4, &(0x7f00000000c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x75}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x8f, &(0x7f00000002c0)=""/143}, 0x78) 452.864643ms ago: executing program 0 (id=3691): r0 = socket$nl_route(0x10, 0x3, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0)="c2", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) shutdown(0xffffffffffffffff, 0x1) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x25, &(0x7f0000002140)=""/4092, &(0x7f0000001080)=0xffc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x0, 0x0, 0x0, 0x4d0}, 0x48) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)={0x14, 0x0, 0x1}, 0x14}}, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000800)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0x0, 0x5}}}}]}, 0x40}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x0, 0xffffffff, 0x1, 0x20, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x4}, 0x48) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x58}}, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_type(r4, &(0x7f00000001c0), 0x2, 0x0) write$cgroup_type(r5, &(0x7f0000000280), 0x9) r6 = openat$cgroup_procs(r4, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f0000000c40), 0x12) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_subtree(r7, &(0x7f0000000080), 0x2, 0x0) write$cgroup_subtree(r8, &(0x7f0000000040)=ANY=[@ANYBLOB='+pids'], 0x6) r9 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001600)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x20, 0x2, {{}, [@TCA_NETEM_LOSS={0x4}]}}}]}, 0x50}}, 0x0) 428.832244ms ago: executing program 3 (id=3692): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000006f40)=[{{0x0, 0x0, &(0x7f0000004740)=[{&(0x7f0000003480)="351a1b17388d217596958aeb46bc26297fe1f06040f8a2ff54ccec98af4f3c9e7f95e4cf78872a6c9e7c8095f8fea827e7422dade6741eae26bc39293023f7f0225324c77c63a2c9fd3cd55fc03b357974b5259e900f65041558fdcc54e1ff2e36962cebf690ab51fcaea3efb2f15a73dc71dea0fed627883df4bd935f54e14ebe78a0021505e2009f2c3266ab5a0b63b9c1ead4e933ab66746761edee39cfb09c45c74c6a6fa44e834acd14f6911791162c45ae4c8a23e18abef0ac30a710df6e1fa5ae21dbe3bcc02dcd3e1edf6f3193cd510ec070abc807b25cd45bcec5d364f399dfd92ab585dfa3dcff89d3d80e6b3e0be3b38ae1bd753b19553d69a44bec73e38e5ae538f595effef0dcbad96de70b3c24ad0e71064bb9887f6a8304ff38063e06baaa14ac846aaedaf95dadd9dea6915d9ce6ec039e0ee4861d19e852b2c16cf982ac96a79100dc4cf4f1e73ac62928945271ecc3b0b200588f3a9d4726e42fc2d407bc790655799dd22f4f4e5d876b41b0bdc6cb834f265d2e32e0bfabeda1ea012ca07acf2198ed1ac26f68945ecdb7889d35f6f90715a47e2413998657a70313b7b66e5d35a28c407e0fb024f0b5dbb8517e8d900144f55660e19061eedc5097e8b06336253067c9190b7ef0afdbf400d9e9439f9ff246beed44625c49a772cf60f13306c9f8df255b8751134fcc5860084bd7a11a80d860a92fca71dbea7cef0668ffb9f7407f9803873292adee118d010b1ae3d43c97ed7ab215067207fe7afe413fedab1327be21ab7f5e19de41c1a089aacfb5ef6604e89cc9d5f57860820149f8034a5c4aec6ad96bde452294247a047b9a6349475b31801c54e240612273e683583b9e4715b5631d2817456fbb77061146f3ed28ec0fcdcee44257e3c9db2a654803e51f5bd75ac801d89a875e20dbc737094bc81012b392bbb9254a1b2a663232ce67d5e0b39e884eacf6381379bcccc75a01f66d3fac464750dbac6c63a27a3b33f0f7e6b0d4be01408edb27be70ed57f3b890bcaa68caf690b1f1f9e2da8870d1069da1c951fe24461e90a57bc6659a68b6e618f40c2397da9b37c70456cf216f2e7669783b46f6b689360613e7f3bea9a47027a9e2f651375c10ec71bdcb47b0135a765dab45e35780c86e25c648f14a7f6ef683f51072f7f8b86c7625694dabb5783adcf60707e1d92bea64bfbf341da09ab390b6c5dfc1d47c795d70996a99532601359f67279106ed6f947a313de1bb08ca1ab59c23661dff1acf248b7bf4cde6869ae9ab75759ff3c9b5dec9732c8a033843290d896ed21d33f5c76cc813553fbaf74d79bbe44e77bb07ee17e53326f6107dfac56c7e6ecb3fcff3c32140f7d425bc8e0acdb2918c6a322f25ca62901e2ac66f7faba22a9007c839400ff0e1d3522c13fd28c447398e2fd9d390857584c2b463d755cb4932485bea249b3df4f66428a530144db653884592e7d0666485d74b089c35d307201eb7761e18ef116d8a3227d3a52c2c5de9d6b55c6a3af7d248bbc0078f8bca50285f59cd12e929a4ca7dd5085f3f4f58c0b74dc783cd8315226aa667e3f25ec931536378b7749c389e3bc24873cdd2627d8577536ea73141a1b34ba5d92e8f80ecb1d367dd5008792a769913b501a8dfa0a479f3406b5bd1ce2263bea1edd621f513aee214d077766e12af0852ab02f798387062d0115ab1713a13a25bfc4570eba28b4753837b3cac739a23dcb2ee294246e03ab60e69e4e3f38b724c25955b6795987729af81ebf6848f7158462a89b0e38f70495ab8f1e505becfb64e0e6364f5610ca2f85b5638603cb1834c045cac0427b17f9c346236106eec80effa22b72abfce1bc05d4a35ab090addc4ae2edf8fa4ce11d17fcd18f2fc1e64571d2640c35f252e71d7999c99b9e44eae1c6fcbefc4f435c9d04299d6a06de3fa76175d17866f36b244ec8d5db09d1d6c2965dd194721225be4c3e181311480d0ddbfd33a50bf048201a89e4cf92ffd5af6fda6b3f9c4b25cbffefd20860b0aadb91555c60dc79ff5e396adc42a6ba07a18c185b4d2e2ffb56a2b0724d88ec927277c5408d2dbfc23385ce610a23b3362e9b50465d4c8280e8c45566210bd8afab108f966d15c2f83f5ef7ecd9e00e8eb195f11455f0ba3b3b3ba2f1f9118df2a645e7e784f58839f9a72e8337f79b404c6ca6a530c4740c9ef6bd33225a930f217432ca0c848f27771591fc41a3c9f127c6455e6508a30abdf8811a42bb4ad0854b6f619cfb4bef2a4d1f92bef25e2ac90ac551997efaba4f5994dff700fb097e165cbb61360312abf346a3e07b5ba994efe5defff56d69b371c3796fae670248d481c5337601133c96ef60954d740ac2dc6958997bbf9fc5449635f5489bac7ab1f5dff800caedb00897bd229e54a5a067acca38d9195220b0600542c0e5dfe444a15e92d8a569bee0866ca6c4b5c9c89a401cc5c40822d65d91031b67c6ac3e3d567d8cdb1183088b7bcef75c6be33d952ad735a11c78a54c312e18c3fedbe0d0e72bf2773db1a2a21ccdf27e4c4e222fc97efda1f6ade500badfcd5da75fa75b16df59a5fcabb059cdf6e56015b1e1c59890cda7e575b5b554dab376761356de3faed5e7a39b297d50da01683fbd8910599868a190e77e48ad7b7faa573f10ff5a1b72639e806fa2efa8ab1f45bb4f48e6af36792fd658cf645d82b88a5b4bc06281dbd1a1734e66cc841a0d8aa1f536dd7c12249319000e161f227b92e5ed26d8af5aec52cd195f0e31d43a237d737770e22f4b6d57e1d99601c400ce0c07263925313c443da0f9964b1f1497a866321645c0b4fe53b5fd08998deec1b395c5cdf528b61c284d603260960b3d661c18a88609c7f0dd72f85d742fa7f7378482f18ba3afa07ab2101883c4d2cba067f92c345a1272946463145a46ef10beb5f770569cbd743a23b371b5038093d5faf7a1642bdc36e57015bfeef2be1fb0d2615c05a6909014c4ad922ebac1f527a947e2959f8012dec6cc7f59eb9f6ae5f36107ee9de0db8a8eacdbd5731aeaa39bc7948aefe6603d771ce601f34e1e772f7202e323b5a096ebfabbb5f15cb9a211911ed79a7eec5f6bcf811f3f64ee0ffd54987a775e03cd662fa0d50180a65bf0b278722e5596a226be3ef542cf33a193c022d218225e095b388d867d2faa62fbfcf5391aaea607bf6472f5f97626e08ce7f759cbc1c82aeaa55d9de6f1f994900f1e6770d855e17ce39637b931b7b82801e8a096d4b5a0e60ab58002745da7af215d3a64ccf1d12b12156b44baa2bff51947cf0cff8c2174eacfbb2f0ca8e9490614362aa4d04a87c4b68d1cca2cc20351652e3f3d5f3f60ebd4a73b5ea14d560d4881b6b309455105dbbae2b99dd5f89073e50cdd41c580e39a61d837dd9d15cceff590948ec09b397ca9232a7a820ea2a6fe30ec9210874513cb72190ff04cc802d09b093b564c30c57f2c67600080413ff4bf3e1a05dccc9982877f12671046ecf11c0835821603ab207f68bfc74b4addfad5ccd5f6450656ea14988a82ea7a6f595b37f8a6d8bf86104ef77af6235e8ed11abc11f46e8bf89d0374181c176a54097e6edad83900b4800979e7e6cb78be7943d3a56f308b157a61dcbf2b3f98e407ec042ca78a8c1c8980d08064cde8568e76b90a92cab15d248fec5308f20b6f08840b53422e7d845da9f0c03eaf170b3cec36dd2daaca255c985a3038eaabe77ef6201ad237ce6ff45f329625c04788ec31573dbb557989908dbe5a05cf24c4ce077f61a638953de140e8f6938486237ca304ceb2740cfe7029b6f07589a016c2da67c212263724067981d9d26198ddb9613b2df003ee6f7031119f195872d6df84d21ce0d24c168521e25515d828357ae1f792c42ee1e91e3b6a1c5b8eefd5bdd135fa5d132b185a28230fb9f4fd6d831f0bded4a19465876cf8a98c874236194ff71b8db3efab27f1e1740570afd4db67822c30f7d9d5b600bfd5d89933eadcceea75cc2d7f805839a58e42fb627afc3a3a1d77d0181289a93b337c51c311612d1cb0ba074db7569ab6cceff0f9652ada4c363de78c0b7b5f9385503dcd8e8c1542184a0140f1de8e4012584ad34c8e43bbd100eced4e7278acea35572d81fdb9332858dd7ae4de5b306e4f2f16e3d1bd93a0e69108505cede9d24fa9a8bc4e11835f56773a9a1b4a568903d6fece560039a732fdfaee5f652acf2fdfaa2a947c6a708ef5dfa94239def787b9cc67e3bcc6a79dc46cbdeeccff7f6ae2b81dc60f70b83e0d9b8b1c38b5fc1afe25ee06aa7346719226f68a6328234c8207ddf89c5a522b15670381fedd0939ddc736f5475a0cf84a5d7222971448945c5da0e0d39d04324492fa552ec0772123673eb0a994e0cad2745994e0c43878cd5acbd63422e0e62756285181142156dae0942c2d4f012f35ffdabacab2c2e45a4502d389b5246f4e9c1c14e5378a40d8ec36c25fbaa158c526cb63bb3d7b41f12eeb288270536b9cf976df42f911b81dada", 0xc84}], 0x1}}], 0x1, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10, r0, 0x4000) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x17, &(0x7f0000000000), 0x4) 92.028907ms ago: executing program 4 (id=3693): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x0, 0x4d, 0x0, "8ddbb51a3cfd954e41e8ccb2650fa60067fb9bbcf0feeee4dc036d0675af58b39fa8d54ee8323507a61a95cf134ce8f605671338c7f8838a00bdfba71b43b828c7de258b6b9ca1fc52bcc83e2a016a00"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x0, 0x32, 0x0, "8f1fe8e324a001046c0d00009a410f000099a8fe7ad7bbc6b2526c34dee955d7ea58c164db01f97b48056b08c17f7abc0f475a000000000000ecffffffffffffff0000004d6700"}, 0xd8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$packet(0x11, 0x2, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000440)=0x14) sendmsg$NFT_BATCH(r1, 0x0, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0) close(0xffffffffffffffff) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r3, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, 0x140d, 0x4, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0xc0000) socket$inet6(0xa, 0x800000000000002, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r4 = socket$kcm(0xa, 0x2, 0x0) sendmsg$sock(r4, &(0x7f0000000040)={&(0x7f0000000180)=@in6={0x2, 0x4e28, 0x0, @rand_addr=' \x01\x00'}, 0x80, 0x0, 0x0, &(0x7f0000000880)=[@timestamping={{0x14, 0x1, 0x25, 0x3ff}}], 0x18}, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020a0002070000000000ffffffff000005001a00ff020000000000000000000000000001ac1414bb000000000000000000000000000000e3"], 0x38}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000280)={@private1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r6, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) setsockopt$inet6_buf(r6, 0x29, 0x2d, &(0x7f0000000300)="68980547e510a02fbf7ad556336532e3247d5eebe0e03daca6957286b748e394090ec63fe7f4d9efbc8afcdf9615e4ace38ef0ff3c49fb654620c93cf4a6ac8a2fe96a0dca7abab87b96f2be2fccd3d57f887f61d71787eff3d3a5308d57f8f5af16eeba30941a7de312e5ebcb75466c8b2a866a69b6d8f9d07d47e06f8448e0e95268d52e6490d5d2d41c364ead945255869dbd6eaaca0ec3caa47a7dc122dafd16584ebda50b6baf3fa161079ea63ab9ff4e182ce16eee5dab9a557f596478ab4f42c32b7b784f77fb29ea0bb7b3edd89cde479b4857cd6ff5497f5bf7", 0xde) sendmsg$inet6(r6, &(0x7f0000000140)={&(0x7f0000000080)={0xa, 0x4e22, 0x80000, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000070018000000090000002900000004000000000000"], 0x30}, 0x0) socket$key(0xf, 0x3, 0x2) socket$kcm(0x11, 0x3, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r6, 0x29, 0x3b, &(0x7f0000000200)={0x3b, 0x5, '\x00', [@hao={0xc9, 0x10, @mcast1}, @pad1, @ra={0x5, 0x2, 0x7ff}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x38) 0s ago: executing program 3 (id=3694): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0) unshare(0x22020400) r2 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r2, 0x0, 0xcf, 0x0, &(0x7f0000000440)) kernel console output (not intermixed with test programs): ew local tt entry: aa:aa:aa:aa:aa:0c [ 227.088932][T11444] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2230'. [ 227.208039][T11444] vxcan2: entered allmulticast mode [ 227.436875][T11457] syzkaller0: entered promiscuous mode [ 227.458638][T11457] syzkaller0: entered allmulticast mode [ 227.865308][T11468] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 227.947126][T11468] bridge0: port 3(geneve1) entered blocking state [ 227.979679][T11468] bridge0: port 3(geneve1) entered disabled state [ 227.986569][T11468] geneve1: entered allmulticast mode [ 228.009658][T11468] geneve1: entered promiscuous mode [ 228.024923][T11468] bridge0: port 3(geneve1) entered blocking state [ 228.031590][T11468] bridge0: port 3(geneve1) entered forwarding state [ 228.103283][T11477] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2239'. [ 228.211432][T11483] bond0: option packets_per_slave: invalid value (18446744071562067968) [ 228.234394][T11483] bond0: option packets_per_slave: allowed values 0 - 65535 [ 228.953405][T11509] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 229.015107][T11513] netlink: 87 bytes leftover after parsing attributes in process `syz.4.2250'. [ 229.129965][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 229.137868][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 229.182066][T11517] syzkaller0: tun_chr_ioctl cmd 2147767506 [ 229.335473][T11532] FAULT_INJECTION: forcing a failure. [ 229.335473][T11532] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 229.349890][T11532] CPU: 0 UID: 0 PID: 11532 Comm: syz.3.2256 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 229.360695][T11532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 229.370871][T11532] Call Trace: [ 229.374253][T11532] [ 229.377201][T11532] dump_stack_lvl+0x241/0x360 [ 229.381929][T11532] ? __pfx_dump_stack_lvl+0x10/0x10 [ 229.387155][T11532] ? __pfx__printk+0x10/0x10 [ 229.391779][T11532] ? snprintf+0xda/0x120 [ 229.396059][T11532] should_fail_ex+0x3b0/0x4e0 [ 229.400770][T11532] _copy_to_user+0x2f/0xb0 [ 229.405210][T11532] simple_read_from_buffer+0xca/0x150 [ 229.410612][T11532] proc_fail_nth_read+0x1e9/0x250 [ 229.415757][T11532] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 229.421422][T11532] ? rw_verify_area+0x520/0x6b0 [ 229.426324][T11532] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 229.431912][T11532] vfs_read+0x204/0xbc0 [ 229.436095][T11532] ? __pfx_lock_release+0x10/0x10 [ 229.441156][T11532] ? __pfx_vfs_read+0x10/0x10 [ 229.445865][T11532] ? __fget_files+0x29/0x470 [ 229.450496][T11532] ? __fget_files+0x3f6/0x470 [ 229.455219][T11532] ksys_read+0x1a0/0x2c0 [ 229.459498][T11532] ? __pfx_bpf_trace_run2+0x10/0x10 [ 229.464731][T11532] ? __pfx_ksys_read+0x10/0x10 [ 229.469533][T11532] ? rcu_is_watching+0x15/0xb0 [ 229.474332][T11532] ? trace_sys_enter+0x1f/0xd0 [ 229.479115][T11532] do_syscall_64+0xf3/0x230 [ 229.483618][T11532] ? clear_bhb_loop+0x35/0x90 [ 229.488387][T11532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.494292][T11532] RIP: 0033:0x7fa49f77643c [ 229.498714][T11532] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 229.518334][T11532] RSP: 002b:00007fa4a0514040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 229.526790][T11532] RAX: ffffffffffffffda RBX: 00007fa49f905f80 RCX: 00007fa49f77643c [ 229.527179][T11538] IPv6: sit2: Disabled Multicast RS [ 229.534764][T11532] RDX: 000000000000000f RSI: 00007fa4a05140b0 RDI: 0000000000000004 [ 229.534814][T11532] RBP: 00007fa4a05140a0 R08: 0000000000000000 R09: 0000000000000000 [ 229.534826][T11532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 229.534836][T11532] R13: 000000000000000b R14: 00007fa49f905f80 R15: 00007ffffa846cd8 [ 229.534867][T11532] [ 229.746389][T11550] netlink: 211388 bytes leftover after parsing attributes in process `syz.4.2262'. [ 229.857953][T11553] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2262'. [ 230.171202][T11573] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2269'. [ 230.196794][T11570] lo speed is unknown, defaulting to 1000 [ 230.358281][T11584] netlink: 201400 bytes leftover after parsing attributes in process `syz.2.2272'. [ 230.389990][T11584] netlink: 201400 bytes leftover after parsing attributes in process `syz.2.2272'. [ 230.705764][T11592] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2273'. [ 230.753936][T11592] : entered promiscuous mode [ 230.776374][T11570] caif0 speed is unknown, defaulting to 1000 [ 230.792126][T11592] netlink: 'syz.2.2273': attribute type 21 has an invalid length. [ 230.933547][T11598] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2275'. [ 231.209520][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 231.217477][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 231.395124][T11618] Bluetooth: hci3: unsupported parameter 64512 [ 231.420915][T11618] Bluetooth: hci3: invalid length 0, exp 2 for type 3 [ 231.596423][T11626] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2284'. [ 231.875258][T11636] lo speed is unknown, defaulting to 1000 [ 232.005761][T11644] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2287'. [ 233.070553][T11673] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2295'. [ 