last executing test programs: 1.594023541s ago: executing program 1 (id=1576): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x4d0, 0x0, 0x25, 0x148, 0x340, 0x60, 0x438, 0x2a8, 0x2a8, 0x438, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x4}}, @common=@unspec=@statistic={{0x38}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x9, 0x8001}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x530) 1.44144261s ago: executing program 1 (id=1579): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r3, 0xffffffffffffffff, 0x26, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f00000002c0)=""/139, 0x8b}], 0x1}, 0x0) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000900)="19", 0x1}], 0x1}, 0x0) 1.322772587s ago: executing program 2 (id=1583): epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x1) 1.248499676s ago: executing program 1 (id=1585): r0 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x180000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) 1.203638091s ago: executing program 2 (id=1587): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) r1 = socket(0x10, 0x3, 0x6) r2 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}]}, 0x88}}, 0x20000000) 999.950084ms ago: executing program 2 (id=1591): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012800900010076657468"], 0x48}}, 0x0) 928.67241ms ago: executing program 3 (id=1593): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='br_fdb_add\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c000100000000000000000007000000", @ANYRES32=r3, @ANYBLOB="4000aa000a0002"], 0x28}}, 0x0) 847.979471ms ago: executing program 3 (id=1596): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x4, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000007c008500000022000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x900, 0x12) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x40, 0x0, &(0x7f0000000040)="e02742e8680d85ff9782762f86dd", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 796.706943ms ago: executing program 2 (id=1597): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x8000000000000000}, 0x18) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x42, 0x1}, 0x10) 740.238818ms ago: executing program 3 (id=1598): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x6}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r3, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000140)="be38", 0x2}], 0x1, &(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaac141400000000001400000000000000000000000700000007"], 0x38}, 0x0) 719.849793ms ago: executing program 4 (id=1599): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000000280)={&(0x7f00000001c0)=@id={0x1e, 0x3, 0x3, {0x4e23, 0x3}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000300)="2a4853c0194322637cdc1515174a17cd65e4db7b559ba97cef2802c42ee510571cc31594dd1c68fb34509c918a9a34b3c469d2b776272195df5e9d373a580c8d2ca49ea52f1ffb15c775c23df765fc6228a22e66d332bb91b5d1f0e8e1b8e05dd0a3b447f4559e4969dcba3942e6", 0x6e}, {&(0x7f0000000380)="b5b496e0dfd2a80ae4c4edf7dbb0ff9dbdd324ff1df7549a2ec89eec2dc7a3d1a345102ed8a4c038c6f076966dec8a0dcd5957720147e9ee18ec4d0976112290cc65b0a99f9060680ba8d5270b9b68ae5a2f88c2453130f3e00fad5a2ec17f564347b4c8e06d2ecf3e66efbfdd3a949d2910ed26b01734233d1ff893c861", 0x7e}, {&(0x7f0000000580)="0483f0a2c4108c00910f1db8e0c48f64641eb15a39d641650d606124df3e7228edf8540e8e7e7d4800c0acaa099091fa9c533bc9dc17ab98a52a086dc31e2bfc63a4defc495217ce51adb4826a14fc71e2cd3bc7", 0x54}], 0x3, &(0x7f0000000600)="7a369d3f6b64efe5644b3224edb72fde5d431d1ad8cbcfb6b472a0706fb67adc81df20ef2eaa5996a23d77e9100fda53c92814f09d156bd807a0512d9930e1e56b0c61974c0cd2247d7d0d4d9eddbd8fc1406792796997aced8d0df1c9ac83f02db06194c64400f9b8268be5f593a511a754d8f767799d024968247bccbf4c75144bdea683a05c7b893288c728912e45badb4d0b8b08967cc3a105c9a0b362c433f66babddca52d06352db70ce80954cf74e7e569233c4777fd4f49c70a9e58e39b4f4b56d4347d09780c5dea44b9df3b77af3e42a4ce702e0c374ba2f8027cf7e9f0ed5112244d640aadca4ab8d4739d2e07f418beb", 0xf6, 0x40810}, 0x20000041) 644.519614ms ago: executing program 2 (id=1601): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=@framed={{}, [@printk={@lli, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x2b00, 0x405, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 638.634389ms ago: executing program 4 (id=1602): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000fcb000), 0x4) setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000000000)=0xfffffffe, 0x4) socket$tipc(0x1e, 0x2, 0x0) 613.266167ms ago: executing program 3 (id=1603): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='page_pool_release\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000002c0)={r3}, 0x69) 512.715604ms ago: executing program 0 (id=1604): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket(0x840000000002, 0x3, 0xff) sendmmsg$inet(r2, &(0x7f0000000240)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000027c0)=[@ip_retopts={{0x10}}], 0x10}}], 0x1, 0x8044) 512.439248ms ago: executing program 2 (id=1605): getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000240)={0x0, &(0x7f0000000400)}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x7, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1}, 0x700) 512.344559ms ago: executing program 4 (id=1606): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='br_fdb_add\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c000100000000000000000007000000", @ANYRES32=r3, @ANYBLOB="4000aa000a0002"], 0x28}}, 0x0) 464.484987ms ago: executing program 3 (id=1607): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x5, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x8001000000000000, &(0x7f0000000840)=@base={0x1, 0x5, 0x2, 0xffff, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 445.58532ms ago: executing program 0 (id=1608): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) 373.030462ms ago: executing program 0 (id=1609): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x34, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_TX_USECS_LOW={0x8, 0x10, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000c817}, 0x0) 372.447756ms ago: executing program 4 (id=1610): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6c000000100003042cbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000003c00128009000100766c616e000000002c00028006000100000000001c0003800c00010000010000800000000c00010000000000ffffff7f0400048008000a00", @ANYRES32=r1, @ANYBLOB="08000500", @ANYRES32=r1], 0x6c}, 0x1, 0xba01}, 0x0) 276.731486ms ago: executing program 1 (id=1611): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000010c0)={0x24, r1, 0x1, 0x0, 0x0, {0xa}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}]}, 0x24}}, 0x0) 266.406422ms ago: executing program 4 (id=1612): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x7, 0x4, 0x18, 0xa042, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x18, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 254.065419ms ago: executing program 0 (id=1613): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x40002000}) sendto$inet(r0, 0x0, 0x0, 0x240007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 148.670211ms ago: executing program 1 (id=1614): r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000040c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000400000000000e1ff95000000000000002ba76bb3019c1341056bd8174b79603123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee00ba19ce670d25010000020000040000009fc40400d2532e764975f03f1cbf9b0a4def23d410f6accd3641110bec4e90a6341965dac05c04683712a0b09ec39e9ef8f6e396ad200a011ea665c45a3449abe802f5ab3e89cf40b858e217ce740068720000074e468eea3fcfcf498278ad15f5f87e1c26433a8acdc0e65888b2007f00000000000000000100000000000000010000000000000053350000000034a70c2ab40c7cf5691db43a5c00000000000000000000e75a89faff01210cce39bf405f1e846c1242000000000040cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d01000000520655a8056085f4d431623c850af895abba14f6fbd7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c30891e7d87a79d6fce424c2200af6cb784a1975fa657de38a3a32a4fd67ce446adb431d07db79240aca1dd9ba02450500000000000000e645f091231b986e77d05d988d6edc6f9b4eb883ec8f878300cabf2b5543ffc1bdb92618242852e6e8b3e56fefbfff81669557b3809d8c396d2c0361629d1822f722ec23812770d72cd0010000007889b8c7044f563a1f68d4efe895fdbc463f747c08f4010586903500000000000000e800000000000000000000000000000000000000003ddf4aa4b1c8b0a0ae6feb6737c275dc2740f742b5425f1d581961471cdb51f8940290e99ccff4123f955267fe4a75c11448741f064fe7ce7e62ee4df874e086287547d4099aeec9f1538ee25a2a5ccf4a9b604e88e12ff251845d0fff45bdbaeba4d4e3c6f7f623579435b2c505fb711300000000040000000000000000000000004c00e67ccc02148a4fb83021cce9f24f4b2f9492c32e7a92a557ac2b44b84e88bbf7611589906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd0294bea179b0433f5c899119ec0c0acef5385c5a2720caeb68f1e9c05b0591d89467ded84da092dea262e51811e2d7fa515722516bd5ef6cfa4966e5937562a5649a1a0000a042a7097ddefe0671a5767014b09b78f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32879d326497e21e041254f06bd7f3a067e147e82e841dba3867da8bfbc101d3960e07d282f483e7be49833f3c435f9700bc84680549f9eb16682ecb72277ffaca907a3eac4bfc8e0a47c0076d7cc9d32b3cc96aa751d890881c3c33bd91f6ecf45ab3f12f816318346f9b883427b9190024edc1eddd68f34ce3bfedb5fe5d7beae4d3ca561e37570587783f9673e7ab17f5a09efc1114777d2707d2996961203aedff1c5a87013b98649805216631e20d07dff3ae567ca0d38a828542625fc6096aedc0ac5c144f0965071274bea051007e398cf9090c53d4b8b7dc784e3d83b78b007a43d744aa99d6a7c576e20b4281eff511122ccb399bcef0a0471639c81aab7445cebfc9b00b31fcbaf63086b3c16f51b593acee0b3a4830dd6af1accb15cc6163cabc01442527aa10000000000000000a4ba25997affe74ec552bf9deafbd63e"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r1, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000a00)={r2}, 0x4) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r3, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x3, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}}}}}}, 0x0) 134.916469ms ago: executing program 0 (id=1615): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x39, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f6873720000000058000000160a0101000b000000000000010000000900020073797a32000000000900010073797a30000000002c000380180003801400010076657468305f746f5f687372000000000800024000440000080001"], 0xf8}, 0x1, 0x0, 0x0, 0x8000}, 0x40) 100.727554ms ago: executing program 3 (id=1616): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000001040)={'sit0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x64, 0x0, 0x0, 0x4, 0x0, @empty, @rand_addr=0x3}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000780)={'syztnl2\x00', &(0x7f0000000340)={'syztnl2\x00', r3, 0x7, 0x1, 0x8, 0x6, {{0x5, 0x4, 0x1, 0x3b, 0x14, 0x65, 0x0, 0xea, 0x2f, 0x0, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}) 44.745125ms ago: executing program 1 (id=1617): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f00000033c0)={0x2, 'geneve1\x00', 0x3}, 0x18) 35.451706ms ago: executing program 4 (id=1618): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x46, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='page_pool_release\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='page_pool_release\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000002c0)={r3}, 0x69) 0s ago: executing program 0 (id=1619): unshare(0x2040600) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x2101, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.61' (ED25519) to the list of known hosts. [ 66.746540][ T5819] cgroup: Unknown subsys name 'net' [ 66.877173][ T5819] cgroup: Unknown subsys name 'cpuset' [ 66.885608][ T5819] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 68.415923][ T5819] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.692249][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.704219][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.714227][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.722663][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.734462][ T5832] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 70.744267][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.765925][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.784256][ T5835] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.804440][ T5835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.815354][ T5835] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.824815][ T5835] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 70.832193][ T5835] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.845216][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.864951][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.884220][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.907904][ T5145] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.920093][ T5145] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 70.927478][ T5145] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.995526][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 71.003633][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 71.012797][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 71.020148][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 71.036446][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 71.043843][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 71.044340][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 71.062379][ T5841] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 71.070259][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 71.077817][ T3460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.086604][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 71.088231][ T3460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.103147][ T5145] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 71.112140][ T5145] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 71.171660][ T1336] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.190445][ T1336] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.268962][ T5829] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 71.284207][ T3460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.292068][ T3460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.342026][ T1336] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.355171][ T1336] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.418591][ T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.428268][ T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.494635][ T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.502510][ T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.521448][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.530805][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.556885][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.581176][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.593382][ T1336] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.619465][ T1336] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.703061][ T1336] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.729708][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.742637][ T1336] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.761100][ T5860] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6'. [ 71.764880][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.868576][ T5866] syz.1.2 uses obsolete (PF_INET,SOCK_PACKET) [ 71.962261][ T5872] netlink: 'syz.3.4': attribute type 1 has an invalid length. [ 71.970758][ T5872] netlink: 'syz.3.4': attribute type 2 has an invalid length. [ 72.157880][ T5877] ax25_connect(): syz.3.7 uses autobind, please contact jreuter@yaina.de [ 72.352293][ T5887] netlink: 32 bytes leftover after parsing attributes in process `syz.3.11'. [ 72.361930][ T5887] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11'. [ 72.405560][ T5887] netlink: 'syz.3.11': attribute type 21 has an invalid length. [ 72.413500][ T5887] netlink: 156 bytes leftover after parsing attributes in process `syz.3.11'. [ 72.530055][ T5892] netlink: 20 bytes leftover after parsing attributes in process `syz.3.13'. [ 72.785595][ T5145] Bluetooth: hci0: command tx timeout [ 72.892797][ T5903] netlink: 'syz.4.15': attribute type 4 has an invalid length. [ 72.903518][ T5903] netlink: 'syz.4.15': attribute type 4 has an invalid length. [ 72.944190][ T5145] Bluetooth: hci1: command tx timeout [ 73.026832][ T5145] Bluetooth: hci2: command tx timeout [ 73.104482][ T5145] Bluetooth: hci3: command tx timeout [ 73.185229][ T5145] Bluetooth: hci4: command tx timeout [ 73.385678][ T5916] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 73.413357][ T5912] netlink: 'syz.2.17': attribute type 1 has an invalid length. [ 73.487917][ T5916] xt_CT: No such helper "snmp" [ 73.493362][ T5925] netlink: 'syz.4.19': attribute type 1 has an invalid length. [ 73.822341][ T5931] netlink: 8 bytes leftover after parsing attributes in process `syz.2.22'. [ 74.174438][ T5941] Zero length message leads to an empty skb [ 74.265135][ T5947] sctp: [Deprecated]: syz.2.25 (pid 5947) Use of int in max_burst socket option deprecated. [ 74.265135][ T5947] Use struct sctp_assoc_value instead [ 74.311156][ T5943] netlink: 28 bytes leftover after parsing attributes in process `syz.2.25'. [ 74.561134][ T5965] netlink: 112 bytes leftover after parsing attributes in process `syz.2.29'. [ 74.777856][ T5974] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 74.867237][ T5145] Bluetooth: hci0: command tx timeout [ 75.021175][ T5983] netlink: 12 bytes leftover after parsing attributes in process `syz.2.35'. [ 75.030743][ T5145] Bluetooth: hci1: command tx timeout [ 75.103280][ T5992] warning: `syz.0.39' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 75.114897][ T5145] Bluetooth: hci2: command tx timeout [ 75.184236][ T5145] Bluetooth: hci3: command tx timeout [ 75.265846][ T5145] Bluetooth: hci4: command tx timeout [ 75.751680][ T6012] netlink: 32 bytes leftover after parsing attributes in process `syz.2.43'. [ 76.843868][ T6051] netlink: 84 bytes leftover after parsing attributes in process `syz.4.54'. [ 76.862341][ T6051] netlink: 24 bytes leftover after parsing attributes in process `syz.4.54'. [ 76.945197][ T5145] Bluetooth: hci0: command tx timeout [ 77.104326][ T5145] Bluetooth: hci1: command tx timeout [ 77.184101][ T5145] Bluetooth: hci2: command tx timeout [ 77.264754][ T5145] Bluetooth: hci3: command tx timeout [ 77.278149][ T6067] xt_recent: hitcount (4294967167) is larger than allowed maximum (65535) [ 77.291242][ T6070] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 77.322198][ T6069] netlink: 8 bytes leftover after parsing attributes in process `syz.1.60'. [ 77.344787][ T5145] Bluetooth: hci4: command tx timeout [ 77.378889][ T6070] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 77.428098][ T6074] netlink: 104 bytes leftover after parsing attributes in process `syz.4.64'. [ 77.439560][ T6075] netlink: 104 bytes leftover after parsing attributes in process `syz.4.64'. [ 77.701263][ T6084] gre0: entered promiscuous mode [ 77.765264][ T6090] trusted_key: syz.4.67 sent an empty control message without MSG_MORE. [ 77.996919][ T46] IPVS: starting estimator thread 0... [ 78.084456][ T6097] IPVS: using max 19 ests per chain, 45600 per kthread [ 78.293438][ T6105] netlink: 160 bytes leftover after parsing attributes in process `syz.3.70'. [ 78.311647][ T6105] netlink: 'syz.3.70': attribute type 1 has an invalid length. [ 78.519796][ T1320] IPVS: stop unused estimator thread 0... [ 78.692434][ T6119] netlink: 32 bytes leftover after parsing attributes in process `syz.2.73'. [ 78.724173][ T6119] netem: unknown loss type 13 [ 78.729126][ T6119] netem: change failed [ 78.746577][ T6121] netlink: 40 bytes leftover after parsing attributes in process `syz.4.75'. [ 78.975503][ T6135] netlink: 'syz.2.78': attribute type 8 has an invalid length. [ 79.025168][ T5145] Bluetooth: hci0: command tx timeout [ 79.029788][ T6137] netlink: 8 bytes leftover after parsing attributes in process `syz.2.78'. [ 79.184131][ T5145] Bluetooth: hci1: command tx timeout [ 79.265089][ T5145] Bluetooth: hci2: command tx timeout [ 79.344271][ T5145] Bluetooth: hci3: command tx timeout [ 79.425677][ T5145] Bluetooth: hci4: command tx timeout [ 79.492337][ T6147] netlink: 'syz.4.82': attribute type 10 has an invalid length. [ 79.583101][ T6124] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 79.931728][ T6165] netlink: 3 bytes leftover after parsing attributes in process `syz.1.86'. [ 80.012866][ T6165] batadv0: entered promiscuous mode [ 80.044237][ T6165] batadv0: entered allmulticast mode [ 80.497688][ T6180] netlink: 'syz.3.88': attribute type 1 has an invalid length. [ 80.640284][ T6183] bond0: entered promiscuous mode [ 80.645662][ T6183] bond0: entered allmulticast mode [ 81.104071][ T5145] Bluetooth: hci0: command 0x0401 tx timeout [ 81.321679][ T6217] IPVS: set_ctl: invalid protocol: 25965 114.121.46.101:30309 [ 81.556110][ T6229] netlink: 'syz.2.101': attribute type 5 has an invalid length. [ 82.002302][ T6245] netlink: 'syz.3.106': attribute type 1 has an invalid length. [ 82.675425][ T6257] xt_CONNSECMARK: invalid mode: 0 [ 82.836662][ T6262] bridge0: the hash_elasticity option has been deprecated and is always 16 [ 82.994310][ T6270] netlink: 'syz.3.114': attribute type 32 has an invalid length. [ 83.310384][ T6280] FAULT_INJECTION: forcing a failure. [ 83.310384][ T6280] name failslab, interval 1, probability 0, space 0, times 1 [ 83.344349][ T6280] CPU: 1 UID: 0 PID: 6280 Comm: syz.3.117 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 83.344378][ T6280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 83.344396][ T6280] Call Trace: [ 83.344404][ T6280] [ 83.344413][ T6280] dump_stack_lvl+0x241/0x360 [ 83.344458][ T6280] ? __pfx_dump_stack_lvl+0x10/0x10 [ 83.344489][ T6280] ? __pfx__printk+0x10/0x10 [ 83.344519][ T6280] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 83.344551][ T6280] ? __pfx___might_resched+0x10/0x10 [ 83.344587][ T6280] should_fail_ex+0x3b0/0x4e0 [ 83.344613][ T6280] should_failslab+0xac/0x100 [ 83.344644][ T6280] kmem_cache_alloc_node_noprof+0x77/0x380 [ 83.344674][ T6280] ? __alloc_skb+0x1c3/0x440 [ 83.344699][ T6280] __alloc_skb+0x1c3/0x440 [ 83.344725][ T6280] ? __pfx___alloc_skb+0x10/0x10 [ 83.344749][ T6280] ? netlink_autobind+0xd6/0x2f0 [ 83.344772][ T6280] ? netlink_autobind+0x2b0/0x2f0 [ 83.344801][ T6280] netlink_sendmsg+0x638/0xcb0 [ 83.344837][ T6280] ? __pfx_netlink_sendmsg+0x10/0x10 [ 83.344864][ T6280] ? aa_sock_msg_perm+0x91/0x160 [ 83.344892][ T6280] ? __pfx_netlink_sendmsg+0x10/0x10 [ 83.344914][ T6280] __sock_sendmsg+0x221/0x270 [ 83.344946][ T6280] ____sys_sendmsg+0x52a/0x7e0 [ 83.344979][ T6280] ? __pfx_____sys_sendmsg+0x10/0x10 [ 83.345001][ T6280] ? __fget_files+0x2a/0x410 [ 83.345034][ T6280] ? __fget_files+0x2a/0x410 [ 83.345072][ T6280] __sys_sendmsg+0x269/0x350 [ 83.345119][ T6280] ? __pfx___sys_sendmsg+0x10/0x10 [ 83.345170][ T6280] ? do_sys_openat2+0x17a/0x1d0 [ 83.345225][ T6280] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 83.345254][ T6280] ? do_syscall_64+0x100/0x230 [ 83.345295][ T6280] ? do_syscall_64+0xb6/0x230 [ 83.345317][ T6280] do_syscall_64+0xf3/0x230 [ 83.345337][ T6280] ? clear_bhb_loop+0x35/0x90 [ 83.345363][ T6280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.345391][ T6280] RIP: 0033:0x7fad3258cda9 [ 83.345413][ T6280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.345430][ T6280] RSP: 002b:00007fad333c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.345460][ T6280] RAX: ffffffffffffffda RBX: 00007fad327a5fa0 RCX: 00007fad3258cda9 [ 83.345475][ T6280] RDX: 0000000004040010 RSI: 00000000200012c0 RDI: 0000000000000003 [ 83.345488][ T6280] RBP: 00007fad333c1090 R08: 0000000000000000 R09: 0000000000000000 [ 83.345501][ T6280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 83.345513][ T6280] R13: 0000000000000000 R14: 00007fad327a5fa0 R15: 00007ffead2006c8 [ 83.345543][ T6280] [ 83.870537][ T6293] __nla_validate_parse: 3 callbacks suppressed [ 83.870557][ T6293] netlink: 8 bytes leftover after parsing attributes in process `syz.2.119'. [ 84.676305][ T6239] Set syz1 is full, maxelem 65536 reached [ 85.077556][ T6334] netlink: 12 bytes leftover after parsing attributes in process `syz.1.133'. [ 85.235064][ T6341] Cannot find add_set index 0 as target [ 85.254815][ T6341] Cannot find add_set index 0 as target [ 85.305043][ T6348] netlink: 16 bytes leftover after parsing attributes in process `syz.3.138'. [ 85.685515][ T6338] Bluetooth: MGMT ver 1.23 [ 85.715850][ T6338] netlink: 28 bytes leftover after parsing attributes in process `syz.2.134'. [ 86.217097][ T6384] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 86.259997][ T6384] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 86.444032][ T6403] netlink: 'syz.2.156': attribute type 1 has an invalid length. [ 86.493075][ T6400] netlink: 8 bytes leftover after parsing attributes in process `syz.0.158'. [ 86.526059][ T6407] netlink: 96 bytes leftover after parsing attributes in process `syz.4.157'. [ 86.545886][ T6411] netlink: 4 bytes leftover after parsing attributes in process `syz.0.158'. [ 86.573118][ T6403] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.848269][ T6424] netlink: 'syz.0.160': attribute type 10 has an invalid length. [ 86.869308][ T25] cfg80211: failed to load regulatory.db [ 86.889596][ T6415] bond0: (slave ip6gretap0): making interface the new active one [ 86.900820][ T6415] bond0: (slave ip6gretap0): Enslaving as an active interface with an up link [ 87.523068][ T6437] netlink: 44 bytes leftover after parsing attributes in process `syz.2.165'. [ 87.565884][ T6437] netlink: 43 bytes leftover after parsing attributes in process `syz.2.165'. [ 87.595600][ T6437] netlink: 'syz.2.165': attribute type 6 has an invalid length. [ 87.604451][ T6441] openvswitch: netlink: Multiple metadata blocks provided [ 87.634565][ T6437] netlink: 'syz.2.165': attribute type 5 has an invalid length. [ 87.642270][ T6437] netlink: 43 bytes leftover after parsing attributes in process `syz.2.165'. [ 87.736715][ T6446] : entered promiscuous mode [ 89.089547][ T6524] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 89.101104][ T6528] No such timeout policy "syz0" [ 89.244557][ T6533] __nla_validate_parse: 5 callbacks suppressed [ 89.244579][ T6533] netlink: 1280 bytes leftover after parsing attributes in process `syz.2.189'. [ 89.294153][ T6533] openvswitch: netlink: Flow actions attr not present in new flow. [ 89.363596][ T6517] netlink: 12 bytes leftover after parsing attributes in process `syz.4.185'. [ 89.417601][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.192'. [ 89.437359][ T6546] netlink: 'syz.0.191': attribute type 1 has an invalid length. [ 89.683351][ T6553] bridge1: entered promiscuous mode [ 89.692262][ T6553] bridge1: entered allmulticast mode [ 89.922762][ T6570] netlink: 'syz.1.202': attribute type 1 has an invalid length. [ 89.977398][ T6573] x_tables: duplicate underflow at hook 2 [ 90.171370][ T6582] Illegal XDP return value 96 on prog (id 67) dev N/A, expect packet loss! [ 90.203011][ T6587] netlink: 'syz.1.207': attribute type 21 has an invalid length. [ 90.231608][ T6587] netlink: 'syz.1.207': attribute type 6 has an invalid length. [ 90.254233][ T6587] netlink: 64 bytes leftover after parsing attributes in process `syz.1.207'. [ 90.258328][ T6588] netlink: 8 bytes leftover after parsing attributes in process `syz.3.206'. [ 90.596506][ T6604] netlink: 28 bytes leftover after parsing attributes in process `syz.0.210'. [ 90.608980][ T6604] netlink: 28 bytes leftover after parsing attributes in process `syz.0.210'. [ 90.806543][ T6619] netlink: 72 bytes leftover after parsing attributes in process `syz.1.213'. [ 90.815843][ T6619] netlink: 44 bytes leftover after parsing attributes in process `syz.1.213'. [ 90.825129][ T6619] netlink: 8 bytes leftover after parsing attributes in process `syz.1.213'. [ 91.278094][ T6643] No such timeout policy "syz0" [ 