last executing test programs: 4.369223491s ago: executing program 1 (id=1525): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000b40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f00000001c0)=ANY=[@ANYRES16=r1, @ANYRES16=r1, @ANYBLOB="010025bd70000000000012000000657f030021da540ce7b7a55c40994ecabfdff625dbd44d4d53bab764874497bef17c63476565372471944be3ab48db9a3003aeb3cfd6605b76a06c0624ef7f8e0873855f78308d49cd12609c63cd4a2c6acbd4cc00b1834ca352fe19f3679f7d47532ccafd4b617d9c473065319515490395d2b079e4283d172e54e274459524af3b967bbd7eadbf8956dba6e412ab86266b56974044eab54de9f00ba6093c5d3fbc3333b6906e7d2118f05f76337c85ff0fd0620000000000000d40ef017095c8ae2c7ea76ef93fec6eb0084b5bf2a3c5bc0286d9f744c76b8b81871f6aa4ef373348ecdee500000000", @ANYRES32=r2, @ANYBLOB="0a000600ffffffffffff00000c0011800400040004000500d256635f5f6a28a4dcfb737528bf7d0f22f3e1a85276d1408b6a97707e45d74521810dd080a788677e3314b147bd3efc79a3a5b4f40cdc0f0db2dc492a4e78b38907a2c8702633b0190490b9a7052f50", @ANYRES16=r0, @ANYRES8=r2], 0x34}}, 0x40004) 4.016661849s ago: executing program 1 (id=1529): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000280)=0xc) sendmsg$netlink(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000580)={0x34, 0x2e, 0x1, 0x70bd2a, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=r2}, @nested={0x1c, 0x0, 0x0, 0x1, [@nested={0x18, 0x131, 0x0, 0x1, [@typed={0x11, 0x11d, 0x0, 0x0, @str='}!#^#\\,/,)\'/\x00'}]}]}]}, 0x34}], 0x1}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000180001424149485cff822f4403002fbd7000fddb", @ANYRES32=0x0, @ANYBLOB="150003000000006006000000212ae55eb0d7e53306000000"], 0x34}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a20000000010a01000000000000000000010000000900010073797a300000000040000000160a01000000000000000000050000000900010063797a30000000000900020073797a31000000001400038008000240000000020800014000000000380000001a0a0101000b000000000000010000000900020073797a3000000000090001"], 0xc0}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000a80)=@mangle={'mangle\x00', 0x44, 0x6, 0x4e0, 0x350, 0x350, 0x350, 0x0, 0x350, 0x448, 0x448, 0x350, 0x448, 0x448, 0x6, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'geneve1\x00', 'veth0_to_team\x00', {}, {}, 0x11, 0x0, 0x41}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xe8, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@osf={{0x50}, {'syz1\x00'}}]}, @ECN={0x28}}, {{@ip={@empty, @empty, 0x0, 0x0, 'pimreg1\x00', 'rose0\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0xe8, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @TTL={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'nr0\x00'}, 0x0, 0x98, 0xf8, 0x0, {}, [@common=@ttl={{0x28}}]}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x540) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000003d0007010000000000000000027c0000040000000c00018006000600894f"], 0x24}}, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) close(0x3) unshare(0x24020400) socket$pppl2tp(0x18, 0x1, 0x1) setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, 0x0, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=@deltclass={0x58, 0x29, 0x100, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x5}, {0xd, 0x3}, {0x4, 0xf}}, [@TCA_RATE={0x6}, @tclass_kind_options=@c_skbprio={0xc}, @TCA_RATE={0x6, 0x5, {0x1, 0x1}}, @tclass_kind_options=@c_fq_codel={0xd}, @TCA_RATE={0x6, 0x5, {0x7, 0x1c}}]}, 0x58}, 0x1, 0x0, 0x0, 0x44050}, 0x4000010) 3.376739273s ago: executing program 1 (id=1536): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000280)={0x18, 0x19, 0x1, 0x70bd26, 0x0, {0x1d, 0xd601, 0x9}, [@nested={0x4, 0x6}]}, 0x18}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073"], 0x7c}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000600)={0x28, 0x2d, 0x503, 0x0, 0x0, "", [@nested={0x18, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0xc, 0xf, 0x0, 0x0, @u64}]}]}, 0x28}], 0x1}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r3, 0x1, 0x0, 0x25dfdbfc, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) 3.160710714s ago: executing program 1 (id=1539): sendmsg$netlink(0xffffffffffffffff, &(0x7f0000007780)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000540)={0x44, 0x0, 0x0, 0x0, 0x0, "", [@nested={0x34, 0xa6, 0x0, 0x1, [@generic="cc3bb830f1074e9edb97ce55e8874191f91c13beaaa08125cff745ce6fc6dd9bc73d485e1a3649e22fac610fa892f83c"]}]}, 0x44}], 0x1}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x1, 0x40, 0x20, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f00000001c0), 0x11003, r0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000280)={0x0, &(0x7f0000000140)=""/83, &(0x7f0000000080), &(0x7f0000000080), 0x6, r0, 0x0, 0x5000000}, 0x38) 2.934432818s ago: executing program 4 (id=1542): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) (async) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000180)={r2, @in={{0x2, 0x4e20, @empty}}, 0x5, 0x20}, 0x90) (async, rerun: 32) r3 = socket(0x2, 0x80805, 0x0) (rerun: 32) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) (async) getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000080)={r5, 0x9}, &(0x7f0000000100)=0x8) (async) r6 = socket$nl_route(0x10, 0x3, 0x0) (async) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) r9 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x503, 0x0, 0x25dfdbfd, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r8}, @IFLA_HSR_SLAVE2={0x8, 0x2, r10}]}}}]}, 0x40}}, 0x0) 2.756457429s ago: executing program 0 (id=1544): syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan0\x00'}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4091}, 0x0) 2.737261533s ago: executing program 4 (id=1545): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="000086dd000311000400000000006e6ad9ba00442f0100000002000000000000ffffac1414bbff020000000000000000000000000001042022eb"], 0x7a) 2.436474996s ago: executing program 0 (id=1548): socket$inet6(0xa, 0x802, 0x56b6) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@delsa={0x28, 0x11, 0x1, 0x70bd28, 0x25dfdbfe, {@in=@broadcast, 0x4d3, 0x2, 0x3c}}, 0x28}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r0, 0x89f4, &(0x7f0000000100)={'sit0\x00', &(0x7f0000000380)={@local, 0x1, 0x0, 0x90, 0x0, [{@dev}, {@initdev}, {}, {@dev}, {@private}, {@local}, {@multicast2}, {@loopback}, {@multicast2}]}}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1c}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00', 0x0}) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) r7 = socket$caif_seqpacket(0x25, 0x5, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000003d80)={0x0, 0x0}, &(0x7f0000003dc0)=0xc) sendmsg$netlink(r6, &(0x7f0000003f00)={0x0, 0x0, &(0x7f0000003d40)=[{&(0x7f0000002780)={0x10, 0x2c, 0x100, 0x70bd25, 0x25dfdbff}, 0x10}], 0x1, &(0x7f0000003ec0)=[@cred={{0x1c, 0x1, 0x2, {0x0, r8}}}], 0x20, 0x20000000}, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000440)={{{@in=@multicast2, @in=@multicast1, 0x4e22, 0xe11d, 0x4e23, 0x9f3d, 0xa, 0xa0, 0x20, 0x29, r5, r8}, {0x100, 0x9, 0x2, 0x9, 0xffffffff80000000, 0xff, 0xfffffffffffff305, 0x6}, {0x9, 0x4, 0x8, 0x4}, 0x5, 0x6e6bbb, 0x1, 0x0, 0x1}, {{@in=@private=0xa010101, 0x4d6, 0x3c}, 0xa, @in=@multicast2, 0x3505, 0x3, 0x0, 0x6, 0x3ff, 0x5, 0x10001}}, 0xe8) socket$inet6_sctp(0xa, 0x1, 0x84) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@updpolicy={0xb8, 0x14, 0x1, 0x10, 0x0, {{@in=@multicast2, @in6=@private1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}}, 0xb8}}, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a1d010000000000000000020000000900010073797a3000000000080002400000000098000000030a0102e9ff000000000000020000000900010073797a30000000000900030073797a32000000006b00030091abc12404cf378042f27d3e08f90a3ffe32f53baa749fe0790a0d0e1f76d056d656332eca6d822a42983bf3e45b0c80e2d273f6cbc7cb"], 0xfc}}, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x16, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@alu={0x4, 0x0, 0x3, 0xa, 0x9, 0xfffffffffffffff0}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8}, @exit, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0xd}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r11}}]}, &(0x7f0000000d40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00'}) 2.100644267s ago: executing program 0 (id=1552): setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0) sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, 0x0, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x20, &(0x7f0000000040)=0x4, 0x4) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f00000034c0)=ANY=[], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r1, 0x8b1b, &(0x7f0000000040)) 1.980785082s ago: executing program 4 (id=1553): socket$packet(0x11, 0x3, 0x300) r0 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x49, 0x20040894, &(0x7f0000000200)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000240), 0x0, 0x4004010, 0x0, 0x0) write$cgroup_type(r0, &(0x7f0000000000), 0x9) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000140)=""/112, 0x70, 0x1, 0x0}, &(0x7f00000001c0)=0x40) 1.978153123s ago: executing program 1 (id=1554): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) recvmmsg(r0, &(0x7f0000002ac0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000018c0)=""/19, 0x13}}], 0x1, 0x40004100, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 1.948341951s ago: executing program 0 (id=1555): setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0) sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, 0x0, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f00000034c0)=ANY=[], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r0, 0x8b1b, &(0x7f0000000040)) (fail_nth: 5) 1.537573206s ago: executing program 0 (id=1559): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001600)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea018512babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7acbf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000005d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd353646000000000000000000002b0000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c30180000000000000c03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3e16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e2e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54ae54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db55474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1386f5800"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x26, 0x0, &(0x7f0000002140)="b9ff030711a5268c019e14f088a847e0ffff00124000632177fbac141416e000030a94029f03", 0x0, 0x1800, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.399069158s ago: executing program 2 (id=1560): r0 = socket$inet6(0xa, 0x800, 0x6) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a32000000001400048008000240326565a708000140000000000900010073797a300000000048000000060a010400000000000000000100000008000b40000000000900010073797a3000000000200004801c0001800b00010072656a65637400000c000280080001400000000114000000110001"], 0xd0}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)={{0x14}, [@NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_POLICY={0x8}]}], {0x14}}, 0x5c}}, 0x0) r3 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_INIT(r3, 0x29, 0xc8, &(0x7f0000000340), 0x4) setsockopt$MRT6_ADD_MFC_PROXY(r3, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x31}}}, {0xa, 0x0, 0x0, @empty}}, 0x5c) setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, &(0x7f0000000080)=0x6, 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x6, @local, 0x54}, 0x1c) socket$inet6(0xa, 0x800, 0x6) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a32000000001400048008000240326565a708000140000000000900010073797a300000000048000000060a010400000000000000000100000008000b40000000000900010073797a3000000000200004801c0001800b00010072656a65637400000c000280080001400000000114000000110001"], 0xd0}}, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)={{0x14}, [@NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_POLICY={0x8}]}], {0x14}}, 0x5c}}, 0x0) (async) socket(0xa, 0x3, 0x3a) (async) setsockopt$MRT6_INIT(r3, 0x29, 0xc8, &(0x7f0000000340), 0x4) (async) setsockopt$MRT6_ADD_MFC_PROXY(r3, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x31}}}, {0xa, 0x0, 0x0, @empty}}, 0x5c) (async) setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, &(0x7f0000000080)=0x6, 0x4) (async) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x6, @local, 0x54}, 0x1c) (async) 1.359127283s ago: executing program 3 (id=1561): sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000380)=ANY=[], 0x190) r0 = socket$igmp6(0xa, 0x3, 0x2) socket$kcm(0x10, 0xd, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000170000000000000000000000000a28000000000a1d010000000000000000020000000900010073797a3000000000080002400000000098000000030a01020000000000000000020000000900010073797a30000000000900030073797a32000000006b00030091abc12404d0c4c731b168d80d1f7f1dbb33f596f8aca1f26c4e54dd3c839c63ecba701f7518abef567139fd50aba0ce94ab8786582ae2f35099ba41b0e7f7"], 0xfc}, 0x1, 0x0, 0x0, 0x40010}, 0x4000914) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_emit_ethernet(0xda, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6002000000a40600fe8000000000000000000000000000bbfe8000000000000000000000000000aa3c0f00000000000007200000000206f8050003000000000000000700000000000000fbffffffffffffff040104000100c91000000000000000000000000000000001072800000000080408000600000000000000c15000000000000002000000000000000008000000000000000100c9100000000080000000000000000000000100000000f1bda6b400abe86500000000004e22", @ANYRES64=r1, @ANYRES32=0x41424344, @ANYBLOB="4000000810780000"], 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x4e24, @multicast1}, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x800) unshare(0x22020400) ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f0000000000)={r2, 0x6, 0xf2, 0x1}) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r5, &(0x7f0000000040)="92ad3ff7091765814b05d82cfbefef964e82f8fee04efd0f619c06a3f3", &(0x7f0000000340)=""/176, 0x4}, 0x20) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000500)={'ip6tnl0\x00', &(0x7f0000000480)={'ip6gre0\x00', 0x0, 0x4, 0x2, 0xd, 0x2e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xae, 0x1, 0x5, 0x27b6}}) 992.550811ms ago: executing program 2 (id=1562): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r0, &(0x7f0000002bc0)={&(0x7f0000001480)={0xa, 0x4e20, 0x5, @dev={0xfe, 0x80, '\x00', 0x39}, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000002a00)=[@flowinfo={{0x14, 0x29, 0xb, 0xfff}}], 0x18}, 0x0) syz_emit_ethernet(0x68, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0xe, 0x4, 0x1, 0x9, 0x5a, 0x66, 0x0, 0xfe, 0x1, 0x0, @multicast2, @multicast1, {[@timestamp_prespec={0x44, 0xc, 0xcc, 0x3, 0x0, [{@rand_addr=0x64010102, 0x7}]}, @noop, @generic={0x88, 0x10, "f1fc68871646e8fded8bc8f76650"}, @ra={0x94, 0x4}]}}, @time_exceeded={0xb, 0x1, 0x0, 0x0, 0xe, 0x0, {0x6, 0x4, 0x2, 0x35, 0x8, 0x67, 0x3ff, 0x9, 0x84, 0x6, @private=0xa010100, @remote, {[@noop]}}, "0f35"}}}}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)={0x2c, r2, 0x31d, 0x0, 0x0, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}]}]}, 0x2c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000000200)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd318", 0x28, 0x6, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @local, {[], {{0xfffe, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x2, 0x0, 0x0, 0x0, {[@generic={0xfe, 0x11, "e6673fcf0b051e0000000000000000"}, @window={0x3, 0x3, 0xfe}]}}}}}}}}, 0x0) r4 = socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) r5 = accept4$vsock_stream(r4, &(0x7f0000000000)={0x28, 0x0, 0x2711, @my=0x0}, 0x10, 0xc0800) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000005c0)=@newqdisc={0x90, 0x24, 0xf0b, 0x18000020, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x60, 0x2, {{0x0, 0x0, 0x0, 0x1, 0x5, 0xf}, [@TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x5, 0x2, 0x4, 0x5}}]}, @TCA_NETEM_SLOT={0x2c, 0xc, {0x4, 0xfffffffffffffff0, 0x0, 0x4, 0x68ab, 0xfffffffffffffffe}}]}}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4048005}, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) r7 = socket$rds(0x15, 0x5, 0x0) bind$rds(r7, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(r7, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) sendmsg$rds(r7, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x4, @initdev={0xac, 0x1e, 0x10, 0x0}}, 0x10, 0x0}, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) 991.561509ms ago: executing program 0 (id=1563): unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[{}], 0x8, 0x10, &(0x7f00000004c0), &(0x7f0000000500), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000be000000000000000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket(0x2b, 0x1, 0x1) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)="6880a642beaf34317f0dd3122a90ad0d2b", 0x11}], 0x1}, 0x0) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000001814010000000000cd0000000800010000000000080003"], 0x20}, 0x1, 0xf00, 0x0, 0x40}, 0x10) r5 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r5, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r7 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r6, &(0x7f0000000440), &(0x7f0000000080)=@udp6=r7}, 0x20) r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=r2, 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, r6, 0x9, '\x00', r1, r8, 0x0, 0x4, 0x1, 0x0, @void, @value, @void, @value}, 0x50) r9 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r9, &(0x7f0000000440)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000780)={0x2, 0x1, 0x0, 0x2, 0xa, 0x0, 0x70bd2c, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}, @sadb_x_sa2={0x2, 0x13, 0x1, 0x0, 0x0, 0x70bd26}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @local}}]}, 0x50}}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r3, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000200)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="000000001200000018001280cd09000000000000000874617000000059fd028048000a00", @ANYRES32=0x0, @ANYBLOB], 0x40}}, 0x0) 964.008102ms ago: executing program 3 (id=1564): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000980)={0x802}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x5a, 0x1, 0xfffffffe, 0xfffffffc, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4004800}, 0x0) 893.526273ms ago: executing program 2 (id=1565): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x80000) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newneigh={0x44, 0x1c, 0x1, 0x70bd2d, 0x25dfdbfb, {0xa, 0x0, 0x0, 0x0, 0x22, 0x5, 0x8}, [@NDA_PROBES={0x8}, @NDA_PROBES={0x8, 0x4, 0xddb}, @NDA_NH_ID={0x8, 0xd, 0xff}, @NDA_FLAGS_EXT={0x8}, @NDA_PROBES={0x8, 0x4, 0x7}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x80) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(r3, 0x6, 0x9, &(0x7f0000000080)={{0x1, @rand_addr, 0x0, 0x4, 'wrr\x00', 0x21, 0x0, 0xfffffffa}, {@broadcast, 0x0, 0x2000, 0x0, 0x0, 0x1}}, 0x44) getsockopt$inet_tcp_int(r3, 0x6, 0x9, 0x0, &(0x7f0000000040)) r4 = socket$inet_sctp(0x2, 0x5, 0x84) r5 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f0000001200)={r6, 0x3ff}, &(0x7f0000001240)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000000)={r6, 0x8, 0x30}, 0xc) 836.686969ms ago: executing program 4 (id=1566): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="48000000110001002abd70001adbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0221000008200200140003006e657464657673696d3000"], 