233.155721][T11636] caif0 speed is unknown, defaulting to 1000 [ 233.234521][T11678] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2297'. [ 233.249307][T11678] netlink: 136 bytes leftover after parsing attributes in process `syz.3.2297'. [ 233.288749][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 233.296890][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 233.363333][T11684] vlan4: entered promiscuous mode [ 233.377062][T11684] veth0: entered promiscuous mode [ 233.426157][T11684] vlan4: entered allmulticast mode [ 233.452581][T11684] veth0: entered allmulticast mode [ 233.473217][T11684] team0: Port device vlan4 added [ 233.474033][T11689] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2301'. [ 233.809315][T11698] lo speed is unknown, defaulting to 1000 [ 234.776176][T11698] caif0 speed is unknown, defaulting to 1000 [ 235.353741][T11752] netlink: 'syz.1.2319': attribute type 13 has an invalid length. [ 235.368592][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 235.376517][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 235.425474][T11752] veth0_macvtap: left promiscuous mode [ 235.441410][T11752] macvtap0: entered allmulticast mode [ 235.449028][T11756] __nla_validate_parse: 3 callbacks suppressed [ 235.449046][T11756] netlink: 892 bytes leftover after parsing attributes in process `syz.1.2319'. [ 235.469498][T11752] macvtap0: refused to change device tx_queue_len [ 235.482566][T11754] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2320'. [ 235.573231][T11755] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2320'. [ 235.590704][T11755] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 235.603503][T11755] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 235.615723][T11755] bond1: (slave ipvlan2): Error -95 calling set_mac_address [ 235.641279][T11758] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2321'. [ 237.149519][T11804] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2337'. [ 237.333150][T11804] syzkaller0: entered promiscuous mode [ 237.355819][T11804] syzkaller0: entered allmulticast mode [ 237.448528][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 237.456500][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 237.649446][T11822] netlink: 644 bytes leftover after parsing attributes in process `syz.3.2344'. [ 237.686925][T11824] netlink: 'syz.1.2341': attribute type 1 has an invalid length. [ 237.697172][T11824] netlink: 12562 bytes leftover after parsing attributes in process `syz.1.2341'. [ 237.755406][T11825] lo speed is unknown, defaulting to 1000 [ 238.703192][T11855] netlink: 228 bytes leftover after parsing attributes in process `syz.3.2350'. [ 238.714119][T11855] netlink: 'syz.3.2350': attribute type 2 has an invalid length. [ 238.723895][T11855] netlink: 'syz.3.2350': attribute type 1 has an invalid length. [ 239.532315][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 239.540252][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 239.746062][T11839] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2345'. [ 239.757758][T11839] netlink: 'syz.1.2345': attribute type 19 has an invalid length. [ 239.779347][T11845] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2345'. [ 239.792658][T11825] caif0 speed is unknown, defaulting to 1000 [ 240.469155][T11891] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2358'. [ 240.641503][T11891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2358'. [ 240.754558][T11902] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2361'. [ 240.982587][T11915] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2364'. [ 241.196318][T11924] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2368'. [ 241.217964][T11924] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 241.240484][T11929] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2364'. [ 241.608509][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 241.617535][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 241.892474][T11954] netlink: 'syz.4.2375': attribute type 10 has an invalid length. [ 241.900901][T11954] netdevsim netdevsim4 netdevsim0: left allmulticast mode [ 241.911567][T11954] team0: Device netdevsim0 failed to register rx_handler [ 242.155060][T11971] netlink: 'syz.0.2378': attribute type 1 has an invalid length. [ 242.260518][T11971] 8021q: adding VLAN 0 to HW filter on device bond4 [ 242.410186][T11971] bond4: (slave ip6gretap2): making interface the new active one [ 242.441567][T11971] bond4: (slave ip6gretap2): Enslaving as an active interface with an up link [ 242.633340][T11991] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2385'. [ 242.884002][T11995] netlink: 'syz.3.2386': attribute type 9 has an invalid length. [ 242.908676][T11995] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2386'. [ 242.991361][T11994] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2387'. [ 242.994273][T11998] netlink: 'syz.3.2386': attribute type 9 has an invalid length. [ 243.028095][T11998] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2386'. [ 243.091264][T12002] Can't find ip_set type bitmap:ip [ 243.240139][T12009] netlink: 'syz.1.2389': attribute type 4 has an invalid length. [ 243.260815][T12009] netlink: 'syz.1.2389': attribute type 4 has an invalid length. [ 243.309990][T12009] infiniband syz0: set active [ 243.316758][ T940] lo speed is unknown, defaulting to 1000 [ 243.341684][ T940] lo speed is unknown, defaulting to 1000 [ 243.541520][T12018] IPv6: NLM_F_REPLACE set, but no existing node found! [ 243.644065][T12024] veth0_vlan: left promiscuous mode [ 243.688504][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 243.696445][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 244.329688][T12053] netlink: 'syz.1.2403': attribute type 1 has an invalid length. [ 244.427578][T12057] 8021q: adding VLAN 0 to HW filter on device bond2 [ 244.524587][T12062] vlan2: entered promiscuous mode [ 244.529981][T12062] gretap0: entered promiscuous mode [ 244.535542][T12062] vlan2: entered allmulticast mode [ 244.541441][T12062] gretap0: entered allmulticast mode [ 244.550489][T12062] gretap0: left allmulticast mode [ 244.555690][T12062] gretap0: left promiscuous mode [ 244.648186][T12056] lo speed is unknown, defaulting to 1000 [ 245.778532][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 245.786457][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 247.277194][T12056] caif0 speed is unknown, defaulting to 1000 [ 247.489402][T12104] __nla_validate_parse: 8 callbacks suppressed [ 247.489422][T12104] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2415'. [ 247.706436][T12115] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2419'. [ 247.739971][T12115] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2419'. [ 247.802550][T12115] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 247.848517][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 247.864746][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 248.762330][T12160] lo speed is unknown, defaulting to 1000 [ 248.973609][T12167] netlink: 5312 bytes leftover after parsing attributes in process `syz.3.2430'. [ 249.269690][T12176] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2434'. [ 249.405027][T12160] caif0 speed is unknown, defaulting to 1000 [ 249.580436][T12188] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 249.882810][T12198] lo speed is unknown, defaulting to 1000 [ 249.938556][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 249.946526][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 250.524127][T12212] lo speed is unknown, defaulting to 1000 [ 250.565625][T12198] caif0 speed is unknown, defaulting to 1000 [ 250.569737][T12222] netlink: 'syz.2.2447': attribute type 1 has an invalid length. [ 250.827172][T12222] 8021q: adding VLAN 0 to HW filter on device bond2 [ 251.434058][T12212] caif0 speed is unknown, defaulting to 1000 [ 251.441814][T12257] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2455'. [ 251.881333][T12268] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2458'. [ 252.008500][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 252.016383][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 252.129204][T12282] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2462'. [ 252.855364][T12296] netlink: 4272 bytes leftover after parsing attributes in process `syz.4.2466'. [ 252.868652][T12296] netlink: 133 bytes leftover after parsing attributes in process `syz.4.2466'. [ 253.328106][T12314] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2471'. [ 254.088632][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 254.096650][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 254.204310][T12333] netlink: 'syz.4.2479': attribute type 13 has an invalid length. [ 254.234587][T12333] netlink: 'syz.4.2479': attribute type 58 has an invalid length. [ 254.250369][T12333] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2479'. [ 254.290958][T12335] lo speed is unknown, defaulting to 1000 [ 254.372248][T12339] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2481'. [ 254.434559][T12339] tun0: tun_chr_ioctl cmd 35108 [ 254.933362][T12347] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2483'. [ 254.956726][T12335] caif0 speed is unknown, defaulting to 1000 [ 255.126225][T12355] netlink: 'syz.2.2487': attribute type 2 has an invalid length. [ 255.443081][T12363] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2489'. [ 255.569630][T12373] hsr0: entered promiscuous mode [ 255.672818][T12369] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2492'. [ 256.091533][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.168718][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 256.176917][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 256.226911][T12395] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.234664][T12395] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.616525][T12408] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.2506'. [ 256.822082][T12414] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2509'. [ 257.504967][T12444] lo speed is unknown, defaulting to 1000 [ 257.609911][T12449] hsr0: entered promiscuous mode [ 257.617116][T12449] batman_adv: batadv0: Adding interface: macsec1 [ 257.702485][T12449] batman_adv: batadv0: The MTU of interface macsec1 is too small (1462) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500. [ 257.738523][T12449] batman_adv: batadv0: Interface activated: macsec1 [ 257.769127][T12461] hsr0: entered promiscuous mode [ 257.935755][T12444] caif0 speed is unknown, defaulting to 1000 [ 258.029613][T12466] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2529'. [ 258.157601][T12474] netlink: 'syz.2.2532': attribute type 1 has an invalid length. [ 258.248673][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 258.256693][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 258.339175][T12474] 8021q: adding VLAN 0 to HW filter on device bond4 [ 258.365449][T12477] netlink: 'syz.3.2533': attribute type 1 has an invalid length. [ 258.442074][T12477] 8021q: adding VLAN 0 to HW filter on device bond4 [ 259.206807][T12522] xt_bpf: check failed: parse error [ 260.023417][T12556] xt_TCPMSS: Only works on TCP SYN packets [ 260.027906][T12557] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2553'. [ 260.046191][T12557] tipc: Bearer : already 2 bearers with priority 10 [ 260.061117][T12557] tipc: Bearer : trying with adjusted priority [ 260.078737][T12557] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2553'. [ 260.087720][T12557] tipc: Invalid UDP bearer configuration [ 260.087776][T12557] tipc: Enabling of bearer rejected, failed to enable media [ 260.328513][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 260.336484][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 260.810088][T12587] lo speed is unknown, defaulting to 1000 [ 261.263316][T12587] caif0 speed is unknown, defaulting to 1000 [ 261.432475][T12609] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2570'. [ 261.675731][T12621] netlink: 'syz.3.2576': attribute type 1 has an invalid length. [ 261.756663][T12621] 8021q: adding VLAN 0 to HW filter on device bond5 [ 262.287212][T12641] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2581'. [ 262.408677][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 262.416633][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 262.459177][T12647] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2581'. [ 262.560496][T12648] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2583'. [ 262.817938][T12660] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2588'. [ 263.066550][T12670] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2587'. [ 263.166241][T12672] pimreg: entered allmulticast mode [ 263.182601][T12680] pimreg: left allmulticast mode [ 263.219232][T12676] netlink: 'syz.4.2591': attribute type 10 has an invalid length. [ 263.633146][T12688] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2594'. [ 263.817169][T12695] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2598'. [ 264.488732][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 264.496799][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 264.593265][T12710] lo speed is unknown, defaulting to 1000 [ 264.873165][T12723] syz.2.2607[12723] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 264.873402][T12723] syz.2.2607[12723] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 264.932970][T12710] caif0 speed is unknown, defaulting to 1000 [ 265.685958][T12743] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2612'. [ 265.767215][T12743] vlan0: entered promiscuous mode [ 265.782899][T12743] bond_slave_0: entered promiscuous mode [ 266.018601][T12754] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2614'. [ 266.056323][T12753] netlink: 'syz.1.2615': attribute type 1 has an invalid length. [ 266.123876][T12753] 8021q: adding VLAN 0 to HW filter on device bond3 [ 266.300208][T12753] bond3: (slave ip6gretap1): making interface the new active one [ 266.326514][T12753] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link [ 266.328703][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 266.343469][ C0] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 266.399026][T12762] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2617'. [ 266.510752][T12768] tun0: tun_chr_ioctl cmd 1074025675 [ 266.524992][T12768] tun0: persist disabled [ 266.568581][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 266.576507][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 267.006054][T12779] netlink: 'syz.1.2623': attribute type 1 has an invalid length. [ 267.272686][T12779] 8021q: adding VLAN 0 to HW filter on device bond4 [ 267.679979][T12797] : renamed from bridge0 (while UP) [ 268.486274][T12814] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2631'. [ 268.649163][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 268.657172][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 268.729368][T12826] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2635'. [ 269.334507][T12849] FAULT_INJECTION: forcing a failure. [ 269.334507][T12849] name failslab, interval 1, probability 0, space 0, times 1 [ 269.347476][T12849] CPU: 0 UID: 0 PID: 12849 Comm: syz.2.2642 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 269.358355][T12849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 269.368443][T12849] Call Trace: [ 269.371742][T12849] [ 269.374686][T12849] dump_stack_lvl+0x241/0x360 [ 269.379480][T12849] ? __pfx_dump_stack_lvl+0x10/0x10 [ 269.384708][T12849] ? __pfx__printk+0x10/0x10 [ 269.389323][T12849] ? __kmalloc_noprof+0xb0/0x400 [ 269.394276][T12849] ? __pfx___might_resched+0x10/0x10 [ 269.399585][T12849] should_fail_ex+0x3b0/0x4e0 [ 269.404291][T12849] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 269.410563][T12849] should_failslab+0xac/0x100 [ 269.415270][T12849] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 269.421525][T12849] __kmalloc_noprof+0xd8/0x400 [ 269.426320][T12849] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 269.432416][T12849] genl_rcv_msg+0x802/0xec0 [ 269.436939][T12849] ? mark_lock+0x9a/0x350 [ 269.441409][T12849] ? __pfx_genl_rcv_msg+0x10/0x10 [ 269.446490][T12849] ? __pfx_lock_acquire+0x10/0x10 [ 269.451559][T12849] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 269.456953][T12849] ? __pfx_nl80211_set_wiphy+0x10/0x10 [ 269.462439][T12849] ? __pfx_nl80211_post_doit+0x10/0x10 [ 269.467923][T12849] ? __pfx___might_resched+0x10/0x10 [ 269.473247][T12849] netlink_rcv_skb+0x1e3/0x430 [ 269.478039][T12849] ? __pfx_genl_rcv_msg+0x10/0x10 [ 269.483084][T12849] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 269.488411][T12849] ? __netlink_deliver_tap+0x77e/0x7c0 [ 269.493913][T12849] genl_rcv+0x28/0x40 [ 269.497920][T12849] netlink_unicast+0x7f0/0x990 [ 269.502733][T12849] ? __pfx_netlink_unicast+0x10/0x10 [ 269.508042][T12849] ? __virt_addr_valid+0x183/0x530 [ 269.513177][T12849] ? __check_object_size+0x49c/0x900 [ 269.518481][T12849] ? bpf_lsm_netlink_send+0x9/0x10 [ 269.523627][T12849] netlink_sendmsg+0x8e4/0xcb0 [ 269.528430][T12849] ? __pfx_netlink_sendmsg+0x10/0x10 [ 269.533739][T12849] ? __import_iovec+0x536/0x820 [ 269.538611][T12849] ? aa_sock_msg_perm+0x91/0x160 [ 269.543566][T12849] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 269.548873][T12849] ? security_socket_sendmsg+0x87/0xb0 [ 269.554360][T12849] ? __pfx_netlink_sendmsg+0x10/0x10 [ 269.559692][T12849] __sock_sendmsg+0x221/0x270 [ 269.564400][T12849] ____sys_sendmsg+0x525/0x7d0 [ 269.569196][T12849] ? __pfx_____sys_sendmsg+0x10/0x10 [ 269.574528][T12849] __sys_sendmsg+0x2b0/0x3a0 [ 269.579145][T12849] ? __pfx___sys_sendmsg+0x10/0x10 [ 269.584271][T12849] ? vfs_write+0x7c4/0xc90 [ 269.588751][T12849] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 269.595105][T12849] ? do_syscall_64+0x100/0x230 [ 269.599897][T12849] ? do_syscall_64+0xb6/0x230 [ 269.604602][T12849] do_syscall_64+0xf3/0x230 [ 269.609136][T12849] ? clear_bhb_loop+0x35/0x90 [ 269.613831][T12849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.619758][T12849] RIP: 0033:0x7fb4b25779f9 [ 269.624188][T12849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 269.643812][T12849] RSP: 002b:00007fb4b3269048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 269.652253][T12849] RAX: ffffffffffffffda RBX: 00007fb4b2705f80 RCX: 00007fb4b25779f9 [ 269.660244][T12849] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 269.668236][T12849] RBP: 00007fb4b32690a0 R08: 0000000000000000 R09: 0000000000000000 [ 269.676223][T12849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 269.684207][T12849] R13: 000000000000000b R14: 00007fb4b2705f80 R15: 00007ffcd3e2a4e8 [ 269.692221][T12849] [ 269.855705][T12854] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2644'. [ 269.994528][T12862] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2647'. [ 270.244721][T12880] macsec0: entered allmulticast mode [ 270.322696][T12877] macsec2: entered allmulticast mode [ 270.328041][T12877] macvlan0: entered allmulticast mode [ 270.351733][T12877] veth1_vlan: entered allmulticast mode [ 270.426389][T12887] netlink: 892 bytes leftover after parsing attributes in process `syz.4.2655'. [ 270.729839][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 270.737793][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 270.847845][T12907] netlink: 'syz.0.2662': attribute type 1 has an invalid length. [ 270.941087][T12907] bond5: entered promiscuous mode [ 271.294183][T12931] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2670'. [ 271.507386][T12941] netlink: 'syz.1.2674': attribute type 13 has an invalid length. [ 271.560480][T12941] netlink: 'syz.1.2674': attribute type 58 has an invalid length. [ 271.587080][T12941] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2674'. [ 271.650151][T12938] netlink: 'syz.2.2673': attribute type 1 has an invalid length. [ 271.710984][T12938] 8021q: adding VLAN 0 to HW filter on device bond5 [ 271.799231][T12953] bond5: (slave ip6gretap1): making interface the new active one [ 271.817083][T12953] bond5: (slave ip6gretap1): Enslaving as an active interface with an up link [ 271.935834][T12967] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2681'. [ 271.946878][T12967] netem: incorrect gi model size [ 271.953058][T12967] netem: change failed [ 272.537846][T12997] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2692'. [ 272.808596][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 272.816558][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 272.854139][T13014] No such timeout policy "syz0" [ 272.885500][T13012] netlink: 'syz.0.2698': attribute type 1 has an invalid length. [ 272.963501][T13012] 8021q: adding VLAN 0 to HW filter on device bond6 [ 273.038301][T13023] netlink: 'syz.1.2701': attribute type 1 has an invalid length. [ 273.104962][T13027] netlink: 'syz.4.2702': attribute type 3 has an invalid length. [ 273.115070][T13023] 8021q: adding VLAN 0 to HW filter on device bond5 [ 273.141718][T13027] netlink: 'syz.4.2702': attribute type 3 has an invalid length. [ 273.176064][T13030] netlink: 'syz.4.2702': attribute type 3 has an invalid length. [ 273.227809][T13030] netlink: 'syz.4.2702': attribute type 3 has an invalid length. [ 273.273633][T13033] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2705'. [ 274.467200][T13085] macsec2: entered allmulticast mode [ 274.481751][T13085] macvlan0: entered allmulticast mode [ 274.495661][T13085] veth1_vlan: entered allmulticast mode [ 274.538246][T13085] macvlan0: left allmulticast mode [ 274.553981][T13085] veth1_vlan: left allmulticast mode [ 274.666752][T13089] 8021q: adding VLAN 0 to HW filter on device bond6 [ 274.888942][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 274.896906][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 275.404777][T13113] __nla_validate_parse: 2 callbacks suppressed [ 275.404796][T13113] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2731'. [ 275.657092][T13123] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2735'. [ 275.659234][T13113] netlink: 'syz.2.2731': attribute type 11 has an invalid length. [ 275.727709][T13125] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2736'. [ 275.786701][T13129] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2736'. [ 276.322700][T13153] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2746'. [ 276.485092][T13158] validate_nla: 4 callbacks suppressed [ 276.485112][T13158] netlink: 'syz.3.2747': attribute type 13 has an invalid length. [ 276.508021][T13158] netlink: 'syz.3.2747': attribute type 58 has an invalid length. [ 276.533571][T13158] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2747'. [ 276.978493][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 276.986388][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 277.241920][T13176] netlink: 'syz.1.2753': attribute type 1 has an invalid length. [ 277.285886][T13176] 8021q: adding VLAN 0 to HW filter on device bond7 [ 277.522098][T13187] Cannot find add_set index 0 as target [ 278.555039][T13237] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2773'. [ 278.654653][T13243] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2773'. [ 279.031463][T13257] netlink: 'syz.0.2779': attribute type 3 has an invalid length. [ 279.048519][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 279.056628][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 279.083788][T13257] netlink: 'syz.0.2779': attribute type 1 has an invalid length. [ 279.112667][T13257] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.2779'. [ 279.462918][T13275] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2782'. [ 279.815105][T13295] FAULT_INJECTION: forcing a failure. [ 279.815105][T13295] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 279.839162][T13295] CPU: 0 UID: 0 PID: 13295 Comm: syz.4.2790 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 279.849971][T13295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 279.860051][T13295] Call Trace: [ 279.863348][T13295] [ 279.866295][T13295] dump_stack_lvl+0x241/0x360 [ 279.871009][T13295] ? __pfx_dump_stack_lvl+0x10/0x10 [ 279.876235][T13295] ? __pfx__printk+0x10/0x10 [ 279.880827][T13295] ? __pfx_lock_release+0x10/0x10 [ 279.885863][T13295] should_fail_ex+0x3b0/0x4e0 [ 279.890534][T13295] _copy_from_user+0x2f/0xe0 [ 279.895111][T13295] tipc_ioctl+0x140/0x350 [ 279.899446][T13295] ? __pfx_tipc_ioctl+0x10/0x10 [ 279.904320][T13295] ? kfree+0x149/0x360 [ 279.908429][T13295] sock_do_ioctl+0x158/0x460 [ 279.913054][T13295] ? __pfx_sock_do_ioctl+0x10/0x10 [ 279.918210][T13295] sock_ioctl+0x629/0x8e0 [ 279.922570][T13295] ? __pfx_sock_ioctl+0x10/0x10 [ 279.927427][T13295] ? __fget_files+0x29/0x470 [ 279.932019][T13295] ? __fget_files+0x3f6/0x470 [ 279.936691][T13295] ? __fget_files+0x29/0x470 [ 279.941283][T13295] ? bpf_lsm_file_ioctl+0x9/0x10 [ 279.946215][T13295] ? security_file_ioctl+0x87/0xb0 [ 279.951335][T13295] ? __pfx_sock_ioctl+0x10/0x10 [ 279.956206][T13295] __se_sys_ioctl+0xfc/0x170 [ 279.960812][T13295] do_syscall_64+0xf3/0x230 [ 279.965315][T13295] ? clear_bhb_loop+0x35/0x90 [ 279.969986][T13295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.975885][T13295] RIP: 0033:0x7f05b43779f9 [ 279.980291][T13295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 279.999910][T13295] RSP: 002b:00007f05b51e8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 280.008323][T13295] RAX: ffffffffffffffda RBX: 00007f05b4505f80 RCX: 00007f05b43779f9 [ 280.016307][T13295] RDX: 0000000020000300 RSI: 00000000000089e1 RDI: 0000000000000004 [ 280.024268][T13295] RBP: 00007f05b51e80a0 R08: 0000000000000000 R09: 0000000000000000 [ 280.032250][T13295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 280.040211][T13295] R13: 000000000000000b R14: 00007f05b4505f80 R15: 00007ffc45285bb8 [ 280.048182][T13295] [ 280.790525][T13342] FAULT_INJECTION: forcing a failure. [ 280.790525][T13342] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 280.815318][T13342] CPU: 0 UID: 0 PID: 13342 Comm: syz.0.2804 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 280.826131][T13342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 280.836205][T13342] Call Trace: [ 280.839498][T13342] [ 280.842440][T13342] dump_stack_lvl+0x241/0x360 [ 280.847144][T13342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 280.852365][T13342] ? __pfx__printk+0x10/0x10 [ 280.856983][T13342] ? snprintf+0xda/0x120 [ 280.861261][T13342] should_fail_ex+0x3b0/0x4e0 [ 280.865964][T13342] _copy_to_user+0x2f/0xb0 [ 280.870404][T13342] simple_read_from_buffer+0xca/0x150 [ 280.875801][T13342] proc_fail_nth_read+0x1e9/0x250 [ 280.880851][T13342] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 280.886424][T13342] ? rw_verify_area+0x520/0x6b0 [ 280.891297][T13342] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 280.896176][T13348] tunl0: Caught tx_queue_len zero misconfig [ 280.896846][T13342] vfs_read+0x204/0xbc0 [ 280.896875][T13342] ? __pfx_lock_release+0x10/0x10 [ 280.911899][T13342] ? __pfx_vfs_read+0x10/0x10 [ 280.916572][T13342] ? __fget_files+0x29/0x470 [ 280.921172][T13342] ? __fget_files+0x3f6/0x470 [ 280.925883][T13342] ksys_read+0x1a0/0x2c0 [ 280.930151][T13342] ? __pfx_ksys_read+0x10/0x10 [ 280.934931][T13342] ? do_syscall_64+0x100/0x230 [ 280.939690][T13342] ? do_syscall_64+0xb6/0x230 [ 280.944358][T13342] do_syscall_64+0xf3/0x230 [ 280.948861][T13342] ? clear_bhb_loop+0x35/0x90 [ 280.953544][T13342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.959441][T13342] RIP: 0033:0x7ff0e997643c [ 280.963842][T13342] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 280.983455][T13342] RSP: 002b:00007ff0ea7ef040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 280.991898][T13342] RAX: ffffffffffffffda RBX: 00007ff0e9b05f80 RCX: 00007ff0e997643c [ 280.999894][T13342] RDX: 000000000000000f RSI: 00007ff0ea7ef0b0 RDI: 0000000000000005 [ 281.008056][T13342] RBP: 00007ff0ea7ef0a0 R08: 0000000000000000 R09: 0000000000000000 [ 281.016020][T13342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 281.023998][T13342] R13: 000000000000000b R14: 00007ff0e9b05f80 R15: 00007ffd6b9de6d8 [ 281.032008][T13342] [ 281.046960][T13352] __nla_validate_parse: 3 callbacks suppressed [ 281.046981][T13352] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2805'. [ 281.091230][T13354] vlan2: entered promiscuous mode [ 281.097278][T13354] team0: entered promiscuous mode [ 281.103932][T13354] team_slave_0: entered promiscuous mode [ 281.113389][T13354] team_slave_1: entered promiscuous mode [ 281.127153][T13354] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 281.138548][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 281.146612][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 281.166759][T13354] bond0: (slave vlan2): Enslaving as an active interface with an up link [ 281.876521][T13389] netlink: 'syz.4.2818': attribute type 13 has an invalid length. [ 281.898470][T13389] netlink: 'syz.4.2818': attribute type 58 has an invalid length. [ 281.906362][T13389] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2818'. [ 281.987054][T13388] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2819'. [ 282.058848][T13395] netlink: 'syz.3.2819': attribute type 1 has an invalid length. [ 282.066760][T13395] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2819'. [ 282.110523][T13395] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2819'. [ 282.152969][T13397] lo speed is unknown, defaulting to 1000 [ 282.884300][T13397] caif0 speed is unknown, defaulting to 1000 [ 283.208695][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 283.216678][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 283.380519][T13437] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2836'. [ 283.495387][T13443] netlink: 'syz.4.2839': attribute type 1 has an invalid length. [ 283.559006][T13443] 8021q: adding VLAN 0 to HW filter on device bond2 [ 283.753171][T13446] netlink: 'syz.3.2840': attribute type 13 has an invalid length. [ 283.763900][T13446] netlink: 'syz.3.2840': attribute type 58 has an invalid length. [ 283.799711][T13446] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2840'. [ 284.538182][T13484] netlink: 'syz.3.2853': attribute type 1 has an invalid length. [ 284.611072][T13484] 8021q: adding VLAN 0 to HW filter on device bond6 [ 284.702886][T13491] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2854'. [ 284.712474][T13484] bond6: (slave ip6gretap1): making interface the new active one [ 284.745531][T13484] bond6: (slave ip6gretap1): Enslaving as an active interface with an up link [ 284.852570][T13491] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2854'. [ 284.880142][T13491] netlink: 'syz.4.2854': attribute type 1 has an invalid length. [ 284.965922][T13503] netlink: 5304 bytes leftover after parsing attributes in process `syz.2.2857'. [ 285.129219][T13508] sctp: [Deprecated]: syz.2.2858 (pid 13508) Use of int in max_burst socket option deprecated. [ 285.129219][T13508] Use struct sctp_assoc_value instead [ 285.217542][T13513] netlink: 'syz.2.2858': attribute type 6 has an invalid length. [ 285.237127][T13513] netlink: 'syz.2.2858': attribute type 5 has an invalid length. [ 285.288506][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 285.296467][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 286.459136][T13568] lo: Caught tx_queue_len zero misconfig [ 286.585876][T13567] 8021q: adding VLAN 0 to HW filter on device bond7 [ 286.895024][T13580] __nla_validate_parse: 6 callbacks suppressed [ 286.895047][T13580] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2886'. [ 286.983055][T13580] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2886'. [ 287.005121][T13580] validate_nla: 4 callbacks suppressed [ 287.005142][T13580] netlink: 'syz.4.2886': attribute type 1 has an invalid length. [ 287.173928][T13593] ip6tnl0: Caught tx_queue_len zero misconfig [ 287.186561][T13593] sch_fq: defrate 2 ignored. [ 287.210037][T13600] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2896'. [ 287.250667][T13597] netlink: 124 bytes leftover after parsing attributes in process `syz.0.2895'. [ 287.368525][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 287.376429][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 287.446594][T13611] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2901'. [ 287.477735][T13613] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2898'. [ 287.532604][T13613] netlink: 'syz.0.2898': attribute type 30 has an invalid length. [ 287.564459][T13616] netlink: 