91.559502][ T6662] Cannot find set identified by id 0 to match [ 91.794657][ T6675] syzkaller1: entered promiscuous mode [ 91.800193][ T6675] syzkaller1: entered allmulticast mode [ 91.810791][ T6678] xt_cgroup: path and classid specified [ 91.861219][ T6659] bridge: RTM_NEWNEIGH with unconfigured vlan 4 on bridge0 [ 91.908841][ T6668] ip6t_srh: unknown srh match flags 4000 [ 92.056118][ T6693] ax25_connect(): syz.4.234 uses autobind, please contact jreuter@yaina.de [ 92.390275][ T6712] IPVS: set_ctl: invalid protocol: 51 255.255.255.255:20003 [ 92.398623][ T6712] raw_sendmsg: syz.4.238 forgot to set AF_INET. Fix it! [ 92.589772][ T6722] netlink: 'syz.4.241': attribute type 1 has an invalid length. [ 92.837338][ T6744] netlink: 'syz.0.248': attribute type 27 has an invalid length. [ 93.024229][ T6753] sit0: entered promiscuous mode [ 93.039205][ T6753] netlink: 'syz.1.250': attribute type 1 has an invalid length. [ 93.192524][ T6758] lo speed is unknown, defaulting to 1000 [ 93.374442][ T6758] lo speed is unknown, defaulting to 1000 [ 93.395687][ T6758] lo speed is unknown, defaulting to 1000 [ 93.506285][ T6773] xt_cluster: you have exceeded the maximum number of cluster nodes (261 > 32) [ 93.512010][ T6758] infiniband syz0: set active [ 93.520289][ T6758] infiniband syz0: added lo [ 93.561683][ T6758] RDS/IB: syz0: added [ 93.566418][ T6758] smc: adding ib device syz0 with port count 1 [ 93.572952][ T6758] smc: ib device syz0 port 1 has pnetid [ 93.593436][ T46] lo speed is unknown, defaulting to 1000 [ 93.603919][ T6758] lo speed is unknown, defaulting to 1000 [ 93.704602][ T25] lo speed is unknown, defaulting to 1000 [ 93.792543][ T6758] lo speed is unknown, defaulting to 1000 [ 93.926714][ T6791] FAULT_INJECTION: forcing a failure. [ 93.926714][ T6791] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 93.974069][ T6791] CPU: 1 UID: 0 PID: 6791 Comm: syz.2.259 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 93.974099][ T6791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 93.974111][ T6791] Call Trace: [ 93.974118][ T6791] [ 93.974127][ T6791] dump_stack_lvl+0x241/0x360 [ 93.974167][ T6791] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.974198][ T6791] ? __pfx__printk+0x10/0x10 [ 93.974230][ T6791] ? __pfx_lock_release+0x10/0x10 [ 93.974266][ T6791] should_fail_ex+0x3b0/0x4e0 [ 93.974293][ T6791] _copy_from_iter+0x1e9/0x1c20 [ 93.974321][ T6791] ? __virt_addr_valid+0x183/0x530 [ 93.974360][ T6791] ? __alloc_skb+0x28f/0x440 [ 93.974381][ T6791] ? __pfx__copy_from_iter+0x10/0x10 [ 93.974411][ T6791] ? __virt_addr_valid+0x183/0x530 [ 93.974437][ T6791] ? __virt_addr_valid+0x183/0x530 [ 93.974462][ T6791] ? __virt_addr_valid+0x45f/0x530 [ 93.974489][ T6791] ? __phys_addr_symbol+0x2f/0x70 [ 93.974516][ T6791] ? __check_object_size+0x47a/0x730 [ 93.974551][ T6791] netlink_sendmsg+0x73d/0xcb0 [ 93.974589][ T6791] ? __pfx_netlink_sendmsg+0x10/0x10 [ 93.974618][ T6791] ? aa_sock_msg_perm+0x91/0x160 [ 93.974647][ T6791] ? __pfx_netlink_sendmsg+0x10/0x10 [ 93.974669][ T6791] __sock_sendmsg+0x221/0x270 [ 93.974703][ T6791] ____sys_sendmsg+0x52a/0x7e0 [ 93.974736][ T6791] ? __pfx_____sys_sendmsg+0x10/0x10 [ 93.974758][ T6791] ? __fget_files+0x2a/0x410 [ 93.974792][ T6791] ? __fget_files+0x2a/0x410 [ 93.974832][ T6791] __sys_sendmsg+0x269/0x350 [ 93.974862][ T6791] ? __pfx___sys_sendmsg+0x10/0x10 [ 93.974900][ T6791] ? do_sys_openat2+0x17a/0x1d0 [ 93.974965][ T6791] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 93.974995][ T6791] ? do_syscall_64+0x100/0x230 [ 93.975019][ T6791] ? do_syscall_64+0xb6/0x230 [ 93.975041][ T6791] do_syscall_64+0xf3/0x230 [ 93.975061][ T6791] ? clear_bhb_loop+0x35/0x90 [ 93.975088][ T6791] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.975109][ T6791] RIP: 0033:0x7f6c3ef8cda9 [ 93.975128][ T6791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.975144][ T6791] RSP: 002b:00007f6c3fd8e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.975167][ T6791] RAX: ffffffffffffffda RBX: 00007f6c3f1a5fa0 RCX: 00007f6c3ef8cda9 [ 93.975182][ T6791] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 93.975194][ T6791] RBP: 00007f6c3fd8e090 R08: 0000000000000000 R09: 0000000000000000 [ 93.975206][ T6791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 93.975217][ T6791] R13: 0000000000000000 R14: 00007f6c3f1a5fa0 R15: 00007fff0ad4ec58 [ 93.975248][ T6791] [ 94.075105][ T6758] lo speed is unknown, defaulting to 1000 [ 94.418495][ T6758] lo speed is unknown, defaulting to 1000 [ 94.566868][ T6758] lo speed is unknown, defaulting to 1000 [ 94.753623][ T6758] lo speed is unknown, defaulting to 1000 [ 95.282630][ T6838] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048) [ 95.386279][ T6842] veth1: entered promiscuous mode [ 95.391372][ T6842] veth1: entered allmulticast mode [ 95.579081][ T6848] netlink: 'syz.0.275': attribute type 4 has an invalid length. [ 95.588823][ T6848] netlink: 'syz.0.275': attribute type 4 has an invalid length. [ 95.746764][ T6862] lo speed is unknown, defaulting to 1000 [ 95.754578][ T6864] __nla_validate_parse: 2 callbacks suppressed [ 95.754597][ T6864] netlink: 12 bytes leftover after parsing attributes in process `syz.1.281'. [ 95.887315][ T6872] netlink: 8 bytes leftover after parsing attributes in process `syz.3.282'. [ 95.968498][ T6875] netlink: 'syz.0.279': attribute type 21 has an invalid length. [ 95.984484][ T6875] netlink: 'syz.0.279': attribute type 6 has an invalid length. [ 96.024132][ T6875] netlink: 64 bytes leftover after parsing attributes in process `syz.0.279'. [ 96.065093][ T6879] netlink: 4 bytes leftover after parsing attributes in process `syz.3.285'. [ 96.084569][ T6879] netlink: 4 bytes leftover after parsing attributes in process `syz.3.285'. [ 96.196393][ T6883] netlink: 'syz.1.286': attribute type 4 has an invalid length. [ 96.214096][ T6883] netlink: 17 bytes leftover after parsing attributes in process `syz.1.286'. [ 96.226109][ T6885] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 96.337550][ T6891] syz.3.289: vmalloc error: size 16781312, failed to allocated page array size 32776, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 96.356851][ T6891] CPU: 1 UID: 0 PID: 6891 Comm: syz.3.289 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 96.356879][ T6891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 96.356891][ T6891] Call Trace: [ 96.356899][ T6891] [ 96.356907][ T6891] dump_stack_lvl+0x241/0x360 [ 96.356945][ T6891] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.356975][ T6891] ? __pfx__printk+0x10/0x10 [ 96.357008][ T6891] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 96.357048][ T6891] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 96.357084][ T6891] warn_alloc+0x278/0x410 [ 96.357113][ T6891] ? __pfx_warn_alloc+0x10/0x10 [ 96.357144][ T6891] ? xskq_create+0xb6/0x170 [ 96.357169][ T6891] ? __get_vm_area_node+0x1c8/0x2d0 [ 96.357190][ T6891] ? __get_vm_area_node+0x25c/0x2d0 [ 96.357217][ T6891] __vmalloc_node_range_noprof+0x62f/0x1380 [ 96.357270][ T6891] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 96.357299][ T6891] ? __kasan_kmalloc+0x98/0xb0 [ 96.357330][ T6891] vmalloc_user_noprof+0x74/0x80 [ 96.357353][ T6891] ? xskq_create+0xb6/0x170 [ 96.357378][ T6891] xskq_create+0xb6/0x170 [ 96.357405][ T6891] xsk_init_queue+0xa1/0x100 [ 96.357433][ T6891] xsk_setsockopt+0x598/0x950 [ 96.357460][ T6891] ? __pfx_xsk_setsockopt+0x10/0x10 [ 96.357486][ T6891] ? __pfx_aa_sk_perm+0x10/0x10 [ 96.357509][ T6891] ? __pfx_lock_acquire+0x10/0x10 [ 96.357533][ T6891] ? aa_sock_opt_perm+0x79/0x120 [ 96.357561][ T6891] ? __pfx_xsk_setsockopt+0x10/0x10 [ 96.357585][ T6891] do_sock_setsockopt+0x3af/0x720 [ 96.357614][ T6891] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 96.357642][ T6891] ? __fget_files+0x395/0x410 [ 96.357681][ T6891] ? __fget_files+0x2a/0x410 [ 96.357727][ T6891] __x64_sys_setsockopt+0x1ee/0x280 [ 96.357755][ T6891] do_syscall_64+0xf3/0x230 [ 96.357774][ T6891] ? clear_bhb_loop+0x35/0x90 [ 96.357798][ T6891] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.357817][ T6891] RIP: 0033:0x7fad3258cda9 [ 96.357833][ T6891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.357848][ T6891] RSP: 002b:00007fad333c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 96.357867][ T6891] RAX: ffffffffffffffda RBX: 00007fad327a5fa0 RCX: 00007fad3258cda9 [ 96.357881][ T6891] RDX: 0000000000000003 RSI: 000000000000011b RDI: 0000000000000005 [ 96.357892][ T6891] RBP: 00007fad3260e2a0 R08: 0000000000000004 R09: 0000000000000000 [ 96.357903][ T6891] R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000000000 [ 96.357914][ T6891] R13: 0000000000000000 R14: 00007fad327a5fa0 R15: 00007ffead2006c8 [ 96.357942][ T6891] [ 96.358063][ T6891] Mem-Info: [ 96.554389][ T6861] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 96.573259][ T6891] active_anon:3945 inactive_anon:0 isolated_anon:0 [ 96.573259][ T6891] active_file:1535 inactive_file:38306 isolated_file:0 [ 96.573259][ T6891] unevictable:768 dirty:118 writeback:0 [ 96.573259][ T6891] slab_reclaimable:9863 slab_unreclaimable:90920 [ 96.573259][ T6891] mapped:29624 shmem:1423 pagetables:682 [ 96.573259][ T6891] sec_pagetables:0 bounce:0 [ 96.573259][ T6891] kernel_misc_reclaimable:0 [ 96.573259][ T6891] free:1353651 free_pcp:777 free_cma:0 [ 96.679520][ T6891] Node 0 active_anon:15880kB inactive_anon:0kB active_file:6140kB inactive_file:153144kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118496kB dirty:468kB writeback:0kB shmem:4156kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9912kB pagetables:2728kB sec_pagetables:0kB all_unreclaimable? no [ 96.712890][ T6891] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:80kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 96.718148][ T3460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.746530][ T6891] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 96.778603][ T3460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.786584][ T6891] lowmem_reserve[]: 0 2490 2491 0 0 [ 96.791920][ T6891] Node 0 DMA32 free:1489548kB boost:0kB min:34184kB low:42728kB high:51272kB reserved_highatomic:0KB active_anon:15840kB inactive_anon:0kB active_file:6140kB inactive_file:152564kB unevictable:1536kB writepending:468kB present:3129332kB managed:2550704kB mlocked:0kB bounce:0kB free_pcp:3376kB local_pcp:2412kB free_cma:0kB [ 96.823408][ T6891] lowmem_reserve[]: 0 0 0 0 0 [ 96.831372][ T6891] Node 0 [ 96.831392][ T6891] Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:580kB unevictable:0kB writepending:0kB present:1048580kB managed:620kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 96.952699][ T6891] lowmem_reserve[]: 0 0 0 0 0 [ 96.992273][ T6891] Node 1 Normal free:3908772kB boost:0kB min:55708kB low:69632kB high:83556kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:80kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 97.060780][ T6891] lowmem_reserve[]: 0 0 0 0 0 [ 97.074016][ T6891] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 97.134225][ T6891] Node 0 DMA32: 157*4kB (UME) 134*8kB (UME) 187*16kB (UME) 635*32kB (UME) 460*64kB (UME) 108*128kB (UME) 35*256kB (UM) 11*512kB (UM) 13*1024kB (UM) 4*2048kB (UM) 338*4096kB (UM) = 1488820kB [ 97.183397][ T6891] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 97.234078][ T6891] Node 1 Normal: 219*4kB (UME) 51*8kB (UME) 34*16kB (UME) 228*32kB (UME) 98*64kB (UME) 33*128kB (UME) 14*256kB (UME) 7*512kB (UME) 5*1024kB (UM) 3*2048kB (UE) 945*4096kB (M) = 3908772kB [ 97.264269][ T5835] Bluetooth: hci4: command 0x0405 tx timeout [ 97.288102][ T6891] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 97.308198][ T6891] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 97.332479][ T6926] netlink: 8 bytes leftover after parsing attributes in process `syz.2.299'. [ 97.354122][ T6891] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 97.384177][ T6891] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 97.393507][ T6891] 41259 total pagecache pages [ 97.444150][ T6891] 0 pages in swap cache [ 97.448592][ T6891] Free swap = 124996kB [ 97.452951][ T6891] Total swap = 124996kB [ 97.457374][ T6891] 2097051 pages RAM [ 97.461420][ T6891] 0 pages HighMem/MovableOnly [ 97.466343][ T6891] 427589 pages reserved [ 97.470745][ T6891] 0 pages cma reserved [ 97.744185][ T5145] Bluetooth: hci0: command 0x0401 tx timeout [ 97.773452][ T6940] lo speed is unknown, defaulting to 1000 [ 97.779508][ T6941] netlink: 8 bytes leftover after parsing attributes in process `syz.3.304'. [ 98.034530][ T6947] netlink: 'syz.4.305': attribute type 12 has an invalid length. [ 98.203195][ T6957] netlink: 24 bytes leftover after parsing attributes in process `syz.2.309'. [ 98.431739][ T6968] netlink: 'syz.2.310': attribute type 15 has an invalid length. [ 98.466898][ T6971] netlink: 'syz.0.312': attribute type 2 has an invalid length. [ 98.715527][ T6979] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 98.980879][ T6996] netlink: 'syz.0.319': attribute type 21 has an invalid length. [ 99.000919][ T6996] netlink: 'syz.0.319': attribute type 6 has an invalid length. [ 99.009531][ T6996] netlink: 64 bytes leftover after parsing attributes in process `syz.0.319'. [ 99.437610][ T7026] FAULT_INJECTION: forcing a failure. [ 99.437610][ T7026] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 99.465332][ T7023] syzkaller0: entered promiscuous mode [ 99.480800][ T7023] syzkaller0: entered allmulticast mode [ 99.494438][ T7026] CPU: 0 UID: 0 PID: 7026 Comm: syz.2.330 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 99.494466][ T7026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 99.494478][ T7026] Call Trace: [ 99.494486][ T7026] [ 99.494495][ T7026] dump_stack_lvl+0x241/0x360 [ 99.494533][ T7026] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.494564][ T7026] ? __pfx__printk+0x10/0x10 [ 99.494594][ T7026] ? __pfx_lock_release+0x10/0x10 [ 99.494630][ T7026] should_fail_ex+0x3b0/0x4e0 [ 99.494655][ T7026] _copy_from_user+0x2d/0xb0 [ 99.494687][ T7026] copy_msghdr_from_user+0xae/0x680 [ 99.494723][ T7026] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 99.494751][ T7026] ? __fget_files+0x2a/0x410 [ 99.494784][ T7026] ? __fget_files+0x2a/0x410 [ 99.494822][ T7026] __sys_sendmsg+0x209/0x350 [ 99.494853][ T7026] ? __pfx___sys_sendmsg+0x10/0x10 [ 99.494891][ T7026] ? do_sys_openat2+0x17a/0x1d0 [ 99.494948][ T7026] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 99.494977][ T7026] ? do_syscall_64+0x100/0x230 [ 99.494998][ T7026] ? do_syscall_64+0xb6/0x230 [ 99.495017][ T7026] do_syscall_64+0xf3/0x230 [ 99.495034][ T7026] ? clear_bhb_loop+0x35/0x90 [ 99.495057][ T7026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.495076][ T7026] RIP: 0033:0x7f6c3ef8cda9 [ 99.495093][ T7026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.495109][ T7026] RSP: 002b:00007f6c3fd8e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 99.495131][ T7026] RAX: ffffffffffffffda RBX: 00007f6c3f1a5fa0 RCX: 00007f6c3ef8cda9 [ 99.495146][ T7026] RDX: 0000000000040000 RSI: 00000000200006c0 RDI: 0000000000000003 [ 99.495158][ T7026] RBP: 00007f6c3fd8e090 R08: 0000000000000000 R09: 0000000000000000 [ 99.495170][ T7026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.495182][ T7026] R13: 0000000000000000 R14: 00007f6c3f1a5fa0 R15: 00007fff0ad4ec58 [ 99.495212][ T7026] [ 100.846635][ T7041] netlink: 'syz.1.335': attribute type 21 has an invalid length. [ 100.854666][ T7041] netlink: 'syz.1.335': attribute type 6 has an invalid length. [ 100.862335][ T7041] __nla_validate_parse: 3 callbacks suppressed [ 100.862350][ T7041] netlink: 64 bytes leftover after parsing attributes in process `syz.1.335'. [ 100.880019][ T7048] netlink: 'syz.2.336': attribute type 21 has an invalid length. [ 100.904076][ T7048] netlink: 'syz.2.336': attribute type 6 has an invalid length. [ 100.911778][ T7048] netlink: 64 bytes leftover after parsing attributes in process `syz.2.336'. [ 101.005570][ T7063] netlink: 8 bytes leftover after parsing attributes in process `syz.1.340'. [ 101.059523][ T7070] xt_connbytes: Forcing CT accounting to be enabled [ 101.072874][ T7070] Cannot find add_set index 0 as target [ 101.196482][ T7077] netlink: 4 bytes leftover after parsing attributes in process `syz.2.345'. [ 101.239058][ T7081] netlink: 24 bytes leftover after parsing attributes in process `syz.1.347'. [ 101.284470][ T7081] netlink: 156 bytes leftover after parsing attributes in process `syz.1.347'. [ 101.445893][ T7097] netlink: 4 bytes leftover after parsing attributes in process `syz.1.351'. [ 101.489380][ T7095] xt_TCPMSS: Only works on TCP SYN packets [ 101.606712][ T7108] netlink: 'syz.2.355': attribute type 1 has an invalid length. [ 101.616706][ T7108] netlink: 28 bytes leftover after parsing attributes in process `syz.2.355'. [ 101.628598][ T7111] netlink: 64 bytes leftover after parsing attributes in process `syz.1.354'. [ 101.672930][ T7102] netlink: 4 bytes leftover after parsing attributes in process `syz.4.353'. [ 101.752308][ T7114] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 101.818672][ T7116] tc_dump_action: action bad kind [ 102.522715][ T7144] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 103.410547][ T7172] validate_nla: 2 callbacks suppressed [ 103.410568][ T7172] netlink: 'syz.0.376': attribute type 1 has an invalid length. [ 103.559929][ T7178] FAULT_INJECTION: forcing a failure. [ 103.559929][ T7178] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 103.569716][ T7179] netlink: 'syz.3.379': attribute type 21 has an invalid length. [ 103.581308][ T7179] netlink: 'syz.3.379': attribute type 6 has an invalid length. [ 103.584880][ T7178] CPU: 0 UID: 0 PID: 7178 Comm: syz.4.378 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 103.584908][ T7178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 103.584920][ T7178] Call Trace: [ 103.584927][ T7178] [ 103.584935][ T7178] dump_stack_lvl+0x241/0x360 [ 103.584974][ T7178] ? __pfx_dump_stack_lvl+0x10/0x10 [ 103.585005][ T7178] ? __pfx__printk+0x10/0x10 [ 103.585045][ T7178] ? __pfx_lock_release+0x10/0x10 [ 103.585082][ T7178] should_fail_ex+0x3b0/0x4e0 [ 103.585107][ T7178] _copy_from_iter+0x1e9/0x1c20 [ 103.585135][ T7178] ? __virt_addr_valid+0x183/0x530 [ 103.585173][ T7178] ? __alloc_skb+0x28f/0x440 [ 103.585194][ T7178] ? __pfx__copy_from_iter+0x10/0x10 [ 103.585223][ T7178] ? __virt_addr_valid+0x183/0x530 [ 103.585250][ T7178] ? __virt_addr_valid+0x183/0x530 [ 103.585278][ T7178] ? __virt_addr_valid+0x45f/0x530 [ 103.585306][ T7178] ? __phys_addr_symbol+0x2f/0x70 [ 103.585332][ T7178] ? __check_object_size+0x47a/0x730 [ 103.585366][ T7178] netlink_sendmsg+0x73d/0xcb0 [ 103.585403][ T7178] ? __pfx_netlink_sendmsg+0x10/0x10 [ 103.585432][ T7178] ? aa_sock_msg_perm+0x91/0x160 [ 103.585461][ T7178] ? __pfx_netlink_sendmsg+0x10/0x10 [ 103.585483][ T7178] __sock_sendmsg+0x221/0x270 [ 103.585516][ T7178] ____sys_sendmsg+0x52a/0x7e0 [ 103.585548][ T7178] ? __pfx_____sys_sendmsg+0x10/0x10 [ 103.585572][ T7178] ? __fget_files+0x2a/0x410 [ 103.585606][ T7178] ? __fget_files+0x2a/0x410 [ 103.585646][ T7178] __sys_sendmsg+0x269/0x350 [ 103.585676][ T7178] ? __pfx___sys_sendmsg+0x10/0x10 [ 103.585711][ T7178] ? do_sys_openat2+0x17a/0x1d0 [ 103.585768][ T7178] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 103.585796][ T7178] ? do_syscall_64+0x100/0x230 [ 103.585826][ T7178] ? do_syscall_64+0xb6/0x230 [ 103.585849][ T7178] do_syscall_64+0xf3/0x230 [ 103.585868][ T7178] ? clear_bhb_loop+0x35/0x90 [ 103.585894][ T7178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.585916][ T7178] RIP: 0033:0x7fee6918cda9 [ 103.585933][ T7178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.585949][ T7178] RSP: 002b:00007fee6a043038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 103.585973][ T7178] RAX: ffffffffffffffda RBX: 00007fee693a5fa0 RCX: 00007fee6918cda9 [ 103.585988][ T7178] RDX: 0000000000040000 RSI: 00000000200006c0 RDI: 0000000000000003 [ 103.586000][ T7178] RBP: 00007fee6a043090 R08: 0000000000000000 R09: 0000000000000000 [ 103.586012][ T7178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.586024][ T7178] R13: 0000000000000000 R14: 00007fee693a5fa0 R15: 00007ffc0c1fb918 [ 103.586055][ T7178] [ 104.121542][ T7197] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 104.439690][ T7225] FAULT_INJECTION: forcing a failure. [ 104.439690][ T7225] name failslab, interval 1, probability 0, space 0, times 0 [ 104.470417][ T7226] vlan0: entered allmulticast mode [ 104.476072][ T7225] CPU: 1 UID: 0 PID: 7225 Comm: syz.3.391 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 104.476099][ T7225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 104.476112][ T7225] Call Trace: [ 104.476119][ T7225] [ 104.476128][ T7225] dump_stack_lvl+0x241/0x360 [ 104.476167][ T7225] ? __pfx_dump_stack_lvl+0x10/0x10 [ 104.476199][ T7225] ? __pfx__printk+0x10/0x10 [ 104.476230][ T7225] ? __kmalloc_noprof+0xb5/0x4c0 [ 104.476262][ T7225] ? __pfx___might_resched+0x10/0x10 [ 104.476284][ T7225] ? aa_get_newest_label+0xff/0x6f0 [ 104.476324][ T7225] should_fail_ex+0x3b0/0x4e0 [ 104.476350][ T7225] should_failslab+0xac/0x100 [ 104.476380][ T7225] __kmalloc_noprof+0xdd/0x4c0 [ 104.476409][ T7225] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 104.476439][ T7225] ? apparmor_capable+0x13b/0x1b0 [ 104.476470][ T7225] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 104.476509][ T7225] genl_rcv_msg+0x802/0xec0 [ 104.476546][ T7225] ? __pfx_genl_rcv_msg+0x10/0x10 [ 104.476606][ T7225] ? __pfx_lock_acquire+0x10/0x10 [ 104.476630][ T7225] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 104.476659][ T7225] ? __pfx_nl80211_new_key+0x10/0x10 [ 104.476684][ T7225] ? __pfx_nl80211_post_doit+0x10/0x10 [ 104.476714][ T7225] ? __pfx___might_resched+0x10/0x10 [ 104.476748][ T7225] netlink_rcv_skb+0x1e3/0x430 [ 104.476783][ T7225] ? __pfx_genl_rcv_msg+0x10/0x10 [ 104.476814][ T7225] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 104.476870][ T7225] genl_rcv+0x28/0x40 [ 104.476896][ T7225] netlink_unicast+0x7f6/0x990 [ 104.476926][ T7225] ? __pfx_netlink_unicast+0x10/0x10 [ 104.476944][ T7225] ? __virt_addr_valid+0x45f/0x530 [ 104.476971][ T7225] ? __phys_addr_symbol+0x2f/0x70 [ 104.476997][ T7225] ? __check_object_size+0x47a/0x730 [ 104.477031][ T7225] netlink_sendmsg+0x8e4/0xcb0 [ 104.477068][ T7225] ? __pfx_netlink_sendmsg+0x10/0x10 [ 104.477097][ T7225] ? aa_sock_msg_perm+0x91/0x160 [ 104.477125][ T7225] ? __pfx_netlink_sendmsg+0x10/0x10 [ 104.477147][ T7225] __sock_sendmsg+0x221/0x270 [ 104.477180][ T7225] ____sys_sendmsg+0x52a/0x7e0 [ 104.477213][ T7225] ? __pfx_____sys_sendmsg+0x10/0x10 [ 104.477235][ T7225] ? __fget_files+0x2a/0x410 [ 104.477267][ T7225] ? __fget_files+0x2a/0x410 [ 104.477306][ T7225] __sys_sendmsg+0x269/0x350 [ 104.477336][ T7225] ? __pfx___sys_sendmsg+0x10/0x10 [ 104.477374][ T7225] ? do_sys_openat2+0x17a/0x1d0 [ 104.477432][ T7225] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 104.477460][ T7225] ? do_syscall_64+0x100/0x230 [ 104.477484][ T7225] ? do_syscall_64+0xb6/0x230 [ 104.477506][ T7225] do_syscall_64+0xf3/0x230 [ 104.477525][ T7225] ? clear_bhb_loop+0x35/0x90 [ 104.477551][ T7225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.477571][ T7225] RIP: 0033:0x7fad3258cda9 [ 104.477589][ T7225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.477605][ T7225] RSP: 002b:00007fad333c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 104.477626][ T7225] RAX: ffffffffffffffda RBX: 00007fad327a5fa0 RCX: 00007fad3258cda9 [ 104.477641][ T7225] RDX: 0000000000040000 RSI: 00000000200006c0 RDI: 0000000000000003 [ 104.477653][ T7225] RBP: 00007fad333c1090 R08: 0000000000000000 R09: 0000000000000000 [ 104.477665][ T7225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.477677][ T7225] R13: 0000000000000000 R14: 00007fad327a5fa0 R15: 00007ffead2006c8 [ 104.477708][ T7225] [ 104.910336][ T7230] netlink: 'syz.2.394': attribute type 21 has an invalid length. [ 104.988861][ T7230] netlink: 'syz.2.394': attribute type 6 has an invalid length. [ 105.423363][ T7266] netlink: 'syz.1.401': attribute type 21 has an invalid length. [ 105.448470][ T7266] netlink: 'syz.1.401': attribute type 6 has an invalid length. [ 105.468366][ T7271] FAULT_INJECTION: forcing a failure. [ 105.468366][ T7271] name failslab, interval 1, probability 0, space 0, times 0 [ 105.481313][ T7271] CPU: 1 UID: 0 PID: 7271 Comm: syz.2.405 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 105.481340][ T7271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 105.481352][ T7271] Call Trace: [ 105.481360][ T7271] [ 105.481368][ T7271] dump_stack_lvl+0x241/0x360 [ 105.481406][ T7271] ? __pfx_dump_stack_lvl+0x10/0x10 [ 105.481436][ T7271] ? __pfx__printk+0x10/0x10 [ 105.481466][ T7271] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 105.481499][ T7271] ? __pfx___might_resched+0x10/0x10 [ 105.481527][ T7271] should_fail_ex+0x3b0/0x4e0 [ 105.481554][ T7271] should_failslab+0xac/0x100 [ 105.481587][ T7271] kmem_cache_alloc_node_noprof+0x77/0x380 [ 105.481618][ T7271] ? __alloc_skb+0x1c3/0x440 [ 105.481644][ T7271] __alloc_skb+0x1c3/0x440 [ 105.481672][ T7271] ? __pfx___alloc_skb+0x10/0x10 [ 105.481698][ T7271] ? netlink_ack_tlv_len+0x6e/0x200 [ 105.481726][ T7271] netlink_ack+0x145/0xa50 [ 105.481747][ T7271] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 105.481778][ T7271] ? __pfx_nl80211_post_doit+0x10/0x10 [ 105.481809][ T7271] ? __pfx___might_resched+0x10/0x10 [ 105.481845][ T7271] netlink_rcv_skb+0x262/0x430 [ 105.481870][ T7271] ? __pfx_genl_rcv_msg+0x10/0x10 [ 105.481925][ T7271] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 105.481982][ T7271] genl_rcv+0x28/0x40 [ 105.482007][ T7271] netlink_unicast+0x7f6/0x990 [ 105.482037][ T7271] ? __pfx_netlink_unicast+0x10/0x10 [ 105.482055][ T7271] ? __virt_addr_valid+0x45f/0x530 [ 105.482083][ T7271] ? __phys_addr_symbol+0x2f/0x70 [ 105.482110][ T7271] ? __check_object_size+0x47a/0x730 [ 105.482144][ T7271] netlink_sendmsg+0x8e4/0xcb0 [ 105.482181][ T7271] ? __pfx_netlink_sendmsg+0x10/0x10 [ 105.482210][ T7271] ? aa_sock_msg_perm+0x91/0x160 [ 105.482239][ T7271] ? __pfx_netlink_sendmsg+0x10/0x10 [ 105.482260][ T7271] __sock_sendmsg+0x221/0x270 [ 105.482293][ T7271] ____sys_sendmsg+0x52a/0x7e0 [ 105.482327][ T7271] ? __pfx_____sys_sendmsg+0x10/0x10 [ 105.482349][ T7271] ? __fget_files+0x2a/0x410 [ 105.482383][ T7271] ? __fget_files+0x2a/0x410 [ 105.482422][ T7271] __sys_sendmsg+0x269/0x350 [ 105.482452][ T7271] ? __pfx___sys_sendmsg+0x10/0x10 [ 105.482490][ T7271] ? do_sys_openat2+0x17a/0x1d0 [ 105.482549][ T7271] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 105.482578][ T7271] ? do_syscall_64+0x100/0x230 [ 105.482601][ T7271] ? do_syscall_64+0xb6/0x230 [ 105.482623][ T7271] do_syscall_64+0xf3/0x230 [ 105.482643][ T7271] ? clear_bhb_loop+0x35/0x90 [ 105.482669][ T7271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.482690][ T7271] RIP: 0033:0x7f6c3ef8cda9 [ 105.482707][ T7271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.482723][ T7271] RSP: 002b:00007f6c3fd8e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 105.482744][ T7271] RAX: ffffffffffffffda RBX: 00007f6c3f1a5fa0 RCX: 00007f6c3ef8cda9 [ 105.482758][ T7271] RDX: 0000000000040000 RSI: 00000000200006c0 RDI: 0000000000000003 [ 105.482770][ T7271] RBP: 00007f6c3fd8e090 R08: 0000000000000000 R09: 0000000000000000 [ 105.482781][ T7271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.482792][ T7271] R13: 0000000000000000 R14: 00007f6c3f1a5fa0 R15: 00007fff0ad4ec58 [ 105.482823][ T7271] [ 105.874287][ T7276] ieee802154 phy0 wpan0: encryption failed: -22 [ 105.899924][ T7280] netlink: 'syz.1.408': attribute type 1 has an invalid length. [ 105.908377][ T7282] netlink: 'syz.2.409': attribute type 21 has an invalid length. [ 105.918342][ T7282] netlink: 'syz.2.409': attribute type 6 has an invalid length. [ 105.926384][ T7282] __nla_validate_parse: 13 callbacks suppressed [ 105.926399][ T7282] netlink: 64 bytes leftover after parsing