0x48}}, 0x8040) unshare(0x2040400) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={0x0, 0x0}) close(r2) recvmsg$unix(r3, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)=[{&(0x7f0000001600)=""/18, 0x12}], 0x1, &(0x7f0000001880)}, 0x40) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000100)=[{0x30, 0x0, 0x2, 0xfffff000}, {0x80000006}]}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000009400000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2f) 819.540347ms ago: executing program 3 (id=1567): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r5, @ANYBLOB], 0x5c}}, 0x40) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000480)={'batadv0\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000005c0)={'erspan0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000680)={'ip6gre0\x00', &(0x7f0000000600)={'syztnl1\x00', 0x0, 0x0, 0x1, 0x5, 0x400, 0x0, @remote, @mcast1, 0x8040, 0x700, 0x5c3, 0x5}}) sendmsg$ETHTOOL_MSG_RINGS_GET(r0, &(0x7f00000008c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000880)={&(0x7f00000006c0)={0x198, r1, 0x2, 0x70bd2b, 0x25dfdbff, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x198}, 0x1, 0x0, 0x0, 0x40}, 0x4000050) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' ', @ANYRES16=r1, @ANYRES16=r0], 0x20}, 0x1, 0x0, 0x0, 0x24040005}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) 715.961548ms ago: executing program 1 (id=1568): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000f4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4000002, 0x3032, 0xffffffffffffffff, 0x2a1cf000) unshare(0x6a040000) unshare(0x20000400) syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff) socket(0x2000000000000021, 0x2, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@newtaction={0x60, 0x30, 0xffff, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xe4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4000002, 0x3032, 0xffffffffffffffff, 0x2a1cf000) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) bind$phonet(r3, &(0x7f0000000040)={0x23, 0x4, 0x2}, 0x10) 648.756035ms ago: executing program 2 (id=1569): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) unshare(0x400) unshare(0x8000400) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r0, 0x1, 0xe, 0x0, 0x0) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 613.766752ms ago: executing program 4 (id=1570): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="240000002400010029bd7000fddbdf250400e6732df41d96a88400000600040000000000"], 0x24}}, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="260aff7f00ff2300000000000000000082a0f3ff00000000ed6f14f1f414f4f9e0284adbb851c33d0b082a2e0c165acd479437d357389e7e7a5505d539bfa4660a020452188e81a9d981a57a5c861c77f0f446c7644af1837b54a17ecbe1701475811fec02d37bd737bdea6165dd3ac392dc56b848875a2d290f52044b7829cbd3ff2a68bba0783cdb30b941c10ec2063a5c1abc2de4b8d0ac32018116d15b2b343ea678d087cb3b3b6fdb61d9ab6b7286f2b5dd98eaf254e70a5a9046279a23a52087c85436577479e0bf1c794e340420a56edb2f7282723c50f4a107b6188385db344645db8e746c6cedc9e0c70cfe85701bdb060007f791f8d79d8d75b9ab5d004478c76dd0cf1c05aef1f952f309365edcb8b1abcad91b1d385f3fd27939071a71b374076017e52b1997a6861b038f57b46b995fa036533bae6aaeb853bbea123bf9ff464ddda91c3428bae7c92f1e25ff5b5f3a513dbd2b1d33923a3d881c2f9088f3967d0233f19ac40aecc7977d264bfa523d3a3921890d4c8104e4dfa5c96bb046a8fbaa0f801f4d0562c8ab2649795f567c0f5c95e85ec8a8a79ed92807385e501a886b4a2a0916fe4dfc3cde8574d8a726c4fc83c558f0ef7d8de2885427ad53aacb41136b8bb76e0d435d95ce77f0c7b9b7f8b0c6678a649e70f376c75477b593"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r4) sendmsg$NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x4c, r5, 0x201, 0x0, 0xfffffffe, {0x3, 0x0, 0x26}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @empty=0x3a00}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'sit0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @loopback}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x44}}]}, 0x4c}, 0x8, 0x3000000000002}, 0x0) bind$tipc(r3, 0x0, 0x0) socket$tipc(0x1e, 0x2, 0x0) socket$tipc(0x1e, 0x5, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[@ANYRESHEX], 0x48) close(0x3) unshare(0x22020400) bpf$ITER_CREATE(0x21, &(0x7f0000000280), 0x8) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r6}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x20}}, 0x0) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r8 = accept4(r7, 0x0, 0x0, 0x80800) sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) 465.618815ms ago: executing program 3 (id=1571): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010082800000000000ed9469a500", @ANYRES32=r2, @ANYBLOB="10005a800c"], 0x2c}}, 0x0) 360.538069ms ago: executing program 2 (id=1572): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) ioctl$FS_IOC_FSGETXATTR(r4, 0x801c581f, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c0000001000390400000000000001000000e8a42dc1d961000080605adb36c3a9f74a86a5483db4d500566ff033fb6549", @ANYRES32=r5, @ANYBLOB="00000000008000000a0001000000000000000000"], 0x2c}}, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) r7 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_HANDLE(r7, 0x113, 0x3, &(0x7f00000002c0)=0x40, 0x4) epoll_create(0x6) r8 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), r9) sendmsg$NL80211_CMD_SET_TID_CONFIG(r9, &(0x7f000000d040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0x18, r10, 0x8de13c6b70ae92c3, 0x70bd25, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x44}, 0x4) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$NFT_BATCH(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a310000000020000480140003"], 0xe8}}, 0x0) accept4(r8, &(0x7f00000003c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, &(0x7f00000001c0)=0x80, 0x0) ioctl$FICLONERANGE(r6, 0x4020940d, &(0x7f0000000100)={{r6}, 0x1, 0x5, 0x800}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'rose0\x00'}) r12 = socket$nl_route(0x10, 0x3, 0x0) r13 = accept4(r12, &(0x7f0000000000)=@l2={0x1f, 0x0, @fixed}, &(0x7f0000000080)=0x80, 0x80000) setsockopt$inet_sctp6_SCTP_EVENTS(r13, 0x84, 0xb, &(0x7f00000000c0)={0x6, 0x6, 0x6, 0x7, 0x7, 0x6, 0x8, 0x6, 0x6, 0x5, 0xfc, 0x7, 0x0, 0x80}, 0xe) sendmsg$nl_route(r12, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000340)=ANY=[], 0x20}}, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) 346.857211ms ago: executing program 4 (id=1573): socket$kcm(0x10, 0x2, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c4000000240001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d54900000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c001500000070"], 0xc4}}, 0x0) r3 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r3, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x17}, @multicast1}}}], 0x20}, 0x0) recvmmsg(r1, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffc4c, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x38, r4, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0xf4, 0x2e}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}]]}, 0x38}, 0x1, 0x0, 0x0, 0xd37697ff280d3c0e}, 0x0) recvmmsg$unix(r1, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000001740)=[{&(0x7f00000006c0)=""/116, 0x74}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 237.126887ms ago: executing program 3 (id=1574): r0 = syz_open_procfs$namespace(0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x800) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000000)={r1, 0x6, 0xf2, 0x1}) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r4, &(0x7f0000000040)="92ad3ff7091765814b05d82cfbefef964e82f8fee04efd0f619c06a3f3", &(0x7f0000000340)=""/176, 0x4}, 0x20) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000500)={'ip6tnl0\x00', &(0x7f0000000480)={'ip6gre0\x00', 0x0, 0x4, 0x2, 0xd, 0x2e, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xae, 0x1, 0x5, 0x27b6}}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r6, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)={0x2, 0x4, 0x8, 0x1, 0x80, r4, 0x9, '\x00', 0x0, r4, 0x1, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x6, 0x3, &(0x7f0000000400)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @map_val={0x18, 0x7, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0xa}], &(0x7f0000000440)='syzkaller\x00', 0x8, 0x1000, &(0x7f0000000fc0)=""/4096, 0x41000, 0x3, '\x00', r5, 0x25, r4, 0x8, &(0x7f0000000540)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000580)={0x0, 0x10, 0x8000, 0x18}, 0x10, 0x0, 0x0, 0x9, &(0x7f0000000640)=[r6, r7, r4, r4, r4, r4, r0, r4], &(0x7f0000000680)=[{0x0, 0x5, 0x3}, {0x5, 0x4, 0xd, 0x8}, {0x2, 0x2, 0xe, 0x8}, {0x0, 0x3, 0xe, 0x8}, {0x5, 0x2, 0x0, 0x6}, {0x3, 0x3, 0x8, 0x7}, {0x2, 0x3, 0x4, 0x8}, {0x4, 0x2, 0xd, 0xa}, {0x0, 0x2, 0x0, 0x8}], 0x10, 0x87a3, @void, @value}, 0x94) ppoll(&(0x7f0000000200)=[{r3, 0x801a}], 0x1, &(0x7f0000000100)={0x0, 0x3938700}, 0x0, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x8001) 136.701548ms ago: executing program 2 (id=1575): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWSET={0x1c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x3}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x48, 0x10, 0x40d, 0x70bd28, 0x25ffdbfc, {0x0, 0x0, 0x0, 0x0, 0x10}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x84}, @IFLA_BR_MCAST_LAST_MEMBER_INTVL={0xc, 0x1e, 0x3ff}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) (fail_nth: 15) 0s ago: executing program 3 (id=1576): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0) close(r0) socket$netlink(0x10, 0x3, 0x9) ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x880}, 0x800) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a05000000000000000000020000000900020073797a310008000008000440000000000900010073797a30000000000800034000000009"], 0x64}, 0x1, 0x0, 0x0, 0x20048800}, 0x0) kernel console output (not intermixed with test programs): netlink: 12 bytes leftover after parsing attributes in process `syz.2.450'. [ 143.829405][ T7477] netlink: 12 bytes leftover after parsing attributes in process `syz.2.450'. [ 143.987094][ T7485] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.128917][ T7485] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.230980][ T7485] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.327352][ T7485] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.552492][ T7485] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.621439][ T7485] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.656721][ T7485] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.735048][ T7485] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.953347][ T7534] bridge_slave_1: left allmulticast mode [ 145.961546][ T7534] bridge_slave_1: left promiscuous mode [ 145.983763][ T7534] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.035513][ T7534] bridge_slave_0: left allmulticast mode [ 146.059545][ T7534] bridge_slave_0: left promiscuous mode [ 146.075610][ T7534] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.620670][ T7547] netlink: 'syz.0.469': attribute type 32 has an invalid length. [ 146.661183][ T5843] IPVS: starting estimator thread 0... [ 146.704984][ T7548] netlink: 'syz.3.468': attribute type 11 has an invalid length. [ 146.750713][ T7549] IPVS: using max 18 ests per chain, 43200 per kthread [ 147.317914][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 147.433280][ T7574] sctp: [Deprecated]: syz.4.477 (pid 7574) Use of int in maxseg socket option. [ 147.433280][ T7574] Use struct sctp_assoc_value instead [ 147.516256][ T7577] __nla_validate_parse: 3 callbacks suppressed [ 147.516280][ T7577] netlink: 20 bytes leftover after parsing attributes in process `syz.2.478'. [ 147.560006][ T7579] netlink: 8 bytes leftover after parsing attributes in process `syz.2.478'. [ 147.602530][ T7579] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 147.643424][ T7577] netlink: 8 bytes leftover after parsing attributes in process `syz.2.478'. [ 147.978223][ T7592] FAULT_INJECTION: forcing a failure. [ 147.978223][ T7592] name failslab, interval 1, probability 0, space 0, times 0 [ 147.993067][ T7592] CPU: 0 UID: 0 PID: 7592 Comm: syz.3.482 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 147.993096][ T7592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 147.993108][ T7592] Call Trace: [ 147.993116][ T7592] [ 147.993124][ T7592] dump_stack_lvl+0x241/0x360 [ 147.993155][ T7592] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.993178][ T7592] ? __pfx__printk+0x10/0x10 [ 147.993214][ T7592] ? __kmalloc_noprof+0xb5/0x4c0 [ 147.993238][ T7592] ? __pfx___might_resched+0x10/0x10 [ 147.993269][ T7592] should_fail_ex+0x40a/0x550 [ 147.993299][ T7592] should_failslab+0xac/0x100 [ 147.993323][ T7592] __kmalloc_noprof+0xdd/0x4c0 [ 147.993345][ T7592] ? sock_kmalloc+0xd7/0x160 [ 147.993364][ T7592] ? do_raw_spin_unlock+0x13c/0x8b0 [ 147.993393][ T7592] sock_kmalloc+0xd7/0x160 [ 147.993418][ T7592] hash_recvmsg+0x287/0x7d0 [ 147.993448][ T7592] ? __pfx_hash_recvmsg+0x10/0x10 [ 147.993476][ T7592] sock_recvmsg_nosec+0x18e/0x1d0 [ 147.993507][ T7592] ____sys_recvmsg+0x3cd/0x480 [ 147.993538][ T7592] ? __pfx_____sys_recvmsg+0x10/0x10 [ 147.993572][ T7592] ? do_recvmmsg+0x44e/0xab0 [ 147.993593][ T7592] ? __might_fault+0xaa/0x120 [ 147.993626][ T7592] do_recvmmsg+0x426/0xab0 [ 147.993668][ T7592] ? __pfx_do_recvmmsg+0x10/0x10 [ 147.993719][ T7592] ? ksys_write+0x22a/0x2b0 [ 147.993748][ T7592] ? __pfx_lock_release+0x10/0x10 [ 147.993783][ T7592] ? sb_end_write+0xe9/0x1c0 [ 147.993807][ T7592] ? vfs_write+0x7fa/0xd10 [ 147.993837][ T7592] ? __mutex_unlock_slowpath+0x227/0x800 [ 147.993878][ T7592] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 147.993906][ T7592] ? __fget_files+0x2a/0x410 [ 147.993945][ T7592] __x64_sys_recvmmsg+0x199/0x250 [ 147.993971][ T7592] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 147.993995][ T7592] ? do_syscall_64+0x100/0x230 [ 147.994028][ T7592] ? do_syscall_64+0xb6/0x230 [ 147.994061][ T7592] do_syscall_64+0xf3/0x230 [ 147.994091][ T7592] ? clear_bhb_loop+0x35/0x90 [ 147.994126][ T7592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.994154][ T7592] RIP: 0033:0x7f5b92f8cde9 [ 147.994172][ T7592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.994189][ T7592] RSP: 002b:00007f5b93de1038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 147.994212][ T7592] RAX: ffffffffffffffda RBX: 00007f5b931a5fa0 RCX: 00007f5b92f8cde9 [ 147.994227][ T7592] RDX: 0000000000000600 RSI: 0000400000003700 RDI: 0000000000000004 [ 147.994241][ T7592] RBP: 00007f5b93de1090 R08: 0000000000000000 R09: 0000000000000000 [ 147.994254][ T7592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 147.994266][ T7592] R13: 0000000000000000 R14: 00007f5b931a5fa0 R15: 00007fffa91e0988 [ 147.994297][ T7592] [ 148.911440][ T7603] netlink: 12 bytes leftover after parsing attributes in process `syz.0.487'. [ 149.277521][ T7614] netlink: 243 bytes leftover after parsing attributes in process `syz.0.488'. [ 149.286855][ T7614] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 149.494231][ T7619] sctp: [Deprecated]: syz.4.490 (pid 7619) Use of int in maxseg socket option. [ 149.494231][ T7619] Use struct sctp_assoc_value instead [ 149.632539][ T7621] netlink: 28 bytes leftover after parsing attributes in process `syz.3.491'. [ 149.670993][ T7621] netlink: 40 bytes leftover after parsing attributes in process `syz.3.491'. [ 150.107688][ T7632] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 150.262900][ T7637] netlink: 36 bytes leftover after parsing attributes in process `syz.3.496'. [ 150.838322][ T7654] sctp: [Deprecated]: syz.3.502 (pid 7654) Use of int in maxseg socket option. [ 150.838322][ T7654] Use struct sctp_assoc_value instead [ 151.023433][ T7659] FAULT_INJECTION: forcing a failure. [ 151.023433][ T7659] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 151.132707][ T7659] CPU: 0 UID: 0 PID: 7659 Comm: syz.3.505 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 151.132739][ T7659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 151.132751][ T7659] Call Trace: [ 151.132759][ T7659] [ 151.132767][ T7659] dump_stack_lvl+0x241/0x360 [ 151.132794][ T7659] ? __pfx_dump_stack_lvl+0x10/0x10 [ 151.132814][ T7659] ? __pfx__printk+0x10/0x10 [ 151.132848][ T7659] ? snprintf+0xda/0x120 [ 151.132871][ T7659] should_fail_ex+0x40a/0x550 [ 151.132898][ T7659] _copy_to_user+0x31/0xb0 [ 151.132919][ T7659] simple_read_from_buffer+0xca/0x150 [ 151.132953][ T7659] proc_fail_nth_read+0x1e9/0x250 [ 151.132988][ T7659] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 151.133037][ T7659] ? rw_verify_area+0x243/0x630 [ 151.133063][ T7659] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 151.133098][ T7659] vfs_read+0x1f8/0xb40 [ 151.133126][ T7659] ? fdget_pos+0x254/0x320 [ 151.133150][ T7659] ? __pfx___mutex_lock+0x10/0x10 [ 151.133180][ T7659] ? __pfx_vfs_read+0x10/0x10 [ 151.133204][ T7659] ? do_sys_openat2+0x17a/0x1d0 [ 151.133229][ T7659] ? __fget_files+0x2a/0x410 [ 151.133253][ T7659] ? __fget_files+0x395/0x410 [ 151.133274][ T7659] ? __fget_files+0x2a/0x410 [ 151.133306][ T7659] ksys_read+0x18f/0x2b0 [ 151.133336][ T7659] ? __pfx_ksys_read+0x10/0x10 [ 151.133364][ T7659] ? do_syscall_64+0x100/0x230 [ 151.133396][ T7659] ? do_syscall_64+0xb6/0x230 [ 151.133427][ T7659] do_syscall_64+0xf3/0x230 [ 151.133455][ T7659] ? clear_bhb_loop+0x35/0x90 [ 151.133486][ T7659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.133512][ T7659] RIP: 0033:0x7f5b92f8b7fc [ 151.133529][ T7659] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 151.133544][ T7659] RSP: 002b:00007f5b93de1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 151.133565][ T7659] RAX: ffffffffffffffda RBX: 00007f5b931a5fa0 RCX: 00007f5b92f8b7fc [ 151.133579][ T7659] RDX: 000000000000000f RSI: 00007f5b93de10a0 RDI: 0000000000000003 [ 151.133591][ T7659] RBP: 00007f5b93de1090 R08: 0000000000000000 R09: 0000000000000000 [ 151.133603][ T7659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.133615][ T7659] R13: 0000000000000000 R14: 00007f5b931a5fa0 R15: 00007fffa91e0988 [ 151.133646][ T7659] [ 152.125804][ T7679] netlink: 8 bytes leftover after parsing attributes in process `syz.2.509'. [ 152.412549][ T7691] netlink: 20 bytes leftover after parsing attributes in process `syz.2.514'. [ 152.839652][ T7712] netlink: 'syz.2.518': attribute type 1 has an invalid length. [ 152.848021][ T7712] netlink: 224 bytes leftover after parsing attributes in process `syz.2.518'. [ 152.866417][ T7712] netlink: 28 bytes leftover after parsing attributes in process `syz.2.518'. [ 152.876411][ T7714] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.520'. [ 152.902259][ T7714] openvswitch: netlink: Message has 8 unknown bytes. [ 153.010004][ T7714] FAULT_INJECTION: forcing a failure. [ 153.010004][ T7714] name failslab, interval 1, probability 0, space 0, times 0 [ 153.079424][ T7714] CPU: 0 UID: 0 PID: 7714 Comm: syz.3.520 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 153.079456][ T7714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 153.079469][ T7714] Call Trace: [ 153.079476][ T7714] [ 153.079485][ T7714] dump_stack_lvl+0x241/0x360 [ 153.079515][ T7714] ? __pfx_dump_stack_lvl+0x10/0x10 [ 153.079538][ T7714] ? __pfx__printk+0x10/0x10 [ 153.079573][ T7714] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 153.079599][ T7714] ? __pfx___might_resched+0x10/0x10 [ 153.079628][ T7714] should_fail_ex+0x40a/0x550 [ 153.079657][ T7714] should_failslab+0xac/0x100 [ 153.079680][ T7714] kmem_cache_alloc_node_noprof+0x77/0x380 [ 153.079714][ T7714] ? __alloc_skb+0x1c3/0x440 [ 153.079748][ T7714] __alloc_skb+0x1c3/0x440 [ 153.079782][ T7714] ? __pfx___alloc_skb+0x10/0x10 [ 153.079832][ T7714] ? netlink_autobind+0xd6/0x2f0 [ 153.079854][ T7714] ? netlink_autobind+0x2b0/0x2f0 [ 153.079880][ T7714] netlink_sendmsg+0x638/0xcb0 [ 153.079914][ T7714] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.079951][ T7714] ? aa_sock_msg_perm+0x91/0x160 [ 153.079984][ T7714] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.080003][ T7714] __sock_sendmsg+0x221/0x270 [ 153.080032][ T7714] ____sys_sendmsg+0x52a/0x7e0 [ 153.080060][ T7714] ? __pfx_____sys_sendmsg+0x10/0x10 [ 153.080089][ T7714] ? __fget_files+0x2a/0x410 [ 153.080120][ T7714] ? __fget_files+0x2a/0x410 [ 153.080151][ T7714] __sys_sendmsg+0x269/0x350 [ 153.080175][ T7714] ? __pfx___sys_sendmsg+0x10/0x10 [ 153.080207][ T7714] ? do_sys_openat2+0x17a/0x1d0 [ 153.080254][ T7714] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 153.080284][ T7714] ? do_syscall_64+0x100/0x230 [ 153.080316][ T7714] ? do_syscall_64+0xb6/0x230 [ 153.080350][ T7714] do_syscall_64+0xf3/0x230 [ 153.080378][ T7714] ? clear_bhb_loop+0x35/0x90 [ 153.080408][ T7714] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.080433][ T7714] RIP: 0033:0x7f5b92f8cde9 [ 153.080450][ T7714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.080466][ T7714] RSP: 002b:00007f5b93de1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 153.080487][ T7714] RAX: ffffffffffffffda RBX: 00007f5b931a5fa0 RCX: 00007f5b92f8cde9 [ 153.080502][ T7714] RDX: 0000000000000000 RSI: 0000400000000100 RDI: 0000000000000007 [ 153.080514][ T7714] RBP: 00007f5b93de1090 R08: 0000000000000000 R09: 0000000000000000 [ 153.080525][ T7714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 153.080536][ T7714] R13: 0000000000000000 R14: 00007f5b931a5fa0 R15: 00007fffa91e0988 [ 153.080582][ T7714] [ 153.516422][ T7728] netlink: 12 bytes leftover after parsing attributes in process `syz.0.523'. [ 153.618889][ T7728] bond1: (slave vti0): The slave device specified does not support setting the MAC address [ 153.638721][ T7728] bond1: (slave vti0): Error -95 calling set_mac_address [ 153.716152][ T7739] netlink: 'syz.2.527': attribute type 9 has an invalid length. [ 153.724348][ T7739] netlink: 'syz.2.527': attribute type 7 has an invalid length. [ 153.737112][ T7739] netlink: 'syz.2.527': attribute type 8 has an invalid length. [ 153.807505][ T7739] netlink: 20 bytes leftover after parsing attributes in process `syz.2.527'. [ 153.844785][ T7740] netlink: 20 bytes leftover after parsing attributes in process `syz.2.527'. [ 154.031554][ T7756] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 154.107667][ T7763] netlink: 8 bytes leftover after parsing attributes in process `syz.4.530'. [ 154.155617][ T7763] vlan3: entered allmulticast mode [ 154.161396][ T7763] bridge0: entered allmulticast mode [ 154.173408][ T7763] bridge0: left allmulticast mode [ 154.488227][ T7776] netlink: 8 bytes leftover after parsing attributes in process `syz.0.537'. [ 154.935698][ T7793] netlink: 8 bytes leftover after parsing attributes in process `syz.1.541'. [ 155.134003][ T7805] netlink: 4 bytes leftover after parsing attributes in process `syz.1.545'. [ 155.628779][ T7832] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 155.827306][ T7837] Cannot find add_set index 0 as target [ 156.423423][ T7865] netlink: 'syz.1.565': attribute type 5 has an invalid length. [ 157.521037][ T5841] Bluetooth: hci0: command 0x0401 tx timeout [ 157.528727][ T5837] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 158.743493][ T7931] __nla_validate_parse: 10 callbacks suppressed [ 158.743523][ T7931] netlink: 8 bytes leftover after parsing attributes in process `syz.3.584'. [ 158.766955][ T7931] openvswitch: netlink: IP tunnel attribute has 5036 unknown bytes. [ 158.815249][ T7933] netlink: 8 bytes leftover after parsing attributes in process `syz.2.583'. [ 158.825053][ T7933] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 158.867463][ T7933] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 159.018568][ T7935] netlink: 'syz.1.585': attribute type 10 has an invalid length. [ 159.037590][ T7935] bridge0: port 3(team0) entered disabled state [ 159.045210][ T7935] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.053515][ T7935] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.117291][ T7935] team0: Device bridge0 is already an upper device of the team interface [ 159.698263][ T7954] FAULT_INJECTION: forcing a failure. [ 159.698263][ T7954] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 159.743600][ T7954] CPU: 1 UID: 0 PID: 7954 Comm: syz.3.592 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 159.743632][ T7954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 159.743644][ T7954] Call Trace: [ 159.743652][ T7954] [ 159.743661][ T7954] dump_stack_lvl+0x241/0x360 [ 159.743691][ T7954] ? __pfx_dump_stack_lvl+0x10/0x10 [ 159.743719][ T7954] ? __pfx__printk+0x10/0x10 [ 159.743754][ T7954] ? __pfx_lock_release+0x10/0x10 [ 159.743792][ T7954] should_fail_ex+0x40a/0x550 [ 159.743821][ T7954] _copy_from_user+0x2d/0xb0 [ 159.743843][ T7954] copy_msghdr_from_user+0xae/0x680 [ 159.743871][ T7954] ? __pfx___might_resched+0x10/0x10 [ 159.743899][ T7954] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 159.743930][ T7954] ? do_recvmmsg+0x44e/0xab0 [ 159.743951][ T7954] ? __might_fault+0xaa/0x120 [ 159.743983][ T7954] do_recvmmsg+0x3bd/0xab0 [ 159.744015][ T7954] ? __pfx_do_recvmmsg+0x10/0x10 [ 159.744057][ T7954] ? ksys_write+0x22a/0x2b0 [ 159.744085][ T7954] ? __pfx_lock_release+0x10/0x10 [ 159.744127][ T7954] ? sb_end_write+0xe9/0x1c0 [ 159.744150][ T7954] ? vfs_write+0x7fa/0xd10 [ 159.744179][ T7954] ? __mutex_unlock_slowpath+0x227/0x800 [ 159.744219][ T7954] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 159.744251][ T7954] ? __fget_files+0x2a/0x410 [ 159.744289][ T7954] __x64_sys_recvmmsg+0x199/0x250 [ 159.744313][ T7954] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 159.744336][ T7954] ? do_syscall_64+0x100/0x230 [ 159.744370][ T7954] ? do_syscall_64+0xb6/0x230 [ 159.744402][ T7954] do_syscall_64+0xf3/0x230 [ 159.744431][ T7954] ? clear_bhb_loop+0x35/0x90 [ 159.744464][ T7954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.744492][ T7954] RIP: 0033:0x7f5b92f8cde9 [ 159.744510][ T7954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.744527][ T7954] RSP: 002b:00007f5b93de1038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 159.744549][ T7954] RAX: ffffffffffffffda RBX: 00007f5b931a5fa0 RCX: 00007f5b92f8cde9 [ 159.744564][ T7954] RDX: 0000000004000169 RSI: 0000400000005000 RDI: 0000000000000003 [ 159.744578][ T7954] RBP: 00007f5b93de1090 R08: 0000000000000000 R09: 0000000000000000 [ 159.744590][ T7954] R10: 0000000000000060 R11: 0000000000000246 R12: 0000000000000002 [ 159.744602][ T7954] R13: 0000000000000000 R14: 00007f5b931a5fa0 R15: 00007fffa91e0988 [ 159.744632][ T7954] [ 160.285458][ T7966] x_tables: ip6_tables: DNAT target: used from hooks INPUT, but only usable from PREROUTING/OUTPUT [ 160.299683][ T7966] netlink: 96 bytes leftover after parsing attributes in process `syz.4.596'. [ 160.314752][ T7966] netlink: 52 bytes leftover after parsing attributes in process `syz.4.596'. [ 160.398601][ T7970] Cannot find del_set index 1 as target [ 160.453599][ T7963] netlink: 12 bytes leftover after parsing attributes in process `syz.3.597'. [ 160.850228][ T7981] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 161.025614][ T7984] syz.3.602 (7984) used obsolete PPPIOCDETACH ioctl [ 161.137179][ T7984] netlink: 24 bytes leftover after parsing attributes in process `syz.3.602'. [ 162.008976][ T8019] netlink: 4 bytes leftover after parsing attributes in process `syz.3.615'. [ 162.018813][ T8019] netlink: 'syz.3.615': attribute type 1 has an invalid length. [ 162.148941][ T8014] netlink: 12 bytes leftover after parsing attributes in process `syz.2.612'. [ 162.219275][ T8029] FAULT_INJECTION: forcing a failure. [ 162.219275][ T8029] name failslab, interval 1, probability 0, space 0, times 0 [ 162.240926][ T8029] CPU: 0 UID: 0 PID: 8029 Comm: syz.4.616 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 162.240957][ T8029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 162.240968][ T8029] Call Trace: [ 162.240976][ T8029] [ 162.240985][ T8029] dump_stack_lvl+0x241/0x360 [ 162.241015][ T8029] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.241037][ T8029] ? __pfx__printk+0x10/0x10 [ 162.241091][ T8029] should_fail_ex+0x40a/0x550 [ 162.241121][ T8029] should_failslab+0xac/0x100 [ 162.241144][ T8029] __kmalloc_cache_noprof+0x70/0x390 [ 162.241168][ T8029] ? sctp_add_bind_addr+0x89/0x3a0 [ 162.241196][ T8029] sctp_add_bind_addr+0x89/0x3a0 [ 162.241225][ T8029] sctp_copy_local_addr_list+0x311/0x500 [ 162.241252][ T8029] ? sctp_copy_local_addr_list+0xab/0x500 [ 162.241277][ T8029] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 162.241305][ T8029] ? sctp_v4_is_any+0x35/0x60 [ 162.241338][ T8029] sctp_bind_addr_copy+0xad/0x3b0 [ 162.241362][ T8029] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 162.241400][ T8029] sctp_connect_new_asoc+0x2f3/0x6c0 [ 162.241433][ T8029] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 162.241461][ T8029] ? sctp_sendmsg+0xbb9/0x3520 [ 162.241496][ T8029] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 162.241523][ T8029] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 162.241551][ T8029] sctp_sendmsg+0x219a/0x3520 [ 162.241596][ T8029] ? aa_sk_perm+0x96d/0xab0 [ 162.241621][ T8029] ? __pfx_sctp_sendmsg+0x10/0x10 [ 162.241656][ T8029] ? __pfx_aa_sk_perm+0x10/0x10 [ 162.241693][ T8029] ? inet_sendmsg+0x330/0x390 [ 162.241722][ T8029] __sock_sendmsg+0x1a6/0x270 [ 162.241752][ T8029] __sys_sendto+0x363/0x4c0 [ 162.241789][ T8029] ? __pfx___sys_sendto+0x10/0x10 [ 162.241834][ T8029] ? __fget_files+0x2a/0x410 [ 162.241868][ T8029] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 162.241901][ T8029] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 162.241937][ T8029] __x64_sys_sendto+0xde/0x100 [ 162.241972][ T8029] do_syscall_64+0xf3/0x230 [ 162.242002][ T8029] ? clear_bhb_loop+0x35/0x90 [ 162.242036][ T8029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.242063][ T8029] RIP: 0033:0x7f264ab8cde9 [ 162.242088][ T8029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.242105][ T8029] RSP: 002b:00007f264b975038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 162.242127][ T8029] RAX: ffffffffffffffda RBX: 00007f264ada5fa0 RCX: 00007f264ab8cde9 [ 162.242142][ T8029] RDX: 0000000000000001 RSI: 00004000000000c0 RDI: 0000000000000003 [ 162.242154][ T8029] RBP: 00007f264b975090 R08: 0000400000000040 R09: 0000000000000010 [ 162.242168][ T8029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 162.242179][ T8029] R13: 0000000000000000 R14: 00007f264ada5fa0 R15: 00007ffda8898ff8 [ 162.242212][ T8029] [ 162.639183][ T8026] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.818068][ T8026] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.937090][ T8026] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.133817][ T8026] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.195027][ T8045] netlink: 4 bytes leftover after parsing attributes in process `syz.4.621'. [ 163.444768][ T8039] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.452254][ T8039] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.007228][ T8039] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 164.115509][ T8039] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 164.408935][ T8039] hsr1: left promiscuous mode [ 164.426413][ T8039] bond1: left promiscuous mode [ 164.451778][ T8039] bond1: left allmulticast mode [ 164.457557][ T8039] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.488329][ T8039] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.508165][ T8039] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.520465][ T8039] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.540471][ T8039] geneve2: left promiscuous mode [ 164.779606][ T8026] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.898561][ T8026] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.981615][ T8026] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.996444][ T8026] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.195160][ T8070] netlink: 12 bytes leftover after parsing attributes in process `syz.3.627'. [ 165.263317][ T8074] netlink: 8 bytes leftover after parsing attributes in process `syz.0.626'. [ 165.281158][ T5841] Bluetooth: hci0: command 0x0401 tx timeout [ 165.289569][ T5837] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 165.514242][ T8080] netlink: 16 bytes leftover after parsing attributes in process `syz.3.629'. [ 165.672303][ T8082] ip6tnl1: entered allmulticast mode [ 166.439593][ T8091] netlink: 24 bytes leftover after parsing attributes in process `syz.1.631'. [ 166.501565][ T8088] netlink: 44 bytes leftover after parsing attributes in process `syz.1.631'. [ 167.093138][ T8085] netlink: 16 bytes leftover after parsing attributes in process `syz.3.630'. [ 167.890714][ T8113] netlink: 4 bytes leftover after parsing attributes in process `syz.0.639'. [ 168.051957][ T8120] FAULT_INJECTION: forcing a failure. [ 168.051957][ T8120] name failslab, interval 1, probability 0, space 0, times 0 [ 168.110488][ T8120] CPU: 0 UID: 0 PID: 8120 Comm: syz.1.642 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 168.110527][ T8120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 168.110539][ T8120] Call Trace: [ 168.110546][ T8120] [ 168.110555][ T8120] dump_stack_lvl+0x241/0x360 [ 168.110585][ T8120] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.110607][ T8120] ? __pfx__printk+0x10/0x10 [ 168.110642][ T8120] ? kmem_cache_alloc_noprof+0x48/0x380 [ 168.110667][ T8120] ? __pfx___might_resched+0x10/0x10 [ 168.110689][ T8120] ? find_mergeable_anon_vma+0x6b0/0x8f0 [ 168.110717][ T8120] should_fail_ex+0x40a/0x550 [ 168.110746][ T8120] should_failslab+0xac/0x100 [ 168.110768][ T8120] ? __anon_vma_prepare+0x117/0x4a0 [ 168.110794][ T8120] kmem_cache_alloc_noprof+0x70/0x380 [ 168.110822][ T8120] __anon_vma_prepare+0x117/0x4a0 [ 168.110857][ T8120] __handle_mm_fault+0x617e/0x70f0 [ 168.110881][ T8120] ? mark_lock+0x9a/0x360 [ 168.110938][ T8120] ? __pfx___handle_mm_fault+0x10/0x10 [ 168.110974][ T8120] ? mt_find+0x2a9/0x920 [ 168.111003][ T8120] ? __pfx_lock_release+0x10/0x10 [ 168.111043][ T8120] ? mt_find+0x2a9/0x920 [ 168.111073][ T8120] ? mt_find+0x6c8/0x920 [ 168.111102][ T8120] ? mt_find+0x2a9/0x920 [ 168.111133][ T8120] ? __pfx_mt_find+0x10/0x10 [ 168.111179][ T8120] ? find_vma+0xf9/0x170 [ 168.111199][ T8120] ? __pfx_find_vma+0x10/0x10 [ 168.111219][ T8120] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 168.111246][ T8120] handle_mm_fault+0x3e5/0x8d0 [ 168.111279][ T8120] exc_page_fault+0x2b9/0x8b0 [ 168.111308][ T8120] asm_exc_page_fault+0x26/0x30 [ 168.111333][ T8120] RIP: 0010:__put_user_4+0x11/0x20 [ 168.111359][ T8120] Code: 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 [ 168.111374][ T8120] RSP: 0018:ffffc90002e17498 EFLAGS: 00050206 [ 168.111392][ T8120] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00004000000002c0 [ 168.111405][ T8120] RDX: 0000000000000000 RSI: ffffffff8c0ab8e0 RDI: ffffffff8c608a00 [ 168.111417][ T8120] RBP: ffffc90002e17610 R08: ffffffff901b5577 R09: 1ffffffff2036aae [ 168.111432][ T8120] R10: dffffc0000000000 R11: fffffbfff2036aaf R12: ffffc90002e174e0 [ 168.111445][ T8120] R13: 1ffff920005c2e9c R14: dffffc0000000000 R15: 1ffff920005c2e98 [ 168.111477][ T8120] sk_ioctl+0x369/0x680 [ 168.111517][ T8120] ? __pfx_sk_ioctl+0x10/0x10 [ 168.111573][ T8120] inet6_ioctl+0x203/0x280 [ 168.111608][ T8120] ? __pfx_inet6_ioctl+0x10/0x10 [ 168.111639][ T8120] ? unwind_next_frame+0x18e6/0x22d0 [ 168.111672][ T8120] ? preempt_count_add+0x93/0x190 [ 168.111696][ T8120] ? 0xffffffffa0000954 [ 168.111713][ T8120] ? 0xffffffffa0000954 [ 168.111737][ T8120] sock_do_ioctl+0x158/0x460 [ 168.111777][ T8120] ? kernel_text_address+0xa7/0xe0 [ 168.111801][ T8120] ? __pfx_sock_do_ioctl+0x10/0x10 [ 168.111823][ T8120] ? arch_stack_walk+0xfd/0x150 [ 168.111868][ T8120] ? stack_trace_save+0x118/0x1d0 [ 168.111894][ T8120] sock_ioctl+0x626/0x8e0 [ 168.111920][ T8120] ? __pfx_sock_ioctl+0x10/0x10 [ 168.111950][ T8120] ? kasan_save_track+0x51/0x80 [ 168.111977][ T8120] ? kasan_save_track+0x3f/0x80 [ 168.112003][ T8120] ? kasan_save_free_info+0x40/0x50 [ 168.112025][ T8120] ? __kasan_slab_free+0x59/0x70 [ 168.112053][ T8120] ? kfree+0x196/0x430 [ 168.112072][ T8120] ? security_file_ioctl+0xc6/0x2a0 [ 168.112095][ T8120] ? __se_sys_ioctl+0x46/0x170 [ 168.112120][ T8120] ? do_syscall_64+0xf3/0x230 [ 168.112146][ T8120] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.112173][ T8120] ? __pfx_sock_ioctl+0x10/0x10 [ 168.112198][ T8120] do_vfs_ioctl+0xec7/0x2e40 [ 168.112232][ T8120] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 168.112263][ T8120] ? mark_lock+0x9a/0x360 [ 168.112309][ T8120] ? tomoyo_path_number_perm+0x206/0x860 [ 168.112336][ T8120] ? __pfx_lock_release+0x10/0x10 [ 168.112369][ T8120] ? tomoyo_path_number_perm+0x679/0x860 [ 168.112398][ T8120] ? tomoyo_path_number_perm+0x679/0x860 [ 168.112429][ T8120] ? tomoyo_path_number_perm+0x6f9/0x860 [ 168.112453][ T8120] ? __lock_acquire+0x1397/0x2100 [ 168.112483][ T8120] ? tomoyo_path_number_perm+0x206/0x860 [ 168.112523][ T8120] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 168.112592][ T8120] ? __fget_files+0x2a/0x410 [ 168.112618][ T8120] ? __fget_files+0x2a/0x410 [ 168.112650][ T8120] __se_sys_ioctl+0x80/0x170 [ 168.112680][ T8120] do_syscall_64+0xf3/0x230 [ 168.112709][ T8120] ? clear_bhb_loop+0x35/0x90 [ 168.112741][ T8120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.112768][ T8120] RIP: 0033:0x7f9d7d18cde9 [ 168.112785][ T8120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.112800][ T8120] RSP: 002b:00007f9d7df5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 168.112822][ T8120] RAX: ffffffffffffffda RBX: 00007f9d7d3a5fa0 RCX: 00007f9d7d18cde9 [ 168.112836][ T8120] RDX: 00004000000002c0 RSI: 000000000000541b RDI: 0000000000000003 [ 168.112849][ T8120] RBP: 00007f9d7df5b090 R08: 0000000000000000 R09: 0000000000000000 [ 168.112861][ T8120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.112873][ T8120] R13: 0000000000000000 R14: 00007f9d7d3a5fa0 R15: 00007ffd7ac4bae8 [ 168.112904][ T8120] [ 169.072743][ T8123] netlink: 256 bytes leftover after parsing attributes in process `syz.1.643'. [ 169.481300][ T8133] vlan2: entered promiscuous mode [ 169.865602][ T8147] netlink: 8 bytes leftover after parsing attributes in process `syz.1.651'. [ 170.047618][ T8152] syzkaller1: entered promiscuous mode [ 170.060129][ T8152] syzkaller1: entered allmulticast mode [ 170.315924][ T8171] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 170.325015][ T8171] netlink: 28 bytes leftover after parsing attributes in process `syz.1.660'. [ 170.405703][ T8175] netlink: 16 bytes leftover after parsing attributes in process `syz.1.662'. [ 170.665402][ T8184] netlink: 'syz.3.665': attribute type 1 has an invalid length. [ 170.702216][ T8184] 8021q: adding VLAN 0 to HW filter on device bond2 [ 170.747623][ T8191] netlink: 'syz.1.666': attribute type 1 has an invalid length. [ 170.772519][ T8191] netlink: 224 bytes leftover after parsing attributes in process `syz.1.666'. [ 170.786566][ T8185] netlink: 28 bytes leftover after parsing attributes in process `syz.1.666'. [ 