'syz.4.2902': attribute type 10 has an invalid length. [ 287.586105][T13621] xt_hashlimit: invalid interval [ 287.597665][T13616] team0: Device netdevsim0 failed to register rx_handler [ 287.657836][T13623] veth1_vlan: left allmulticast mode [ 287.781008][T13623] macvlan0 (unregistering): left allmulticast mode [ 287.824528][T13627] xt_ecn: cannot match TCP bits for non-tcp packets [ 287.857628][T13627] xt_l2tp: v2 tid > 0xffff: 150994944 [ 288.123476][T13640] netlink: 'syz.3.2911': attribute type 1 has an invalid length. [ 288.133059][T13640] netlink: 9364 bytes leftover after parsing attributes in process `syz.3.2911'. [ 288.142586][T13640] netlink: 'syz.3.2911': attribute type 2 has an invalid length. [ 288.150598][T13640] netlink: 'syz.3.2911': attribute type 1 has an invalid length. [ 288.276851][T13653] lo speed is unknown, defaulting to 1000 [ 288.640626][T13653] caif0 speed is unknown, defaulting to 1000 [ 288.764755][T13675] netlink: 'syz.1.2922': attribute type 1 has an invalid length. [ 288.859562][T13675] 8021q: adding VLAN 0 to HW filter on device bond8 [ 288.930933][T13680] x_tables: ip_tables: TCPMSS target: only valid for protocol 6 [ 289.180993][T13687] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 289.448474][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 289.456465][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 289.889955][T13718] netlink: 'syz.1.2936': attribute type 1 has an invalid length. [ 290.007481][T13718] 8021q: adding VLAN 0 to HW filter on device bond9 [ 290.290289][T13734] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2942'. [ 290.615686][T13753] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 290.750578][T13762] netlink: 'syz.4.2952': attribute type 1 has an invalid length. [ 290.796547][T13762] 8021q: adding VLAN 0 to HW filter on device bond3 [ 290.866074][T13768] netlink: 'syz.2.2955': attribute type 1 has an invalid length. [ 290.908097][T13768] 8021q: adding VLAN 0 to HW filter on device bond8 [ 291.528567][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 291.536524][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 291.622753][T13812] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2972'. [ 292.071636][T13825] veth1_vlan: left allmulticast mode [ 292.165341][T13825] macvlan0 (unregistering): left allmulticast mode [ 292.587853][T13855] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2985'. [ 292.602353][T13853] FAULT_INJECTION: forcing a failure. [ 292.602353][T13853] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 292.635517][T13853] CPU: 0 UID: 0 PID: 13853 Comm: syz.2.2986 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 292.635632][T13855] netlink: 23 bytes leftover after parsing attributes in process `syz.1.2985'. [ 292.646307][T13853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 292.646321][T13853] Call Trace: [ 292.646331][T13853] [ 292.646340][T13853] dump_stack_lvl+0x241/0x360 [ 292.646371][T13853] ? __pfx_dump_stack_lvl+0x10/0x10 [ 292.646392][T13853] ? __pfx__printk+0x10/0x10 [ 292.646418][T13853] ? snprintf+0xda/0x120 [ 292.646446][T13853] should_fail_ex+0x3b0/0x4e0 [ 292.646479][T13853] _copy_to_user+0x2f/0xb0 [ 292.646504][T13853] simple_read_from_buffer+0xca/0x150 [ 292.646531][T13853] proc_fail_nth_read+0x1e9/0x250 [ 292.646557][T13853] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 292.646583][T13853] ? rw_verify_area+0x520/0x6b0 [ 292.646603][T13853] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 292.646626][T13853] vfs_read+0x204/0xbc0 [ 292.646646][T13853] ? __pfx_lock_release+0x10/0x10 [ 292.729259][T13861] validate_nla: 2 callbacks suppressed [ 292.729277][T13861] netlink: 'syz.3.2988': attribute type 8 has an invalid length. [ 292.730132][T13853] ? __pfx_vfs_read+0x10/0x10 [ 292.735212][T13861] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2988'. [ 292.740568][T13853] ? __fget_files+0x29/0x470 [ 292.740601][T13853] ? __fget_files+0x3f6/0x470 [ 292.740633][T13853] ksys_read+0x1a0/0x2c0 [ 292.740659][T13853] ? __pfx_ksys_read+0x10/0x10 [ 292.740682][T13853] ? do_syscall_64+0x100/0x230 [ 292.740706][T13853] ? do_syscall_64+0xb6/0x230 [ 292.740730][T13853] do_syscall_64+0xf3/0x230 [ 292.740752][T13853] ? clear_bhb_loop+0x35/0x90 [ 292.740773][T13853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.740798][T13853] RIP: 0033:0x7fb4b257643c [ 292.740817][T13853] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 292.740833][T13853] RSP: 002b:00007fb4b3269040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 292.740856][T13853] RAX: ffffffffffffffda RBX: 00007fb4b2705f80 RCX: 00007fb4b257643c [ 292.740871][T13853] RDX: 000000000000000f RSI: 00007fb4b32690b0 RDI: 0000000000000005 [ 292.740884][T13853] RBP: 00007fb4b32690a0 R08: 0000000000000000 R09: 0000000000000000 [ 292.740896][T13853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 292.740908][T13853] R13: 000000000000000b R14: 00007fb4b2705f80 R15: 00007ffcd3e2a4e8 [ 292.740938][T13853] [ 293.608461][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 293.616461][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 293.713551][T13916] netlink: 'syz.1.3005': attribute type 5 has an invalid length. [ 294.025086][T13935] netlink: 'syz.4.3011': attribute type 11 has an invalid length. [ 294.324982][T13950] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 294.468663][T13954] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3019'. [ 294.491992][T13954] veth1_macvtap: entered promiscuous mode [ 294.501159][T13954] macsec0: entered allmulticast mode [ 294.506592][T13954] veth1_macvtap: entered allmulticast mode [ 294.554393][T13954] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3019'. [ 294.712256][T13954] veth1_macvtap (unregistering): left allmulticast mode [ 295.200260][T13979] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3031'. [ 295.688486][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 295.696482][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 296.013694][T14026] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3046'. [ 296.563928][T14051] lo speed is unknown, defaulting to 1000 [ 297.165124][T14051] caif0 speed is unknown, defaulting to 1000 [ 297.684367][T14089] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3069'. [ 297.730746][T14089] vxcan5: entered promiscuous mode [ 297.768493][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 297.776495][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 297.844226][T14095] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3073'. [ 297.866840][T14097] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3069'. [ 298.096151][T14089] lo speed is unknown, defaulting to 1000 [ 298.631143][T14110] netlink: 188 bytes leftover after parsing attributes in process `syz.3.3077'. [ 298.646751][T14089] caif0 speed is unknown, defaulting to 1000 [ 298.656152][T14110] netlink: 'syz.3.3077': attribute type 1 has an invalid length. [ 299.131427][T14121] netlink: 4272 bytes leftover after parsing attributes in process `syz.3.3082'. [ 299.734779][T14144] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3089'. [ 299.813379][T14144] netlink: 188 bytes leftover after parsing attributes in process `syz.4.3089'. [ 299.847760][T14144] netlink: 'syz.4.3089': attribute type 1 has an invalid length. [ 299.855747][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 299.855977][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 300.356412][T14154] netlink: 4272 bytes leftover after parsing attributes in process `syz.3.3093'. [ 301.252187][T14182] netlink: 4272 bytes leftover after parsing attributes in process `syz.3.3104'. [ 301.928473][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 301.936420][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 302.002863][T14206] wg2: left promiscuous mode [ 302.007537][T14206] wg2: left allmulticast mode [ 302.215003][T14216] netlink: 5312 bytes leftover after parsing attributes in process `syz.1.3117'. [ 302.678268][T14236] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 303.712729][T14279] __nla_validate_parse: 1 callbacks suppressed [ 303.712753][T14279] netlink: 5312 bytes leftover after parsing attributes in process `syz.2.3143'. [ 303.743257][T14282] FAULT_INJECTION: forcing a failure. [ 303.743257][T14282] name failslab, interval 1, probability 0, space 0, times 0 [ 303.770313][T14282] CPU: 1 UID: 0 PID: 14282 Comm: syz.0.3142 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 303.781129][T14282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 303.791219][T14282] Call Trace: [ 303.794518][T14282] [ 303.797459][T14282] dump_stack_lvl+0x241/0x360 [ 303.802164][T14282] ? __pfx_dump_stack_lvl+0x10/0x10 [ 303.807390][T14282] ? __pfx__printk+0x10/0x10 [ 303.812014][T14282] ? fs_reclaim_acquire+0x93/0x140 [ 303.817159][T14282] ? __pfx___might_resched+0x10/0x10 [ 303.822473][T14282] should_fail_ex+0x3b0/0x4e0 [ 303.827182][T14282] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 303.832932][T14282] should_failslab+0xac/0x100 [ 303.837640][T14282] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 303.843385][T14282] __kmalloc_noprof+0xd8/0x400 [ 303.848151][T14282] ? kfree+0x4e/0x360 [ 303.852140][T14282] tomoyo_realpath_from_path+0xcf/0x5e0 [ 303.857691][T14282] tomoyo_path_number_perm+0x23a/0x880 [ 303.863153][T14282] ? tomoyo_path_number_perm+0x208/0x880 [ 303.868787][T14282] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 303.874882][T14282] ? __fget_files+0x29/0x470 [ 303.879476][T14282] ? __fget_files+0x3f6/0x470 [ 303.884144][T14282] ? __fget_files+0x29/0x470 [ 303.888843][T14282] security_file_ioctl+0x75/0xb0 [ 303.893791][T14282] __se_sys_ioctl+0x47/0x170 [ 303.898386][T14282] do_syscall_64+0xf3/0x230 [ 303.902893][T14282] ? clear_bhb_loop+0x35/0x90 [ 303.907564][T14282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.913628][T14282] RIP: 0033:0x7ff0e99779f9 [ 303.918037][T14282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.937744][T14282] RSP: 002b:00007ff0ea7ce048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 303.946260][T14282] RAX: ffffffffffffffda RBX: 00007ff0e9b06058 RCX: 00007ff0e99779f9 [ 303.954222][T14282] RDX: 000000002000000a RSI: 0000000040047451 RDI: 0000000000000003 [ 303.962185][T14282] RBP: 00007ff0ea7ce0a0 R08: 0000000000000000 R09: 0000000000000000 [ 303.970232][T14282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 303.978209][T14282] R13: 000000000000006e R14: 00007ff0e9b06058 R15: 00007ffd6b9de6d8 [ 303.986194][T14282] [ 303.998567][T14282] ERROR: Out of memory at tomoyo_realpath_from_path. [ 304.008529][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 304.016398][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 304.082440][T14281] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3144'. [ 304.577020][T14309] netlink: 5312 bytes leftover after parsing attributes in process `syz.3.3155'. [ 304.650345][T14310] netlink: 'syz.0.3154': attribute type 309 has an invalid length. [ 304.743822][T14310] macsec0: entered promiscuous mode [ 304.767939][T14310] macsec2: entered promiscuous mode [ 304.775687][T14313] netlink: 'syz.4.3156': attribute type 10 has an invalid length. [ 304.911424][T14313] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 305.587554][T14347] netlink: 5312 bytes leftover after parsing attributes in process `syz.1.3169'. [ 305.642991][T14346] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 305.777824][T14354] netlink: 'syz.1.3170': attribute type 10 has an invalid length. [ 305.879547][T14354] geneve1: entered promiscuous mode [ 305.886955][T14358] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3173'. [ 305.890434][T14354] team0: Port device geneve1 added [ 306.098550][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 306.107678][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 306.259985][T14375] netlink: 5312 bytes leftover after parsing attributes in process `syz.4.3181'. [ 306.312358][T14378] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3180'. [ 306.368632][T14378] netlink: 188 bytes leftover after parsing attributes in process `syz.0.3180'. [ 306.397175][T14378] netlink: 'syz.0.3180': attribute type 1 has an invalid length. [ 306.691194][T14398] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3186'. [ 306.719572][T14398] netlink: 124 bytes leftover after parsing attributes in process `syz.4.3186'. [ 307.029937][T14414] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 307.049293][T14414] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 307.089530][T14414] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 307.103890][T14414] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 307.293813][T14425] netlink: 'syz.1.3194': attribute type 1 has an invalid length. [ 307.332804][T14425] bond10: entered promiscuous mode [ 307.374164][T14425] team0: Port device netdevsim0 removed [ 307.385231][T14425] bond10: (slave netdevsim0): Enslaving as an active interface with a down link [ 308.168589][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 308.176920][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 308.859919][T14491] __nla_validate_parse: 7 callbacks suppressed [ 308.859938][T14491] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3217'. [ 309.058134][T14491] syzkaller0: entered promiscuous mode [ 309.064009][T14491] syzkaller0: entered allmulticast mode [ 309.084290][T14502] FAULT_INJECTION: forcing a failure. [ 309.084290][T14502] name failslab, interval 1, probability 0, space 0, times 0 [ 309.118988][T14502] CPU: 1 UID: 0 PID: 14502 Comm: syz.3.3222 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 309.129802][T14502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 309.139883][T14502] Call Trace: [ 309.143174][T14502] [ 309.146123][T14502] dump_stack_lvl+0x241/0x360 [ 309.150845][T14502] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.156078][T14502] ? __pfx__printk+0x10/0x10 [ 309.160791][T14502] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 309.166278][T14502] ? __pfx___might_resched+0x10/0x10 [ 309.171687][T14502] should_fail_ex+0x3b0/0x4e0 [ 309.176405][T14502] should_failslab+0xac/0x100 [ 309.181118][T14502] ? slhc_init+0x76/0x790 [ 309.185469][T14502] __kmalloc_cache_noprof+0x6c/0x2c0 [ 309.190783][T14502] slhc_init+0x76/0x790 [ 309.194963][T14502] ? __might_fault+0xaa/0x120 [ 309.199658][T14502] ? __might_fault+0xc6/0x120 [ 309.204353][T14502] ppp_ioctl+0x15ba/0x1cd0 [ 309.208789][T14502] ? __pfx_ppp_ioctl+0x10/0x10 [ 309.213581][T14502] ? __fget_files+0x3f6/0x470 [ 309.218278][T14502] ? __fget_files+0x29/0x470 [ 309.222898][T14502] ? bpf_lsm_file_ioctl+0x9/0x10 [ 309.227850][T14502] ? security_file_ioctl+0x87/0xb0 [ 309.232954][T14502] ? __pfx_ppp_ioctl+0x10/0x10 [ 309.237714][T14502] __se_sys_ioctl+0xfc/0x170 [ 309.242301][T14502] do_syscall_64+0xf3/0x230 [ 309.246798][T14502] ? clear_bhb_loop+0x35/0x90 [ 309.251471][T14502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.257491][T14502] RIP: 0033:0x7fa49f7779f9 [ 309.261897][T14502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.281497][T14502] RSP: 002b:00007fa4a04f3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 309.289912][T14502] RAX: ffffffffffffffda RBX: 00007fa49f906058 RCX: 00007fa49f7779f9 [ 309.297880][T14502] RDX: 000000002000000a RSI: 0000000040047451 RDI: 0000000000000003 [ 309.305847][T14502] RBP: 00007fa4a04f30a0 R08: 0000000000000000 R09: 0000000000000000 [ 309.313812][T14502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 309.321780][T14502] R13: 000000000000006e R14: 00007fa49f906058 R15: 00007ffffa846cd8 [ 309.329757][T14502] [ 310.250273][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 310.258195][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 310.871631][T14508] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 311.048769][T14517] netlink: 5312 bytes leftover after parsing attributes in process `syz.2.3227'. [ 311.054858][T14515] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3229'. [ 311.416210][T14526] pimreg: entered allmulticast mode [ 311.446794][T14526] pimreg: left allmulticast mode [ 312.047530][T14562] FAULT_INJECTION: forcing a failure. [ 312.047530][T14562] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 312.074783][T14562] CPU: 1 UID: 0 PID: 14562 Comm: syz.4.3239 