attributes in process `syz.2.409'. [ 105.935306][ T7280] netlink: 20 bytes leftover after parsing attributes in process `syz.1.408'. [ 106.227093][ T7302] netlink: 140 bytes leftover after parsing attributes in process `syz.3.416'. [ 106.262152][ T7300] netlink: 140 bytes leftover after parsing attributes in process `syz.3.416'. [ 106.339025][ T7298] lo speed is unknown, defaulting to 1000 [ 106.550267][ T7317] netlink: 16 bytes leftover after parsing attributes in process `syz.2.420'. [ 106.672392][ T7324] netlink: 20 bytes leftover after parsing attributes in process `syz.1.422'. [ 106.795875][ T7332] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 106.838827][ T7334] netlink: 28 bytes leftover after parsing attributes in process `syz.4.427'. [ 106.851792][ T7338] sit0: left promiscuous mode [ 106.949136][ T7338] bond0: left promiscuous mode [ 106.977486][ T7338] bond0: left allmulticast mode [ 106.989647][ T7338] veth1: left promiscuous mode [ 106.994643][ T7338] veth1: left allmulticast mode [ 107.322172][ T7362] netlink: 24 bytes leftover after parsing attributes in process `syz.1.434'. [ 107.388696][ T7366] netlink: 36 bytes leftover after parsing attributes in process `syz.3.435'. [ 107.738309][ T7379] netlink: 32 bytes leftover after parsing attributes in process `syz.3.438'. [ 108.442194][ T7433] sctp: [Deprecated]: syz.2.456 (pid 7433) Use of struct sctp_assoc_value in delayed_ack socket option. [ 108.442194][ T7433] Use struct sctp_sack_info instead [ 108.918538][ T7476] lo speed is unknown, defaulting to 1000 [ 109.104251][ T5145] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 109.112920][ T5145] Bluetooth: hci0: command 0x0401 tx timeout [ 109.410212][ T7502] lo speed is unknown, defaulting to 1000 [ 109.458894][ T7504] validate_nla: 10 callbacks suppressed [ 109.458915][ T7504] netlink: 'syz.3.475': attribute type 6 has an invalid length. [ 109.585267][ T7507] FAULT_INJECTION: forcing a failure. [ 109.585267][ T7507] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.606342][ T7507] CPU: 0 UID: 0 PID: 7507 Comm: syz.3.477 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 109.606383][ T7507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 109.606396][ T7507] Call Trace: [ 109.606403][ T7507] [ 109.606413][ T7507] dump_stack_lvl+0x241/0x360 [ 109.606453][ T7507] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.606485][ T7507] ? __pfx__printk+0x10/0x10 [ 109.606521][ T7507] ? snprintf+0xda/0x120 [ 109.606550][ T7507] should_fail_ex+0x3b0/0x4e0 [ 109.606577][ T7507] _copy_to_user+0x31/0xb0 [ 109.606617][ T7507] simple_read_from_buffer+0xca/0x150 [ 109.606650][ T7507] proc_fail_nth_read+0x1e9/0x250 [ 109.606682][ T7507] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 109.606714][ T7507] ? rw_verify_area+0x55e/0x6f0 [ 109.606735][ T7507] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 109.606764][ T7507] vfs_read+0x1fc/0xb70 [ 109.606788][ T7507] ? fdget_pos+0x254/0x320 [ 109.606820][ T7507] ? __pfx___mutex_lock+0x10/0x10 [ 109.606853][ T7507] ? __pfx_vfs_read+0x10/0x10 [ 109.606873][ T7507] ? do_sys_openat2+0x17a/0x1d0 [ 109.606907][ T7507] ? __fget_files+0x2a/0x410 [ 109.606939][ T7507] ? __fget_files+0x395/0x410 [ 109.606967][ T7507] ? __fget_files+0x2a/0x410 [ 109.607008][ T7507] ksys_read+0x18f/0x2b0 [ 109.607033][ T7507] ? __pfx_ksys_read+0x10/0x10 [ 109.607057][ T7507] ? do_syscall_64+0x100/0x230 [ 109.607081][ T7507] ? do_syscall_64+0xb6/0x230 [ 109.607104][ T7507] do_syscall_64+0xf3/0x230 [ 109.607123][ T7507] ? clear_bhb_loop+0x35/0x90 [ 109.607150][ T7507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.607171][ T7507] RIP: 0033:0x7fad3258b7bc [ 109.607189][ T7507] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 109.607206][ T7507] RSP: 002b:00007fad333c1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 109.607228][ T7507] RAX: ffffffffffffffda RBX: 00007fad327a5fa0 RCX: 00007fad3258b7bc [ 109.607243][ T7507] RDX: 000000000000000f RSI: 00007fad333c10a0 RDI: 0000000000000004 [ 109.607256][ T7507] RBP: 00007fad333c1090 R08: 0000000000000000 R09: 0000000000000000 [ 109.607269][ T7507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.607281][ T7507] R13: 0000000000000000 R14: 00007fad327a5fa0 R15: 00007ffead2006c8 [ 109.607318][ T7507] [ 110.322341][ T7541] tc_dump_action: action bad kind [ 110.411775][ T7548] netlink: 'syz.4.486': attribute type 109 has an invalid length. [ 110.741252][ T7566] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 110.838886][ T7569] netlink: 'syz.3.492': attribute type 21 has an invalid length. [ 110.871553][ T7569] netlink: 'syz.3.492': attribute type 6 has an invalid length. [ 110.973694][ T7568] vxlan0: entered promiscuous mode [ 110.994627][ T7568] vxlan0: entered allmulticast mode [ 111.008368][ T7575] __nla_validate_parse: 6 callbacks suppressed [ 111.008385][ T7575] netlink: 40 bytes leftover after parsing attributes in process `syz.2.496'. [ 111.328309][ T7594] netlink: 'syz.3.499': attribute type 1 has an invalid length. [ 111.434348][ T7602] netlink: 4 bytes leftover after parsing attributes in process `syz.2.502'. [ 111.501555][ T7588] delete_channel: no stack [ 111.604919][ T7605] netlink: 4 bytes leftover after parsing attributes in process `syz.1.504'. [ 111.639119][ T7605] netlink: 4 bytes leftover after parsing attributes in process `syz.1.504'. [ 111.670481][ T7611] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 111.706842][ T7618] netlink: 44 bytes leftover after parsing attributes in process `syz.1.504'. [ 111.819107][ T7626] netlink: 'syz.0.510': attribute type 3 has an invalid length. [ 111.946413][ T7638] netlink: 'syz.3.507': attribute type 21 has an invalid length. [ 111.954866][ T7638] netlink: 'syz.3.507': attribute type 6 has an invalid length. [ 111.962540][ T7638] netlink: 64 bytes leftover after parsing attributes in process `syz.3.507'. [ 111.974748][ T7631] lo speed is unknown, defaulting to 1000 [ 112.045995][ T7641] tipc: Invalid UDP bearer configuration [ 112.046043][ T7641] tipc: Enabling of bearer rejected, failed to enable media [ 112.198592][ T7648] netlink: 32 bytes leftover after parsing attributes in process `syz.4.516'. [ 112.530097][ T7660] netlink: 8 bytes leftover after parsing attributes in process `syz.4.522'. [ 112.559474][ T7660] netlink: 8 bytes leftover after parsing attributes in process `syz.4.522'. [ 112.871698][ T7684] lo speed is unknown, defaulting to 1000 [ 112.959828][ T7693] netlink: 28 bytes leftover after parsing attributes in process `syz.4.529'. [ 113.400763][ T7724] netlink: 'syz.0.536': attribute type 1 has an invalid length. [ 113.442325][ T7724] netlink: 'syz.0.536': attribute type 2 has an invalid length. [ 113.628696][ T7731] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 113.679165][ T7735] sctp: [Deprecated]: syz.3.542 (pid 7735) Use of int in maxseg socket option. [ 113.679165][ T7735] Use struct sctp_assoc_value instead [ 113.938348][ T7750] "syz.3.544" (7750) uses obsolete ecb(arc4) skcipher [ 113.941194][ T7754] lo speed is unknown, defaulting to 1000 [ 114.291075][ T7745] lo speed is unknown, defaulting to 1000 [ 114.297922][ T7745] lo speed is unknown, defaulting to 1000 [ 114.304587][ T7745] lo speed is unknown, defaulting to 1000 [ 114.329066][ T7745] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 114.370524][ T7745] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 114.465142][ T7745] lo speed is unknown, defaulting to 1000 [ 114.543039][ T7745] lo speed is unknown, defaulting to 1000 [ 114.557190][ T7745] lo speed is unknown, defaulting to 1000 [ 114.564367][ T7745] lo speed is unknown, defaulting to 1000 [ 114.571163][ T7745] lo speed is unknown, defaulting to 1000 [ 114.588998][ T7745] lo speed is unknown, defaulting to 1000 [ 114.607429][ T7745] lo speed is unknown, defaulting to 1000 [ 115.065237][ T7799] lo speed is unknown, defaulting to 1000 [ 115.209326][ T7804] validate_nla: 1 callbacks suppressed [ 115.209346][ T7804] netlink: 'syz.3.555': attribute type 1 has an invalid length. [ 115.315127][ T7804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.398788][ T7815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.432675][ T7815] bond0: (slave vcan0): The slave device specified does not support setting the MAC address [ 115.452921][ T7815] bond0: (slave vcan0): Error -95 calling set_mac_address [ 115.472983][ T7810] lo speed is unknown, defaulting to 1000 [ 115.473813][ T7799] lo speed is unknown, defaulting to 1000 [ 115.745381][ T5835] Bluetooth: hci4: command 0x0405 tx timeout [ 115.865590][ T7810] lo speed is unknown, defaulting to 1000 [ 116.449291][ T7853] __nla_validate_parse: 8 callbacks suppressed [ 116.449311][ T7853] netlink: 8 bytes leftover after parsing attributes in process `syz.1.569'. [ 116.471213][ T7855] netlink: 44 bytes leftover after parsing attributes in process `syz.4.570'. [ 116.472672][ T7853] xt_TCPMSS: Only works on TCP SYN packets [ 116.605279][ T7855] infiniband s: set down [ 116.833025][ T5834] lo speed is unknown, defaulting to 1000 [ 116.836207][ T7856] infiniband s: set active [ 116.843446][ T7856] infiniband s: set active [ 116.875806][ T7856] infiniband s: set active [ 116.889287][ T7856] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 116.911759][ T7876] netlink: 'syz.2.574': attribute type 1 has an invalid length. [ 116.920252][ T7876] netlink: 'syz.2.574': attribute type 2 has an invalid length. [ 116.932938][ T8] lo speed is unknown, defaulting to 1000 [ 116.944377][ T7858] bridge2: entered promiscuous mode [ 116.949647][ T7858] bridge2: entered allmulticast mode [ 116.957707][ T972] lo speed is unknown, defaulting to 1000 [ 116.967798][ T7350] lo speed is unknown, defaulting to 1000 [ 117.004997][ T7858] ebt_among: dst integrity fail: 101 [ 117.013546][ T5834] lo speed is unknown, defaulting to 1000 [ 117.242580][ T7897] netlink: 36 bytes leftover after parsing attributes in process `syz.3.579'. [ 117.825985][ T5145] Bluetooth: hci4: command 0x0405 tx timeout [ 117.846311][ T7935] netlink: 12 bytes leftover after parsing attributes in process `syz.2.591'. [ 117.996690][ T7944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.594'. [ 118.012203][ T7942] netlink: 'syz.4.593': attribute type 1 has an invalid length. [ 118.043801][ T7944] netlink: 4 bytes leftover after parsing attributes in process `syz.3.594'. [ 118.063407][ T7942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.070988][ T7944] netlink: 52 bytes leftover after parsing attributes in process `syz.3.594'. [ 118.260046][ T7964] netlink: 4 bytes leftover after parsing attributes in process `syz.2.600'. [ 118.681436][ T7993] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 118.904098][ T7999] ax25_connect(): syz.1.614 uses autobind, please contact jreuter@yaina.de [ 118.917964][ T8002] netlink: 8 bytes leftover after parsing attributes in process `syz.0.613'. [ 118.945563][ T8002] netlink: 44 bytes leftover after parsing attributes in process `syz.0.613'. [ 119.375007][ T8030] netlink: 'syz.4.626': attribute type 21 has an invalid length. [ 119.382868][ T8030] netlink: 'syz.4.626': attribute type 6 has an invalid length. [ 119.621850][ T8043] Cannot find set identified by id 0 to match [ 119.957369][ T8080] netlink: 'syz.3.642': attribute type 21 has an invalid length. [ 119.966594][ T8080] netlink: 'syz.3.642': attribute type 6 has an invalid length. [ 120.099201][ T8087] netlink: 'syz.4.644': attribute type 29 has an invalid length. [ 120.144613][ T8087] netlink: 'syz.4.644': attribute type 29 has an invalid length. [ 120.322108][ T8105] netlink: zone id is out of range [ 120.333915][ T8105] netlink: zone id is out of range [ 120.370232][ T8105] netlink: zone id is out of range [ 120.398769][ T8105] netlink: zone id is out of range [ 120.426718][ T8105] netlink: zone id is out of range [ 120.431910][ T8105] netlink: zone id is out of range [ 120.437118][ T8105] netlink: zone id is out of range [ 120.442314][ T8105] netlink: zone id is out of range [ 120.459538][ T8105] netlink: zone id is out of range [ 121.458599][ T8174] syzkaller1: entered allmulticast mode [ 122.140565][ T8212] __nla_validate_parse: 13 callbacks suppressed [ 122.140585][ T8212] netlink: 8 bytes leftover after parsing attributes in process `syz.1.684'. [ 122.245942][ T8218] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 122.276584][ T8226] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan1, syncid = 4, id = 0 [ 122.581539][ T8243] net_ratelimit: 292 callbacks suppressed [ 122.581562][ T8243] netlink: set zone limit has 4 unknown bytes [ 122.595609][ T8245] xt_hashlimit: max too large, truncated to 1048576 [ 122.603676][ T8245] xt_bpf: check failed: parse error [ 122.698685][ T8250] netlink: 8 bytes leftover after parsing attributes in process `syz.3.692'. [ 122.885364][ T8259] tipc: Started in network mode [ 122.890261][ T8259] tipc: Node identity 080211000001, cluster identity 4711 [ 122.898255][ T8259] tipc: Enabled bearer , priority 0 [ 122.909018][ T8259] mac80211_hwsim hwsim8 syzkaller0: entered promiscuous mode [ 122.930620][ T8259] mac80211_hwsim hwsim8 syzkaller0: entered allmulticast mode [ 122.939973][ T8259] tipc: Resetting bearer [ 122.952461][ T8259] tipc: Resetting bearer [ 123.004926][ T80] tipc: Resetting bearer [ 123.192047][ T8275] lo speed is unknown, defaulting to 1000 [ 123.422890][ T8275] lo speed is unknown, defaulting to 1000 [ 123.944742][ T8293] netlink: 48 bytes leftover after parsing attributes in process `syz.3.704'. [ 123.995800][ T46] tipc: Node number set to 134418688 [ 124.239849][ T8307] validate_nla: 6 callbacks suppressed [ 124.239869][ T8307] netlink: 'syz.0.708': attribute type 1 has an invalid length. [ 124.285207][ T8307] netlink: 224 bytes leftover after parsing attributes in process `syz.0.708'. [ 124.366541][ T8307] lo speed is unknown, defaulting to 1000 [ 124.419365][ T8316] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 124.697710][ T8329] netlink: 40 bytes leftover after parsing attributes in