170.808748][ T8184] bond2: (slave gretap1): making interface the new active one [ 170.844182][ T8184] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 171.065861][ T8201] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 171.327541][ T8215] netlink: 16 bytes leftover after parsing attributes in process `syz.0.673'. [ 171.441389][ T5841] Bluetooth: hci0: command 0x0401 tx timeout [ 171.447719][ T5837] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 171.719318][ T8234] netlink: 8 bytes leftover after parsing attributes in process `syz.2.678'. [ 172.230817][ T8254] netlink: 'syz.0.681': attribute type 1 has an invalid length. [ 172.270703][ T8254] netlink: 224 bytes leftover after parsing attributes in process `syz.0.681'. [ 172.301737][ T8246] netlink: 28 bytes leftover after parsing attributes in process `syz.0.681'. [ 172.349740][ T8258] sctp: [Deprecated]: syz.4.685 (pid 8258) Use of int in maxseg socket option. [ 172.349740][ T8258] Use struct sctp_assoc_value instead [ 172.401835][ T8262] netlink: 16 bytes leftover after parsing attributes in process `syz.1.686'. [ 172.722304][ T8274] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.807430][ T8274] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.916543][ T8274] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.057836][ T8288] netlink: 187320 bytes leftover after parsing attributes in process `syz.1.696'. [ 173.082031][ T8288] netlink: zone id is out of range [ 173.090783][ T8288] netlink: zone id is out of range [ 173.101968][ T8274] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.109096][ T8288] netlink: zone id is out of range [ 173.136617][ T8288] netlink: zone id is out of range [ 173.155891][ T8288] netlink: zone id is out of range [ 173.185151][ T8288] netlink: zone id is out of range [ 173.197770][ T8288] netlink: zone id is out of range [ 173.253451][ T8288] netlink: zone id is out of range [ 173.259032][ T8288] netlink: zone id is out of range [ 173.313091][ T8274] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.367912][ T8274] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.432421][ T8274] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.467164][ T8274] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.841083][ T5841] Bluetooth: hci0: command 0x0401 tx timeout [ 173.847591][ T5837] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 174.285844][ T8324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 174.948291][ T8344] netlink: 'syz.0.717': attribute type 11 has an invalid length. [ 175.350626][ T8358] __nla_validate_parse: 5 callbacks suppressed [ 175.350658][ T8358] netlink: 20 bytes leftover after parsing attributes in process `syz.4.725'. [ 175.707232][ T8372] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 175.715052][ T8372] IPv6: NLM_F_CREATE should be set when creating new route [ 175.722358][ T8372] IPv6: NLM_F_CREATE should be set when creating new route [ 175.893623][ T8380] net_ratelimit: 288 callbacks suppressed [ 175.893644][ T8380] IPv6: addrconf: prefix option has invalid lifetime [ 176.553769][ T8404] netlink: 36 bytes leftover after parsing attributes in process `syz.4.749'. [ 176.694553][ T8409] netlink: 'syz.2.750': attribute type 2 has an invalid length. [ 176.702625][ T8409] netlink: 'syz.2.750': attribute type 8 has an invalid length. [ 176.715009][ T8409] netlink: 132 bytes leftover after parsing attributes in process `syz.2.750'. [ 177.218071][ T8432] netlink: 56 bytes leftover after parsing attributes in process `syz.4.761'. [ 177.311583][ T8434] netlink: 16 bytes leftover after parsing attributes in process `syz.1.762'. [ 177.760863][ T8460] netlink: 8 bytes leftover after parsing attributes in process `syz.1.774'. [ 179.030947][ T8517] sctp: [Deprecated]: syz.0.801 (pid 8517) Use of int in maxseg socket option. [ 179.030947][ T8517] Use struct sctp_assoc_value instead [ 179.422656][ T8538] netlink: 'syz.2.811': attribute type 3 has an invalid length. [ 179.987296][ T8566] netlink: 4 bytes leftover after parsing attributes in process `syz.1.825'. [ 180.875937][ T8608] netlink: 'syz.0.844': attribute type 1 has an invalid length. [ 180.921894][ T8608] 8021q: adding VLAN 0 to HW filter on device bond2 [ 181.014235][ T8608] bond2: (slave gretap1): making interface the new active one [ 181.028582][ T8608] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 181.949045][ T8661] af_packet: tpacket_rcv: packet too big, clamped from 50 to 4294967286. macoff=82 [ 181.969197][ T8663] netlink: 'syz.4.868': attribute type 4 has an invalid length. [ 181.988020][ T8663] netlink: 'syz.4.868': attribute type 4 has an invalid length. [ 182.016333][ T8665] tipc: Started in network mode [ 182.027322][ T8665] tipc: Node identity fe800000000000000000000000000011, cluster identity 4711 [ 182.038228][ T8665] tipc: Enabled bearer , priority 10 [ 182.398211][ T8683] netlink: 'syz.0.879': attribute type 5 has an invalid length. [ 182.565089][ T8691] netlink: 8 bytes leftover after parsing attributes in process `syz.0.883'. [ 182.994912][ T8717] netlink: 16 bytes leftover after parsing attributes in process `syz.1.895'. [ 183.150817][ T5843] tipc: Node number set to 4269801489 [ 183.699920][ T8745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.905'. [ 183.709822][ T8748] netlink: 'syz.1.904': attribute type 10 has an invalid length. [ 183.727727][ T8750] netlink: 16 bytes leftover after parsing attributes in process `syz.3.907'. [ 183.739331][ T8748] dummy0: entered promiscuous mode [ 183.770711][ T8748] dummy0: entered allmulticast mode [ 183.791084][ T8748] team0: Port device dummy0 added [ 183.898354][ T8754] netlink: 'syz.0.908': attribute type 3 has an invalid length. [ 185.015772][ T8785] netlink: 16 bytes leftover after parsing attributes in process `syz.2.920'. [ 185.522421][ T8807] netlink: 8 bytes leftover after parsing attributes in process `syz.0.929'. [ 185.537108][ T8807] netlink: 24 bytes leftover after parsing attributes in process `syz.0.929'. [ 185.881582][ T8826] netlink: 28 bytes leftover after parsing attributes in process `syz.2.935'. [ 185.912425][ T8828] netlink: 'syz.4.934': attribute type 1 has an invalid length. [ 185.920143][ T8828] netlink: 224 bytes leftover after parsing attributes in process `syz.4.934'. [ 185.931053][ T8828] netlink: 28 bytes leftover after parsing attributes in process `syz.4.934'. [ 186.345484][ T30] audit: type=1800 audit(1739375296.120:3): pid=8843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.941" name="memory.events" dev="tmpfs" ino=1070 res=0 errno=0 [ 186.415744][ T30] audit: type=1804 audit(1739375296.190:4): pid=8843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.941" name="/newroot/207/memory.events" dev="tmpfs" ino=1070 res=1 errno=0 [ 186.477255][ T8851] FAULT_INJECTION: forcing a failure. [ 186.477255][ T8851] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 186.519701][ T8851] CPU: 0 UID: 0 PID: 8851 Comm: syz.1.943 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 186.519733][ T8851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 186.519746][ T8851] Call Trace: [ 186.519753][ T8851] [ 186.519762][ T8851] dump_stack_lvl+0x241/0x360 [ 186.519805][ T8851] ? __pfx_dump_stack_lvl+0x10/0x10 [ 186.519828][ T8851] ? __pfx__printk+0x10/0x10 [ 186.519868][ T8851] ? snprintf+0xda/0x120 [ 186.519895][ T8851] should_fail_ex+0x40a/0x550 [ 186.519929][ T8851] _copy_to_user+0x31/0xb0 [ 186.519954][ T8851] simple_read_from_buffer+0xca/0x150 [ 186.519992][ T8851] proc_fail_nth_read+0x1e9/0x250 [ 186.520029][ T8851] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 186.520066][ T8851] ? rw_verify_area+0x243/0x630 [ 186.520094][ T8851] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 186.520129][ T8851] vfs_read+0x1f8/0xb40 [ 186.520158][ T8851] ? fdget_pos+0x254/0x320 [ 186.520191][ T8851] ? __pfx___mutex_lock+0x10/0x10 [ 186.520222][ T8851] ? __pfx_vfs_read+0x10/0x10 [ 186.520252][ T8851] ? __fget_files+0x2a/0x410 [ 186.520277][ T8851] ? __fget_files+0x395/0x410 [ 186.520297][ T8851] ? __fget_files+0x2a/0x410 [ 186.520327][ T8851] ksys_read+0x18f/0x2b0 [ 186.520355][ T8851] ? __pfx_ksys_read+0x10/0x10 [ 186.520382][ T8851] ? do_syscall_64+0x100/0x230 [ 186.520413][ T8851] ? do_syscall_64+0xb6/0x230 [ 186.520445][ T8851] do_syscall_64+0xf3/0x230 [ 186.520474][ T8851] ? clear_bhb_loop+0x35/0x90 [ 186.520506][ T8851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.520533][ T8851] RIP: 0033:0x7f9d7d18b7fc [ 186.520557][ T8851] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 186.520573][ T8851] RSP: 002b:00007f9d7df5b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 186.520594][ T8851] RAX: ffffffffffffffda RBX: 00007f9d7d3a5fa0 RCX: 00007f9d7d18b7fc [ 186.520608][ T8851] RDX: 000000000000000f RSI: 00007f9d7df5b0a0 RDI: 0000000000000003 [ 186.520621][ T8851] RBP: 00007f9d7df5b090 R08: 0000000000000000 R09: 0000000000000000 [ 186.520633][ T8851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 186.520644][ T8851] R13: 0000000000000000 R14: 00007f9d7d3a5fa0 R15: 00007ffd7ac4bae8 [ 186.520675][ T8851] [ 187.161068][ T8870] FAULT_INJECTION: forcing a failure. [ 187.161068][ T8870] name failslab, interval 1, probability 0, space 0, times 0 [ 187.191525][ T8870] CPU: 0 UID: 0 PID: 8870 Comm: syz.2.951 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 187.191554][ T8870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 187.191567][ T8870] Call Trace: [ 187.191574][ T8870] [ 187.191583][ T8870] dump_stack_lvl+0x241/0x360 [ 187.191612][ T8870] ? __pfx_dump_stack_lvl+0x10/0x10 [ 187.191635][ T8870] ? __pfx__printk+0x10/0x10 [ 187.191682][ T8870] should_fail_ex+0x40a/0x550 [ 187.191711][ T8870] should_failslab+0xac/0x100 [ 187.191734][ T8870] __kmalloc_cache_noprof+0x70/0x390 [ 187.191756][ T8870] ? sctp_add_bind_addr+0x89/0x3a0 [ 187.191783][ T8870] sctp_add_bind_addr+0x89/0x3a0 [ 187.191809][ T8870] sctp_copy_local_addr_list+0x311/0x500 [ 187.191834][ T8870] ? sctp_copy_local_addr_list+0xab/0x500 [ 187.191857][ T8870] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 187.191883][ T8870] ? sctp_v6_is_any+0x60/0x70 [ 187.191918][ T8870] sctp_bind_addr_copy+0xad/0x3b0 [ 187.191940][ T8870] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 187.191976][ T8870] sctp_connect_new_asoc+0x2f3/0x6c0 [ 187.192007][ T8870] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 187.192034][ T8870] ? sctp_sendmsg+0xbb9/0x3520 [ 187.192067][ T8870] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 187.192093][ T8870] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 187.192120][ T8870] sctp_sendmsg+0x219a/0x3520 [ 187.192170][ T8870] ? __pfx_sctp_sendmsg+0x10/0x10 [ 187.192199][ T8870] ? __pfx_aa_sk_perm+0x10/0x10 [ 187.192226][ T8870] ? inet_sendmsg+0x330/0x390 [ 187.192249][ T8870] __sock_sendmsg+0x1a6/0x270 [ 187.192278][ T8870] ____sys_sendmsg+0x52a/0x7e0 [ 187.192308][ T8870] ? __pfx_____sys_sendmsg+0x10/0x10 [ 187.192338][ T8870] ? __fget_files+0x2a/0x410 [ 187.192363][ T8870] ? __fget_files+0x2a/0x410 [ 187.192394][ T8870] __sys_sendmmsg+0x36a/0x720 [ 187.192426][ T8870] ? __pfx___sys_sendmmsg+0x10/0x10 [ 187.192459][ T8870] ? __pfx_lock_release+0x10/0x10 [ 187.192484][ T8870] ? kstrtouint_from_user+0x128/0x190 [ 187.192537][ T8870] ? ksys_write+0x22a/0x2b0 [ 187.192565][ T8870] ? __pfx_lock_release+0x10/0x10 [ 187.192599][ T8870] ? sb_end_write+0xe9/0x1c0 [ 187.192621][ T8870] ? vfs_write+0x7fa/0xd10 [ 187.192650][ T8870] ? __mutex_unlock_slowpath+0x227/0x800 [ 187.192707][ T8870] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 187.192738][ T8870] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 187.192766][ T8870] ? do_syscall_64+0x100/0x230 [ 187.192797][ T8870] __x64_sys_sendmmsg+0xa0/0xb0 [ 187.192817][ T8870] do_syscall_64+0xf3/0x230 [ 187.192845][ T8870] ? clear_bhb_loop+0x35/0x90 [ 187.192877][ T8870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.192904][ T8870] RIP: 0033:0x7f94bad8cde9 [ 187.192922][ T8870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.192939][ T8870] RSP: 002b:00007f94bbb7b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 187.192962][ T8870] RAX: ffffffffffffffda RBX: 00007f94bafa5fa0 RCX: 00007f94bad8cde9 [ 187.192977][ T8870] RDX: 0000000000000001 RSI: 0000400000001bc0 RDI: 0000000000000003 [ 187.192991][ T8870] RBP: 00007f94bbb7b090 R08: 0000000000000000 R09: 0000000000000000 [ 187.193003][ T8870] R10: 000000000004c040 R11: 0000000000000246 R12: 0000000000000002 [ 187.193016][ T8870] R13: 0000000000000000 R14: 00007f94bafa5fa0 R15: 00007ffd9bdccef8 [ 187.193047][ T8870] [ 187.678667][ T8884] netlink: 'syz.1.952': attribute type 1 has an invalid length. [ 187.758137][ T8884] __nla_validate_parse: 5 callbacks suppressed [ 187.758158][ T8884] netlink: 224 bytes leftover after parsing attributes in process `syz.1.952'. [ 187.815387][ T8885] netlink: 28 bytes leftover after parsing attributes in process `syz.1.952'. [ 189.222552][ T8939] netlink: 'syz.0.971': attribute type 1 has an invalid length. [ 189.254125][ T8939] netlink: 224 bytes leftover after parsing attributes in process `syz.0.971'. [ 189.279801][ T8942] openvswitch: netlink: Invalid VLAN frame [ 189.354005][ T8932] netlink: 28 bytes leftover after parsing attributes in process `syz.0.971'. [ 189.729914][ T8953] netlink: 'syz.2.975': attribute type 11 has an invalid length. [ 190.284809][ T8980] FAULT_INJECTION: forcing a failure. [ 190.284809][ T8980] name failslab, interval 1, probability 0, space 0, times 0 [ 190.317076][ T8980] CPU: 0 UID: 0 PID: 8980 Comm: syz.2.985 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 190.317109][ T8980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 190.317122][ T8980] Call Trace: [ 190.317130][ T8980] [ 190.317138][ T8980] dump_stack_lvl+0x241/0x360 [ 190.317168][ T8980] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.317190][ T8980] ? __pfx__printk+0x10/0x10 [ 190.317225][ T8980] ? fs_reclaim_acquire+0x93/0x130 [ 190.317254][ T8980] ? __pfx___might_resched+0x10/0x10 [ 190.317282][ T8980] should_fail_ex+0x40a/0x550 [ 190.317311][ T8980] should_failslab+0xac/0x100 [ 190.317333][ T8980] __kmalloc_noprof+0xdd/0x4c0 [ 190.317353][ T8980] ? kstrtouint_from_user+0x128/0x190 [ 190.317378][ T8980] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 190.317412][ T8980] tomoyo_realpath_from_path+0xcf/0x5e0 [ 190.317455][ T8980] tomoyo_path_number_perm+0x236/0x860 [ 190.317481][ T8980] ? __lock_acquire+0x1397/0x2100 [ 190.317512][ T8980] ? tomoyo_path_number_perm+0x206/0x860 [ 190.317541][ T8980] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 190.317610][ T8980] ? __fget_files+0x2a/0x410 [ 190.317636][ T8980] ? __fget_files+0x2a/0x410 [ 190.317665][ T8980] security_file_ioctl+0xc6/0x2a0 [ 190.317692][ T8980] __se_sys_ioctl+0x46/0x170 [ 190.317723][ T8980] do_syscall_64+0xf3/0x230 [ 190.317753][ T8980] ? clear_bhb_loop+0x35/0x90 [ 190.317786][ T8980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.317821][ T8980] RIP: 0033:0x7f94bad8cde9 [ 190.317840][ T8980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.317857][ T8980] RSP: 002b:00007f94bbb7b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 190.317879][ T8980] RAX: ffffffffffffffda RBX: 00007f94bafa5fa0 RCX: 00007f94bad8cde9 [ 190.317894][ T8980] RDX: 0000000000000000 RSI: 00000000000089ed RDI: 0000000000000003 [ 190.317907][ T8980] RBP: 00007f94bbb7b090 R08: 0000000000000000 R09: 0000000000000000 [ 190.317920][ T8980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.317950][ T8980] R13: 0000000000000000 R14: 00007f94bafa5fa0 R15: 00007ffd9bdccef8 [ 190.317983][ T8980] [ 190.317993][ T8980] ERROR: Out of memory at tomoyo_realpath_from_path. [ 190.745303][ T8990] sctp: [Deprecated]: syz.0.989 (pid 8990) Use of int in maxseg socket option. [ 190.745303][ T8990] Use struct sctp_assoc_value instead [ 191.625698][ T9027] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1004'. [ 191.682110][ T9026] sctp: [Deprecated]: syz.3.1005 (pid 9026) Use of int in maxseg socket option. [ 191.682110][ T9026] Use struct sctp_assoc_value instead [ 192.511107][ T9059] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1018'. [ 192.744385][ T9070] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7 [ 192.855076][ T5837] Bluetooth: hci4: link tx timeout [ 192.861236][ T5837] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 192.871369][ T5837] Bluetooth: hci4: link tx timeout [ 192.876591][ T5837] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 192.979013][ T9075] netlink: 'syz.2.1022': attribute type 2 has an invalid length. [ 192.993186][ T9075] fþ: entered promiscuous mode [ 193.517324][ T9081] bond_slave_0: left promiscuous mode [ 193.572667][ T9081] bond_slave_1: left promiscuous mode [ 193.869497][ T9081] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 193.886065][ T9081] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 193.994714][ T9081] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.009839][ T9081] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.018650][ T9081] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.027614][ T9081] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.309459][ T9107] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1031'. [ 194.691108][ T9120] netlink: 'syz.4.1039': attribute type 1 has an invalid length. [ 194.746354][ T9120] 8021q: adding VLAN 0 to HW filter on device bond1 [ 194.960499][ T5841] Bluetooth: hci4: command 0x0406 tx timeout [ 195.181109][ T9137] sctp: [Deprecated]: syz.4.1043 (pid 9137) Use of int in maxseg socket option. [ 195.181109][ T9137] Use struct sctp_assoc_value instead [ 195.279153][ T9141] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1044'. [ 195.311755][ T9141] dvmrp1: entered allmulticast mode [ 195.441119][ T5837] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 195.447411][ T5841] Bluetooth: hci0: command 0x0401 tx timeout [ 195.570947][ T9150] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1047'. [ 195.587336][ T9151] netlink: 'syz.4.1047': attribute type 1 has an invalid length. [ 195.669089][ T9151] bond2: entered promiscuous mode [ 195.683594][ T9151] bond2: entered allmulticast mode [ 196.331689][ T9184] netlink: 'syz.1.1054': attribute type 1 has an invalid length. [ 196.362719][ T9184] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1054'. [ 196.391908][ T9176] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1054'. [ 197.130618][ T9207] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1059'. [ 197.215494][ T9198] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 197.230258][ T9198] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 197.396596][ T9198] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.423248][ T9198] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.424203][ T9212] netlink: 'syz.2.1061': attribute type 1 has an invalid length. [ 197.445027][ T9198] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.470414][ T9198] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.521645][ T9198] bond1: left promiscuous mode [ 197.526493][ T9198] bond1: left allmulticast mode [ 197.552044][ T9198] ip6tnl1: left allmulticast mode [ 197.597228][ T9212] 8021q: adding VLAN 0 to HW filter on device bond3 [ 197.718086][ T9217] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 197.761854][ T9217] netlink: 'syz.4.1062': attribute type 1 has an invalid length. [ 197.825993][ T9225] IPVS: set_ctl: invalid protocol: 43 224.0.0.2:20004 [ 197.845526][ T9224] FAULT_INJECTION: forcing a failure. [ 197.845526][ T9224] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 197.902125][ T9217] bond3: entered promiscuous mode [ 197.922104][ T9217] bond3: entered allmulticast mode [ 197.928564][ T9224] CPU: 1 UID: 0 PID: 9224 Comm: syz.4.1062 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 197.928593][ T9224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 197.928605][ T9224] Call Trace: [ 197.928613][ T9224] [ 197.928621][ T9224] dump_stack_lvl+0x241/0x360 [ 197.928650][ T9224] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.928672][ T9224] ? __pfx__printk+0x10/0x10 [ 197.928716][ T9224] ? snprintf+0xda/0x120 [ 197.928741][ T9224] should_fail_ex+0x40a/0x550 [ 197.928771][ T9224] _copy_to_user+0x31/0xb0 [ 197.928794][ T9224] simple_read_from_buffer+0xca/0x150 [ 197.928831][ T9224] proc_fail_nth_read+0x1e9/0x250 [ 197.928867][ T9224] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 197.928904][ T9224] ? rw_verify_area+0x243/0x630 [ 197.928930][ T9224] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 197.928972][ T9224] vfs_read+0x1f8/0xb40 [ 197.929000][ T9224] ? fdget_pos+0x254/0x320 [ 197.929023][ T9224] ? __pfx___mutex_lock+0x10/0x10 [ 197.929054][ T9224] ? __pfx_vfs_read+0x10/0x10 [ 197.929084][ T9224] ? __fget_files+0x2a/0x410 [ 197.929108][ T9224] ? __fget_files+0x395/0x410 [ 197.929129][ T9224] ? __fget_files+0x2a/0x410 [ 197.929159][ T9224] ksys_read+0x18f/0x2b0 [ 197.929189][ T9224] ? __pfx_ksys_read+0x10/0x10 [ 197.929218][ T9224] ? do_syscall_64+0x100/0x230 [ 197.929250][ T9224] ? do_syscall_64+0xb6/0x230 [ 197.929282][ T9224] do_syscall_64+0xf3/0x230 [ 197.929311][ T9224] ? clear_bhb_loop+0x35/0x90 [ 197.929344][ T9224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.929372][ T9224] RIP: 0033:0x7f264ab8b7fc [ 197.929390][ T9224] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 197.929407][ T9224] RSP: 002b:00007f264b954030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 197.929429][ T9224] RAX: ffffffffffffffda RBX: 00007f264ada6080 RCX: 00007f264ab8b7fc [ 197.929444][ T9224] RDX: 000000000000000f RSI: 00007f264b9540a0 RDI: 000000000000000b [ 197.929457][ T9224] RBP: 00007f264b954090 R08: 0000000000000000 R09: 000000000000000a [ 197.929471][ T9224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.929483][ T9224] R13: 0000000000000000 R14: 00007f264ada6080 R15: 00007ffda8898ff8 [ 197.929514][ T9224] [ 198.619513][ T9243] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1072'. [ 199.637306][ T9248] Cannot find map_set index 0 as target [ 199.684497][ T9280] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1085'. [ 200.205001][ T9294] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1090'. [ 200.955948][ T9308] tun1: tun_chr_ioctl cmd 21731 [ 201.845243][ T5847] Bluetooth: hci0: command 0x0401 tx timeout [ 201.851551][ T5839] Bluetooth: hci1: command 0x0406 tx timeout [ 201.852102][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 201.857569][ T5839] Bluetooth: hci2: command 0x0406 tx timeout [ 201.917081][ T9336] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1102'. [ 202.486087][ T9357] sctp: [Deprecated]: syz.4.1108 (pid 9357) Use of int in maxseg socket option. [ 202.486087][ T9357] Use struct sctp_assoc_value instead [ 202.801519][ T9368] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1112'. [ 204.264751][ T9400] openvswitch: netlink: VXLAN extension message has 2 unknown bytes. [ 204.320712][ T5147] Bluetooth: hci0: command 0x0401 tx timeout [ 204.321119][ T5845] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 204.819777][ T9414] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1128'. [ 206.140990][ T9455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1143'. [ 206.149954][ T9455] openvswitch: netlink: Tunnel attr 0 has unexpected len 16 expected 8 [ 206.857590][ T9486] can: request_module (can-proto-3) failed. [ 207.015967][ T9491] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1157'. [ 207.039640][ T9491] SET target dimension over the limit! [ 207.043746][ T9493] FAULT_INJECTION: forcing a failure. [ 207.043746][ T9493] name failslab, interval 1, probability 0, space 0, times 0 [ 207.090204][ T9493] CPU: 1 UID: 0 PID: 9493 Comm: syz.3.1156 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 207.090236][ T9493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 207.090249][ T9493] Call Trace: [ 207.090257][ T9493] [ 207.090265][ T9493] dump_stack_lvl+0x241/0x360 [ 207.090295][ T9493] ? __pfx_dump_stack_lvl+0x10/0x10 [ 207.090322][ T9493] ? __pfx__printk+0x10/0x10 [ 207.090355][ T9493] ? __kmalloc_cache_noprof+0x48/0x390 [ 207.090380][ T9493] ? __pfx___might_resched+0x10/0x10 [ 207.090411][ T9493] should_fail_ex+0x40a/0x550 [ 207.090440][ T9493] should_failslab+0xac/0x100 [ 207.090461][ T9493] __kmalloc_cache_noprof+0x70/0x390 [ 207.090483][ T9493] ? __xdp_reg_mem_model+0x1e3/0x620 [ 207.090513][ T9493] __xdp_reg_mem_model+0x1e3/0x620 [ 207.090544][ T9493] ? __pfx___xdp_reg_mem_model+0x10/0x10 [ 207.090575][ T9493] ? page_pool_create_percpu+0x73b/0xb70 [ 207.090611][ T9493] xdp_reg_mem_model+0x22/0x40 [ 207.090638][ T9493] bpf_test_run_xdp_live+0x32f/0x2230 [ 207.090661][ T9493] ? arch_stack_walk+0xfd/0x150 [ 207.090711][ T9493] ? __pfx_stack_trace_save+0x10/0x10 [ 207.090738][ T9493] ? stack_depot_save_flags+0x37/0x940 [ 207.090764][ T9493] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 207.090798][ T9493] ? mark_lock+0x9a/0x360 [ 207.090877][ T9493] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 207.090911][ T9493] ? __might_fault+0xc6/0x120 [ 207.090941][ T9493] ? _copy_from_user+0x95/0xb0 [ 207.090984][ T9493] ? bpf_test_init+0x15a/0x180 [ 207.091013][ T9493] ? xdp_convert_md_to_buff+0x5b/0x330 [ 207.091068][ T9493] bpf_prog_test_run_xdp+0x805/0x11e0 [ 207.091109][ T9493] ? __pfx_lock_release+0x10/0x10 [ 207.091148][ T9493] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 207.091184][ T9493] ? __fget_files+0x2a/0x410 [ 207.091210][ T9493] ? __fget_files+0x2a/0x410 [ 207.091238][ T9493] ? fput+0x21b/0x290 [ 207.091259][ T9493] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 207.091295][ T9493] bpf_prog_test_run+0x2e4/0x360 [ 207.091326][ T9493] __sys_bpf+0x48d/0x810 [ 207.091353][ T9493] ? __pfx___sys_bpf+0x10/0x10 [ 207.091392][ T9493] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 207.091424][ T9493] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 207.091455][ T9493] ? do_syscall_64+0x100/0x230 [ 207.091489][ T9493] __x64_sys_bpf+0x7c/0x90 [ 207.091513][ T9493] do_syscall_64+0xf3/0x230 [ 207.091542][ T9493] ? clear_bhb_loop+0x35/0x90 [ 207.091575][ T9493] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.091604][ T9493] RIP: 0033:0x7f5b92f8cde9 [ 207.091622][ T9493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 207.091640][ T9493] RSP: 002b:00007f5b93de1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 207.091663][ T9493] RAX: ffffffffffffffda RBX: 00007f5b931a5fa0 RCX: 00007f5b92f8cde9 [ 207.091679][ T9493] RDX: 0000000000000050 RSI: 0000400000000000 RDI: 000000000000000a [ 207.091692][ T9493] RBP: 00007f5b93de1090 R08: 0000000000000000 R09: 0000000000000000 [ 207.091705][ T9493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 207.091716][ T9493] R13: 0000000000000000 R14: 00007f5b931a5fa0 R15: 00007fffa91e0988 [ 207.091747][ T9493] [ 207.963242][ T9509] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1164'. [ 208.149458][ T9517] netlink: 'syz.0.1169': attribute type 10 has an invalid length. [ 208.177466][ T9517] bond0: (slave wlan1): Enslaving as an active interface with a down link [ 208.346853][ T9527] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1173'. [ 208.895836][ T9556] netlink: 'syz.3.1181': attribute type 2 has an invalid length. [ 208.932294][ T9556] fþ²¹¥‰: entered promiscuous mode [ 209.538489][ T9575] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 209.561685][ T9577] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1191'. [ 209.570999][ T9577] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1191'. [ 209.990962][ T9591] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1196'. [ 210.445851][ T9599] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1200'. [ 210.476604][ T9599] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 210.503203][ T9599] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 210.640520][ T5845] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 210.647024][ T5845] Bluetooth: hci0: command 0x0401 tx timeout [ 211.650204][ T9627] sctp: [Deprecated]: syz.3.1209 (pid 9627) Use of int in maxseg socket option. [ 211.650204][ T9627] Use struct sctp_assoc_value instead [ 212.177892][ T9648] FAULT_INJECTION: forcing a failure. [ 212.177892][ T9648] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 212.182259][ T9644] syzkaller1: entered promiscuous mode [ 212.197923][ T9644] syzkaller1: entered allmulticast mode [ 212.224830][ T9648] CPU: 1 UID: 0 PID: 9648 Comm: syz.4.1217 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 212.224862][ T9648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 212.224875][ T9648] Call Trace: [ 212.224883][ T9648] [ 212.224892][ T9648] dump_stack_lvl+0x241/0x360 [ 212.224923][ T9648] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.224947][ T9648] ? __pfx__printk+0x10/0x10 [ 212.224984][ T9648] ? __lock_acquire+0x1397/0x2100 [ 212.225023][ T9648] should_fail_ex+0x40a/0x550 [ 212.225053][ T9648] prepare_alloc_pages+0x1da/0x5b0 [ 212.225094][ T9648] __alloc_frozen_pages_noprof+0x16f/0x710 [ 212.225130][ T9648] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 212.225184][ T9648] alloc_pages_mpol+0x311/0x660 [ 212.225213][ T9648] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 212.225246][ T9648] vma_alloc_folio_noprof+0x12b/0x260 [ 212.225271][ T9648] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 212.225297][ T9648] ? do_raw_spin_unlock+0x13c/0x8b0 [ 212.225327][ T9648] folio_prealloc+0x2e/0x170 [ 212.225370][ T9648] do_wp_page+0x1253/0x49b0 [ 212.225421][ T9648] ? __pfx_do_wp_page+0x10/0x10 [ 212.225453][ T9648] ? __pfx_lock_acquire+0x10/0x10 [ 212.225479][ T9648] ? rcu_is_watching+0x15/0xb0 [ 212.225503][ T9648] ? do_raw_spin_lock+0x14f/0x370 [ 212.225526][ T9648] ? __pfx____pte_offset_map+0x10/0x10 [ 212.225556][ T9648] ? rcu_is_watching+0x15/0xb0 [ 212.225587][ T9648] __handle_mm_fault+0x24d5/0x70f0 [ 212.225612][ T9648] ? mark_lock+0x9a/0x360 [ 212.225673][ T9648] ? __pfx___handle_mm_fault+0x10/0x10 [ 212.225710][ T9648] ? mt_find+0x2a9/0x920 [ 212.225740][ T9648] ? __pfx_lock_release+0x10/0x10 [ 212.225781][ T9648] ? mt_find+0x2a9/0x920 [ 212.225811][ T9648] ? mt_find+0x6c8/0x920 [ 212.225841][ T9648] ? mt_find+0x2a9/0x920 [ 212.225873][ T9648] ? __pfx_mt_find+0x10/0x10 [ 212.225922][ T9648] ? find_vma+0xf9/0x170 [ 212.225947][ T9648] ? __pfx_find_vma+0x10/0x10 [ 212.225970][ T9648] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 212.226002][ T9648] handle_mm_fault+0x3e5/0x8d0 [ 212.226040][ T9648] exc_page_fault+0x2b9/0x8b0 [ 212.226073][ T9648] asm_exc_page_fault+0x26/0x30 [ 212.226100][ T9648] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 212.226124][ T9648] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 [ 212.226141][ T9648] RSP: 0018:ffffc900038b7638 EFLAGS: 00050202 [ 212.226160][ T9648] RAX: ffffffff84e62e01 RBX: 000040000000dc84 RCX: 00000000000001b5 [ 212.226175][ T9648] RDX: 0000000000000000 RSI: ffff8880606c0474 RDI: 000040000000e000 [ 212.226190][ T9648] RBP: ffffc900038b77b8 R08: ffff8880606c0628 R09: 1ffff1100c0d80c5 [ 212.226205][ T9648] R10: dffffc0000000000 R11: ffffed100c0d80c6 R12: 1ffff92000716fc3 [ 212.226220][ T9648] R13: ffffc900038b7e18 R14: 0000000000000531 R15: ffff8880606c00f8 [ 212.226244][ T9648] ? _copy_to_iter+0x1e1/0x1c50 [ 212.226282][ T9648] _copy_to_iter+0x267/0x1c50 [ 212.226313][ T9648] ? __virt_addr_valid+0x183/0x530 [ 212.226345][ T9648] ? __pfx_lock_release+0x10/0x10 [ 212.226372][ T9648] ? _copy_to_iter+0x1e1/0x1c50 [ 212.226415][ T9648] ? _copy_to_iter+0x267/0x1c50 [ 212.226445][ T9648] ? __pfx__copy_to_iter+0x10/0x10 [ 212.226477][ T9648] ? __virt_addr_valid+0x183/0x530 [ 212.226505][ T9648] ? __virt_addr_valid+0x183/0x530 [ 212.226532][ T9648] ? __virt_addr_valid+0x45f/0x530 [ 212.226578][ T9648] ? __check_object_size+0x47a/0x730 [ 212.226601][ T9648] __skb_datagram_iter+0x107/0x900 [ 212.226622][ T9648] ? __virt_addr_valid+0x183/0x530 [ 212.226648][ T9648] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 212.226670][ T9648] ? __check_object_size+0x47a/0x730 [ 212.226693][ T9648] __skb_datagram_iter+0x6e4/0x900 [ 212.226714][ T9648] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 212.226742][ T9648] skb_copy_datagram_iter+0xd1/0x250 [ 212.226766][ T9648] tipc_recvmsg+0x7ec/0x13c0 [ 212.226809][ T9648] ? __pfx_tipc_recvmsg+0x10/0x10 [ 212.226845][ T9648] ? __pfx___might_resched+0x10/0x10 [ 212.226867][ T9648] ? aa_sock_msg_perm+0x91/0x160 [ 212.226894][ T9648] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 212.226921][ T9648] ? __pfx_tipc_recvmsg+0x10/0x10 [ 212.226948][ T9648] sock_recvmsg+0x22f/0x280 [ 212.226976][ T9648] ____sys_recvmsg+0x1c6/0x480 [ 212.227003][ T9648] ? __pfx_____sys_recvmsg+0x10/0x10 [ 212.227044][ T9648] __sys_recvmsg+0x291/0x390 [ 212.227068][ T9648] ? __pfx___sys_recvmsg+0x10/0x10 [ 212.227100][ T9648] ? __fget_files+0x2a/0x410 [ 212.227135][ T9648] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 212.227162][ T9648] ? do_syscall_64+0x100/0x230 [ 212.227191][ T9648] ? do_syscall_64+0xb6/0x230 [ 212.227220][ T9648] do_syscall_64+0xf3/0x230 [ 212.227245][ T9648] ? clear_bhb_loop+0x35/0x90 [ 212.227274][ T9648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.227298][ T9648] RIP: 0033:0x7f264ab8cde9 [ 212.227314][ T9648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.227330][ T9648] RSP: 002b:00007f264b975038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 212.227349][ T9648] RAX: ffffffffffffffda RBX: 00007f264ada5fa0 RCX: 00007f264ab8cde9 [ 212.227362][ T9648] RDX: 0000000000000082 RSI: 0000400000000300 RDI: 0000000000000003 [ 212.227374][ T9648] RBP: 00007f264b975090 R08: 0000000000000000 R09: 0000000000000000 [ 212.227385][ T9648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 212.227405][ T9648] R13: 0000000000000000 R14: 00007f264ada5fa0 R15: 00007ffda8898ff8 [ 212.227433][ T9648] [ 212.806851][ T9650] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1218'. [ 212.891808][ T9654] netlink: 'syz.4.1219': attribute type 32 has an invalid length. [ 213.189165][ T9661] sctp: [Deprecated]: syz.0.1222 (pid 9661) Use of int in maxseg socket option. [ 213.189165][ T9661] Use struct sctp_assoc_value instead [ 213.408724][ T9669] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 213.424022][ T9669] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 213.593939][ T9679] FAULT_INJECTION: forcing a failure. [ 213.593939][ T9679] name failslab, interval 1, probability 0, space 0, times 0 [ 213.631181][ T9679] CPU: 0 UID: 0 PID: 9679 Comm: syz.0.1227 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 213.631213][ T9679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 213.631226][ T9679] Call Trace: [ 213.631234][ T9679] [ 213.631243][ T9679] dump_stack_lvl+0x241/0x360 [ 213.631282][ T9679] ? __pfx_dump_stack_lvl+0x10/0x10 [ 213.631304][ T9679] ? __pfx__printk+0x10/0x10 [ 213.631356][ T9679] ? __kmalloc_cache_noprof+0x48/0x390 [ 213.631395][ T9679] ? __pfx___might_resched+0x10/0x10 [ 213.631424][ T9679] should_fail_ex+0x40a/0x550 [ 213.631472][ T9679] should_failslab+0xac/0x100 [ 213.631495][ T9679] __kmalloc_cache_noprof+0x70/0x390 [ 213.631518][ T9679] ? sctp_stream_init_ext+0x56/0x180 [ 213.631546][ T9679] sctp_stream_init_ext+0x56/0x180 [ 213.631572][ T9679] sctp_sendmsg_to_asoc+0x12fd/0x1800 [ 213.631610][ T9679] ? __asan_memcpy+0x40/0x70 [ 213.631658][ T9679] ? sctp_assoc_add_peer+0xe3c/0x15c0 [ 213.631699][ T9679] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 213.631725][ T9679] ? sctp_connect_new_asoc+0x3fe/0x6c0 [ 213.631757][ T9679] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 213.631784][ T9679] ? sctp_sendmsg+0xbb9/0x3520 [ 213.631817][ T9679] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 213.631844][ T9679] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 213.631871][ T9679] sctp_sendmsg+0x1bc3/0x3520 [ 213.631914][ T9679] ? aa_sk_perm+0x96d/0xab0 [ 213.631939][ T9679] ? __pfx_sctp_sendmsg+0x10/0x10 [ 213.631973][ T9679] ? __pfx_aa_sk_perm+0x10/0x10 [ 213.632003][ T9679] ? inet_sendmsg+0x330/0x390 [ 213.632030][ T9679] __sock_sendmsg+0x1a6/0x270 [ 213.632059][ T9679] __sys_sendto+0x363/0x4c0 [ 213.632095][ T9679] ? __pfx___sys_sendto+0x10/0x10 [ 213.632138][ T9679] ? __fget_files+0x2a/0x410 [ 213.632170][ T9679] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 213.632201][ T9679] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 213.632240][ T9679] __x64_sys_sendto+0xde/0x100 [ 213.632279][ T9679] do_syscall_64+0xf3/0x230 [ 213.632309][ T9679] ? clear_bhb_loop+0x35/0x90 [ 213.632342][ T9679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.632369][ T9679] RIP: 0033:0x7fd214d8cde9 [ 213.632386][ T9679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.632404][ T9679] RSP: 002b:00007fd215c4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 213.632426][ T9679] RAX: ffffffffffffffda RBX: 00007fd214fa5fa0 RCX: 00007fd214d8cde9 [ 213.632441][ T9679] RDX: 0000000000000001 RSI: 00004000000000c0 RDI: 0000000000000003 [ 213.632454][ T9679] RBP: 00007fd215c4d090 R08: 0000400000000040 R09: 0000000000000010 [ 213.632468][ T9679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 213.632480][ T9679] R13: 0000000000000000 R14: 00007fd214fa5fa0 R15: 00007fff8c9ed9d8 [ 213.632511][ T9679] [ 214.014483][ T9684] netlink: 'syz.3.1231': attribute type 1 has an invalid length. [ 214.075089][ T9684] 8021q: adding VLAN 0 to HW filter on device bond3 [ 214.442302][ T9703] sctp: [Deprecated]: syz.2.1235 (pid 9703) Use of int in maxseg socket option. [ 214.442302][ T9703] Use struct sctp_assoc_value instead [ 214.980036][ T9720] ip6tnl1: entered allmulticast mode [ 215.954188][ T9765] FAULT_INJECTION: forcing a failure. [ 215.954188][ T9765] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 215.981247][ T9765] CPU: 0 UID: 0 PID: 9765 Comm: syz.2.1257 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 215.981282][ T9765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 215.981295][ T9765] Call Trace: [ 215.981303][ T9765] [ 215.981312][ T9765] dump_stack_lvl+0x241/0x360 [ 215.981342][ T9765] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.981365][ T9765] ? __pfx__printk+0x10/0x10 [ 215.981400][ T9765] ? __pfx_lock_release+0x10/0x10 [ 215.981437][ T9765] should_fail_ex+0x40a/0x550 [ 215.981466][ T9765] _copy_from_user+0x2d/0xb0 [ 215.981490][ T9765] copy_msghdr_from_user+0xae/0x680 [ 215.981522][ T9765] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 215.981547][ T9765] ? __fget_files+0x2a/0x410 [ 215.981573][ T9765] ? __fget_files+0x2a/0x410 [ 215.981604][ T9765] __sys_sendmsg+0x209/0x350 [ 215.981629][ T9765] ? __pfx___sys_sendmsg+0x10/0x10 [ 215.981661][ T9765] ? do_sys_openat2+0x17a/0x1d0 [ 215.981711][ T9765] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 215.981742][ T9765] ? do_syscall_64+0x100/0x230 [ 215.981776][ T9765] ? do_syscall_64+0xb6/0x230 [ 215.981808][ T9765] do_syscall_64+0xf3/0x230 [ 215.981837][ T9765] ? clear_bhb_loop+0x35/0x90 [ 215.981871][ T9765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.981899][ T9765] RIP: 0033:0x7f94bad8cde9 [ 215.981917][ T9765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.981936][ T9765] RSP: 002b:00007f94bbb7b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 215.981958][ T9765] RAX: ffffffffffffffda RBX: 00007f94bafa5fa0 RCX: 00007f94bad8cde9 [ 215.981974][ T9765] RDX: 0000000000000000 RSI: 0000400000000540 RDI: 0000000000000003 [ 215.981988][ T9765] RBP: 00007f94bbb7b090 R08: 0000000000000000 R09: 0000000000000000 [ 215.982008][ T9765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.982021][ T9765] R13: 0000000000000000 R14: 00007f94bafa5fa0 R15: 00007ffd9bdccef8 [ 215.982052][ T9765] [ 216.290463][ T9769] infiniband syz0: set down [ 216.295366][ T9769] infiniband syz0: added ipvlan1 [ 216.352039][ T9769] RDS/IB: syz0: added [ 216.356812][ T9769] smc: adding ib device syz0 with port count 1 [ 216.364924][ T9769] smc: ib device syz0 port 1 has pnetid [ 216.523104][ T9767] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.530456][ T9767] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.251468][ T9767] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.310666][ T9767] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.339440][ T9767] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.351371][ T9767] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.389303][ T9767] bond2: left promiscuous mode [ 217.401643][ T9767] bond2: left allmulticast mode [ 217.413667][ T9767] bond3: left promiscuous mode [ 217.426539][ T9767] bond3: left allmulticast mode [ 217.795929][ T9818] sctp: [Deprecated]: syz.2.1267 (pid 9818) Use of int in maxseg socket option. [ 217.795929][ T9818] Use struct sctp_assoc_value instead [ 218.049438][ T9826] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1270'. [ 219.637774][ T9865] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1284'. [ 220.286487][ T9883] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1291'. [ 223.434158][ T9974] netlink: 'syz.2.1315': attribute type 1 has an invalid length. [ 223.460642][ T9974] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1315'. [ 223.535197][ T9974] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1315'. [ 223.609872][ T9982] FAULT_INJECTION: forcing a failure. [ 223.609872][ T9982] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 223.677830][ T9982] CPU: 1 UID: 0 PID: 9982 Comm: syz.0.1320 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 223.677865][ T9982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 223.677879][ T9982] Call Trace: [ 223.677887][ T9982] [ 223.677896][ T9982] dump_stack_lvl+0x241/0x360 [ 223.677927][ T9982] ? __pfx_dump_stack_lvl+0x10/0x10 [ 223.677950][ T9982] ? __pfx__printk+0x10/0x10 [ 223.677987][ T9982] ? __pfx_lock_release+0x10/0x10 [ 223.678024][ T9982] should_fail_ex+0x40a/0x550 [ 223.678054][ T9982] _copy_from_user+0x2d/0xb0 [ 223.678076][ T9982] copy_msghdr_from_user+0xae/0x680 [ 223.678109][ T9982] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 223.678134][ T9982] ? __fget_files+0x2a/0x410 [ 223.678160][ T9982] ? __fget_files+0x2a/0x410 [ 223.678192][ T9982] __sys_sendmsg+0x209/0x350 [ 223.678218][ T9982] ? __pfx___sys_sendmsg+0x10/0x10 [ 223.678250][ T9982] ? do_sys_openat2+0x17a/0x1d0 [ 223.678301][ T9982] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 223.678332][ T9982] ? do_syscall_64+0x100/0x230 [ 223.678366][ T9982] ? do_syscall_64+0xb6/0x230 [ 223.678405][ T9982] do_syscall_64+0xf3/0x230 [ 223.678435][ T9982] ? clear_bhb_loop+0x35/0x90 [ 223.678468][ T9982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.678497][ T9982] RIP: 0033:0x7fd214d8cde9 [ 223.678515][ T9982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.678533][ T9982] RSP: 002b:00007fd215c4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 223.678556][ T9982] RAX: ffffffffffffffda RBX: 00007fd214fa5fa0 RCX: 00007fd214d8cde9 [ 223.678572][ T9982] RDX: 0000000000004886 RSI: 0000400000000240 RDI: 0000000000000003 [ 223.678586][ T9982] RBP: 00007fd215c4d090 R08: 0000000000000000 R09: 0000000000000000 [ 223.678599][ T9982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 223.678612][ T9982] R13: 0000000000000000 R14: 00007fd214fa5fa0 R15: 00007fff8c9ed9d8 [ 223.678643][ T9982] [ 224.243953][ T9998] vlan1: mtu greater than device maximum [ 225.343784][T10049] syzkaller1: entered promiscuous mode [ 225.369845][T10049] syzkaller1: entered allmulticast mode [ 225.370217][T10053] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1339'. [ 225.397254][T10053] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1339'. [ 225.411437][T10059] netlink: 'syz.2.1337': attribute type 1 has an invalid length. [ 225.419425][T10059] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1337'. [ 225.441595][T10059] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1337'. [ 225.477954][T10049] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.510790][T10049] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.565618][T10049] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.618504][T10049] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.892997][T10070] FAULT_INJECTION: forcing a failure. [ 225.892997][T10070] name failslab, interval 1, probability 0, space 0, times 0 [ 225.932334][T10076] netlink: 'syz.2.1343': attribute type 30 has an invalid length. [ 225.951332][T10070] CPU: 0 UID: 0 PID: 10070 Comm: syz.1.1342 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 225.951364][T10070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 225.951378][T10070] Call Trace: [ 225.951385][T10070] [ 225.951395][T10070] dump_stack_lvl+0x241/0x360 [ 225.951426][T10070] ? __pfx_dump_stack_lvl+0x10/0x10 [ 225.951449][T10070] ? __pfx__printk+0x10/0x10 [ 225.951498][T10070] should_fail_ex+0x40a/0x550 [ 225.951529][T10070] should_failslab+0xac/0x100 [ 225.951554][T10070] __kmalloc_cache_noprof+0x70/0x390 [ 225.951577][T10070] ? sctp_add_bind_addr+0x89/0x3a0 [ 225.951606][T10070] sctp_add_bind_addr+0x89/0x3a0 [ 225.951636][T10070] sctp_copy_local_addr_list+0x311/0x500 [ 225.951663][T10070] ? sctp_copy_local_addr_list+0xab/0x500 [ 225.951689][T10070] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 225.951716][T10070] ? sctp_v6_is_any+0x60/0x70 [ 225.951754][T10070] sctp_bind_addr_copy+0xad/0x3b0 [ 225.951778][T10070] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 225.951817][T10070] sctp_connect_new_asoc+0x2f3/0x6c0 [ 225.951851][T10070] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 225.951880][T10070] ? sctp_sendmsg+0xbb9/0x3520 [ 225.951914][T10070] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 225.951942][T10070] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 225.951970][T10070] sctp_sendmsg+0x219a/0x3520 [ 225.952018][T10070] ? __pfx_sctp_sendmsg+0x10/0x10 [ 225.952054][T10070] ? __pfx_aa_sk_perm+0x10/0x10 [ 225.952087][T10070] ? inet_sendmsg+0x330/0x390 [ 225.952116][T10070] __sock_sendmsg+0x1a6/0x270 [ 225.952147][T10070] ____sys_sendmsg+0x52a/0x7e0 [ 225.952185][T10070] ? __pfx_____sys_sendmsg+0x10/0x10 [ 225.952217][T10070] ? __fget_files+0x2a/0x410 [ 225.952244][T10070] ? __fget_files+0x2a/0x410 [ 225.952278][T10070] __sys_sendmmsg+0x36a/0x720 [ 225.952311][T10070] ? __pfx___sys_sendmmsg+0x10/0x10 [ 225.952346][T10070] ? __pfx_lock_release+0x10/0x10 [ 225.952374][T10070] ? kstrtouint_from_user+0x128/0x190 [ 225.952430][T10070] ? ksys_write+0x22a/0x2b0 [ 225.952458][T10070] ? __pfx_lock_release+0x10/0x10 [ 225.952494][T10070] ? sb_end_write+0xe9/0x1c0 [ 225.952518][T10070] ? vfs_write+0x7fa/0xd10 [ 225.952548][T10070] ? __mutex_unlock_slowpath+0x227/0x800 [ 225.952610][T10070] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 225.952643][T10070] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 225.952674][T10070] ? do_syscall_64+0x100/0x230 [ 225.952708][T10070] __x64_sys_sendmmsg+0xa0/0xb0 [ 225.952732][T10070] do_syscall_64+0xf3/0x230 [ 225.952762][T10070] ? clear_bhb_loop+0x35/0x90 [ 225.952796][T10070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.952825][T10070] RIP: 0033:0x7f9d7d18cde9 [ 225.952843][T10070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.952861][T10070] RSP: 002b:00007f9d7df5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 225.952884][T10070] RAX: ffffffffffffffda RBX: 00007f9d7d3a5fa0 RCX: 00007f9d7d18cde9 [ 225.952899][T10070] RDX: 0000000000000001 RSI: 0000400000001bc0 RDI: 0000000000000003 [ 225.952913][T10070] RBP: 00007f9d7df5b090 R08: 0000000000000000 R09: 0000000000000000 [ 225.952926][T10070] R10: 000000000004c040 R11: 0000000000000246 R12: 0000000000000002 [ 225.952940][T10070] R13: 0000000000000000 R14: 00007f9d7d3a5fa0 R15: 00007ffd7ac4bae8 [ 225.952972][T10070] [ 227.551428][T10120] netlink: 'syz.4.1355': attribute type 11 has an invalid length. [ 227.736428][T10136] FAULT_INJECTION: forcing a failure. [ 227.736428][T10136] name failslab, interval 1, probability 0, space 0, times 0 [ 227.776257][T10136] CPU: 0 UID: 0 PID: 10136 Comm: syz.3.1357 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 227.776289][T10136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 227.776302][T10136] Call Trace: [ 227.776310][T10136] [ 227.776319][T10136] dump_stack_lvl+0x241/0x360 [ 227.776350][T10136] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.776371][T10136] ? __pfx__printk+0x10/0x10 [ 227.776406][T10136] ? fs_reclaim_acquire+0x93/0x130 [ 227.776437][T10136] ? __pfx___might_resched+0x10/0x10 [ 227.776460][T10136] ? dynamic_dname+0x141/0x1b0 [ 227.776491][T10136] should_fail_ex+0x40a/0x550 [ 227.776520][T10136] should_failslab+0xac/0x100 [ 227.776543][T10136] __kmalloc_noprof+0xdd/0x4c0 [ 227.776566][T10136] ? tomoyo_encode+0x26f/0x540 [ 227.776602][T10136] tomoyo_encode+0x26f/0x540 [ 227.776634][T10136] ? __pfx_sockfs_dname+0x10/0x10 [ 227.776664][T10136] tomoyo_realpath_from_path+0x59e/0x5e0 [ 227.776707][T10136] tomoyo_path_number_perm+0x236/0x860 [ 227.776733][T10136] ? __lock_acquire+0x1397/0x2100 [ 227.776764][T10136] ? tomoyo_path_number_perm+0x206/0x860 [ 227.776794][T10136] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 227.776863][T10136] ? __fget_files+0x2a/0x410 [ 227.776890][T10136] ? __fget_files+0x2a/0x410 [ 227.776919][T10136] security_file_ioctl+0xc6/0x2a0 [ 227.776948][T10136] __se_sys_ioctl+0x46/0x170 [ 227.776978][T10136] do_syscall_64+0xf3/0x230 [ 227.777019][T10136] ? clear_bhb_loop+0x35/0x90 [ 227.777052][T10136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.777080][T10136] RIP: 0033:0x7f5b92f8cde9 [ 227.777100][T10136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.777118][T10136] RSP: 002b:00007f5b93de1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 227.777141][T10136] RAX: ffffffffffffffda RBX: 00007f5b931a5fa0 RCX: 00007f5b92f8cde9 [ 227.777157][T10136] RDX: 0000000000000000 RSI: 00000000000089ed RDI: 0000000000000003 [ 227.777170][T10136] RBP: 00007f5b93de1090 R08: 0000000000000000 R09: 0000000000000000 [ 227.777184][T10136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 227.777197][T10136] R13: 0000000000000000 R14: 00007f5b931a5fa0 R15: 00007fffa91e0988 [ 227.777228][T10136] [ 227.777431][T10136] ERROR: Out of memory at tomoyo_realpath_from_path. [ 228.102753][T10141] gtp0: entered promiscuous mode [ 228.404507][T10152] ip6tnl1: left allmulticast mode [ 230.251846][T10212] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1380'. [ 230.835733][T10234] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1387'. [ 230.897604][T10241] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1387'. [ 230.908543][T10234] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1387'. [ 230.911808][T10248] netlink: 'syz.1.1388': attribute type 1 has an invalid length. [ 230.925638][T10248] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1388'. [ 230.932064][T10241] x_tables: duplicate entry at hook 1 [ 230.957130][T10248] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1388'. [ 231.352994][T10263] netlink: 'syz.4.1394': attribute type 11 has an invalid length. [ 232.235955][T10294] netlink: 'syz.0.1402': attribute type 1 has an invalid length. [ 232.253523][T10296] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1405'. [ 232.294460][ T5884] IPVS: starting estimator thread 0... [ 232.306256][T10290] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 232.369505][T10294] bond3: entered promiscuous mode [ 232.375604][T10294] bond3: entered allmulticast mode [ 232.384274][T10293] tipc: Started in network mode [ 232.389587][T10293] tipc: Node identity 6, cluster identity 4711 [ 232.396311][T10298] IPVS: using max 23 ests per chain, 55200 per kthread [ 232.408546][T10293] tipc: Node number set to 6 [ 232.421979][T10296] FAULT_INJECTION: forcing a failure. [ 232.421979][T10296] name failslab, interval 1, probability 0, space 0, times 0 [ 232.442342][T10296] CPU: 1 UID: 0 PID: 10296 Comm: syz.3.1405 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 232.442375][T10296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 232.442400][T10296] Call Trace: [ 232.442408][T10296] [ 232.442416][T10296] dump_stack_lvl+0x241/0x360 [ 232.442448][T10296] ? __pfx_dump_stack_lvl+0x10/0x10 [ 232.442470][T10296] ? __pfx__printk+0x10/0x10 [ 232.442514][T10296] ? __kmalloc_cache_noprof+0x48/0x390 [ 232.442539][T10296] ? __pfx___might_resched+0x10/0x10 [ 232.442570][T10296] should_fail_ex+0x40a/0x550 [ 232.442600][T10296] should_failslab+0xac/0x100 [ 232.442623][T10296] __kmalloc_cache_noprof+0x70/0x390 [ 232.442644][T10296] ? netdevice_event+0x37d/0x950 [ 232.442680][T10296] netdevice_event+0x37d/0x950 [ 232.442712][T10296] ? __up_read+0x2c2/0x6b0 [ 232.442754][T10296] ? __pfx_netdevice_event+0x10/0x10 [ 232.442784][T10296] ? __pfx_del_netdev_ips+0x10/0x10 [ 232.442814][T10296] ? __pfx_is_eth_port_of_netdev_filter+0x10/0x10 [ 232.442847][T10296] ? __pfx_add_default_gids+0x10/0x10 [ 232.442876][T10296] ? __pfx_is_ndev_for_default_gid_filter+0x10/0x10 [ 232.442909][T10296] ? __pfx_add_netdev_ips+0x10/0x10 [ 232.442970][T10296] ? __pfx_is_eth_port_of_netdev_filter+0x10/0x10 [ 232.443002][T10296] ? cfg802154_netdev_notifier_call+0xde/0x910 [ 232.443042][T10296] notifier_call_chain+0x1a5/0x3f0 [ 232.443077][T10296] dev_set_mac_address+0x3d9/0x510 [ 232.443117][T10296] ? __pfx_dev_set_mac_address+0x10/0x10 [ 232.443149][T10296] ? down_write+0x18c/0x220 [ 232.443185][T10296] ? rcu_is_watching+0x15/0xb0 [ 232.443207][T10296] ? trace_kmalloc+0x1f/0xd0 [ 232.443227][T10296] ? __kmalloc_noprof+0x2a5/0x4c0 [ 232.443254][T10296] dev_set_mac_address_user+0x31/0x50 [ 232.443287][T10296] do_setlink+0x74b/0x4210 [ 232.443331][T10296] ? mark_lock+0x9a/0x360 [ 232.443365][T10296] ? __pfx_do_setlink+0x10/0x10 [ 232.443390][T10296] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 232.443423][T10296] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 232.443459][T10296] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 232.443484][T10296] ? lockdep_hardirqs_on+0x99/0x150 [ 232.443520][T10296] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 232.443546][T10296] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 232.443579][T10296] ? rcu_is_watching+0x15/0xb0 [ 232.443615][T10296] ? __mutex_lock+0xba3/0x1010 [ 232.443645][T10296] ? __mutex_lock+0x602/0x1010 [ 232.443680][T10296] ? rtnl_newlink+0xce2/0x2210 [ 232.443705][T10296] ? __pfx___mutex_lock+0x10/0x10 [ 232.443759][T10296] ? nla_strscpy+0x100/0x180 [ 232.443790][T10296] ? full_name_hash+0x93/0xe0 [ 232.443823][T10296] rtnl_newlink+0x1bb6/0x2210 [ 232.443861][T10296] ? __pfx_rtnl_newlink+0x10/0x10 [ 232.443884][T10296] ? __netlink_deliver_tap+0x56b/0x7f0 [ 232.443935][T10296] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 232.443968][T10296] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 232.444007][T10296] ? mark_lock+0x9a/0x360 [ 232.444042][T10296] ? __lock_acquire+0x1397/0x2100 [ 232.444108][T10296] ? __pfx_lock_release+0x10/0x10 [ 232.444154][T10296] ? __pfx_rtnl_newlink+0x10/0x10 [ 232.444181][T10296] rtnetlink_rcv_msg+0x791/0xcf0 [ 232.444204][T10296] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 232.444233][T10296] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 232.444267][T10296] ? ref_tracker_free+0x643/0x7e0 [ 232.444301][T10296] netlink_rcv_skb+0x1e3/0x430 [ 232.444324][T10296] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 232.444350][T10296] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 232.444397][T10296] ? netlink_deliver_tap+0x2e/0x1b0 [ 232.444422][T10296] netlink_unicast+0x7f6/0x990 [ 232.444464][T10296] ? __pfx_netlink_unicast+0x10/0x10 [ 232.444504][T10296] ? __virt_addr_valid+0x45f/0x530 [ 232.444537][T10296] ? __phys_addr_symbol+0x2f/0x70 [ 232.444569][T10296] ? __check_object_size+0x47a/0x730 [ 232.444595][T10296] netlink_sendmsg+0x8e4/0xcb0 [ 232.444631][T10296] ? __pfx_netlink_sendmsg+0x10/0x10 [ 232.444658][T10296] ? aa_sock_msg_perm+0x91/0x160 [ 232.444694][T10296] ? __pfx_netlink_sendmsg+0x10/0x10 [ 232.444714][T10296] __sock_sendmsg+0x221/0x270 [ 232.444744][T10296] ____sys_sendmsg+0x52a/0x7e0 [ 232.444775][T10296] ? __pfx_____sys_sendmsg+0x10/0x10 [ 232.444806][T10296] ? __fget_files+0x2a/0x410 [ 232.444833][T10296] ? __fget_files+0x2a/0x410 [ 232.444867][T10296] __sys_sendmsg+0x269/0x350 [ 232.444894][T10296] ? __pfx___sys_sendmsg+0x10/0x10 [ 232.444930][T10296] ? do_sys_openat2+0x17a/0x1d0 [ 232.444996][T10296] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 232.445026][T10296] ? do_syscall_64+0x100/0x230 [ 232.445059][T10296] ? do_syscall_64+0xb6/0x230 [ 232.445090][T10296] do_syscall_64+0xf3/0x230 [ 232.445119][T10296] ? clear_bhb_loop+0x35/0x90 [ 232.445152][T10296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.445179][T10296] RIP: 0033:0x7f5b92f8cde9 [ 232.445197][T10296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.445215][T10296] RSP: 002b:00007f5b93de1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 232.445237][T10296] RAX: ffffffffffffffda RBX: 00007f5b931a5fa0 RCX: 00007f5b92f8cde9 [ 232.445253][T10296] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 000000000000000b [ 232.445266][T10296] RBP: 00007f5b93de1090 R08: 0000000000000000 R09: 0000000000000000 [ 232.445279][T10296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 232.445291][T10296] R13: 0000000000000000 R14: 00007f5b931a5fa0 R15: 00007fffa91e0988 [ 232.445323][T10296] [ 232.446797][T10296] vlan0: entered promiscuous mode [ 232.575685][T10305] netlink: 'syz.4.1407': attribute type 126 has an invalid length. [ 232.581449][T10296] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 232.595934][T10305] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1407'. [ 233.172053][T10310] openvswitch: netlink: Multiple metadata blocks provided [ 233.331862][T10318] netlink: 'syz.3.1408': attribute type 10 has an invalid length. [ 233.339753][T10318] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1408'. [ 233.400484][T10318] team0: entered promiscuous mode [ 233.436856][T10318] team_slave_0: entered promiscuous mode [ 233.455701][T10318] team_slave_1: entered promiscuous mode [ 233.464018][T10318] bridge0: port 3(team0) entered blocking state [ 233.474913][T10318] bridge0: port 3(team0) entered disabled state [ 233.483181][T10318] team0: entered allmulticast mode [ 233.488518][T10318] team_slave_0: entered allmulticast mode [ 233.499128][T10318] team_slave_1: entered allmulticast mode [ 233.507858][T10318] bridge0: port 3(team0) entered blocking state [ 233.514336][T10318] bridge0: port 3(team0) entered forwarding state [ 233.716639][T10335] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1420'. [ 