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 312.085616][T14562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 312.095705][T14562] Call Trace: [ 312.099003][T14562] [ 312.101953][T14562] dump_stack_lvl+0x241/0x360 [ 312.106683][T14562] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.111907][T14562] ? __pfx__printk+0x10/0x10 [ 312.116525][T14562] ? snprintf+0xda/0x120 [ 312.120796][T14562] should_fail_ex+0x3b0/0x4e0 [ 312.125505][T14562] _copy_to_user+0x2f/0xb0 [ 312.129951][T14562] simple_read_from_buffer+0xca/0x150 [ 312.135381][T14562] proc_fail_nth_read+0x1e9/0x250 [ 312.140444][T14562] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 312.146029][T14562] ? rw_verify_area+0x520/0x6b0 [ 312.150915][T14562] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 312.156493][T14562] vfs_read+0x204/0xbc0 [ 312.160678][T14562] ? __pfx_lock_release+0x10/0x10 [ 312.165736][T14562] ? __pfx_vfs_read+0x10/0x10 [ 312.170444][T14562] ? __fget_files+0x29/0x470 [ 312.175068][T14562] ? __fget_files+0x3f6/0x470 [ 312.179862][T14562] ksys_read+0x1a0/0x2c0 [ 312.184109][T14562] ? __pfx_ksys_read+0x10/0x10 [ 312.188870][T14562] ? do_syscall_64+0x100/0x230 [ 312.193634][T14562] ? do_syscall_64+0xb6/0x230 [ 312.198305][T14562] do_syscall_64+0xf3/0x230 [ 312.202813][T14562] ? clear_bhb_loop+0x35/0x90 [ 312.207487][T14562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.213381][T14562] RIP: 0033:0x7f05b437643c [ 312.217789][T14562] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 312.237405][T14562] RSP: 002b:00007f05b51c7040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 312.245832][T14562] RAX: ffffffffffffffda RBX: 00007f05b4506058 RCX: 00007f05b437643c [ 312.253824][T14562] RDX: 000000000000000f RSI: 00007f05b51c70b0 RDI: 0000000000000004 [ 312.261798][T14562] RBP: 00007f05b51c70a0 R08: 0000000000000000 R09: 0000000000000000 [ 312.269766][T14562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 312.277816][T14562] R13: 000000000000006e R14: 00007f05b4506058 R15: 00007ffc45285bb8 [ 312.285807][T14562] [ 312.328487][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 312.336451][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 312.599672][T14576] syz.2.3245 (14576) used obsolete PPPIOCDETACH ioctl [ 312.853219][T14595] FAULT_INJECTION: forcing a failure. [ 312.853219][T14595] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 312.886093][T14595] CPU: 1 UID: 0 PID: 14595 Comm: syz.1.3253 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 312.896989][T14595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 312.907067][T14595] Call Trace: [ 312.910537][T14595] [ 312.913568][T14595] dump_stack_lvl+0x241/0x360 [ 312.918275][T14595] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.923497][T14595] ? __pfx__printk+0x10/0x10 [ 312.928114][T14595] ? __pfx_lock_release+0x10/0x10 [ 312.933165][T14595] should_fail_ex+0x3b0/0x4e0 [ 312.937845][T14595] _copy_from_user+0x2f/0xe0 [ 312.942431][T14595] copy_msghdr_from_user+0xae/0x680 [ 312.947629][T14595] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 312.953441][T14595] __sys_sendmsg+0x23d/0x3a0 [ 312.958025][T14595] ? __pfx___sys_sendmsg+0x10/0x10 [ 312.963127][T14595] ? vfs_write+0x7c4/0xc90 [ 312.967581][T14595] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 312.973908][T14595] ? do_syscall_64+0x100/0x230 [ 312.978761][T14595] ? do_syscall_64+0xb6/0x230 [ 312.983438][T14595] do_syscall_64+0xf3/0x230 [ 312.987948][T14595] ? clear_bhb_loop+0x35/0x90 [ 312.992889][T14595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.998783][T14595] RIP: 0033:0x7fcfb13779f9 [ 313.003192][T14595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.022793][T14595] RSP: 002b:00007fcfb0dff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 313.031204][T14595] RAX: ffffffffffffffda RBX: 00007fcfb1505f80 RCX: 00007fcfb13779f9 [ 313.039186][T14595] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 313.047160][T14595] RBP: 00007fcfb0dff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 313.055127][T14595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 313.063092][T14595] R13: 000000000000004d R14: 00007fcfb1505f80 R15: 00007ffcd7ff2458 [ 313.071069][T14595] [ 313.811544][T14634] FAULT_INJECTION: forcing a failure. [ 313.811544][T14634] name failslab, interval 1, probability 0, space 0, times 0 [ 313.846577][T14634] CPU: 1 UID: 0 PID: 14634 Comm: syz.2.3267 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 313.857399][T14634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 313.867488][T14634] Call Trace: [ 313.870788][T14634] [ 313.873734][T14634] dump_stack_lvl+0x241/0x360 [ 313.878525][T14634] ? __pfx_dump_stack_lvl+0x10/0x10 [ 313.883744][T14634] ? __pfx__printk+0x10/0x10 [ 313.888356][T14634] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 313.894356][T14634] ? __pfx___might_resched+0x10/0x10 [ 313.899638][T14634] should_fail_ex+0x3b0/0x4e0 [ 313.904459][T14634] should_failslab+0xac/0x100 [ 313.909216][T14634] ? __alloc_skb+0x1c3/0x440 [ 313.913796][T14634] kmem_cache_alloc_node_noprof+0x71/0x320 [ 313.919608][T14634] __alloc_skb+0x1c3/0x440 [ 313.924050][T14634] ? __pfx___alloc_skb+0x10/0x10 [ 313.929011][T14634] ? netlink_autobind+0xd6/0x2f0 [ 313.933964][T14634] ? netlink_autobind+0x2b0/0x2f0 [ 313.939019][T14634] netlink_sendmsg+0x638/0xcb0 [ 313.943903][T14634] ? __pfx_netlink_sendmsg+0x10/0x10 [ 313.946079][T14639] vlan3: entered promiscuous mode [ 313.949196][T14634] ? __import_iovec+0x536/0x820 [ 313.949222][T14634] ? aa_sock_msg_perm+0x91/0x160 [ 313.949244][T14634] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 313.949265][T14634] ? security_socket_sendmsg+0x87/0xb0 [ 313.949291][T14634] ? __pfx_netlink_sendmsg+0x10/0x10 [ 313.949312][T14634] __sock_sendmsg+0x221/0x270 [ 313.949339][T14634] ____sys_sendmsg+0x525/0x7d0 [ 313.949366][T14634] ? __pfx_____sys_sendmsg+0x10/0x10 [ 313.949398][T14634] __sys_sendmsg+0x2b0/0x3a0 [ 313.949422][T14634] ? __pfx___sys_sendmsg+0x10/0x10 [ 313.949437][T14634] ? vfs_write+0x7c4/0xc90 [ 313.949497][T14634] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 313.949523][T14634] ? do_syscall_64+0x100/0x230 [ 313.949549][T14634] ? do_syscall_64+0xb6/0x230 [ 313.949572][T14634] do_syscall_64+0xf3/0x230 [ 313.949594][T14634] ? clear_bhb_loop+0x35/0x90 [ 313.949613][T14634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.949639][T14634] RIP: 0033:0x7fb4b25779f9 [ 313.949657][T14634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.949674][T14634] RSP: 002b:00007fb4b3269048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 313.949696][T14634] RAX: ffffffffffffffda RBX: 00007fb4b2705f80 RCX: 00007fb4b25779f9 [ 313.949710][T14634] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 313.949721][T14634] RBP: 00007fb4b32690a0 R08: 0000000000000000 R09: 0000000000000000 [ 313.949733][T14634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 313.949744][T14634] R13: 000000000000000b R14: 00007fb4b2705f80 R15: 00007ffcd3e2a4e8 [ 314.112271][T14634] [ 314.408760][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 314.416771][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 314.502922][T14660] lo speed is unknown, defaulting to 1000 [ 314.519473][T14664] xt_TPROXY: Can be used only with -p tcp or -p udp [ 314.601386][T14664] netlink: 'syz.2.3273': attribute type 14 has an invalid length. [ 315.033405][T14660] caif0 speed is unknown, defaulting to 1000 [ 316.488485][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 316.496430][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 316.728108][ T29] audit: type=1107 audit(1722917867.249:2): pid=14746 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=':Y$nJ5 9Icc}֨ V}L(ΤO*?S\HSsdLY۞D|UsH;=' [ 316.795093][T14754] bridge0: port 2(bridge_slave_1) entered blocking state [ 316.802413][T14754] bridge0: port 2(bridge_slave_1) entered listening state [ 316.809845][T14754] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.817030][T14754] bridge0: port 1(bridge_slave_0) entered listening state [ 316.844237][T14754] bridge0: entered promiscuous mode [ 316.854329][T14754] bridge0: entered allmulticast mode [ 316.972329][T14760] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3303'. [ 316.992520][T14760] netlink: 188 bytes leftover after parsing attributes in process `syz.1.3303'. [ 317.001894][T14760] netlink: 'syz.1.3303': attribute type 1 has an invalid length. [ 317.023708][T14763] netlink: 'syz.4.3304': attribute type 1 has an invalid length. [ 317.132084][T14763] 8021q: adding VLAN 0 to HW filter on device bond4 [ 317.196717][T14768] bond4: (slave ip6gretap1): making interface the new active one [ 317.219502][T14768] bond4: (slave ip6gretap1): Enslaving as an active interface with an up link [ 317.547276][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.641310][T14788] netlink: 'syz.2.3307': attribute type 1 has an invalid length. [ 317.678781][T14793] netlink: 'syz.3.3311': attribute type 3 has an invalid length. [ 317.700805][T14788] 8021q: adding VLAN 0 to HW filter on device bond9 [ 317.721361][T14792] netlink: 'syz.4.3312': attribute type 1 has an invalid length. [ 317.740276][T14793] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3311'. [ 317.831689][T14792] 8021q: adding VLAN 0 to HW filter on device bond5 [ 318.022390][T14813] FAULT_INJECTION: forcing a failure. [ 318.022390][T14813] name failslab, interval 1, probability 0, space 0, times 0 [ 318.023363][T14810] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3320'. [ 318.056681][T14810] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3320'. [ 318.098684][T14813] CPU: 0 UID: 0 PID: 14813 Comm: syz.4.3321 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 318.109500][T14813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 318.119584][T14813] Call Trace: [ 318.122958][T14813] [ 318.125906][T14813] dump_stack_lvl+0x241/0x360 [ 318.130620][T14813] ? __pfx_dump_stack_lvl+0x10/0x10 [ 318.135842][T14813] ? __pfx__printk+0x10/0x10 [ 318.140466][T14813] ? ref_tracker_alloc+0x332/0x490 [ 318.145606][T14813] should_fail_ex+0x3b0/0x4e0 [ 318.150323][T14813] ? skb_clone+0x20c/0x390 [ 318.154756][T14813] should_failslab+0xac/0x100 [ 318.159461][T14813] ? skb_clone+0x20c/0x390 [ 318.163899][T14813] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 318.169297][T14813] skb_clone+0x20c/0x390 [ 318.173564][T14813] __netlink_deliver_tap+0x3cc/0x7c0 [ 318.178885][T14813] ? netlink_deliver_tap+0x2e/0x1b0 [ 318.184105][T14813] netlink_deliver_tap+0x19d/0x1b0 [ 318.189245][T14813] netlink_unicast+0x7be/0x990 [ 318.194044][T14813] ? __pfx_netlink_unicast+0x10/0x10 [ 318.199350][T14813] ? __virt_addr_valid+0x183/0x530 [ 318.204491][T14813] ? __check_object_size+0x49c/0x900 [ 318.209799][T14813] ? bpf_lsm_netlink_send+0x9/0x10 [ 318.214938][T14813] netlink_sendmsg+0x8e4/0xcb0 [ 318.219737][T14813] ? __pfx_netlink_sendmsg+0x10/0x10 [ 318.225052][T14813] ? __import_iovec+0x536/0x820 [ 318.229925][T14813] ? aa_sock_msg_perm+0x91/0x160 [ 318.234884][T14813] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 318.240188][T14813] ? security_socket_sendmsg+0x87/0xb0 [ 318.245674][T14813] ? __pfx_netlink_sendmsg+0x10/0x10 [ 318.250983][T14813] __sock_sendmsg+0x221/0x270 [ 318.255687][T14813] ____sys_sendmsg+0x525/0x7d0 [ 318.260483][T14813] ? __pfx_____sys_sendmsg+0x10/0x10 [ 318.265807][T14813] __sys_sendmsg+0x2b0/0x3a0 [ 318.270432][T14813] ? __pfx___sys_sendmsg+0x10/0x10 [ 318.275563][T14813] ? vfs_write+0x7c4/0xc90 [ 318.280053][T14813] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 318.286425][T14813] ? do_syscall_64+0x100/0x230 [ 318.291230][T14813] ? do_syscall_64+0xb6/0x230 [ 318.296188][T14813] do_syscall_64+0xf3/0x230 [ 318.300817][T14813] ? clear_bhb_loop+0x35/0x90 [ 318.305531][T14813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.311464][T14813] RIP: 0033:0x7f05b43779f9 [ 318.315915][T14813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 318.335546][T14813] RSP: 002b:00007f05b51e8048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 318.343996][T14813] RAX: ffffffffffffffda RBX: 00007f05b4505f80 RCX: 00007f05b43779f9 [ 318.351992][T14813] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 318.359991][T14813] RBP: 00007f05b51e80a0 R08: 0000000000000000 R09: 0000000000000000 [ 318.368508][T14813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 318.376500][T14813] R13: 000000000000000b R14: 00007f05b4505f80 R15: 00007ffc45285bb8 [ 318.384776][T14813] [ 318.533874][T14831] netlink: 'syz.2.3324': attribute type 49 has an invalid length. [ 318.569114][T14827] netlink: 'syz.2.3324': attribute type 49 has an invalid length. [ 318.578489][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 318.586371][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 318.983857][T14847] netlink: 'syz.0.3328': attribute type 3 has an invalid length. [ 318.995376][T14847] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3328'. [ 319.143300][T14858] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3333'. [ 319.247846][T14863] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3336'. [ 319.265093][T14864] FAULT_INJECTION: forcing a failure. [ 319.265093][T14864] name failslab, interval 1, probability 0, space 0, times 0 [ 319.285596][T14866] FAULT_INJECTION: forcing a failure. [ 319.285596][T14866] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 319.299082][T14863] netlink: 188 bytes leftover after parsing attributes in process `syz.0.3336'. [ 319.299110][T14863] netlink: 'syz.0.3336': attribute type 1 has an invalid length. [ 319.301103][T14864] CPU: 1 UID: 0 PID: 14864 Comm: syz.2.3335 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 319.326904][T14864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 319.336980][T14864] Call Trace: [ 319.340275][T14864] [ 319.343223][T14864] dump_stack_lvl+0x241/0x360 [ 319.347928][T14864] ? __pfx_dump_stack_lvl+0x10/0x10 [ 319.353147][T14864] ? __pfx__printk+0x10/0x10 [ 319.357831][T14864] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 319.363310][T14864] ? __pfx___might_resched+0x10/0x10 [ 319.368621][T14864] should_fail_ex+0x3b0/0x4e0 [ 319.373331][T14864] should_failslab+0xac/0x100 [ 319.378034][T14864] ? ip_set_create+0x330/0x1900 [ 319.382897][T14864] __kmalloc_cache_noprof+0x6c/0x2c0 [ 319.388195][T14864] ip_set_create+0x330/0x1900 [ 319.392885][T14864] ? trace_raw_output_contention_end+0xb2/0xd0 [ 319.399055][T14864] ? __pfx_ip_set_create+0x10/0x10 [ 319.404172][T14864] ? trace_contention_end+0x3c/0x120 [ 319.409494][T14864] ? nfnetlink_rcv_msg+0x225/0x1180 [ 319.414701][T14864] nfnetlink_rcv_msg+0xbec/0x1180 [ 319.419782][T14864] ? kernel_text_address+0xa7/0xe0 [ 319.424913][T14864] ? nfnetlink_rcv_msg+0x225/0x1180 [ 319.430146][T14864] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 319.435642][T14864] ? netlink_deliver_tap+0x19d/0x1b0 [ 319.440944][T14864] ? netlink_unicast+0x7be/0x990 [ 319.445891][T14864] ? netlink_sendmsg+0x8e4/0xcb0 [ 319.450843][T14864] ? __sock_sendmsg+0x221/0x270 [ 319.455706][T14864] ? ____sys_sendmsg+0x525/0x7d0 [ 319.460657][T14864] ? __sys_sendmsg+0x2b0/0x3a0 [ 319.465425][T14864] ? do_syscall_64+0xf3/0x230 [ 319.470107][T14864] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.476202][T14864] netlink_rcv_skb+0x1e3/0x430 [ 319.480977][T14864] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 319.486453][T14864] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 319.491770][T14864] ? apparmor_capable+0x138/0x1b0 [ 319.496897][T14864] ? bpf_lsm_capable+0x9/0x10 [ 319.501671][T14864] ? security_capable+0x90/0xb0 [ 319.506534][T14864] nfnetlink_rcv+0x297/0x2a90 [ 319.511242][T14864] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 319.516983][T14864] ? __dev_queue_xmit+0x2da/0x3e90 [ 319.522110][T14864] ? __dev_queue_xmit+0x1763/0x3e90 [ 319.527310][T14864] ? kasan_save_track+0x51/0x80 [ 319.532190][T14864] ? do_syscall_64+0xf3/0x230 [ 319.536878][T14864] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 319.541997][T14864] ? __dev_queue_xmit+0x2da/0x3e90 [ 319.547116][T14864] ? __pfx___dev_queue_xmit+0x10/0x10 [ 319.552511][T14864] ? ref_tracker_free+0x643/0x7e0 [ 319.557540][T14864] ? __asan_memcpy+0x40/0x70 [ 319.562139][T14864] ? __pfx_ref_tracker_free+0x10/0x10 [ 319.567529][T14864] ? netlink_deliver_tap+0x2e/0x1b0 [ 