process `syz.3.716'. [ 124.760156][ T8331] netlink: 'syz.2.717': attribute type 4 has an invalid length. [ 124.786574][ T8307] lo speed is unknown, defaulting to 1000 [ 124.812133][ T8334] netlink: 'syz.2.717': attribute type 4 has an invalid length. [ 124.860187][ T972] lo speed is unknown, defaulting to 1000 [ 124.876014][ T8336] tap0: tun_chr_ioctl cmd 2147767517 [ 125.135228][ T8346] netlink: 'syz.3.722': attribute type 1 has an invalid length. [ 125.171147][ T8346] 8021q: adding VLAN 0 to HW filter on device bond1 [ 125.213414][ T8346] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 125.223448][ T8346] bond1: (slave batadv0): making interface the new active one [ 125.233195][ T8346] bond1: (slave batadv0): Enslaving as an active interface with an up link [ 125.249081][ T8346] netlink: 12 bytes leftover after parsing attributes in process `syz.3.722'. [ 125.288293][ T8346] vlan0: entered promiscuous mode [ 125.295622][ T8355] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 125.301402][ T8346] bond1: entered promiscuous mode [ 125.319770][ T8346] batadv0: entered promiscuous mode [ 125.339065][ T8346] bond1: left promiscuous mode [ 125.343876][ T8346] batadv0: left promiscuous mode [ 125.910730][ T8376] FAULT_INJECTION: forcing a failure. [ 125.910730][ T8376] name failslab, interval 1, probability 0, space 0, times 0 [ 125.923786][ T8376] CPU: 1 UID: 0 PID: 8376 Comm: syz.4.730 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 125.923812][ T8376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 125.923824][ T8376] Call Trace: [ 125.923831][ T8376] [ 125.923840][ T8376] dump_stack_lvl+0x241/0x360 [ 125.923892][ T8376] ? __pfx_dump_stack_lvl+0x10/0x10 [ 125.923923][ T8376] ? __pfx__printk+0x10/0x10 [ 125.923970][ T8376] should_fail_ex+0x3b0/0x4e0 [ 125.923993][ T8376] ? __pfx_ip6_dst_gc+0x10/0x10 [ 125.924014][ T8376] should_failslab+0xac/0x100 [ 125.924044][ T8376] ? dst_alloc+0x12b/0x190 [ 125.924064][ T8376] kmem_cache_alloc_noprof+0x70/0x380 [ 125.924094][ T8376] ? __pfx_rt6_find_cached_rt+0x10/0x10 [ 125.924117][ T8376] ? __pfx_ip6_dst_gc+0x10/0x10 [ 125.924137][ T8376] dst_alloc+0x12b/0x190 [ 125.924163][ T8376] ip6_pol_route+0xb87/0x15d0 [ 125.924191][ T8376] ? ip6_pol_route+0x198/0x15d0 [ 125.924217][ T8376] ? __pfx_ip6_pol_route+0x10/0x10 [ 125.924265][ T8376] ? fib6_get_table+0x39/0x270 [ 125.924287][ T8376] ? fib6_get_table+0x253/0x270 [ 125.924312][ T8376] fib6_rule_action+0x1f1/0x7c0 [ 125.924336][ T8376] ? __pfx_fib6_rule_action+0x10/0x10 [ 125.924361][ T8376] fib_rules_lookup+0x62c/0xdb0 [ 125.924399][ T8376] ? fib_rules_lookup+0x9a/0xdb0 [ 125.924427][ T8376] ? __pfx_fib_rules_lookup+0x10/0x10 [ 125.924454][ T8376] ? l3mdev_update_flow+0x29/0x5f0 [ 125.924486][ T8376] ? l3mdev_update_flow+0x4a8/0x5f0 [ 125.924524][ T8376] fib6_rule_lookup+0x1fd/0x790 [ 125.924551][ T8376] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 125.924576][ T8376] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 125.924621][ T8376] ? __lock_acquire+0x1397/0x2100 [ 125.924649][ T8376] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 125.924692][ T8376] ? ip6_route_output_flags+0x30/0x610 [ 125.924716][ T8376] ip6_route_output_flags+0x38e/0x610 [ 125.924748][ T8376] ip6_dst_lookup_tail+0x1b3/0x14f0 [ 125.924784][ T8376] ? sk_dst_check+0x29/0x470 [ 125.924820][ T8376] ? __pfx_ip6_dst_lookup_tail+0x10/0x10 [ 125.924861][ T8376] ? sk_dst_check+0x29/0x470 [ 125.924913][ T8376] ? sk_dst_check+0x2f9/0x470 [ 125.924950][ T8376] ip6_sk_dst_lookup_flow+0x78c/0xa30 [ 125.924984][ T8376] ? txopt_get+0x3e0/0x4f0 [ 125.925008][ T8376] ? __lock_acquire+0x1397/0x2100 [ 125.925037][ T8376] ? __pfx_ip6_sk_dst_lookup_flow+0x10/0x10 [ 125.925070][ T8376] ? udpv6_sendmsg+0x1bc8/0x3310 [ 125.925102][ T8376] udpv6_sendmsg+0x1ff6/0x3310 [ 125.925138][ T8376] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 125.925177][ T8376] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 125.925210][ T8376] ? inet_send_prepare+0x1b7/0x260 [ 125.925244][ T8376] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 125.925289][ T8376] ? inet_send_prepare+0x1b7/0x260 [ 125.925314][ T8376] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 125.925334][ T8376] ? inet_send_prepare+0x1b7/0x260 [ 125.925359][ T8376] ? do_raw_spin_unlock+0x13c/0x8b0 [ 125.925393][ T8376] ? inet_send_prepare+0x1b7/0x260 [ 125.925428][ T8376] __sock_sendmsg+0xef/0x270 [ 125.925462][ T8376] ____sys_sendmsg+0x52a/0x7e0 [ 125.925498][ T8376] ? __pfx_____sys_sendmsg+0x10/0x10 [ 125.925521][ T8376] ? __fget_files+0x2a/0x410 [ 125.925556][ T8376] ? __fget_files+0x2a/0x410 [ 125.925597][ T8376] __sys_sendmmsg+0x36a/0x720 [ 125.925637][ T8376] ? __pfx___sys_sendmmsg+0x10/0x10 [ 125.925678][ T8376] ? __pfx_lock_release+0x10/0x10 [ 125.925703][ T8376] ? kstrtouint_from_user+0x128/0x190 [ 125.925758][ T8376] ? ksys_write+0x22a/0x2b0 [ 125.925782][ T8376] ? __pfx_lock_release+0x10/0x10 [ 125.925827][ T8376] ? sb_end_write+0xe9/0x1c0 [ 125.925859][ T8376] ? vfs_write+0x730/0xd30 [ 125.925885][ T8376] ? __mutex_unlock_slowpath+0x227/0x800 [ 125.925952][ T8376] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 125.925983][ T8376] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 125.926012][ T8376] ? do_syscall_64+0x100/0x230 [ 125.926037][ T8376] __x64_sys_sendmmsg+0xa0/0xb0 [ 125.926078][ T8376] do_syscall_64+0xf3/0x230 [ 125.926098][ T8376] ? clear_bhb_loop+0x35/0x90 [ 125.926125][ T8376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.926146][ T8376] RIP: 0033:0x7fee6918cda9 [ 125.926172][ T8376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.926201][ T8376] RSP: 002b:00007fee6a043038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 125.926223][ T8376] RAX: ffffffffffffffda RBX: 00007fee693a5fa0 RCX: 00007fee6918cda9 [ 125.926244][ T8376] RDX: 0000000000000002 RSI: 0000000020003540 RDI: 0000000000000003 [ 125.926256][ T8376] RBP: 00007fee6a043090 R08: 0000000000000000 R09: 0000000000000000 [ 125.926269][ T8376] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 125.926281][ T8376] R13: 0000000000000000 R14: 00007fee693a5fa0 R15: 00007ffc0c1fb918 [ 125.926313][ T8376] [ 126.859262][ T8404] netlink: 'syz.1.737': attribute type 2 has an invalid length. [ 126.902927][ T8405] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 127.125222][ T8419] netlink: 12 bytes leftover after parsing attributes in process `syz.0.743'. [ 127.205720][ T8430] openvswitch: netlink: Message has 8 unknown bytes. [ 127.219399][ T8430] netlink: 8 bytes leftover after parsing attributes in process `syz.3.747'. [ 127.231218][ T8419] netlink: 12 bytes leftover after parsing attributes in process `syz.0.743'. [ 127.406357][ T8441] netlink: 8 bytes leftover after parsing attributes in process `syz.0.752'. [ 127.472000][ T8448] netlink: 24 bytes leftover after parsing attributes in process `syz.2.755'. [ 127.539632][ T8455] netlink: 12 bytes leftover after parsing attributes in process `syz.3.756'. [ 127.549599][ T8454] netlink: 'syz.4.757': attribute type 1 has an invalid length. [ 127.588088][ T8459] netlink: 36 bytes leftover after parsing attributes in process `syz.3.756'. [ 127.598163][ T8456] netlink: 4 bytes leftover after parsing attributes in process `syz.2.755'. [ 127.616803][ T8454] netlink: 28 bytes leftover after parsing attributes in process `syz.4.757'. [ 127.637549][ T8459] netlink: 16 bytes leftover after parsing attributes in process `syz.3.756'. [ 127.705902][ T8459] netlink: 36 bytes leftover after parsing attributes in process `syz.3.756'. [ 128.139593][ T8495] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT [ 129.072999][ T8526] xt_addrtype: ipv6 does not support BROADCAST matching [ 129.525650][ T8548] IPv6: NLM_F_CREATE should be specified when creating new route [ 129.897455][ T8575] sctp: [Deprecated]: syz.1.787 (pid 8575) Use of int in max_burst socket option deprecated. [ 129.897455][ T8575] Use struct sctp_assoc_value instead [ 129.948184][ T8528] Bluetooth: hci3: Opcode 0x0401 failed: -4 [ 130.935034][ T8632] netlink: 'syz.2.805': attribute type 1 has an invalid length. [ 130.943043][ T8633] netlink: 'syz.2.805': attribute type 1 has an invalid length. [ 130.954502][ T8632] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 130.971955][ T8633] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 131.184056][ T5145] Bluetooth: hci3: command 0x0401 tx timeout [ 131.244915][ T8646] lo speed is unknown, defaulting to 1000 [ 131.305931][ T8652] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 131.360980][ T8646] lo speed is unknown, defaulting to 1000 [ 131.445598][ T8656] RDS: rds_bind could not find a transport for ::ffff:172.30.1.3, load rds_tcp or rds_rdma? [ 131.458470][ T8657] RDS: rds_bind could not find a transport for ::ffff:172.30.1.3, load rds_tcp or rds_rdma? [ 131.568566][ T8620] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 131.686645][ T8662] netlink: 'syz.0.814': attribute type 1 has an invalid length. [ 131.694498][ T8662] netlink: 'syz.0.814': attribute type 3 has an invalid length. [ 131.707527][ T8662] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 131.730409][ T8662] ip6tnl1: entered promiscuous mode [ 131.736018][ T8662] ip6tnl1: entered allmulticast mode [ 131.960251][ T8677] pimreg: entered allmulticast mode [ 132.356400][ T8659] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 132.363103][ T8703] lo speed is unknown, defaulting to 1000 [ 132.566154][ T8711] netlink: 'syz.4.827': attribute type 2 has an invalid length. [ 132.731645][ T8703] lo speed is unknown, defaulting to 1000 [ 132.762955][ T8720] tun0: tun_chr_ioctl cmd 1074025677 [ 132.783166][ T8720] tun0: linktype set to 1 [ 132.876575][ T8725] __nla_validate_parse: 22 callbacks suppressed [ 132.876595][ T8725] netlink: 165 bytes leftover after parsing attributes in process `syz.3.831'. [ 132.947536][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.966876][ T8713] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 133.060261][ T8730] openvswitch: netlink: Message has 8 unknown bytes. [ 133.100132][ T8730] netlink: 'syz.4.832': attribute type 12 has an invalid length. [ 133.242583][ T8735] netlink: 12 bytes leftover after parsing attributes in process `syz.1.834'. [ 133.353124][ T8740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.835'. [ 133.370776][ T8740] netlink: 12 bytes leftover after parsing attributes in process `syz.3.835'. [ 133.411000][ T8745] netlink: 187320 bytes leftover after parsing attributes in process `syz.4.837'. [ 133.416791][ T8748] netlink: 4 bytes leftover after parsing attributes in process `syz.1.836'. [ 133.469288][ T8745] netlink: zone id is out of range [ 133.485264][ T8745] netlink: zone id is out of range [ 133.503285][ T8745] netlink: zone id is out of range [ 133.518504][ T8745] netlink: zone id is out of range [ 133.533662][ T8745] netlink: zone id is out of range [ 133.547824][ T8742] : renamed from ipvlan1 [ 133.550352][ T8745] netlink: zone id is out of range [ 133.602632][ T8753] netlink: 8 bytes leftover after parsing attributes in process `syz.0.838'. [ 133.611822][ T8753] netlink: 8 bytes leftover after parsing attributes in process `syz.0.838'. [ 133.776729][ T8767] netlink: 'syz.3.841': attribute type 3 has an invalid length. [ 133.784821][ T8767] netlink: 4 bytes leftover after parsing attributes in process `syz.3.841'. [ 134.131163][ T8790] netlink: 8 bytes leftover after parsing attributes in process `syz.3.848'. [ 134.770142][ T8834] netlink: 'syz.0.854': attribute type 10 has an invalid length. [ 135.672046][ T8897] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 135.678239][ T8897] syzkaller0: linktype set to 65534 [ 135.866296][ T8903] bridge2: left promiscuous mode [ 135.871321][ T8903] bridge2: left allmulticast mode [ 136.729295][ T8942] netlink: 'syz.3.882': attribute type 1 has an invalid length. [ 136.745458][ T8942] netlink: 'syz.3.882': attribute type 2 has an invalid length. [ 136.748016][ T8940] lo speed is unknown, defaulting to 1000 [ 137.114026][ T8940] lo speed is unknown, defaulting to 1000 [ 137.467447][ T8975] netlink: 'syz.4.895': attribute type 1 has an invalid length. [ 137.475501][ T8975] netlink: 'syz.4.895': attribute type 2 has an invalid length. [ 137.501694][ T8977] smc: net device bond0 applied user defined pnetid S [ 138.411721][ T9018] netlink: 'syz.1.906': attribute type 1 has an invalid length. [ 138.426570][ T9018] netlink: 'syz.1.906': attribute type 2 has an invalid length. [ 138.569668][ T9024] __nla_validate_parse: 9 callbacks suppressed [ 138.569689][ T9024] netlink: 4 bytes leftover after parsing attributes in process `syz.3.910'. [ 138.668689][ T9024] bond1: (slave batadv0): Releasing active interface [ 139.061916][ T9058] netlink: 20 bytes leftover after parsing attributes in process `syz.2.920'. [ 139.110941][ T9063] FAULT_INJECTION: forcing a failure. [ 139.110941][ T9063] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 139.151761][ T9063] CPU: 1 UID: 0 PID: 9063 Comm: syz.4.921 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 139.151793][ T9063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 139.151813][ T9063] Call Trace: [ 139.151820][ T9063] [ 139.151830][ T9063] dump_stack_lvl+0x241/0x360 [ 139.151869][ T9063] ? __pfx_dump_stack_lvl+0x10/0x10 [ 139.151901][ T9063] ? __pfx__printk+0x10/0x10 [ 139.151932][ T9063] ? __pfx_lock_release+0x10/0x10 [ 139.151970][ T9063] should_fail_ex+0x3b0/0x4e0 [ 139.151996][ T9063] _copy_from_user+0x2d/0xb0 [ 139.152028][ T9063] copy_msghdr_from_user+0xae/0x680 [ 139.152065][ T9063] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 139.152094][ T9063] ? __fget_files+0x2a/0x410 [ 139.152128][ T9063] ? __fget_files+0x2a/0x410 [ 139.152169][ T9063] __sys_sendmsg+0x209/0x350 [ 139.152199][ T9063] ? __pfx___sys_sendmsg+0x10/0x10 [ 139.152237][ T9063] ? do_sys_openat2+0x17a/0x1d0 [ 139.152297][ T9063] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 139.152326][ T9063] ? do_syscall_64+0x100/0x230 [ 139.152350][ T9063] ? do_syscall_64+0xb6/0x230 [ 139.152373][ T9063] do_syscall_64+0xf3/0x230 [ 139.152393][ T9063] ? clear_bhb_loop+0x35/0x90 [ 139.152419][ T9063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.152441][ T9063] RIP: 0033:0x7fee6918cda9 [ 139.152459][ T9063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.152476][ T9063] RSP: 002b:00007fee6a043038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 139.152498][ T9063] RAX: ffffffffffffffda RBX: 00007fee693a5fa0 RCX: 00007fee6918cda9 [ 139.152513][ T9063] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003 [ 139.152526][ T9063] RBP: 00007fee6a043090 R08: 0000000000000000 R09: 0000000000000000 [ 139.152538][ T9063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 139.152550][ T9063] R13: 0000000000000000 R14: 00007fee693a5fa0 R15: 00007ffc0c1fb918 [ 139.152582][ T9063] [ 139.353824][ T9070] netlink: 'syz.2.923': attribute type 1 has an invalid length. [ 139.361701][ T9070] netlink: 'syz.2.923': attribute type 2 has an invalid length. [ 139.458631][ T9079] lo speed is unknown, defaulting to 1000 [ 139.651086][ T9085] xt_TCPMSS: Only works on TCP SYN packets [ 139.958697][ T9079] lo speed is unknown, defaulting to 1000 [ 140.313242][ T9115] FAULT_INJECTION: forcing a failure. [ 140.313242][ T9115] name failslab, interval 1, probability 0, space 0, times 0 [ 140.326922][ T9115] CPU: 1 UID: 0 PID: 9115 Comm: syz.4.936 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 140.326950][ T9115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 140.326963][ T9115] Call Trace: [ 140.326970][ T9115] [ 140.326978][ T9115] dump_stack_lvl+0x241/0x360 [ 140.327017][ T9115] ? __pfx_dump_stack_lvl+0x10/0x10 [ 140.327059][ T9115] ? __pfx__printk+0x10/0x10 [ 140.327091][ T9115] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 140.327125][ T9115] ? __pfx___might_resched+0x10/0x10 [ 140.327154][ T9115] should_fail_ex+0x3b0/0x4e0 [ 140.327181][ T9115] should_failslab+0xac/0x100 [ 140.327213][ T9115] kmem_cache_alloc_node_noprof+0x77/0x380 [ 140.327244][ T9115] ? __alloc_skb+0x1c3/0x440 [ 140.327269][ T9115] __alloc_skb+0x1c3/0x440 [ 140.327297][ T9115] ? __pfx___alloc_skb+0x10/0x10 [ 140.327321][ T9115] ? netlink_autobind+0xd6/0x2f0 [ 140.327344][ T9115] ? netlink_autobind+0x2b0/0x2f0 [ 140.327374][ T9115] netlink_sendmsg+0x638/0xcb0 [ 140.327411][ T9115] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.327442][ T9115] ? aa_sock_msg_perm+0x91/0x160 [ 140.327471][ T9115] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.327494][ T9115] __sock_sendmsg+0x221/0x270 [ 140.327528][ T9115] ____sys_sendmsg+0x52a/0x7e0 [ 140.327561][ T9115] ? __pfx_____sys_sendmsg+0x10/0x10 [ 140.327584][ T9115] ? __fget_files+0x2a/0x410 [ 140.327617][ T9115] ? __fget_files+0x2a/0x410 [ 140.327668][ T9115] __sys_sendmsg+0x269/0x350 [ 140.327696][ T9115] ? __pfx___sys_sendmsg+0x10/0x10 [ 140.327732][ T9115] ? do_sys_openat2+0x17a/0x1d0 [ 140.327787][ T9115] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 140.327816][ T9115] ? do_syscall_64+0x100/0x230 [ 140.327838][ T9115] ? do_syscall_64+0xb6/0x230 [ 140.327859][ T9115] do_syscall_64+0xf3/0x230 [ 140.327879][ T9115] ? clear_bhb_loop+0x35/0x90 [ 140.327904][ T9115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.327925][ T9115] RIP: 0033:0x7fee6918cda9 [ 140.327942][ T9115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.327958][ T9115] RSP: 002b:00007fee6a043038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 140.327979][ T9115] RAX: ffffffffffffffda RBX: 00007fee693a5fa0 RCX: 00007fee6918cda9 [ 140.327993][ T9115] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003 [ 140.328005][ T9115] RBP: 00007fee6a043090 R08: 0000000000000000 R09: 0000000000000000 [ 140.328017][ T9115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.328035][ T9115] R13: 0000000000000000 R14: 00007fee693a5fa0 R15: 00007ffc0c1fb918 [ 140.328065][ T9115] [ 140.596624][ T9116] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 140.616612][ T9116] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 140.879138][ T9125] lo speed is unknown, defaulting to 1000 [ 141.514032][ T5145] Bluetooth: hci4: command 0x0405 tx timeout [ 142.226185][ T9125] lo speed is unknown, defaulting to 1000 [ 151.416667][ T9166] netlink: 20 bytes leftover after parsing attributes in process `syz.2.951'. [ 151.437763][ T9170] lo speed is unknown, defaulting to 1000 [ 151.543722][ T9176] netlink: 'syz.1.955': attribute type 1 has an invalid length. [ 151.559503][ T9176] netlink: 'syz.1.955': attribute type 2 has an invalid length. [ 151.799538][ T9179] netlink: 28 bytes leftover after parsing attributes in process `syz.4.954'. [ 151.862788][ T9170] lo speed is unknown, defaulting to 1000 [ 152.008300][ T9177] lo speed is unknown, defaulting to 1000 [ 152.166192][ T9198] xt_ipvs: protocol family 7 not supported [ 152.214546][ T9202] netlink: 20 bytes leftover after parsing attributes in process `syz.4.961'. [ 152.280117][ T9203] Bluetooth: MGMT ver 1.23 [ 152.455287][ T9208] netlink: 'syz.4.963': attribute type 29 has an invalid length. [ 152.548221][ T9177] lo speed is unknown, defaulting to 1000 [ 152.642581][ T9213] tipc: Enabling of bearer rejected, failed to enable media [ 152.748973][ T9174] siw: device registration error -23 [ 152.868166][ T9177] lo speed is unknown, defaulting to 1000 [ 153.047574][ T9177] lo speed is unknown, defaulting to 1000 [ 153.411454][ T9258] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 153.563290][ T9265] netlink: 16 bytes leftover after parsing attributes in process `syz.4.975'. [ 153.565130][ T9263] netlink: 'syz.3.974': attribute type 10 has an invalid length. [ 153.573657][ T5834] IPVS: starting estimator thread 0... [ 153.694364][ T9266] IPVS: using max 19 ests per chain, 45600 per kthread [ 153.695230][ T9277] netlink: 'syz.3.974': attribute type 4 has an invalid length. [ 153.732871][ T9277] netlink: 152 bytes leftover after parsing attributes in process `syz.3.974'. [ 153.742580][ T5834] hid-generic 0005:0B57:0009.0001: item fetching failed at offset 0/1 [ 153.761892][ T5834] hid-generic 0005:0B57:0009.0001: probe with driver hid-generic failed with error -22 [ 154.164801][ T29] audit: type=1800 audit(1738209826.517:2): pid=9301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.985" name="memory.events" dev="tmpfs" ino=907 res=0 errno=0 [ 154.351642][ T9306] lo speed is unknown, defaulting to 1000 [ 154.491295][ T9317] netlink: 'syz.0.991': attribute type 1 has an invalid length. [ 154.503339][ T9317] netlink: 'syz.0.991': attribute type 2 has an invalid length. [ 154.591368][ T9306] lo speed is unknown, defaulting to 1000 [ 154.614381][ T9324] netlink: 24 bytes leftover after parsing attributes in process `syz.0.992'. [ 154.725317][ T9330] netlink: 8 bytes leftover after parsing attributes in process `syz.4.995'. [ 154.981473][ T9336] netlink: 4 bytes leftover after parsing attributes in process `syz.3.993'. [ 155.000238][ T9344] lo speed is unknown, defaulting to 1000 [ 155.358683][ T9362] xt_TCPMSS: Only works on TCP SYN packets [ 155.414185][ T9344] lo speed is unknown, defaulting to 1000 [ 155.448234][ T9363] netlink: 'syz.2.1000': attribute type 1 has an invalid length. [ 155.457969][ T9363] netlink: 'syz.2.1000': attribute type 2 has an invalid length. [ 155.495810][ T9366] netlink: 'syz.3.1002': attribute type 1 has an invalid length. [ 155.649680][ T9377] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1005'. [ 155.695603][ T9377] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1005'. [ 155.718544][ T9335] lo: entered promiscuous mode [ 155.724126][ T9335] infiniband s: set active [ 155.728772][ T9335] tunl0: entered promiscuous mode [ 155.734337][ T9335] gre0: entered promiscuous mode [ 155.739754][ T9335] gretap0: entered promiscuous mode [ 155.749823][ T9335] net_ratelimit: 15 callbacks suppressed [ 155.749839][ T9335] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 155.772205][ T7350] lo speed is unknown, defaulting to 1000 [ 155.798101][ T9377] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 156.482948][ T9418] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1017'. [ 156.508481][ T9418] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1017'. [ 156.575319][ T9418] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1017'. [ 156.595761][ T9423] sch_tbf: burst 1127 is lower than device lo mtu (65550) ! [ 156.918143][ T9445] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1027'. [ 156.956243][ T29] audit: type=1804 audit(1738209829.317:3): pid=9445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1027" name="/newroot/212/cgroup.controllers" dev="tmpfs" ino=1113 res=1 errno=0 [ 156.989455][ T29] audit: type=1800 audit(1738209829.317:4): pid=9445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1027" name="cgroup.controllers" dev="tmpfs" ino=1113 res=0 errno=0 [ 157.034065][ T29] audit: type=1804 audit(1738209829.317:5): pid=9445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1027" name="/newroot/212/cgroup.controllers" dev="tmpfs" ino=1113 res=1 errno=0 [ 157.069374][ T9454] validate_nla: 3 callbacks suppressed [ 157.069393][ T9454] netlink: 'syz.4.1030': attribute type 1 has an invalid length. [ 157.082951][ T9454] netlink: 'syz.4.1030': attribute type 2 has an invalid length. [ 157.102982][ T29] audit: type=1800 audit(1738209829.317:6): pid=9445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1027" name="cgroup.controllers" dev="tmpfs" ino=1113 res=0 errno=0 [ 157.488881][ T9480] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1038'. [ 157.825987][ T5834] IPVS: starting estimator thread 0... [ 157.849696][ T9494] netlink: 'syz.0.1043': attribute type 3 has an invalid length. [ 157.871942][ T9494] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1043'. [ 157.884409][ T9494] netlink: 'syz.0.1043': attribute type 1 has an invalid length. [ 157.893105][ T9494] netlink: 'syz.0.1043': attribute type 2 has an invalid length. [ 157.924150][ T9496] IPVS: using max 20 ests per chain, 48000 per kthread [ 157.935870][ T9498] netlink: 'syz.4.1044': attribute type 10 has an invalid length. [ 157.973437][ T9498] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1044'. [ 158.034658][ T9501] netlink: 'syz.0.1046': attribute type 21 has an invalid length. [ 158.042606][ T9501] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1046'. [ 158.358632][ T9515] sctp: [Deprecated]: syz.4.1052 (pid 9515) Use of struct sctp_assoc_value in delayed_ack socket option. [ 158.358632][ T9515] Use struct sctp_sack_info instead [ 158.423385][ T9518] lo speed is unknown, defaulting to 1000 [ 158.782202][ T9539] netlink: 'syz.4.1058': attribute type 4 has an invalid length. [ 158.855084][ T9518] lo speed is unknown, defaulting to 1000 [ 158.861184][ T9541] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1059'. [ 158.874738][ T9541] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1059'. [ 159.027889][ T9550] bond0: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-alb(6) [ 159.088815][ T9553] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 159.306056][ T9562] netlink: 'syz.2.1065': attribute type 1 has an invalid length. [ 159.324257][ T9562] netlink: 'syz.2.1065': attribute type 2 has an invalid length. [ 160.247377][ T9597] netlink: 'syz.0.1078': attribute type 11 has an invalid length. [ 160.335157][ T9605] lo speed is unknown, defaulting to 1000 [ 161.390078][ T9643] bpq0: entered allmulticast mode [ 161.802198][ T9663] xt_hashlimit: size too large, truncated to 1048576 [ 161.958903][ T9674] IPVS: Unknown mcast interface: macsec0 [ 161.965434][ T9674] IPVS: Unknown mcast interface: macsec0 [ 161.985755][ T9674] IPVS: Unknown mcast interface: macsec0 [ 161.991495][ T9674] IPVS: Unknown mcast interface: macsec0 [ 162.018394][ T9674] IPVS: Unknown mcast interface: macsec0 [ 162.045047][ T9676] __nla_validate_parse: 3 callbacks suppressed [ 162.045068][ T9676] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1098'. [ 162.128736][ T9676] syz.2.1098 uses old SIOCAX25GETINFO [ 162.242681][ T9682] validate_nla: 2 callbacks suppressed [ 162.242702][ T9682] netlink: 'syz.4.1100': attribute type 1 has an invalid length. [ 162.274397][ T9682] netlink: 'syz.4.1100': attribute type 2 has an invalid length. [ 162.309912][ T9686] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1102'. [ 162.408083][ T9690] netlink: 'syz.2.1103': attribute type 4 has an invalid length. [ 162.416536][ T9690] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1103'. [ 162.447341][ T9690] netlink: 'syz.2.1103': attribute type 58 has an invalid length. [ 162.463527][ T9690] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1103'. [ 162.479402][ T9694] openvswitch: netlink: Unknown nsh attribute 0 [ 162.619270][ T9698] ebt_among: dst integrity fail: 101 [ 162.667203][ T9701] netlink: 1284 bytes leftover after parsing attributes in process `syz.1.1108'. [ 162.709291][ T9703] lo speed is unknown, defaulting to 1000 [ 162.734544][ T9701] openvswitch: netlink: Flow actions attr not present in new flow. [ 162.781580][ T9707] syzkaller1: entered promiscuous mode [ 162.817911][ T9707] syzkaller1: entered allmulticast mode [ 163.072823][ T9706] lo speed is unknown, defaulting to 1000 [ 163.080832][ T9703] lo speed is unknown, defaulting to 1000 [ 163.325661][ T9732] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1113'. [ 163.678466][ T9706] lo speed is unknown, defaulting to 1000 [ 164.018497][ T5145] Bluetooth: hci4: link tx timeout [ 164.023830][ T5145] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 164.704705][ T5835] Bluetooth: hci4: command 0x0405 tx timeout [ 164.790766][ T9768] lo speed is unknown, defaulting to 1000 [ 164.887492][ T9776] netlink: 'syz.4.1128': attribute type 2 has an invalid length. [ 164.913175][ T9776] netlink: 'syz.4.1128': attribute type 9 has an invalid length. [ 164.930307][ T9776] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1128'. [ 165.015802][ T9777] netlink: 'syz.1.1125': attribute type 1 has an invalid