233.942532][T10347] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 233.958198][T10338] syzkaller0: entered promiscuous mode [ 233.984830][T10338] syzkaller0: entered allmulticast mode [ 234.181160][T10360] sctp: [Deprecated]: syz.4.1425 (pid 10360) Use of int in maxseg socket option. [ 234.181160][T10360] Use struct sctp_assoc_value instead [ 236.137738][T10366] __nla_validate_parse: 3 callbacks suppressed [ 236.137759][T10366] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1429'. [ 236.398125][T10379] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1434'. [ 236.413315][T10379] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1434'. [ 236.493127][T10388] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1436'. [ 236.534175][T10388] FAULT_INJECTION: forcing a failure. [ 236.534175][T10388] name failslab, interval 1, probability 0, space 0, times 0 [ 236.570656][T10388] CPU: 1 UID: 0 PID: 10388 Comm: syz.2.1436 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 236.570689][T10388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 236.570703][T10388] Call Trace: [ 236.570710][T10388] [ 236.570719][T10388] dump_stack_lvl+0x241/0x360 [ 236.570749][T10388] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.570772][T10388] ? __pfx__printk+0x10/0x10 [ 236.570819][T10388] ? preempt_count_add+0x93/0x190 [ 236.570847][T10388] ? mark_lock+0x9a/0x360 [ 236.570882][T10388] should_fail_ex+0x40a/0x550 [ 236.570913][T10388] should_failslab+0xac/0x100 [ 236.570937][T10388] __kmalloc_noprof+0xdd/0x4c0 [ 236.570961][T10388] ? dev_prep_valid_name+0x3c2/0xa40 [ 236.570992][T10388] dev_prep_valid_name+0x3c2/0xa40 [ 236.571021][T10388] ? lockdep_init_map_type+0xa1/0x910 [ 236.571053][T10388] ? __pfx_dev_prep_valid_name+0x10/0x10 [ 236.571093][T10388] register_netdevice+0x542/0x1b10 [ 236.571134][T10388] ? net_generic+0x1f/0x240 [ 236.571171][T10388] ? vxlan_vni_in_use+0x3a5/0x3e0 [ 236.571203][T10388] ? __pfx_register_netdevice+0x10/0x10 [ 236.571237][T10388] ? vxlan_config_apply+0x54b/0x830 [ 236.571262][T10388] ? __asan_memcpy+0x40/0x70 [ 236.571290][T10388] ? vxlan_config_apply+0x54b/0x830 [ 236.571318][T10388] __vxlan_dev_create+0x3a7/0xa30 [ 236.571358][T10388] ? __pfx___vxlan_dev_create+0x10/0x10 [ 236.571406][T10388] vxlan_newlink+0xee/0x140 [ 236.571430][T10388] ? __pfx_vxlan_newlink+0x10/0x10 [ 236.571466][T10388] ? rtnl_create_link+0x91c/0xc20 [ 236.571501][T10388] ? __pfx_vxlan_newlink+0x10/0x10 [ 236.571524][T10388] rtnl_newlink_create+0x2ee/0xa40 [ 236.571562][T10388] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 236.571596][T10388] ? ns_capable+0x8a/0xf0 [ 236.571619][T10388] rtnl_newlink+0x1c7e/0x2210 [ 236.571654][T10388] ? __pfx_rtnl_newlink+0x10/0x10 [ 236.571678][T10388] ? __pfx_validate_chain+0x10/0x10 [ 236.571720][T10388] ? validate_chain+0x11e/0x5920 [ 236.571740][T10388] ? __pfx_lock_acquire+0x10/0x10 [ 236.571771][T10388] ? __pfx_lock_release+0x10/0x10 [ 236.571801][T10388] ? __pfx_validate_chain+0x10/0x10 [ 236.571830][T10388] ? mark_lock+0x9a/0x360 [ 236.571863][T10388] ? __lock_acquire+0x1397/0x2100 [ 236.571927][T10388] ? __pfx_lock_release+0x10/0x10 [ 236.571973][T10388] ? __pfx_rtnl_newlink+0x10/0x10 [ 236.571999][T10388] rtnetlink_rcv_msg+0x791/0xcf0 [ 236.572020][T10388] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 236.572045][T10388] ? __lock_acquire+0x1397/0x2100 [ 236.572076][T10388] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 236.572119][T10388] netlink_rcv_skb+0x1e3/0x430 [ 236.572140][T10388] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 236.572166][T10388] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 236.572211][T10388] ? netlink_deliver_tap+0x2e/0x1b0 [ 236.572235][T10388] netlink_unicast+0x7f6/0x990 [ 236.572277][T10388] ? __pfx_netlink_unicast+0x10/0x10 [ 236.572306][T10388] ? __virt_addr_valid+0x45f/0x530 [ 236.572339][T10388] ? __phys_addr_symbol+0x2f/0x70 [ 236.572370][T10388] ? __check_object_size+0x47a/0x730 [ 236.572397][T10388] netlink_sendmsg+0x8e4/0xcb0 [ 236.572432][T10388] ? __pfx_netlink_sendmsg+0x10/0x10 [ 236.572460][T10388] ? aa_sock_msg_perm+0x91/0x160 [ 236.572494][T10388] ? __pfx_netlink_sendmsg+0x10/0x10 [ 236.572515][T10388] __sock_sendmsg+0x221/0x270 [ 236.572545][T10388] ____sys_sendmsg+0x52a/0x7e0 [ 236.572575][T10388] ? __pfx_____sys_sendmsg+0x10/0x10 [ 236.572607][T10388] ? __fget_files+0x2a/0x410 [ 236.572633][T10388] ? __fget_files+0x2a/0x410 [ 236.572666][T10388] __sys_sendmsg+0x269/0x350 [ 236.572693][T10388] ? __pfx___sys_sendmsg+0x10/0x10 [ 236.572728][T10388] ? do_sys_openat2+0x17a/0x1d0 [ 236.572782][T10388] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 236.572820][T10388] ? do_syscall_64+0x100/0x230 [ 236.572853][T10388] ? do_syscall_64+0xb6/0x230 [ 236.572886][T10388] do_syscall_64+0xf3/0x230 [ 236.572916][T10388] ? clear_bhb_loop+0x35/0x90 [ 236.572950][T10388] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.572978][T10388] RIP: 0033:0x7f94bad8cde9 [ 236.572997][T10388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.573015][T10388] RSP: 002b:00007f94bbb7b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 236.573038][T10388] RAX: ffffffffffffffda RBX: 00007f94bafa5fa0 RCX: 00007f94bad8cde9 [ 236.573054][T10388] RDX: 0000000004008840 RSI: 0000400000000000 RDI: 0000000000000003 [ 236.573069][T10388] RBP: 00007f94bbb7b090 R08: 0000000000000000 R09: 0000000000000000 [ 236.573082][T10388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 236.573094][T10388] R13: 0000000000000000 R14: 00007f94bafa5fa0 R15: 00007ffd9bdccef8 [ 236.573126][T10388] [ 237.061327][T10393] netlink: 1284 bytes leftover after parsing attributes in process `syz.1.1437'. [ 237.070628][T10393] openvswitch: netlink: Message has 8 unknown bytes. [ 237.098225][T10393] FAULT_INJECTION: forcing a failure. [ 237.098225][T10393] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 237.111748][T10393] CPU: 1 UID: 0 PID: 10393 Comm: syz.1.1437 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 237.111778][T10393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 237.111791][T10393] Call Trace: [ 237.111798][T10393] [ 237.111807][T10393] dump_stack_lvl+0x241/0x360 [ 237.111837][T10393] ? __pfx_dump_stack_lvl+0x10/0x10 [ 237.111859][T10393] ? __pfx__printk+0x10/0x10 [ 237.111896][T10393] ? __pfx_lock_release+0x10/0x10 [ 237.111935][T10393] should_fail_ex+0x40a/0x550 [ 237.111963][T10393] _copy_from_iter+0x1e9/0x1c20 [ 237.111996][T10393] ? __virt_addr_valid+0x183/0x530 [ 237.112039][T10393] ? __alloc_skb+0x28f/0x440 [ 237.112069][T10393] ? __pfx__copy_from_iter+0x10/0x10 [ 237.112103][T10393] ? __virt_addr_valid+0x183/0x530 [ 237.112135][T10393] ? __virt_addr_valid+0x183/0x530 [ 237.112164][T10393] ? __virt_addr_valid+0x45f/0x530 [ 237.112196][T10393] ? __phys_addr_symbol+0x2f/0x70 [ 237.112227][T10393] ? __check_object_size+0x47a/0x730 [ 237.112253][T10393] netlink_sendmsg+0x73d/0xcb0 [ 237.112288][T10393] ? __pfx_netlink_sendmsg+0x10/0x10 [ 237.112315][T10393] ? aa_sock_msg_perm+0x91/0x160 [ 237.112349][T10393] ? __pfx_netlink_sendmsg+0x10/0x10 [ 237.112370][T10393] __sock_sendmsg+0x221/0x270 [ 237.112399][T10393] ____sys_sendmsg+0x52a/0x7e0 [ 237.112428][T10393] ? __pfx_____sys_sendmsg+0x10/0x10 [ 237.112460][T10393] ? __fget_files+0x2a/0x410 [ 237.112486][T10393] ? __fget_files+0x2a/0x410 [ 237.112517][T10393] __sys_sendmsg+0x269/0x350 [ 237.112544][T10393] ? __pfx___sys_sendmsg+0x10/0x10 [ 237.112577][T10393] ? do_sys_openat2+0x17a/0x1d0 [ 237.112627][T10393] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 237.112658][T10393] ? do_syscall_64+0x100/0x230 [ 237.112692][T10393] ? do_syscall_64+0xb6/0x230 [ 237.112735][T10393] do_syscall_64+0xf3/0x230 [ 237.112764][T10393] ? clear_bhb_loop+0x35/0x90 [ 237.112798][T10393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.112826][T10393] RIP: 0033:0x7f9d7d18cde9 [ 237.112845][T10393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.112863][T10393] RSP: 002b:00007f9d7df5b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 237.112886][T10393] RAX: ffffffffffffffda RBX: 00007f9d7d3a5fa0 RCX: 00007f9d7d18cde9 [ 237.112902][T10393] RDX: 0000000000000000 RSI: 0000400000000100 RDI: 0000000000000007 [ 237.112915][T10393] RBP: 00007f9d7df5b090 R08: 0000000000000000 R09: 0000000000000000 [ 237.112929][T10393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 237.112941][T10393] R13: 0000000000000000 R14: 00007f9d7d3a5fa0 R15: 00007ffd7ac4bae8 [ 237.112972][T10393] [ 237.543178][T10402] sctp: [Deprecated]: syz.0.1439 (pid 10402) Use of int in maxseg socket option. [ 237.543178][T10402] Use struct sctp_assoc_value instead [ 237.883471][T10418] openvswitch: netlink: Flow key attr not present in new flow. [ 238.099955][T10429] FAULT_INJECTION: forcing a failure. [ 238.099955][T10429] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 238.107207][T10430] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1449'. [ 238.121253][T10429] CPU: 1 UID: 0 PID: 10429 Comm: syz.2.1450 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 238.121290][T10429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 238.121305][T10429] Call Trace: [ 238.121313][T10429] [ 238.121323][T10429] dump_stack_lvl+0x241/0x360 [ 238.121355][T10429] ? __pfx_dump_stack_lvl+0x10/0x10 [ 238.121379][T10429] ? __pfx__printk+0x10/0x10 [ 238.121418][T10429] ? __pfx_lock_release+0x10/0x10 [ 238.121459][T10429] should_fail_ex+0x40a/0x550 [ 238.121490][T10429] _copy_from_user+0x2d/0xb0 [ 238.121515][T10429] copy_msghdr_from_user+0xae/0x680 [ 238.121551][T10429] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 238.121578][T10429] ? __fget_files+0x2a/0x410 [ 238.121605][T10429] ? __fget_files+0x2a/0x410 [ 238.121638][T10429] __sys_sendmmsg+0x32b/0x720 [ 238.121673][T10429] ? __pfx___sys_sendmmsg+0x10/0x10 [ 238.121708][T10429] ? __pfx_lock_release+0x10/0x10 [ 238.121736][T10429] ? kstrtouint_from_user+0x128/0x190 [ 238.121798][T10429] ? ksys_write+0x22a/0x2b0 [ 238.121828][T10429] ? __pfx_lock_release+0x10/0x10 [ 238.121875][T10429] ? sb_end_write+0xe9/0x1c0 [ 238.121899][T10429] ? vfs_write+0x7fa/0xd10 [ 238.121931][T10429] ? __mutex_unlock_slowpath+0x227/0x800 [ 238.121993][T10429] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 238.122028][T10429] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 238.122060][T10429] ? do_syscall_64+0x100/0x230 [ 238.122096][T10429] __x64_sys_sendmmsg+0xa0/0xb0 [ 238.122120][T10429] do_syscall_64+0xf3/0x230 [ 238.122152][T10429] ? clear_bhb_loop+0x35/0x90 [ 238.122188][T10429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.122218][T10429] RIP: 0033:0x7f94bad8cde9 [ 238.122238][T10429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.122256][T10429] RSP: 002b:00007f94bbb7b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 238.122281][T10429] RAX: ffffffffffffffda RBX: 00007f94bafa5fa0 RCX: 00007f94bad8cde9 [ 238.122299][T10429] RDX: 0000000000000001 RSI: 000040000000bb00 RDI: 0000000000000003 [ 238.122313][T10429] RBP: 00007f94bbb7b090 R08: 0000000000000000 R09: 0000000000000000 [ 238.122326][T10429] R10: 0000000000004840 R11: 0000000000000246 R12: 0000000000000001 [ 238.122340][T10429] R13: 0000000000000000 R14: 00007f94bafa5fa0 R15: 00007ffd9bdccef8 [ 238.122374][T10429] [ 238.962150][T10454] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1455'. [ 239.006848][T10454] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1455'. [ 239.309280][T10467] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1460'. [ 239.338498][T10469] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1459'. [ 239.397100][ T9788] hid-generic 0005:046D:0008.0001: unknown main item tag 0x0 [ 239.411050][ T9788] hid-generic 0005:046D:0008.0001: hidraw0: BLUETOOTH HID v0.02 Device [syz1] on aa:aa:aa:aa:aa:aa [ 239.504206][T10472] x_tables: duplicate underflow at hook 3 [ 239.868893][T10486] FAULT_INJECTION: forcing a failure. [ 239.868893][T10486] name failslab, interval 1, probability 0, space 0, times 0 [ 239.901206][T10486] CPU: 0 UID: 0 PID: 10486 Comm: syz.3.1467 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 239.901242][T10486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 239.901255][T10486] Call Trace: [ 239.901262][T10486] [ 239.901272][T10486] dump_stack_lvl+0x241/0x360 [ 239.901304][T10486] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.901326][T10486] ? __pfx__printk+0x10/0x10 [ 239.901362][T10486] ? kmem_cache_alloc_noprof+0x48/0x380 [ 239.901386][T10486] ? __pfx___might_resched+0x10/0x10 [ 239.901418][T10486] should_fail_ex+0x40a/0x550 [ 239.901450][T10486] should_failslab+0xac/0x100 [ 239.901474][T10486] ? __kernfs_new_node+0xd8/0x870 [ 239.901493][T10486] kmem_cache_alloc_noprof+0x70/0x380 [ 239.901521][T10486] __kernfs_new_node+0xd8/0x870 [ 239.901539][T10486] ? mark_lock+0x9a/0x360 [ 239.901574][T10486] ? __lock_acquire+0x1397/0x2100 [ 239.901604][T10486] ? __pfx___kernfs_new_node+0x10/0x10 [ 239.901644][T10486] kernfs_new_node+0x137/0x240 [ 239.901666][T10486] kernfs_create_dir_ns+0x43/0x120 [ 239.901689][T10486] sysfs_create_dir_ns+0x189/0x3a0 [ 239.901726][T10486] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 239.901762][T10486] kobject_add_internal+0x435/0x8d0 [ 239.901799][T10486] kobject_add+0x152/0x220 [ 239.901825][T10486] ? __pfx_kobject_add+0x10/0x10 [ 239.901851][T10486] ? device_add+0x3e7/0xbf0 [ 239.901869][T10486] ? __pfx_kobject_add+0x10/0x10 [ 239.901897][T10486] ? kobject_init+0x83/0x1f0 [ 239.901926][T10486] ? get_device_parent+0x3dd/0x410 [ 239.901947][T10486] device_add+0x4e5/0xbf0 [ 239.901971][T10486] wiphy_register+0x1a58/0x27b0 [ 239.902006][T10486] ? __pfx_wiphy_register+0x10/0x10 [ 239.902026][T10486] ? minstrel_ht_alloc+0x72b/0x860 [ 239.902055][T10486] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 239.902084][T10486] ieee80211_register_hw+0x354e/0x4240 [ 239.902123][T10486] ? ieee80211_register_hw+0x1631/0x4240 [ 239.902157][T10486] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 239.902194][T10486] ? __asan_memset+0x23/0x50 [ 239.902217][T10486] ? __hrtimer_init+0x170/0x250 [ 239.902254][T10486] mac80211_hwsim_new_radio+0x2a9f/0x4aa0 [ 239.902316][T10486] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 239.902358][T10486] ? kstrndup+0x5c/0xb0 [ 239.902384][T10486] ? __asan_memcpy+0x40/0x70 [ 239.902415][T10486] hwsim_new_radio_nl+0xece/0x2290 [ 239.902454][T10486] ? __pfx___nla_validate_parse+0x10/0x10 [ 239.902484][T10486] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 239.902549][T10486] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 239.902586][T10486] genl_rcv_msg+0xb14/0xec0 [ 239.902642][T10486] ? __pfx_genl_rcv_msg+0x10/0x10 [ 239.902703][T10486] ? __pfx_lock_acquire+0x10/0x10 [ 239.902742][T10486] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 239.902774][T10486] ? __pfx___might_resched+0x10/0x10 [ 239.902812][T10486] netlink_rcv_skb+0x1e3/0x430 [ 239.902834][T10486] ? __pfx_genl_rcv_msg+0x10/0x10 [ 239.902864][T10486] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 239.902919][T10486] genl_rcv+0x28/0x40 [ 239.902943][T10486] netlink_unicast+0x7f6/0x990 [ 239.902986][T10486] ? __pfx_netlink_unicast+0x10/0x10 [ 239.903013][T10486] ? __virt_addr_valid+0x45f/0x530 [ 239.903047][T10486] ? __phys_addr_symbol+0x2f/0x70 [ 239.903079][T10486] ? __check_object_size+0x47a/0x730 [ 239.903106][T10486] netlink_sendmsg+0x8e4/0xcb0 [ 239.903143][T10486] ? __pfx_netlink_sendmsg+0x10/0x10 [ 239.903170][T10486] ? aa_sock_msg_perm+0x91/0x160 [ 239.903206][T10486] ? __pfx_netlink_sendmsg+0x10/0x10 [ 239.903227][T10486] __sock_sendmsg+0x221/0x270 [ 239.903259][T10486] ____sys_sendmsg+0x52a/0x7e0 [ 239.903292][T10486] ? __pfx_____sys_sendmsg+0x10/0x10 [ 239.903324][T10486] ? __fget_files+0x2a/0x410 [ 239.903351][T10486] ? __fget_files+0x2a/0x410 [ 239.903383][T10486] __sys_sendmsg+0x269/0x350 [ 239.903409][T10486] ? __pfx___sys_sendmsg+0x10/0x10 [ 239.903445][T10486] ? do_sys_openat2+0x17a/0x1d0 [ 239.903500][T10486] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 239.903532][T10486] ? do_syscall_64+0x100/0x230 [ 239.903567][T10486] ? do_syscall_64+0xb6/0x230 [ 239.903599][T10486] do_syscall_64+0xf3/0x230 [ 239.903629][T10486] ? clear_bhb_loop+0x35/0x90 [ 239.903663][T10486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.903690][T10486] RIP: 0033:0x7f5b92f8cde9 [ 239.903710][T10486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.903734][T10486] RSP: 002b:00007f5b93de1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 239.903757][T10486] RAX: ffffffffffffffda RBX: 00007f5b931a5fa0 RCX: 00007f5b92f8cde9 [ 239.903772][T10486] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000004 [ 239.903785][T10486] RBP: 00007f5b93de1090 R08: 0000000000000000 R09: 0000000000000000 [ 239.903798][T10486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 239.903810][T10486] R13: 0000000000000000 R14: 00007f5b931a5fa0 R15: 00007fffa91e0988 [ 239.903843][T10486] [ 239.903956][T10486] kobject: kobject_add_internal failed for phy15 (error: -12 parent: ieee80211) [ 240.019912][T10498] netlink: 'syz.1.1470': attribute type 2 has an invalid length. [ 240.477962][T10498] fþ²¹¥‰: entered promiscuous mode [ 241.095988][T10535] netlink: 'syz.0.1482': attribute type 10 has an invalid length. [ 241.120821][T10535] team0: entered promiscuous mode [ 241.144086][T10535] team_slave_0: entered promiscuous mode [ 241.149955][T10535] team_slave_1: entered promiscuous mode [ 241.179873][T10535] macvlan2: entered promiscuous mode [ 241.190279][T10535] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.480808][T10547] __nla_validate_parse: 5 callbacks suppressed [ 241.480832][T10547] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1488'. [ 241.611600][T10553] atomic_op ffff88805d5c6998 conn xmit_atomic 0000000000000000 [ 242.674443][T10588] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1501'. [ 242.913067][T10593] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1503'. [ 243.763174][T10631] netlink: 'syz.2.1512': attribute type 32 has an invalid length. [ 243.921000][ T5147] Bluetooth: hci4: command 0x0406 tx timeout [ 244.098552][T10633] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1513'. [ 244.316522][T10640] netlink: 'syz.0.1514': attribute type 1 has an invalid length. [ 244.474726][T10640] 8021q: adding VLAN 0 to HW filter on device bond4 [ 244.490232][T10647] bond4: (slave gretap2): making interface the new active one [ 244.560022][T10647] bond4: (slave gretap2): Enslaving as an active interface with an up link [ 245.222627][T10680] FAULT_INJECTION: forcing a failure. [ 245.222627][T10680] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 245.270718][T10680] CPU: 0 UID: 0 PID: 10680 Comm: syz.4.1527 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 245.270753][T10680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 245.270778][T10680] Call Trace: [ 245.270787][T10680] [ 245.270796][T10680] dump_stack_lvl+0x241/0x360 [ 245.270835][T10680] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.270858][T10680] ? __pfx__printk+0x10/0x10 [ 245.270894][T10680] ? __pfx_lock_release+0x10/0x10 [ 245.270932][T10680] should_fail_ex+0x40a/0x550 [ 245.270963][T10680] _copy_from_user+0x2d/0xb0 [ 245.270986][T10680] restore_sigcontext+0xd8/0x7d0 [ 245.271012][T10680] ? __pfx___might_resched+0x10/0x10 [ 245.271039][T10680] ? __might_fault+0xaa/0x120 [ 245.271068][T10680] ? __pfx_restore_sigcontext+0x10/0x10 [ 245.271123][T10680] ? __task_pid_nr_ns+0x28/0x450 [ 245.271161][T10680] __do_sys_rt_sigreturn+0x1b9/0x280 [ 245.271191][T10680] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 