319.572823][T14864] ? skb_clone+0x240/0x390 [ 319.577243][T14864] ? __pfx_lock_release+0x10/0x10 [ 319.582279][T14864] ? __netlink_deliver_tap+0x77e/0x7c0 [ 319.587756][T14864] ? netlink_deliver_tap+0x2e/0x1b0 [ 319.592965][T14864] netlink_unicast+0x7f0/0x990 [ 319.597749][T14864] ? __pfx_netlink_unicast+0x10/0x10 [ 319.603047][T14864] ? __virt_addr_valid+0x183/0x530 [ 319.608168][T14864] ? __check_object_size+0x49c/0x900 [ 319.613471][T14864] ? bpf_lsm_netlink_send+0x9/0x10 [ 319.618691][T14864] netlink_sendmsg+0x8e4/0xcb0 [ 319.623479][T14864] ? __pfx_netlink_sendmsg+0x10/0x10 [ 319.628811][T14864] ? __import_iovec+0x536/0x820 [ 319.633670][T14864] ? aa_sock_msg_perm+0x91/0x160 [ 319.638618][T14864] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 319.643925][T14864] ? security_socket_sendmsg+0x87/0xb0 [ 319.649409][T14864] ? __pfx_netlink_sendmsg+0x10/0x10 [ 319.654713][T14864] __sock_sendmsg+0x221/0x270 [ 319.659419][T14864] ____sys_sendmsg+0x525/0x7d0 [ 319.664204][T14864] ? __pfx_____sys_sendmsg+0x10/0x10 [ 319.669524][T14864] __sys_sendmsg+0x2b0/0x3a0 [ 319.674139][T14864] ? __pfx___sys_sendmsg+0x10/0x10 [ 319.679274][T14864] ? vfs_write+0x7c4/0xc90 [ 319.683763][T14864] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 319.690117][T14864] ? do_syscall_64+0x100/0x230 [ 319.694900][T14864] ? do_syscall_64+0xb6/0x230 [ 319.699594][T14864] do_syscall_64+0xf3/0x230 [ 319.704117][T14864] ? clear_bhb_loop+0x35/0x90 [ 319.708808][T14864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.714730][T14864] RIP: 0033:0x7fb4b25779f9 [ 319.719161][T14864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.738787][T14864] RSP: 002b:00007fb4b3269048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 319.747229][T14864] RAX: ffffffffffffffda RBX: 00007fb4b2705f80 RCX: 00007fb4b25779f9 [ 319.752262][T14874] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3340'. [ 319.755193][T14864] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 319.755210][T14864] RBP: 00007fb4b32690a0 R08: 0000000000000000 R09: 0000000000000000 [ 319.755223][T14864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 319.755234][T14864] R13: 000000000000000b R14: 00007fb4b2705f80 R15: 00007ffcd3e2a4e8 [ 319.755263][T14864] [ 319.799154][T14866] CPU: 0 UID: 0 PID: 14866 Comm: syz.3.3337 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 319.810203][T14866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 319.820368][T14866] Call Trace: [ 319.823670][T14866] [ 319.826655][T14866] dump_stack_lvl+0x241/0x360 [ 319.831369][T14866] ? __pfx_dump_stack_lvl+0x10/0x10 [ 319.836642][T14866] ? __pfx__printk+0x10/0x10 [ 319.841276][T14866] ? snprintf+0xda/0x120 [ 319.845560][T14866] should_fail_ex+0x3b0/0x4e0 [ 319.850272][T14866] _copy_to_user+0x2f/0xb0 [ 319.854705][T14866] simple_read_from_buffer+0xca/0x150 [ 319.860077][T14866] proc_fail_nth_read+0x1e9/0x250 [ 319.865096][T14866] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 319.870823][T14866] ? rw_verify_area+0x520/0x6b0 [ 319.875670][T14866] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 319.881207][T14866] vfs_read+0x204/0xbc0 [ 319.885353][T14866] ? __pfx_lock_release+0x10/0x10 [ 319.890380][T14866] ? __pfx_vfs_read+0x10/0x10 [ 319.895053][T14866] ? __fget_files+0x29/0x470 [ 319.899641][T14866] ? __fget_files+0x3f6/0x470 [ 319.904326][T14866] ksys_read+0x1a0/0x2c0 [ 319.908570][T14866] ? __pfx_ksys_read+0x10/0x10 [ 319.913414][T14866] ? do_syscall_64+0x100/0x230 [ 319.918173][T14866] ? do_syscall_64+0xb6/0x230 [ 319.922845][T14866] do_syscall_64+0xf3/0x230 [ 319.927345][T14866] ? clear_bhb_loop+0x35/0x90 [ 319.932019][T14866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.937909][T14866] RIP: 0033:0x7fa49f77643c [ 319.942316][T14866] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 319.961917][T14866] RSP: 002b:00007fa4a0514040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 319.970416][T14866] RAX: ffffffffffffffda RBX: 00007fa49f905f80 RCX: 00007fa49f77643c [ 319.978376][T14866] RDX: 000000000000000f RSI: 00007fa4a05140b0 RDI: 000000000000000c [ 319.986334][T14866] RBP: 00007fa4a05140a0 R08: 0000000000000000 R09: 0000000000000000 [ 319.994466][T14866] R10: 00000000200017c0 R11: 0000000000000246 R12: 0000000000000001 [ 320.002427][T14866] R13: 000000000000000b R14: 00007fa49f905f80 R15: 00007ffffa846cd8 [ 320.010421][T14866] [ 320.587298][T14915] netlink: 'syz.2.3346': attribute type 3 has an invalid length. [ 320.648563][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 320.656674][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 320.721471][T14918] mac80211_hwsim hwsim4 wlan0: Caught tx_queue_len zero misconfig [ 322.123639][T14989] lo speed is unknown, defaulting to 1000 [ 322.391636][T15002] FAULT_INJECTION: forcing a failure. [ 322.391636][T15002] name failslab, interval 1, probability 0, space 0, times 0 [ 322.440659][T15002] CPU: 0 UID: 0 PID: 15002 Comm: syz.3.3378 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 322.451474][T15002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 322.461559][T15002] Call Trace: [ 322.464859][T15002] [ 322.467807][T15002] dump_stack_lvl+0x241/0x360 [ 322.472512][T15002] ? __pfx_dump_stack_lvl+0x10/0x10 [ 322.477734][T15002] ? __pfx__printk+0x10/0x10 [ 322.482359][T15002] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 322.487843][T15002] ? __pfx___might_resched+0x10/0x10 [ 322.493155][T15002] should_fail_ex+0x3b0/0x4e0 [ 322.497868][T15002] should_failslab+0xac/0x100 [ 322.502584][T15002] ? hash_net_create+0x2fa/0x1040 [ 322.507635][T15002] __kmalloc_cache_noprof+0x6c/0x2c0 [ 322.512954][T15002] hash_net_create+0x2fa/0x1040 [ 322.517843][T15002] ? __pfx_hash_net_create+0x10/0x10 [ 322.523151][T15002] ip_set_create+0xa5c/0x1900 [ 322.527943][T15002] ? ip_set_create+0x45e/0x1900 [ 322.532821][T15002] ? trace_raw_output_contention_end+0xb2/0xd0 [ 322.539126][T15002] ? __pfx_ip_set_create+0x10/0x10 [ 322.544304][T15002] ? trace_contention_end+0x3c/0x120 [ 322.549652][T15002] ? nfnetlink_rcv_msg+0x225/0x1180 [ 322.554886][T15002] nfnetlink_rcv_msg+0xbec/0x1180 [ 322.559947][T15002] ? kernel_text_address+0xa7/0xe0 [ 322.565086][T15002] ? nfnetlink_rcv_msg+0x225/0x1180 [ 322.570351][T15002] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 322.575744][T15014] __nla_validate_parse: 5 callbacks suppressed [ 322.575763][T15014] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3381'. [ 322.575840][T15002] ? netlink_deliver_tap+0x19d/0x1b0 [ 322.596270][T15002] ? netlink_unicast+0x7be/0x990 [ 322.601238][T15002] ? netlink_sendmsg+0x8e4/0xcb0 [ 322.603298][T15014] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3381'. [ 322.606279][T15002] ? __sock_sendmsg+0x221/0x270 [ 322.606308][T15002] ? ____sys_sendmsg+0x525/0x7d0 [ 322.606326][T15002] ? __sys_sendmsg+0x2b0/0x3a0 [ 322.606342][T15002] ? do_syscall_64+0xf3/0x230 [ 322.606364][T15002] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.640552][T15002] netlink_rcv_skb+0x1e3/0x430 [ 322.645347][T15002] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 322.650844][T15002] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 322.656185][T15002] ? apparmor_capable+0x138/0x1b0 [ 322.661236][T15002] ? bpf_lsm_capable+0x9/0x10 [ 322.665926][T15002] ? security_capable+0x90/0xb0 [ 322.670810][T15002] nfnetlink_rcv+0x297/0x2a90 [ 322.675528][T15002] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 322.681278][T15002] ? __dev_queue_xmit+0x2da/0x3e90 [ 322.686407][T15002] ? __dev_queue_xmit+0x1763/0x3e90 [ 322.691623][T15002] ? kasan_save_track+0x51/0x80 [ 322.696506][T15002] ? do_syscall_64+0xf3/0x230 [ 322.701215][T15002] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 322.706345][T15002] ? __dev_queue_xmit+0x2da/0x3e90 [ 322.711479][T15002] ? __pfx___dev_queue_xmit+0x10/0x10 [ 322.716894][T15002] ? ref_tracker_free+0x643/0x7e0 [ 322.721969][T15002] ? __asan_memcpy+0x40/0x70 [ 322.726581][T15002] ? __pfx_ref_tracker_free+0x10/0x10 [ 322.731995][T15002] ? netlink_deliver_tap+0x2e/0x1b0 [ 322.737217][T15002] ? skb_clone+0x240/0x390 [ 322.741647][T15002] ? __pfx_lock_release+0x10/0x10 [ 322.746693][T15002] ? __netlink_deliver_tap+0x77e/0x7c0 [ 322.748598][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 322.752184][T15002] ? netlink_deliver_tap+0x2e/0x1b0 [ 322.752216][T15002] netlink_unicast+0x7f0/0x990 [ 322.752248][T15002] ? __pfx_netlink_unicast+0x10/0x10 [ 322.760213][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 322.765109][T15002] ? __virt_addr_valid+0x183/0x530 [ 322.794517][T15002] ? __check_object_size+0x49c/0x900 [ 322.799829][T15002] ? bpf_lsm_netlink_send+0x9/0x10 [ 322.804986][T15002] netlink_sendmsg+0x8e4/0xcb0 [ 322.809792][T15002] ? __pfx_netlink_sendmsg+0x10/0x10 [ 322.815112][T15002] ? __import_iovec+0x536/0x820 [ 322.819987][T15002] ? aa_sock_msg_perm+0x91/0x160 [ 322.824946][T15002] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 322.830254][T15002] ? security_socket_sendmsg+0x87/0xb0 [ 322.835741][T15002] ? __pfx_netlink_sendmsg+0x10/0x10 [ 322.841048][T15002] __sock_sendmsg+0x221/0x270 [ 322.845750][T15002] ____sys_sendmsg+0x525/0x7d0 [ 322.850552][T15002] ? __pfx_____sys_sendmsg+0x10/0x10 [ 322.855885][T15002] __sys_sendmsg+0x2b0/0x3a0 [ 322.860496][T15002] ? __pfx___sys_sendmsg+0x10/0x10 [ 322.865629][T15002] ? vfs_write+0x7c4/0xc90 [ 322.870109][T15002] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 322.876553][T15002] ? do_syscall_64+0x100/0x230 [ 322.881371][T15002] ? do_syscall_64+0xb6/0x230 [ 322.886102][T15002] do_syscall_64+0xf3/0x230 [ 322.890625][T15002] ? clear_bhb_loop+0x35/0x90 [ 322.895407][T15002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.901326][T15002] RIP: 0033:0x7fa49f7779f9 [ 322.905774][T15002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.925492][T15002] RSP: 002b:00007fa4a0514048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 322.933940][T15002] RAX: ffffffffffffffda RBX: 00007fa49f905f80 RCX: 00007fa49f7779f9 [ 322.941936][T15002] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 322.949929][T15002] RBP: 00007fa4a05140a0 R08: 0000000000000000 R09: 0000000000000000 [ 322.957933][T15002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 322.965925][T15002] R13: 000000000000000b R14: 00007fa49f905f80 R15: 00007ffffa846cd8 [ 322.973935][T15002] [ 322.982532][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 323.189850][T14989] caif0 speed is unknown, defaulting to 1000 [ 323.461839][T15032] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3389'. [ 323.537210][T15032] netlink: 188 bytes leftover after parsing attributes in process `syz.4.3389'. [ 323.569058][T15032] netlink: 'syz.4.3389': attribute type 1 has an invalid length. [ 323.577940][T15035] netlink: 'syz.0.3390': attribute type 1 has an invalid length. [ 323.697316][T15035] 8021q: adding VLAN 0 to HW filter on device bond7 [ 324.122909][T15060] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3397'. [ 324.174646][T15060] netlink: 188 bytes leftover after parsing attributes in process `syz.4.3397'. [ 324.186535][T15061] x_tables: duplicate underflow at hook 2 [ 324.197757][T15060] netlink: 'syz.4.3397': attribute type 1 has an invalid length. [ 324.396019][T15066] netlink: 'syz.3.3399': attribute type 1 has an invalid length. [ 324.447764][T15066] 8021q: adding VLAN 0 to HW filter on device bond7 [ 324.645936][T15077] Bluetooth: hci3: unsupported parameter 64512 [ 324.665718][T15077] Bluetooth: hci3: invalid length 0, exp 2 for type 13 [ 324.774136][T15083] netlink: 'syz.0.3405': attribute type 1 has an invalid length. [ 324.808470][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 324.816538][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 324.920503][T15083] 8021q: adding VLAN 0 to HW filter on device bond8 [ 324.928159][T15088] netlink: 'syz.1.3404': attribute type 21 has an invalid length. [ 324.970246][T15088] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3404'. [ 325.041698][T15088] netlink: 'syz.1.3404': attribute type 1 has an invalid length. [ 325.068586][T15088] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3404'. [ 325.726800][T15123] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3418'. [ 325.757648][T15127] netlink: 'syz.2.3420': attribute type 1 has an invalid length. [ 325.856071][T15127] 8021q: adding VLAN 0 to HW filter on device bond10 [ 326.080513][T15132] syzkaller0: entered promiscuous mode [ 326.096366][T15132] syzkaller0: entered allmulticast mode [ 326.891639][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 326.899586][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 327.919705][T15167] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3433'. [ 328.334699][T15183] lo speed is unknown, defaulting to 1000 [ 328.425218][T15196] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3443'. [ 328.773820][T15208] netlink: 'syz.1.3448': attribute type 3 has an invalid length. [ 328.934715][T15211] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 328.968890][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 328.976987][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 329.336392][T15191] lo speed is unknown, defaulting to 1000 [ 329.392037][T15183] caif0 speed is unknown, defaulting to 1000 [ 329.758948][T15241] netlink: 4272 bytes leftover after parsing attributes in process `syz.1.3461'. [ 329.827654][T15191] caif0 speed is unknown, defaulting to 1000 [ 330.273948][T15255] lo speed is unknown, defaulting to 1000 [ 331.035916][T15277] netlink: 4272 bytes leftover after parsing attributes in process `syz.3.3475'. [ 331.048460][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 331.056368][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 331.109361][T15255] caif0 speed is unknown, defaulting to 1000 [ 331.390874][T15288] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3479'. [ 331.429157][T15287] lo speed is unknown, defaulting to 1000 [ 331.632979][T15294] netlink: 'syz.4.3481': attribute type 1 has an invalid length. [ 331.755698][T15294] 8021q: adding VLAN 0 to HW filter on device bond6 [ 332.129657][T15288] veth0_vlan: entered allmulticast mode [ 332.180316][T15288] tipc: Resetting bearer [ 332.250066][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 332.258618][ C1] bridge0: port 2(bridge_slave_1) entered learning state [ 332.684339][T15287] caif0 speed is unknown, defaulting to 1000 [ 332.694018][T15307] lo speed is unknown, defaulting to 1000 [ 333.128466][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 333.136424][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 333.199932][T15317] netlink: 'syz.0.3488': attribute type 10 has an invalid length. [ 333.218542][T15317] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3488'. [ 333.230445][T15317] bridge0: port 3(dummy0) entered blocking state [ 333.237079][T15317] bridge0: port 3(dummy0) entered disabled state [ 333.244037][T15317] dummy0: entered allmulticast mode [ 333.251687][T15317] dummy0: entered promiscuous mode [ 333.258159][T15317] bridge0: port 3(dummy0) entered blocking state [ 333.264804][T15317] bridge0: port 3(dummy0) entered listening state [ 333.347867][T15307] caif0 speed is unknown, defaulting to 1000 [ 333.415200][T15322] netlink: 5312 bytes leftover after parsing attributes in process `syz.0.3489'. [ 334.200894][T15333] netlink: 'syz.2.3492': attribute type 1 has an invalid length. [ 334.316477][T15333] 8021q: adding VLAN 0 to HW filter on device bond11 [ 334.703090][T15339] set match dimension is over the limit! [ 335.208808][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 335.216851][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 335.269900][T15356] netlink: 'syz.0.3498': attribute type 12 has an invalid length. [ 335.272166][T15357] netlink: 5312 bytes leftover after parsing attributes in process `syz.2.3500'. [ 335.294445][T15356] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3498'. [ 335.534770][T15364] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3502'. [ 335.576835][T15369] netlink: 'syz.4.3503': attribute type 1 has an invalid length. [ 335.645702][T15369] 8021q: adding VLAN 0 to HW filter on device bond7 [ 335.716935][T15373] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3505'. [ 335.762891][T15373] netlink: 188 bytes leftover after parsing attributes in process `syz.1.3505'. [ 335.775740][T15373] netlink: 'syz.1.3505': attribute type 1 has an invalid length. [ 335.979868][T15387] lo speed is unknown, defaulting to 1000 [ 336.311731][T15387] caif0 speed is unknown, defaulting to 1000 [ 336.625516][T15396] netlink: 5312 bytes leftover after parsing attributes in process `syz.2.3512'. [ 336.859443][T15402] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3515'. [ 336.894909][T15402] netlink: 188 bytes leftover after parsing attributes in process `syz.3.3515'. [ 336.921089][T15402] netlink: 'syz.3.3515': attribute type 1 has an invalid length. [ 336.967157][T15406] netlink: 'syz.1.3516': attribute type 13 has an invalid length. [ 336.988624][T15406] netlink: 'syz.1.3516': attribute type 58 has an invalid length. [ 337.288539][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 337.296519][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 337.623992][T15413] netlink: 'syz.3.3517': attribute type 1 has an invalid length. [ 337.709859][T15413] 8021q: adding VLAN 0 to HW filter on device bond8 [ 338.214105][T15439] netlink: 'syz.1.3527': attribute type 1 has an invalid length. [ 338.409112][T15443] lo speed is unknown, defaulting to 1000 [ 338.695478][T15455] syzkaller1: entered promiscuous mode [ 338.713976][T15455] syzkaller1: entered allmulticast mode [ 339.226170][T15463] netlink: 'syz.1.3534': attribute type 13 has an invalid length. [ 339.242793][T15463] netlink: 'syz.1.3534': attribute type 58 has an invalid length. [ 339.262106][T15463] __nla_validate_parse: 4 callbacks suppressed [ 339.262128][T15463] netlink: 152 bytes leftover after parsing attributes in process `syz.1.3534'. [ 339.299319][T15443] caif0 speed is unknown, defaulting to 1000 [ 339.368482][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 339.376451][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 339.552513][T15475] FAULT_INJECTION: forcing a failure. [ 339.552513][T15475] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 339.587982][T15475] CPU: 1 UID: 0 PID: 15475 Comm: syz.3.3538 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 339.598798][T15475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 339.608869][T15475] Call Trace: [ 339.612158][T15475] [ 339.615095][T15475] dump_stack_lvl+0x241/0x360 [ 339.619801][T15475] ? __pfx_dump_stack_lvl+0x10/0x10 [ 339.625019][T15475] ? __pfx__printk+0x10/0x10 [ 339.629633][T15475] ? __pfx_lock_release+0x10/0x10 [ 339.634679][T15475] ? vfs_write+0x7c4/0xc90 [ 339.639120][T15475] should_fail_ex+0x3b0/0x4e0 [ 339.643819][T15475] _copy_from_user+0x2f/0xe0 [ 339.648420][T15475] __sys_bpf+0x1a4/0x810 [ 339.652683][T15475] ? __pfx___sys_bpf+0x10/0x10 [ 339.657486][T15475] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 339.663577][T15475] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 339.669935][T15475] ? do_syscall_64+0x100/0x230 [ 339.674726][T15475] __x64_sys_bpf+0x7c/0x90 [ 339.679168][T15475] do_syscall_64+0xf3/0x230 [ 339.683685][T15475] ? clear_bhb_loop+0x35/0x90 [ 339.688371][T15475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.694296][T15475] RIP: 0033:0x7fa49f7779f9 [ 339.698726][T15475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 339.718350][T15475] RSP: 002b:00007fa4a0514048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 339.726819][T15475] RAX: ffffffffffffffda RBX: 00007fa49f905f80 RCX: 00007fa49f7779f9 [ 339.734816][T15475] RDX: 0000000000000090 RSI: 0000000020000240 RDI: 0000000000000005 [ 339.742821][T15475] RBP: 00007fa4a05140a0 R08: 0000000000000000 R09: 0000000000000000 [ 339.750815][T15475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 339.758807][T15475] R13: 000000000000000b R14: 00007fa49f905f80 R15: 00007ffffa846cd8 [ 339.766821][T15475] [ 339.907747][T15486] FAULT_INJECTION: forcing a failure. [ 339.907747][T15486] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 339.948713][T15486] CPU: 0 UID: 0 PID: 15486 Comm: syz.4.3541 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 339.959539][T15486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 339.969617][T15486] Call Trace: [ 339.972913][T15486] [ 339.975866][T15486] dump_stack_lvl+0x241/0x360 [ 339.980577][T15486] ? __pfx_dump_stack_lvl+0x10/0x10 [ 339.985809][T15486] ? __pfx__printk+0x10/0x10 [ 339.990433][T15486] ? __pfx_lock_release+0x10/0x10 [ 339.995498][T15486] should_fail_ex+0x3b0/0x4e0 [ 340.000226][T15486] _copy_from_user+0x2f/0xe0 [ 340.004849][T15486] copy_msghdr_from_user+0xae/0x680 [ 340.010085][T15486] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 340.015940][T15486] __sys_sendmsg+0x23d/0x3a0 [ 340.020558][T15486] ? __pfx___sys_sendmsg+0x10/0x10 [ 340.025690][T15486] ? vfs_write+0x7c4/0xc90 [ 340.030346][T15486] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 340.036701][T15486] ? do_syscall_64+0x100/0x230 [ 340.041505][T15486] ? do_syscall_64+0xb6/0x230 [ 340.046231][T15486] do_syscall_64+0xf3/0x230 [ 340.050764][T15486] ? clear_bhb_loop+0x35/0x90 [ 340.055469][T15486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.061398][T15486] RIP: 0033:0x7f05b43779f9 [ 340.065837][T15486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 340.085468][T15486] RSP: 002b:00007f05b51c7048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 340.093916][T15486] RAX: ffffffffffffffda RBX: 00007f05b4506058 RCX: 00007f05b43779f9 [ 340.101914][T15486] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 340.109917][T15486] RBP: 00007f05b51c70a0 R08: 0000000000000000 R09: 0000000000000000 [ 340.117907][T15486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 340.125966][T15486] R13: 000000000000006e R14: 00007f05b4506058 R15: 00007ffc45285bb8 [ 340.134148][T15486] [ 340.312538][T15503] infiniband syz0: set active [ 340.329155][T15503] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 340.365070][ T8] lo speed is unknown, defaulting to 1000 [ 340.386567][T15503] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3546'. [ 340.547534][T15514] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3549'. [ 340.558269][T15515] netlink: 144 bytes leftover after parsing attributes in process `syz.2.3550'. [ 340.636260][T15521] IPVS: sync thread started: state = BACKUP, mcast_ifn = wg0, syncid = 4, id = 0 [ 340.955757][T15530] netlink: 'syz.3.3554': attribute type 13 has an invalid length. [ 340.980921][T15530] netlink: 'syz.3.3554': attribute type 58 has an invalid length. [ 341.003127][T15530] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3554'. [ 341.448491][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 341.456598][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 342.058297][T15576] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 342.065606][T15576] IPv6: NLM_F_CREATE should be set when creating new route [ 342.325486][T15586] lo speed is unknown, defaulting to 1000 [ 342.711922][T15602] netlink: 'syz.2.3576': attribute type 13 has an invalid length. [ 342.728826][T15602] netlink: 'syz.2.3576': attribute type 58 has an invalid length. [ 342.736771][T15602] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3576'. [ 342.788775][T15604] x_tables: duplicate underflow at hook 2 [ 342.846532][T15586] caif0 speed is unknown, defaulting to 1000 [ 343.500077][T15633] FAULT_INJECTION: forcing a failure. [ 343.500077][T15633] name failslab, interval 1, probability 0, space 0, times 0 [ 343.528515][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 343.536493][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 343.538494][T15633] CPU: 0 UID: 0 PID: 15633 Comm: syz.0.3585 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 343.561688][T15633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 343.571757][T15633] Call Trace: [ 343.575022][T15633] [ 343.578025][T15633] dump_stack_lvl+0x241/0x360 [ 343.582715][T15633] ? __pfx_dump_stack_lvl+0x10/0x10 [ 343.587939][T15633] ? __pfx__printk+0x10/0x10 [ 343.592555][T15633] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 343.598558][T15633] ? __pfx___might_resched+0x10/0x10 [ 343.603963][T15633] should_fail_ex+0x3b0/0x4e0 [ 343.608676][T15633] should_failslab+0xac/0x100 [ 343.613379][T15633] ? __alloc_skb+0x1c3/0x440 [ 343.617971][T15633] kmem_cache_alloc_node_noprof+0x71/0x320 [ 343.623776][T15633] __alloc_skb+0x1c3/0x440 [ 343.628191][T15633] ? __pfx___alloc_skb+0x10/0x10 [ 343.633128][T15633] ? netlink_autobind+0xd6/0x2f0 [ 343.638058][T15633] ? netlink_autobind+0x2b0/0x2f0 [ 343.643081][T15633] netlink_sendmsg+0x638/0xcb0 [ 343.647855][T15633] ? __pfx_netlink_sendmsg+0x10/0x10 [ 343.653139][T15633] ? __import_iovec+0x536/0x820 [ 343.658069][T15633] ? aa_sock_msg_perm+0x91/0x160 [ 343.663001][T15633] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 343.668278][T15633] ? security_socket_sendmsg+0x87/0xb0 [ 343.673754][T15633] ? __pfx_netlink_sendmsg+0x10/0x10 [ 343.679033][T15633] __sock_sendmsg+0x221/0x270 [ 343.683707][T15633] ____sys_sendmsg+0x525/0x7d0 [ 343.688468][T15633] ? __pfx_____sys_sendmsg+0x10/0x10 [ 343.693753][T15633] __sys_sendmsg+0x2b0/0x3a0 [ 343.698335][T15633] ? __pfx___sys_sendmsg+0x10/0x10 [ 343.703703][T15633] ? vfs_write+0x7c4/0xc90 [ 343.708145][T15633] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 343.714469][T15633] ? do_syscall_64+0x100/0x230 [ 343.719401][T15633] ? do_syscall_64+0xb6/0x230 [ 343.724073][T15633] do_syscall_64+0xf3/0x230 [ 343.728572][T15633] ? clear_bhb_loop+0x35/0x90 [ 343.733239][T15633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.739127][T15633] RIP: 0033:0x7ff0e99779f9 [ 343.743533][T15633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 343.763136][T15633] RSP: 002b:00007ff0ea7ef048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 343.771550][T15633] RAX: ffffffffffffffda RBX: 00007ff0e9b05f80 RCX: 00007ff0e99779f9 [ 343.779550][T15633] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 343.787525][T15633] RBP: 00007ff0ea7ef0a0 R08: 0000000000000000 R09: 0000000000000000 [ 343.795490][T15633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 343.803459][T15633] R13: 000000000000000b R14: 00007ff0e9b05f80 R15: 00007ffd6b9de6d8 [ 343.811437][T15633] [ 344.409773][T15668] netlink: 'syz.0.3597': attribute type 13 has an invalid length. [ 344.427907][T15668] netlink: 'syz.0.3597': attribute type 58 has an invalid length. [ 344.446363][T15668] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3597'. [ 344.501970][T15673] FAULT_INJECTION: forcing a failure. [ 344.501970][T15673] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 344.558671][T15673] CPU: 0 UID: 0 PID: 15673 Comm: syz.1.3599 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 344.569573][T15673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 344.579684][T15673] Call Trace: [ 344.582990][T15673] [ 344.585928][T15673] dump_stack_lvl+0x241/0x360 [ 344.590635][T15673] ? __pfx_dump_stack_lvl+0x10/0x10 [ 344.595860][T15673] ? __pfx__printk+0x10/0x10 [ 344.600454][T15673] ? __pfx_lock_release+0x10/0x10 [ 344.605501][T15673] ? vfs_write+0x7c4/0xc90 [ 344.609934][T15673] should_fail_ex+0x3b0/0x4e0 [ 344.614635][T15673] _copy_from_user+0x2f/0xe0 [ 344.619236][T15673] __sys_bpf+0x1a4/0x810 [ 344.623501][T15673] ? __pfx___sys_bpf+0x10/0x10 [ 344.628274][T15673] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 344.634255][T15673] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 344.640584][T15673] ? do_syscall_64+0x100/0x230 [ 344.645350][T15673] __x64_sys_bpf+0x7c/0x90 [ 344.649760][T15673] do_syscall_64+0xf3/0x230 [ 344.654260][T15673] ? clear_bhb_loop+0x35/0x90 [ 344.658930][T15673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.664821][T15673] RIP: 0033:0x7fcfb13779f9 [ 344.669235][T15673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 344.688922][T15673] RSP: 002b:00007fcfb0dff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 344.697330][T15673] RAX: ffffffffffffffda RBX: 00007fcfb1505f80 RCX: 00007fcfb13779f9 [ 344.705291][T15673] RDX: 0000000000000050 RSI: 0000000020000c80 RDI: 000000000000000a [ 344.713254][T15673] RBP: 00007fcfb0dff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 344.721216][T15673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 344.729192][T15673] R13: 000000000000004d R14: 00007fcfb1505f80 R15: 00007ffcd7ff2458 [ 344.737280][T15673] [ 345.356949][T15700] sctp: [Deprecated]: syz.2.3610 (pid 15700) Use of int in max_burst socket option. [ 345.356949][T15700] Use struct sctp_assoc_value instead [ 345.362195][T15698] lo speed is unknown, defaulting to 1000 [ 345.387045][T15703] netlink: 5312 bytes leftover after parsing attributes in process `syz.4.3609'. [ 345.608530][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 345.616522][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 345.747738][T15719] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 345.815587][T15727] FAULT_INJECTION: forcing a failure. [ 345.815587][T15727] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 345.840603][T15727] CPU: 1 UID: 0 PID: 15727 Comm: syz.4.3617 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 345.851416][T15727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 345.861498][T15727] Call Trace: [ 345.864793][T15727] [ 345.867741][T15727] dump_stack_lvl+0x241/0x360 [ 345.872449][T15727] ? __pfx_dump_stack_lvl+0x10/0x10 [ 345.877676][T15727] ? __pfx__printk+0x10/0x10 [ 345.882288][T15727] ? __pfx_lock_release+0x10/0x10 [ 345.887342][T15727] should_fail_ex+0x3b0/0x4e0 [ 345.892049][T15727] _copy_from_iter+0x1f6/0x1960 [ 345.896923][T15727] ? __virt_addr_valid+0x183/0x530 [ 345.902059][T15727] ? __pfx_lock_release+0x10/0x10 [ 345.907117][T15727] ? __alloc_skb+0x28f/0x440 [ 345.911730][T15727] ? __pfx__copy_from_iter+0x10/0x10 [ 345.917036][T15727] ? __virt_addr_valid+0x183/0x530 [ 345.922167][T15727] ? __virt_addr_valid+0x183/0x530 [ 345.927391][T15727] ? __virt_addr_valid+0x45f/0x530 [ 345.932531][T15727] ? __check_object_size+0x49c/0x900 [ 345.937844][T15727] netlink_sendmsg+0x73d/0xcb0 [ 345.942649][T15727] ? __pfx_netlink_sendmsg+0x10/0x10 [ 345.947960][T15727] ? __import_iovec+0x536/0x820 [ 345.952828][T15727] ? aa_sock_msg_perm+0x91/0x160 [ 345.957835][T15727] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 345.963148][T15727] ? security_socket_sendmsg+0x87/0xb0 [ 345.968641][T15727] ? __pfx_netlink_sendmsg+0x10/0x10 [ 345.973947][T15727] __sock_sendmsg+0x221/0x270 [ 345.978657][T15727] ____sys_sendmsg+0x525/0x7d0 [ 345.983452][T15727] ? __pfx_____sys_sendmsg+0x10/0x10 [ 345.988779][T15727] __sys_sendmsg+0x2b0/0x3a0 [ 345.991532][T15726] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3618'. [ 345.993390][T15727] ? __pfx___sys_sendmsg+0x10/0x10 [ 345.993417][T15727] ? vfs_write+0x7c4/0xc90 [ 345.993475][T15727] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 346.018116][T15727] ? do_syscall_64+0x100/0x230 [ 346.022899][T15727] ? do_syscall_64+0xb6/0x230 [ 346.027592][T15727] do_syscall_64+0xf3/0x230 [ 346.032104][T15727] ? clear_bhb_loop+0x35/0x90 [ 346.036808][T15727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.042732][T15727] RIP: 0033:0x7f05b43779f9 [ 346.047171][T15727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 346.066804][T15727] RSP: 002b:00007f05b51c7048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 346.075246][T15727] RAX: ffffffffffffffda RBX: 00007f05b4506058 RCX: 00007f05b43779f9 [ 346.083240][T15727] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 346.091236][T15727] RBP: 00007f05b51c70a0 R08: 0000000000000000 R09: 0000000000000000 [ 346.099229][T15727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 346.107217][T15727] R13: 000000000000006e R14: 00007f05b4506058 R15: 00007ffc45285bb8 [ 346.115227][T15727] [ 346.240576][T15698] caif0 speed is unknown, defaulting to 1000 [ 346.244707][T15736] netlink: 'syz.3.3621': attribute type 13 has an invalid length. [ 346.291412][T15736] netlink: 'syz.3.3621': attribute type 58 has an invalid length. [ 346.321044][T15736] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3621'. [ 346.378666][T15741] netlink: 5312 bytes leftover after parsing attributes in process `syz.4.3623'. [ 346.805115][T15750] lo speed is unknown, defaulting to 1000 [ 347.406175][T15766] bridge_slave_1: left allmulticast mode [ 347.425491][T15766] bridge_slave_1: left promiscuous mode [ 347.464574][T15766] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.531858][T15754] lo