245.271219][T10680] ? do_syscall_64+0x100/0x230 [ 245.271253][T10680] ? do_syscall_64+0xb6/0x230 [ 245.271298][T10680] do_syscall_64+0xf3/0x230 [ 245.271326][T10680] ? clear_bhb_loop+0x35/0x90 [ 245.271358][T10680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.271386][T10680] RIP: 0033:0x7f264ab28fb9 [ 245.271403][T10680] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 245.271421][T10680] RSP: 002b:00007f264b974a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 245.271443][T10680] RAX: ffffffffffffffda RBX: 00007f264ada5fa0 RCX: 00007f264ab28fb9 [ 245.271458][T10680] RDX: 00007f264b974a80 RSI: 00007f264b974bb0 RDI: 0000000000000021 [ 245.271472][T10680] RBP: 00007f264b975090 R08: 0000000000000000 R09: 0000000000000000 [ 245.271485][T10680] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 245.271497][T10680] R13: 0000000000000000 R14: 00007f264ada5fa0 R15: 00007ffda8898ff8 [ 245.271527][T10680] [ 245.478640][T10683] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1529'. [ 245.489234][T10683] netlink: 'syz.1.1529': attribute type 2 has an invalid length. [ 245.578633][T10688] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 245.589287][T10683] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1529'. [ 245.764730][T10692] netlink: 'syz.3.1532': attribute type 21 has an invalid length. [ 245.775079][T10692] IPv6: NLM_F_CREATE should be specified when creating new route [ 245.790624][T10692] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 245.797936][T10692] IPv6: NLM_F_CREATE should be set when creating new route [ 245.805293][T10692] IPv6: NLM_F_CREATE should be set when creating new route [ 245.812615][T10692] IPv6: NLM_F_CREATE should be set when creating new route [ 245.925583][T10700] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1536'. [ 246.033237][T10702] xt_CT: No such helper "pptp" [ 246.184200][T10716] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1540'. [ 246.203834][T10712] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 246.231943][T10719] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 246.410186][T10724] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1543'. [ 246.898451][T10738] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1548'. [ 247.240266][T10749] FAULT_INJECTION: forcing a failure. [ 247.240266][T10749] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 247.280808][T10749] CPU: 0 UID: 0 PID: 10749 Comm: syz.2.1550 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 247.280864][T10749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 247.280877][T10749] Call Trace: [ 247.280885][T10749] [ 247.280893][T10749] dump_stack_lvl+0x241/0x360 [ 247.280922][T10749] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.280944][T10749] ? __pfx__printk+0x10/0x10 [ 247.280979][T10749] ? __pfx_lock_release+0x10/0x10 [ 247.281016][T10749] should_fail_ex+0x40a/0x550 [ 247.281062][T10749] _copy_from_user+0x2d/0xb0 [ 247.281085][T10749] copy_msghdr_from_user+0xae/0x680 [ 247.281119][T10749] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 247.281143][T10749] ? __fget_files+0x2a/0x410 [ 247.281169][T10749] ? __fget_files+0x2a/0x410 [ 247.281201][T10749] __sys_sendmsg+0x209/0x350 [ 247.281228][T10749] ? __pfx___sys_sendmsg+0x10/0x10 [ 247.281261][T10749] ? do_sys_openat2+0x17a/0x1d0 [ 247.281311][T10749] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 247.281342][T10749] ? do_syscall_64+0x100/0x230 [ 247.281376][T10749] ? do_syscall_64+0xb6/0x230 [ 247.281409][T10749] do_syscall_64+0xf3/0x230 [ 247.281438][T10749] ? clear_bhb_loop+0x35/0x90 [ 247.281471][T10749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.281499][T10749] RIP: 0033:0x7f94bad8cde9 [ 247.281518][T10749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.281535][T10749] RSP: 002b:00007f94bbb7b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 247.281559][T10749] RAX: ffffffffffffffda RBX: 00007f94bafa5fa0 RCX: 00007f94bad8cde9 [ 247.281574][T10749] RDX: 0000000000000000 RSI: 00004000000006c0 RDI: 0000000000000003 [ 247.281588][T10749] RBP: 00007f94bbb7b090 R08: 0000000000000000 R09: 0000000000000000 [ 247.281601][T10749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 247.281613][T10749] R13: 0000000000000000 R14: 00007f94bafa5fa0 R15: 00007ffd9bdccef8 [ 247.281643][T10749] [ 247.553472][T10755] FAULT_INJECTION: forcing a failure. [ 247.553472][T10755] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 247.563507][T10760] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1557'. [ 247.567095][T10755] CPU: 0 UID: 0 PID: 10755 Comm: syz.0.1555 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 247.567128][T10755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 247.567142][T10755] Call Trace: [ 247.567151][T10755] [ 247.567160][T10755] dump_stack_lvl+0x241/0x360 [ 247.567192][T10755] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.567217][T10755] ? __pfx__printk+0x10/0x10 [ 247.567266][T10755] should_fail_ex+0x40a/0x550 [ 247.567297][T10755] _copy_to_user+0x31/0xb0 [ 247.567323][T10755] ioctl_standard_iw_point+0x8f3/0xcb0 [ 247.567368][T10755] ? __pfx_cfg80211_wext_giwessid+0x10/0x10 [ 247.567395][T10755] ? __pfx_ioctl_standard_iw_point+0x10/0x10 [ 247.567425][T10755] ? __pfx___mutex_lock+0x10/0x10 [ 247.567466][T10755] ? __pfx_lock_release+0x10/0x10 [ 247.567494][T10755] ? full_name_hash+0x93/0xe0 [ 247.567523][T10755] ioctl_standard_call+0xbd/0x190 [ 247.567550][T10755] ? __pfx_cfg80211_wext_giwessid+0x10/0x10 [ 247.567574][T10755] ? __pfx_cfg80211_wext_giwessid+0x10/0x10 [ 247.567623][T10755] wext_ioctl_dispatch+0xe4/0x410 [ 247.567650][T10755] ? __pfx_ioctl_standard_call+0x10/0x10 [ 247.567681][T10755] wext_handle_ioctl+0x166/0x280 [ 247.567712][T10755] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 247.567758][T10755] sock_ioctl+0x17c/0x8e0 [ 247.567787][T10755] ? __pfx_sock_ioctl+0x10/0x10 [ 247.567813][T10755] ? __fget_files+0x2a/0x410 [ 247.567840][T10755] ? __fget_files+0x2a/0x410 [ 247.567869][T10755] ? __pfx_sock_ioctl+0x10/0x10 [ 247.567897][T10755] __se_sys_ioctl+0xf5/0x170 [ 247.567930][T10755] do_syscall_64+0xf3/0x230 [ 247.567962][T10755] ? clear_bhb_loop+0x35/0x90 [ 247.567996][T10755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.568027][T10755] RIP: 0033:0x7fd214d8cde9 [ 247.568048][T10755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.568069][T10755] RSP: 002b:00007fd215c4d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 247.568093][T10755] RAX: ffffffffffffffda RBX: 00007fd214fa5fa0 RCX: 00007fd214d8cde9 [ 247.568111][T10755] RDX: 0000400000000040 RSI: 0000000000008b1b RDI: 0000000000000005 [ 247.568127][T10755] RBP: 00007fd215c4d090 R08: 0000000000000000 R09: 0000000000000000 [ 247.568141][T10755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 247.568154][T10755] R13: 0000000000000000 R14: 00007fd214fa5fa0 R15: 00007fff8c9ed9d8 [ 247.568187][T10755] [ 248.477019][T10796] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1566'. [ 248.491880][T10798] netlink: 'syz.3.1567': attribute type 1 has an invalid length. [ 248.526600][T10798] 8021q: adding VLAN 0 to HW filter on device bond4 [ 248.772205][T10810] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1570'. [ 248.880985][T10813] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1571'. [ 248.925621][T10815] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1572'. [ 249.006844][T10818] netlink: 176 bytes leftover after parsing attributes in process `syz.4.1573'. [ 249.175380][T10823] netlink: 'syz.2.1575': attribute type 30 has an invalid length. [ 249.210964][T10823] FAULT_INJECTION: forcing a failure. [ 249.210964][T10823] name failslab, interval 1, probability 0, space 0, times 0 [ 249.264485][T10823] CPU: 0 UID: 0 PID: 10823 Comm: syz.2.1575 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 249.264521][T10823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 249.264535][T10823] Call Trace: [ 249.264543][T10823] [ 249.264552][T10823] dump_stack_lvl+0x241/0x360 [ 249.264585][T10823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 249.264609][T10823] ? __pfx__printk+0x10/0x10 [ 249.264653][T10823] ? __kmalloc_cache_noprof+0x48/0x390 [ 249.264680][T10823] ? __pfx___might_resched+0x10/0x10 [ 249.264711][T10823] should_fail_ex+0x40a/0x550 [ 249.264742][T10823] should_failslab+0xac/0x100 [ 249.264766][T10823] __kmalloc_cache_noprof+0x70/0x390 [ 249.264789][T10823] ? vxlan_vnigroup_init+0x52/0x110 [ 249.264824][T10823] vxlan_vnigroup_init+0x52/0x110 [ 249.264856][T10823] vxlan_init+0x82/0x430 [ 249.264884][T10823] register_netdevice+0x6d7/0x1b10 [ 249.264926][T10823] ? net_generic+0x1f/0x240 [ 249.264965][T10823] ? __pfx_register_netdevice+0x10/0x10 [ 249.265001][T10823] ? vxlan_config_apply+0x54b/0x830 [ 249.265036][T10823] ? __asan_memcpy+0x40/0x70 [ 249.265064][T10823] ? vxlan_config_apply+0x54b/0x830 [ 249.265091][T10823] __vxlan_dev_create+0x3a7/0xa30 [ 249.265130][T10823] ? __pfx___vxlan_dev_create+0x10/0x10 [ 249.265176][T10823] vxlan_newlink+0xee/0x140 [ 249.265200][T10823] ? __pfx_vxlan_newlink+0x10/0x10 [ 249.265234][T10823] ? rtnl_create_link+0x91c/0xc20 [ 249.265269][T10823] ? __pfx_vxlan_newlink+0x10/0x10 [ 249.265292][T10823] rtnl_newlink_create+0x2ee/0xa40 [ 249.265329][T10823] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 249.265364][T10823] ? ns_capable+0x8a/0xf0 [ 249.265391][T10823] rtnl_newlink+0x1c7e/0x2210 [ 249.265453][T10823] ? __pfx_rtnl_newlink+0x10/0x10 [ 249.265479][T10823] ? __pfx_validate_chain+0x10/0x10 [ 249.265522][T10823] ? validate_chain+0x11e/0x5920 [ 249.265542][T10823] ? __pfx_lock_acquire+0x10/0x10 [ 249.265575][T10823] ? __pfx_lock_release+0x10/0x10 [ 249.265606][T10823] ? __pfx_validate_chain+0x10/0x10 [ 249.265628][T10823] ? mark_lock+0x9a/0x360 [ 249.265670][T10823] ? __lock_acquire+0x1397/0x2100 [ 249.265734][T10823] ? __pfx_lock_release+0x10/0x10 [ 249.265780][T10823] ? __pfx_rtnl_newlink+0x10/0x10 [ 249.265807][T10823] rtnetlink_rcv_msg+0x791/0xcf0 [ 249.265830][T10823] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 249.265856][T10823] ? __lock_acquire+0x1397/0x2100 [ 249.265887][T10823] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 249.265931][T10823] netlink_rcv_skb+0x1e3/0x430 [ 249.265955][T10823] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 249.265982][T10823] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 249.266029][T10823] ? netlink_deliver_tap+0x2e/0x1b0 [ 249.266053][T10823] netlink_unicast+0x7f6/0x990 [ 249.266095][T10823] ? __pfx_netlink_unicast+0x10/0x10 [ 249.266125][T10823] ? __virt_addr_valid+0x45f/0x530 [ 249.266158][T10823] ? __phys_addr_symbol+0x2f/0x70 [ 249.266188][T10823] ? __check_object_size+0x47a/0x730 [ 249.266216][T10823] netlink_sendmsg+0x8e4/0xcb0 [ 249.266251][T10823] ? __pfx_netlink_sendmsg+0x10/0x10 [ 249.266279][T10823] ? aa_sock_msg_perm+0x91/0x160 [ 249.266315][T10823] ? __pfx_netlink_sendmsg+0x10/0x10 [ 249.266335][T10823] __sock_sendmsg+0x221/0x270 [ 249.266366][T10823] ____sys_sendmsg+0x52a/0x7e0 [ 249.266396][T10823] ? __pfx_____sys_sendmsg+0x10/0x10 [ 249.266429][T10823] ? __fget_files+0x2a/0x410 [ 249.266456][T10823] ? __fget_files+0x2a/0x410 [ 249.266489][T10823] __sys_sendmsg+0x269/0x350 [ 249.266516][T10823] ? __pfx___sys_sendmsg+0x10/0x10 [ 249.266552][T10823] ? do_sys_openat2+0x17a/0x1d0 [ 249.266606][T10823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 249.266644][T10823] ? do_syscall_64+0x100/0x230 [ 249.266679][T10823] ? do_syscall_64+0xb6/0x230 [ 249.266712][T10823] do_syscall_64+0xf3/0x230 [ 249.266743][T10823] ? clear_bhb_loop+0x35/0x90 [ 249.266777][T10823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.266805][T10823] RIP: 0033:0x7f94bad8cde9 [ 249.266825][T10823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.266844][T10823] RSP: 002b:00007f94bbb7b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 249.266867][T10823] RAX: ffffffffffffffda RBX: 00007f94bafa5fa0 RCX: 00007f94bad8cde9 [ 249.266883][T10823] RDX: 0000000004008840 RSI: 0000400000000000 RDI: 0000000000000003 [ 249.266897][T10823] RBP: 00007f94bbb7b090 R08: 0000000000000000 R09: 0000000000000000 [ 249.266910][T10823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 249.266923][T10823] R13: 0000000000000000 R14: 00007f94bafa5fa0 R15: 00007ffd9bdccef8 [ 249.266955][T10823] [ 249.812894][T10827] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1576'. [ 249.826653][T10823] Oops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN PTI [ 249.839288][T10823] KASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167] [ 249.847766][T10823] CPU: 1 UID: 0 PID: 10823 Comm: syz.2.1575 Not tainted 6.14.0-rc1-syzkaller-00303-g4e41231249f4 #0 [ 249.858554][T10823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 249.868640][T10823] RIP: 0010:vxlan_vnigroup_uninit+0xe0/0x4b0 [ 249.874659][T10823] Code: 00 74 08 48 89 df e8 2f 82 70 fb 48 8b 03 48 89 04 24 48 8d 98 60 01 00 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 02 82 70 fb 4c 8b 23 49 39 dc 0f 84 [ 249.894301][T10823] RSP: 0018:ffffc9000b58ecc8 EFLAGS: 00010202 [ 249.900406][T10823] RAX: 000000000000002c RBX: 0000000000000160 RCX: dffffc0000000000 [ 249.908405][T10823] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 249.916407][T10823] RBP: 00000000000a2001 R08: ffffffff89c3a276 R09: 1ffff920016b1d78 [ 249.924408][T10823] R10: dffffc0000000000 R11: fffff520016b1d79 R12: ffff88806782cef4 [ 249.932403][T10823] R13: ffff888067828000 R14: 1ffff1100cf059de R15: dffffc0000000000 [ 249.940403][T10823] FS: 00007f94bbb7b6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 249.949368][T10823] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 249.955979][T10823] CR2: 000040000000c2c0 CR3: 0000000029688000 CR4: 00000000003526f0 [ 249.963979][T10823] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 249.971977][T10823] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 249.979967][T10823] Call Trace: [ 249.983266][T10823] [ 249.986216][T10823] ? __die_body+0x5f/0xb0 [ 249.990588][T10823] ? die_addr+0xb0/0xe0 [ 249.994775][T10823] ? exc_general_protection+0x3dd/0x5d0 [ 250.000361][T10823] ? asm_exc_general_protection+0x26/0x30 [ 250.006112][T10823] ? lockdep_rtnl_is_held+0x26/0x40 [ 250.011357][T10823] ? vxlan_vnigroup_uninit+0xe0/0x4b0 [ 250.016755][T10823] ? vxlan_vnigroup_uninit+0x3e/0x4b0 [ 250.022155][T10823] ? notifier_call_chain+0x15a/0x3f0 [ 250.027450][T10823] vxlan_uninit+0x7f/0x3f0 [ 250.031873][T10823] ? __pfx_vxlan_uninit+0x10/0x10 [ 250.036920][T10823] unregister_netdevice_many_notify+0x19c4/0x2070 [ 250.043353][T10823] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 250.050119][T10823] ? vxlan_dellink+0x21e/0x290 [ 250.054896][T10823] ? __pfx_vxlan_dellink+0x10/0x10 [ 250.060023][T10823] ? __dev_change_flags+0x515/0x6f0 [ 250.065234][T10823] ? mutex_is_locked+0x17/0x50 [ 250.070010][T10823] rtnl_newlink_create+0x850/0xa40 [ 250.075138][T10823] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 250.080788][T10823] ? ns_capable+0x8a/0xf0 [ 250.085123][T10823] rtnl_newlink+0x1c7e/0x2210 [ 250.089810][T10823] ? __pfx_rtnl_newlink+0x10/0x10 [ 250.094839][T10823] ? __pfx_validate_chain+0x10/0x10 [ 250.100049][T10823] ? validate_chain+0x11e/0x5920 [ 250.104990][T10823] ? __pfx_lock_acquire+0x10/0x10 [ 250.110023][T10823] ? __pfx_lock_release+0x10/0x10 [ 250.115059][T10823] ? __pfx_validate_chain+0x10/0x10 [ 250.120259][T10823] ? mark_lock+0x9a/0x360 [ 250.124605][T10823] ? __lock_acquire+0x1397/0x2100 [ 250.129653][T10823] ? __pfx_lock_release+0x10/0x10 [ 250.134693][T10823] ? __pfx_rtnl_newlink+0x10/0x10 [ 250.139725][T10823] rtnetlink_rcv_msg+0x791/0xcf0 [ 250.144670][T10823] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 250.149799][T10823] ? __lock_acquire+0x1397/0x2100 [ 250.154832][T10823] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 250.160326][T10823] netlink_rcv_skb+0x1e3/0x430 [ 250.165109][T10823] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 250.170576][T10823] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 250.175872][T10823] ? netlink_deliver_tap+0x2e/0x1b0 [ 250.181076][T10823] netlink_unicast+0x7f6/0x990 [ 250.185856][T10823] ? __pfx_netlink_unicast+0x10/0x10 [ 250.191151][T10823] ? __virt_addr_valid+0x45f/0x530 [ 250.196275][T10823] ? __phys_addr_symbol+0x2f/0x70 [ 250.201323][T10823] ? __check_object_size+0x47a/0x730 [ 250.206625][T10823] netlink_sendmsg+0x8e4/0xcb0 [ 250.211399][T10823] ? __pfx_netlink_sendmsg+0x10/0x10 [ 250.216691][T10823] ? aa_sock_msg_perm+0x91/0x160 [ 250.221643][T10823] ? __pfx_netlink_sendmsg+0x10/0x10 [ 250.226930][T10823] __sock_sendmsg+0x221/0x270 [ 250.231618][T10823] ____sys_sendmsg+0x52a/0x7e0 [ 250.236405][T10823] ? __pfx_____sys_sendmsg+0x10/0x10 [ 250.241704][T10823] ? __fget_files+0x2a/0x410 [ 250.246296][T10823] ? __fget_files+0x2a/0x410 [ 250.250903][T10823] __sys_sendmsg+0x269/0x350 [ 250.255503][T10823] ? __pfx___sys_sendmsg+0x10/0x10 [ 250.260623][T10823] ? do_sys_openat2+0x17a/0x1d0 [ 250.265489][T10823] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 250.271829][T10823] ? do_syscall_64+0x100/0x230 [ 250.276604][T10823] ? do_syscall_64+0xb6/0x230 [ 250.281293][T10823] do_syscall_64+0xf3/0x230 [ 250.285815][T10823] ? clear_bhb_loop+0x35/0x90 [ 250.290508][T10823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.296414][T10823] RIP: 0033:0x7f94bad8cde9 [ 250.300836][T10823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.320469][T10823] RSP: 002b:00007f94bbb7b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 250.328899][T10823] RAX: ffffffffffffffda RBX: 00007f94bafa5fa0 RCX: 00007f94bad8cde9 [ 250.336876][T10823] RDX: 0000000004008840 RSI: 0000400000000000 RDI: 0000000000000003 [ 250.344869][T10823] RBP: 00007f94bbb7b090 R08: 0000000000000000 R09: 0000000000000000 [ 250.352861][T10823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 250.360838][T10823] R13: 0000000000000000 R14: 00007f94bafa5fa0 R15: 00007ffd9bdccef8 [ 250.368817][T10823] [ 250.371838][T10823] Modules linked in: [ 250.376763][T10823] ---[ end trace 0000000000000000 ]--- [ 250.410934][T10823] RIP: 0010:vxlan_vnigroup_uninit+0xe0/0x4b0 [ 250.417198][T10823] Code: 00 74 08 48 89 df e8 2f 82 70 fb 48 8b 03 48 89 04 24 48 8d 98 60 01 00 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 02 82 70 fb 4c 8b 23 49 39 dc 0f 84 [ 250.457825][T10789] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1563'. [ 250.464249][T10823] RSP: 0018:ffffc9000b58ecc8 EFLAGS: 00010202 [ 250.475793][T10789] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1563'. [ 250.495259][T10823] RAX: 000000000000002c RBX: 0000000000000160 RCX: dffffc0000000000 [ 250.517823][T10823] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 250.534354][T10823] RBP: 00000000000a2001 R08: ffffffff89c3a276 R09: 1ffff920016b1d78 [ 250.554219][T10823] R10: dffffc0000000000 R11: fffff520016b1d79 R12: ffff88806782cef4 [ 250.574046][T10823] R13: ffff888067828000 R14: 1ffff1100cf059de R15: dffffc0000000000 [ 250.586422][T10823] FS: 00007f94bbb7b6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 250.595758][T10823] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 250.602584][T10823] CR2: 0000001b30813ff8 CR3: 0000000029688000 CR4: 00000000003526f0 [ 250.611592][T10823] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 250.619712][T10823] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 250.628220][T10823] Kernel panic - not syncing: Fatal exception [ 250.634588][T10823] Kernel Offset: disabled [ 250.638935][T10823] Rebooting in 86400 seconds..