speed is unknown, defaulting to 1000 [ 347.584421][T15777] netlink: 5056 bytes leftover after parsing attributes in process `syz.3.3635'. [ 347.608579][ C1] bridge0: port 2(bridge_slave_1) entered forwarding state [ 347.615899][ C1] bridge0: topology change detected, propagating [ 347.623876][ C1] bridge0: port 1(bridge_slave_0) entered forwarding state [ 347.631168][ C1] bridge0: topology change detected, propagating [ 347.688588][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 347.696648][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 347.814609][T15784] FAULT_INJECTION: forcing a failure. [ 347.814609][T15784] name failslab, interval 1, probability 0, space 0, times 0 [ 347.843525][T15784] CPU: 0 UID: 0 PID: 15784 Comm: syz.3.3639 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 347.854344][T15784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 347.864857][T15784] Call Trace: [ 347.868261][T15784] [ 347.871221][T15784] dump_stack_lvl+0x241/0x360 [ 347.875963][T15784] ? __pfx_dump_stack_lvl+0x10/0x10 [ 347.881213][T15784] ? __pfx__printk+0x10/0x10 [ 347.885843][T15784] ? __kmalloc_noprof+0xb0/0x400 [ 347.890826][T15784] ? __pfx___might_resched+0x10/0x10 [ 347.896158][T15784] should_fail_ex+0x3b0/0x4e0 [ 347.901142][T15784] ? bpf_test_init+0xe1/0x180 [ 347.905851][T15784] should_failslab+0xac/0x100 [ 347.910579][T15784] ? bpf_test_init+0xe1/0x180 [ 347.915273][T15784] __kmalloc_noprof+0xd8/0x400 [ 347.920044][T15784] bpf_test_init+0xe1/0x180 [ 347.924548][T15784] bpf_prog_test_run_xdp+0x48e/0x11b0 [ 347.930384][T15784] ? __pfx_lock_acquire+0x10/0x10 [ 347.935584][T15784] ? __pfx_lock_release+0x10/0x10 [ 347.940619][T15784] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 347.946421][T15784] ? __fget_files+0x29/0x470 [ 347.951019][T15784] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 347.956826][T15784] bpf_prog_test_run+0x33a/0x3b0 [ 347.961772][T15784] __sys_bpf+0x48d/0x810 [ 347.966014][T15784] ? __pfx___sys_bpf+0x10/0x10 [ 347.970871][T15784] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 347.976861][T15784] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 347.983191][T15784] ? do_syscall_64+0x100/0x230 [ 347.988039][T15784] __x64_sys_bpf+0x7c/0x90 [ 347.992472][T15784] do_syscall_64+0xf3/0x230 [ 347.997430][T15784] ? clear_bhb_loop+0x35/0x90 [ 348.002218][T15784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.008127][T15784] RIP: 0033:0x7fa49f7779f9 [ 348.012557][T15784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.032156][T15784] RSP: 002b:00007fa4a0514048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 348.040563][T15784] RAX: ffffffffffffffda RBX: 00007fa49f905f80 RCX: 00007fa49f7779f9 [ 348.048543][T15784] RDX: 0000000000000057 RSI: 0000000020000240 RDI: 000000000000000a [ 348.056600][T15784] RBP: 00007fa4a05140a0 R08: 0000000000000000 R09: 0000000000000000 [ 348.064563][T15784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 348.072524][T15784] R13: 000000000000000b R14: 00007fa49f905f80 R15: 00007ffffa846cd8 [ 348.080502][T15784] [ 348.154920][T15759] netlink: 'syz.4.3627': attribute type 49 has an invalid length. [ 348.183471][T15751] netlink: 'syz.4.3627': attribute type 49 has an invalid length. [ 348.202449][T15791] netlink: 'syz.2.3642': attribute type 13 has an invalid length. [ 348.212402][T15791] netlink: 'syz.2.3642': attribute type 58 has an invalid length. [ 348.232108][T15791] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3642'. [ 348.254463][T15754] caif0 speed is unknown, defaulting to 1000 [ 348.888535][ C1] bridge0: port 3(dummy0) entered learning state [ 348.908031][T15801] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3646'. [ 349.769242][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 349.777105][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 350.673319][T15750] caif0 speed is unknown, defaulting to 1000 [ 351.320983][T15838] netlink: 'syz.3.3661': attribute type 13 has an invalid length. [ 351.358168][T15838] netlink: 'syz.3.3661': attribute type 58 has an invalid length. [ 351.450715][T15838] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3661'. [ 351.848524][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 351.856422][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 352.262022][T15862] netlink: 'syz.3.3668': attribute type 1 has an invalid length. [ 352.384587][T15862] 8021q: adding VLAN 0 to HW filter on device bond9 [ 352.401250][T15870] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3669'. [ 352.521247][T15873] netlink: 'syz.4.3671': attribute type 1 has an invalid length. [ 352.540045][T15873] netlink: 9280 bytes leftover after parsing attributes in process `syz.4.3671'. [ 352.556114][T15873] netlink: 'syz.4.3671': attribute type 1 has an invalid length. [ 352.596869][T15873] netlink: 'syz.4.3671': attribute type 1 has an invalid length. [ 353.067402][T15894] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3678'. [ 353.261910][T15904] validate_nla: 2 callbacks suppressed [ 353.261929][T15904] netlink: 'syz.1.3683': attribute type 1 has an invalid length. [ 353.279273][T15905] FAULT_INJECTION: forcing a failure. [ 353.279273][T15905] name failslab, interval 1, probability 0, space 0, times 0 [ 353.311048][T15904] 8021q: adding VLAN 0 to HW filter on device bond11 [ 353.355738][T15905] CPU: 0 UID: 0 PID: 15905 Comm: syz.0.3682 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 353.366553][T15905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 353.376641][T15905] Call Trace: [ 353.379943][T15905] [ 353.382890][T15905] dump_stack_lvl+0x241/0x360 [ 353.387606][T15905] ? __pfx_dump_stack_lvl+0x10/0x10 [ 353.392837][T15905] ? __pfx__printk+0x10/0x10 [ 353.397459][T15905] ? fs_reclaim_acquire+0x93/0x140 [ 353.402597][T15905] ? __pfx___might_resched+0x10/0x10 [ 353.407920][T15905] should_fail_ex+0x3b0/0x4e0 [ 353.412643][T15905] ? tomoyo_encode+0x26f/0x540 [ 353.417452][T15905] should_failslab+0xac/0x100 [ 353.422159][T15905] ? tomoyo_encode+0x26f/0x540 [ 353.426949][T15905] __kmalloc_noprof+0xd8/0x400 [ 353.431738][T15905] tomoyo_encode+0x26f/0x540 [ 353.436366][T15905] tomoyo_realpath_from_path+0x59e/0x5e0 [ 353.442043][T15905] tomoyo_path_number_perm+0x23a/0x880 [ 353.447534][T15905] ? tomoyo_path_number_perm+0x208/0x880 [ 353.453175][T15905] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 353.459203][T15905] ? __fget_files+0x29/0x470 [ 353.463851][T15905] ? __fget_files+0x3f6/0x470 [ 353.468549][T15905] ? __fget_files+0x29/0x470 [ 353.473163][T15905] security_file_ioctl+0x75/0xb0 [ 353.478125][T15905] __se_sys_ioctl+0x47/0x170 [ 353.482739][T15905] do_syscall_64+0xf3/0x230 [ 353.487266][T15905] ? clear_bhb_loop+0x35/0x90 [ 353.491959][T15905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.497876][T15905] RIP: 0033:0x7ff0e99779f9 [ 353.502315][T15905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 353.521946][T15905] RSP: 002b:00007ff0ea7ef048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 353.530390][T15905] RAX: ffffffffffffffda RBX: 00007ff0e9b05f80 RCX: 00007ff0e99779f9 [ 353.538384][T15905] RDX: 000000002000000a RSI: 000000004004743b RDI: 0000000000000003 [ 353.546375][T15905] RBP: 00007ff0ea7ef0a0 R08: 0000000000000000 R09: 0000000000000000 [ 353.554450][T15905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 353.562437][T15905] R13: 000000000000000b R14: 00007ff0e9b05f80 R15: 00007ffd6b9de6d8 [ 353.570536][T15905] [ 353.626826][T15905] ERROR: Out of memory at tomoyo_realpath_from_path. [ 353.903867][T15927] FAULT_INJECTION: forcing a failure. [ 353.903867][T15927] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 353.928477][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 353.936413][ C1] batman_adv: batadv0: Local translation table size (88) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 353.938624][T15927] CPU: 0 UID: 0 PID: 15927 Comm: syz.1.3688 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 353.961414][T15927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 353.971469][T15927] Call Trace: [ 353.974741][T15927] [ 353.977662][T15927] dump_stack_lvl+0x241/0x360 [ 353.982352][T15927] ? __pfx_dump_stack_lvl+0x10/0x10 [ 353.987545][T15927] ? __pfx__printk+0x10/0x10 [ 353.992164][T15927] ? __pfx_lock_release+0x10/0x10 [ 353.997204][T15927] should_fail_ex+0x3b0/0x4e0 [ 354.001900][T15927] _copy_from_iter+0x1f6/0x1960 [ 354.006750][T15927] ? __virt_addr_valid+0x183/0x530 [ 354.011854][T15927] ? __pfx_lock_release+0x10/0x10 [ 354.016876][T15927] ? __alloc_skb+0x28f/0x440 [ 354.021461][T15927] ? __pfx__copy_from_iter+0x10/0x10 [ 354.026738][T15927] ? __virt_addr_valid+0x183/0x530 [ 354.031837][T15927] ? __virt_addr_valid+0x183/0x530 [ 354.036938][T15927] ? __virt_addr_valid+0x45f/0x530 [ 354.042037][T15927] ? __check_object_size+0x49c/0x900 [ 354.047315][T15927] netlink_sendmsg+0x73d/0xcb0 [ 354.052090][T15927] ? __pfx_netlink_sendmsg+0x10/0x10 [ 354.057371][T15927] ? __import_iovec+0x536/0x820 [ 354.062216][T15927] ? aa_sock_msg_perm+0x91/0x160 [ 354.067232][T15927] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 354.072516][T15927] ? security_socket_sendmsg+0x87/0xb0 [ 354.077978][T15927] ? __pfx_netlink_sendmsg+0x10/0x10 [ 354.083258][T15927] __sock_sendmsg+0x221/0x270 [ 354.087932][T15927] ____sys_sendmsg+0x525/0x7d0 [ 354.092705][T15927] ? __pfx_____sys_sendmsg+0x10/0x10 [ 354.097987][T15927] __sys_sendmsg+0x2b0/0x3a0 [ 354.102568][T15927] ? __pfx___sys_sendmsg+0x10/0x10 [ 354.107689][T15927] ? vfs_write+0x7c4/0xc90 [ 354.112157][T15927] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 354.118501][T15927] ? do_syscall_64+0x100/0x230 [ 354.123271][T15927] ? do_syscall_64+0xb6/0x230 [ 354.127943][T15927] do_syscall_64+0xf3/0x230 [ 354.132441][T15927] ? clear_bhb_loop+0x35/0x90 [ 354.137107][T15927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.142997][T15927] RIP: 0033:0x7fcfb13779f9 [ 354.147401][T15927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 354.166999][T15927] RSP: 002b:00007fcfb0dde048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 354.175428][T15927] RAX: ffffffffffffffda RBX: 00007fcfb1506058 RCX: 00007fcfb13779f9 [ 354.183433][T15927] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000004 [ 354.191494][T15927] RBP: 00007fcfb0dde0a0 R08: 0000000000000000 R09: 0000000000000000 [ 354.199550][T15927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 354.207514][T15927] R13: 000000000000006e R14: 00007fcfb1506058 R15: 00007ffcd7ff2458 [ 354.215488][T15927] [ 354.353100][ T5279] jump_label: Fatal kernel bug, unexpected op at tcp_inbound_hash+0x476/0x9d0 [ffffffff8a188466] (e9 e1 02 00 00 != 0f 1f 44 00 00)) size:5 type:1 [ 354.369035][ T5279] ------------[ cut here ]------------ [ 354.374603][ T5279] kernel BUG at arch/x86/kernel/jump_label.c:73! [ 354.381068][ T5279] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 354.388014][ T5279] CPU: 1 UID: 0 PID: 5279 Comm: kworker/1:5 Not tainted 6.11.0-rc1-syzkaller-00261-geec9de035410 #0 [ 354.398783][ T5279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 354.409119][ T5279] Workqueue: events jump_label_update_timeout [ 354.415221][ T5279] RIP: 0010:__jump_label_patch+0x463/0x490 [ 354.421056][ T5279] Code: e8 22 82 5f 00 48 c7 c7 60 4f 05 8c 48 8b 0c 24 48 89 ce 48 89 ca 4d 89 e8 4c 8b 4c 24 08 41 54 e8 a2 90 7e 0a 48 83 c4 08 90 <0f> 0b e8 c6 8f 81 0a e8 f1 81 5f 00 90 0f 0b e8 e9 81 5f 00 90 0f [ 354.440682][ T5279] RSP: 0018:ffffc90004537920 EFLAGS: 00010292 [ 354.446764][ T5279] RAX: 0000000000000090 RBX: 00000000000000da RCX: c12bc4e903fb0900 [ 354.454751][ T5279] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 354.462738][ T5279] RBP: ffffc90004537a48 R08: ffffffff8173dfac R09: fffffbfff1cf9f80 [ 354.470730][ T5279] R10: dffffc0000000000 R11: fffffbfff1cf9f80 R12: 0000000000000001 [ 354.478714][ T5279] R13: ffffffff8c056d8a R14: ffffffff931088c0 R15: ffffffff8c056d8a [ 354.486700][ T5279] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 354.495649][ T5279] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 354.502254][ T5279] CR2: 00007fa49f792600 CR3: 000000000e734000 CR4: 00000000003506f0 [ 354.506705][T15942] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3696'. [ 354.510235][ T5279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 354.510253][ T5279] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 354.510265][ T5279] Call Trace: [ 354.510272][ T5279] [ 354.510279][ T5279] ? __die_body+0x88/0xe0 [ 354.510307][ T5279] ? die+0xcf/0x110 [ 354.510330][ T5279] ? do_trap+0x15a/0x3a0 [ 354.510352][ T5279] ? __jump_label_patch+0x463/0x490 [ 354.510376][ T5279] ? do_error_trap+0x1dc/0x2c0 [ 354.510395][ T5279] ? __jump_label_patch+0x463/0x490 [ 354.510419][ T5279] ? __pfx_do_error_trap+0x10/0x10 [ 354.510447][ T5279] ? handle_invalid_op+0x34/0x40 [ 354.510467][ T5279] ? __jump_label_patch+0x463/0x490 [ 354.510487][ T5279] ? exc_invalid_op+0x38/0x50 [ 354.510508][ T5279] ? asm_exc_invalid_op+0x1a/0x20 [ 354.523097][T15940] netlink: 'syz.0.3695': attribute type 1 has an invalid length. [ 354.527367][ T5279] ? __wake_up_klogd+0xcc/0x110 [ 354.544512][T15942] netlink: 188 bytes leftover after parsing attributes in process `syz.2.3696'. [ 354.545820][ T5279] ? __jump_label_patch+0x463/0x490 [ 354.551632][T15942] netlink: 'syz.2.3696': attribute type 1 has an invalid length. [ 354.553817][ T5279] ? tcp_inbound_hash+0x476/0x9d0 [ 354.633408][ T5279] ? __pfx___jump_label_patch+0x10/0x10 [ 354.638961][ T5279] ? tcp_inbound_hash+0x476/0x9d0 [ 354.644145][ T5279] ? tcp_inbound_hash+0x485/0x9d0 [ 354.649188][ T5279] ? tcp_inbound_hash+0x47b/0x9d0 [ 354.654208][ T5279] ? __static_key_slow_dec_cpuslocked+0x21c/0x410 [ 354.660638][ T5279] ? __pfx___mutex_lock+0x10/0x10 [ 354.665669][ T5279] arch_jump_label_transform_queue+0x68/0x100 [ 354.671749][ T5279] __jump_label_update+0x177/0x3a0 [ 354.676900][ T5279] __static_key_slow_dec_cpuslocked+0x250/0x410 [ 354.683223][ T5279] ? __pfx___static_key_slow_dec_cpuslocked+0x10/0x10 [ 354.686800][T15940] 8021q: adding VLAN 0 to HW filter on device bond9 [ 354.689993][ T5279] ? process_scheduled_works+0x945/0x1830 [ 354.690021][ T5279] jump_label_update_timeout+0x1e/0x30 [ 354.690044][ T5279] process_scheduled_works+0xa2c/0x1830 [ 354.690078][ T5279] ? __pfx_process_scheduled_works+0x10/0x10 [ 354.690104][ T5279] ? assign_work+0x364/0x3d0 [ 354.690131][ T5279] worker_thread+0x86d/0xd40 [ 354.728522][ T5279] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 354.734439][ T5279] ? __kthread_parkme+0x169/0x1d0 [ 354.739926][ T5279] ? __pfx_worker_thread+0x10/0x10 [ 354.745062][ T5279] kthread+0x2f0/0x390 [ 354.749150][ T5279] ? __pfx_worker_thread+0x10/0x10 [ 354.754284][ T5279] ? __pfx_kthread+0x10/0x10 [ 354.758887][ T5279] ret_from_fork+0x4b/0x80 [ 354.763328][ T5279] ? __pfx_kthread+0x10/0x10 [ 354.767946][ T5279] ret_from_fork_asm+0x1a/0x30 [ 354.772739][ T5279] [ 354.775762][ T5279] Modules linked in: [ 354.788566][ T5279] ---[ end trace 0000000000000000 ]--- [ 354.794965][ T5279] RIP: 0010:__jump_label_patch+0x463/0x490 [ 354.801394][ T5279] Code: e8 22 82 5f 00 48 c7 c7 60 4f 05 8c 48 8b 0c 24 48 89 ce 48 89 ca 4d 89 e8 4c 8b 4c 24 08 41 54 e8 a2 90 7e 0a 48 83 c4 08 90 <0f> 0b e8 c6 8f 81 0a e8 f1 81 5f 00 90 0f 0b e8 e9 81 5f 00 90 0f [ 354.821238][ T5279] RSP: 0018:ffffc90004537920 EFLAGS: 00010292 [ 354.827995][ T5279] RAX: 0000000000000090 RBX: 00000000000000da RCX: c12bc4e903fb0900 [ 354.836206][ T5279] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 354.860088][ T5279] RBP: ffffc90004537a48 R08: ffffffff8173dfac R09: fffffbfff1cf9f80 [ 354.872148][ T5279] R10: dffffc0000000000 R11: fffffbfff1cf9f80 R12: 0000000000000001 [ 354.881291][ T5279] R13: ffffffff8c056d8a R14: ffffffff931088c0 R15: ffffffff8c056d8a [ 354.891454][ T5279] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 354.900833][ T5279] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 354.907431][ T5279] CR2: 000000110c35fd09 CR3: 000000000e734000 CR4: 00000000003506f0 [ 354.915461][ T5279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 354.923730][ T5279] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 354.931737][ T5279] Kernel panic - not syncing: Fatal exception [ 354.938032][ T5279] Kernel Offset: disabled [ 354.942345][ T5279] Rebooting in 86400 seconds..