length. [ 165.024784][ T9778] sctp: [Deprecated]: syz.4.1128 (pid 9778) Use of struct sctp_assoc_value in delayed_ack socket option. [ 165.024784][ T9778] Use struct sctp_sack_info instead [ 165.218998][ T9771] lo speed is unknown, defaulting to 1000 [ 165.238130][ T9768] lo speed is unknown, defaulting to 1000 [ 165.591774][ T9771] lo speed is unknown, defaulting to 1000 [ 165.597735][ T9781] lo speed is unknown, defaulting to 1000 [ 165.849077][ T9781] lo speed is unknown, defaulting to 1000 [ 165.914589][ T9788] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1130'. [ 166.021803][ T9790] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1131'. [ 166.680487][ T9806] netlink: 'syz.4.1136': attribute type 1 has an invalid length. [ 166.703210][ T9810] FAULT_INJECTION: forcing a failure. [ 166.703210][ T9810] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 166.703464][ T9806] netlink: 'syz.4.1136': attribute type 2 has an invalid length. [ 166.745490][ T9810] CPU: 1 UID: 0 PID: 9810 Comm: syz.1.1137 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 166.745518][ T9810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 166.745530][ T9810] Call Trace: [ 166.745536][ T9810] [ 166.745544][ T9810] dump_stack_lvl+0x241/0x360 [ 166.745579][ T9810] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.745610][ T9810] ? __pfx__printk+0x10/0x10 [ 166.745638][ T9810] ? __pfx_lock_release+0x10/0x10 [ 166.745670][ T9810] should_fail_ex+0x3b0/0x4e0 [ 166.745695][ T9810] _copy_from_user+0x2d/0xb0 [ 166.745726][ T9810] copy_msghdr_from_user+0xae/0x680 [ 166.745762][ T9810] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 166.745789][ T9810] ? __fget_files+0x2a/0x410 [ 166.745822][ T9810] ? __fget_files+0x2a/0x410 [ 166.745860][ T9810] __sys_sendmsg+0x209/0x350 [ 166.745889][ T9810] ? __pfx___sys_sendmsg+0x10/0x10 [ 166.745925][ T9810] ? do_sys_openat2+0x17a/0x1d0 [ 166.745982][ T9810] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 166.746010][ T9810] ? do_syscall_64+0x100/0x230 [ 166.746032][ T9810] ? do_syscall_64+0xb6/0x230 [ 166.746053][ T9810] do_syscall_64+0xf3/0x230 [ 166.746072][ T9810] ? clear_bhb_loop+0x35/0x90 [ 166.746097][ T9810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.746118][ T9810] RIP: 0033:0x7f754278cda9 [ 166.746135][ T9810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.746151][ T9810] RSP: 002b:00007f7543561038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 166.746172][ T9810] RAX: ffffffffffffffda RBX: 00007f75429a5fa0 RCX: 00007f754278cda9 [ 166.746186][ T9810] RDX: 0000000000000000 RSI: 00000000200012c0 RDI: 0000000000000004 [ 166.746199][ T9810] RBP: 00007f7543561090 R08: 0000000000000000 R09: 0000000000000000 [ 166.746211][ T9810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 166.746222][ T9810] R13: 0000000000000000 R14: 00007f75429a5fa0 R15: 00007ffcf1f4f268 [ 166.746252][ T9810] [ 166.954390][ T5145] Bluetooth: hci4: command 0x0405 tx timeout [ 167.110503][ T9818] bridge2: the hash_elasticity option has been deprecated and is always 16 [ 167.303403][ T9833] lo speed is unknown, defaulting to 1000 [ 167.348190][ T9837] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1143'. [ 167.366056][ T9840] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1142'. [ 167.661521][ T9833] lo speed is unknown, defaulting to 1000 [ 167.702152][ T9862] netlink: 'syz.4.1148': attribute type 1 has an invalid length. [ 167.724936][ T9862] netlink: 'syz.4.1148': attribute type 2 has an invalid length. [ 168.184436][ T9888] FAULT_INJECTION: forcing a failure. [ 168.184436][ T9888] name failslab, interval 1, probability 0, space 0, times 0 [ 168.223747][ T9888] CPU: 1 UID: 0 PID: 9888 Comm: syz.0.1152 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 168.223776][ T9888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 168.223788][ T9888] Call Trace: [ 168.223795][ T9888] [ 168.223804][ T9888] dump_stack_lvl+0x241/0x360 [ 168.223843][ T9888] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.223874][ T9888] ? __pfx__printk+0x10/0x10 [ 168.223922][ T9888] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 168.223959][ T9888] ? __pfx___might_resched+0x10/0x10 [ 168.223988][ T9888] should_fail_ex+0x3b0/0x4e0 [ 168.224014][ T9888] should_failslab+0xac/0x100 [ 168.224044][ T9888] kmem_cache_alloc_node_noprof+0x77/0x380 [ 168.224075][ T9888] ? __alloc_skb+0x1c3/0x440 [ 168.224100][ T9888] __alloc_skb+0x1c3/0x440 [ 168.224128][ T9888] ? __pfx___alloc_skb+0x10/0x10 [ 168.224152][ T9888] ? netlink_autobind+0xd6/0x2f0 [ 168.224176][ T9888] ? netlink_autobind+0x2b0/0x2f0 [ 168.224205][ T9888] netlink_sendmsg+0x638/0xcb0 [ 168.224241][ T9888] ? __pfx_netlink_sendmsg+0x10/0x10 [ 168.224280][ T9888] ? aa_sock_msg_perm+0x91/0x160 [ 168.224307][ T9888] ? __pfx_netlink_sendmsg+0x10/0x10 [ 168.224328][ T9888] __sock_sendmsg+0x221/0x270 [ 168.224377][ T9888] ____sys_sendmsg+0x52a/0x7e0 [ 168.224410][ T9888] ? __pfx_____sys_sendmsg+0x10/0x10 [ 168.224431][ T9888] ? __fget_files+0x2a/0x410 [ 168.224463][ T9888] ? __fget_files+0x2a/0x410 [ 168.224500][ T9888] __sys_sendmsg+0x269/0x350 [ 168.224529][ T9888] ? __pfx___sys_sendmsg+0x10/0x10 [ 168.224605][ T9888] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 168.224634][ T9888] ? do_syscall_64+0x100/0x230 [ 168.224658][ T9888] ? do_syscall_64+0xb6/0x230 [ 168.224680][ T9888] do_syscall_64+0xf3/0x230 [ 168.224700][ T9888] ? clear_bhb_loop+0x35/0x90 [ 168.224727][ T9888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.224748][ T9888] RIP: 0033:0x7ff008b8cda9 [ 168.224766][ T9888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.224784][ T9888] RSP: 002b:00007ff009983038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 168.224805][ T9888] RAX: ffffffffffffffda RBX: 00007ff008da6160 RCX: 00007ff008b8cda9 [ 168.224820][ T9888] RDX: 0000000000000000 RSI: 00000000200012c0 RDI: 0000000000000004 [ 168.224832][ T9888] RBP: 00007ff009983090 R08: 0000000000000000 R09: 0000000000000000 [ 168.224845][ T9888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.224857][ T9888] R13: 0000000000000001 R14: 00007ff008da6160 R15: 00007fffe10e5768 [ 168.224888][ T9888] [ 168.430549][ T9900] x_tables: unsorted entry at hook 1 [ 168.682962][ T9911] pim6reg: entered allmulticast mode [ 168.759094][ T9914] tap0: tun_chr_ioctl cmd 1074025677 [ 168.767150][ T9914] tap0: linktype set to 821 [ 169.045912][ T9932] netlink: 'syz.3.1161': attribute type 1 has an invalid length. [ 169.053725][ T9932] netlink: 'syz.3.1161': attribute type 2 has an invalid length. [ 169.115180][ T9937] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1164'. [ 169.164962][ T9938] sctp: [Deprecated]: syz.1.1165 (pid 9938) Use of int in max_burst socket option. [ 169.164962][ T9938] Use struct sctp_assoc_value instead [ 169.209611][ T9938] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1165'. [ 169.220754][ T9938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1165'. [ 169.355153][ T9956] sit0: entered promiscuous mode [ 169.376187][ T9956] netlink: 'syz.3.1167': attribute type 1 has an invalid length. [ 169.435472][ T9956] netlink: 1 bytes leftover after parsing attributes in process `syz.3.1167'. [ 170.147455][ T9980] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1175'. [ 170.187144][ T9980] batadv0: entered promiscuous mode [ 170.192423][ T9980] batadv0: entered allmulticast mode [ 170.197812][ T9984] netlink: 'syz.3.1177': attribute type 1 has an invalid length. [ 170.197833][ T9984] netlink: 'syz.3.1177': attribute type 2 has an invalid length. [ 170.584411][ T9998] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1181'. [ 170.604434][ T9998] netlink: 'syz.2.1181': attribute type 1 has an invalid length. [ 170.758341][T10013] FAULT_INJECTION: forcing a failure. [ 170.758341][T10013] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 170.765691][T10012] x_tables: duplicate entry at hook 2 [ 170.784677][T10013] CPU: 1 UID: 0 PID: 10013 Comm: syz.4.1184 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 170.784702][T10013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 170.784714][T10013] Call Trace: [ 170.784721][T10013] [ 170.784729][T10013] dump_stack_lvl+0x241/0x360 [ 170.784766][T10013] ? __pfx_dump_stack_lvl+0x10/0x10 [ 170.784795][T10013] ? __pfx__printk+0x10/0x10 [ 170.784825][T10013] ? __pfx_lock_release+0x10/0x10 [ 170.784860][T10013] should_fail_ex+0x3b0/0x4e0 [ 170.784885][T10013] _copy_from_iter+0x1e9/0x1c20 [ 170.784912][T10013] ? __virt_addr_valid+0x183/0x530 [ 170.784950][T10013] ? __alloc_skb+0x28f/0x440 [ 170.784971][T10013] ? __pfx__copy_from_iter+0x10/0x10 [ 170.785000][T10013] ? __virt_addr_valid+0x183/0x530 [ 170.785024][T10013] ? __virt_addr_valid+0x183/0x530 [ 170.785043][T10013] ? __virt_addr_valid+0x45f/0x530 [ 170.785064][T10013] ? __phys_addr_symbol+0x2f/0x70 [ 170.785085][T10013] ? __check_object_size+0x47a/0x730 [ 170.785111][T10013] netlink_sendmsg+0x73d/0xcb0 [ 170.785160][T10013] ? __pfx_netlink_sendmsg+0x10/0x10 [ 170.785183][T10013] ? aa_sock_msg_perm+0x91/0x160 [ 170.785206][T10013] ? __pfx_netlink_sendmsg+0x10/0x10 [ 170.785224][T10013] __sock_sendmsg+0x221/0x270 [ 170.785251][T10013] ____sys_sendmsg+0x52a/0x7e0 [ 170.785277][T10013] ? __pfx_____sys_sendmsg+0x10/0x10 [ 170.785295][T10013] ? __fget_files+0x2a/0x410 [ 170.785321][T10013] ? __fget_files+0x2a/0x410 [ 170.785352][T10013] __sys_sendmsg+0x269/0x350 [ 170.785376][T10013] ? __pfx___sys_sendmsg+0x10/0x10 [ 170.785411][T10013] ? do_sys_openat2+0x17a/0x1d0 [ 170.785457][T10013] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 170.785480][T10013] ? do_syscall_64+0x100/0x230 [ 170.785498][T10013] ? do_syscall_64+0xb6/0x230 [ 170.785516][T10013] do_syscall_64+0xf3/0x230 [ 170.785531][T10013] ? clear_bhb_loop+0x35/0x90 [ 170.785552][T10013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.785569][T10013] RIP: 0033:0x7fee6918cda9 [ 170.785583][T10013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.785597][T10013] RSP: 002b:00007fee6a043038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 170.785615][T10013] RAX: ffffffffffffffda RBX: 00007fee693a5fa0 RCX: 00007fee6918cda9 [ 170.785627][T10013] RDX: 0000000000000000 RSI: 00000000200012c0 RDI: 0000000000000004 [ 170.785637][T10013] RBP: 00007fee6a043090 R08: 0000000000000000 R09: 0000000000000000 [ 170.785647][T10013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.785657][T10013] R13: 0000000000000000 R14: 00007fee693a5fa0 R15: 00007ffc0c1fb918 [ 170.785681][T10013] [ 171.148138][T10023] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1190'. [ 171.157636][T10023] netlink: 'syz.2.1190': attribute type 1 has an invalid length. [ 171.170194][T10023] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1190'. [ 171.587289][T10034] netlink: 'syz.4.1193': attribute type 10 has an invalid length. [ 171.599217][T10034] geneve0: entered promiscuous mode [ 171.620076][T10035] ip6tnl3: entered allmulticast mode [ 171.665379][T10034] IPVS: length: 232 != 24 [ 172.607827][T10072] __nla_validate_parse: 5 callbacks suppressed [ 172.607848][T10072] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1202'. [ 172.715154][T10075] IPVS: set_ctl: invalid protocol: 47 10.1.1.0:20004 [ 173.101720][T10087] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1207'. [ 173.153384][T10093] validate_nla: 1 callbacks suppressed [ 173.153403][T10093] netlink: 'syz.4.1207': attribute type 10 has an invalid length. [ 173.226498][T10096] netlink: 'syz.3.1209': attribute type 21 has an invalid length. [ 173.234837][T10096] netlink: 160 bytes leftover after parsing attributes in process `syz.3.1209'. [ 173.265864][T10096] lo speed is unknown, defaulting to 1000 [ 173.317231][T10101] netlink: 'syz.0.1210': attribute type 1 has an invalid length. [ 173.354181][T10101] netlink: 'syz.0.1210': attribute type 2 has an invalid length. [ 173.448308][T10105] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 173.448451][T10096] lo speed is unknown, defaulting to 1000 [ 173.488832][T10107] netlink: 'syz.4.1213': attribute type 1 has an invalid length. [ 173.551890][T10110] lo speed is unknown, defaulting to 1000 [ 173.634113][T10116] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1215'. [ 173.753022][T10121] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1218'. [ 174.026248][T10109] lo speed is unknown, defaulting to 1000 [ 174.265651][T10148] netlink: 116 bytes leftover after parsing attributes in process `syz.4.1222'. [ 174.470038][T10143] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1220'. [ 174.527116][T10154] netlink: 'syz.2.1224': attribute type 10 has an invalid length. [ 174.684965][T10110] lo speed is unknown, defaulting to 1000 [ 174.691899][T10109] lo speed is unknown, defaulting to 1000 [ 174.849267][T10157] netlink: 'syz.2.1225': attribute type 1 has an invalid length. [ 174.904723][T10157] netlink: 'syz.2.1225': attribute type 2 has an invalid length. [ 175.425875][T10171] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1230'. [ 175.765825][T10192] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 175.825154][T10196] sctp: [Deprecated]: syz.4.1236 (pid 10196) Use of int in max_burst socket option deprecated. [ 175.825154][T10196] Use struct sctp_assoc_value instead [ 175.919204][T10200] lo speed is unknown, defaulting to 1000 [ 176.081712][T10200] lo speed is unknown, defaulting to 1000 [ 176.158724][T10208] netlink: 'syz.0.1241': attribute type 21 has an invalid length. [ 176.167064][T10208] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1241'. [ 176.187867][T10208] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1241'. [ 176.565815][T10224] x_tables: duplicate underflow at hook 2 [ 176.749631][T10230] lo speed is unknown, defaulting to 1000 [ 176.890914][T10236] syz.2.1250 (10236) used greatest stack depth: 18576 bytes left [ 177.177397][T10230] lo speed is unknown, defaulting to 1000 [ 177.499723][T10264] lo speed is unknown, defaulting to 1000 [ 177.925353][T10230] ip6gretap0: entered promiscuous mode [ 177.944209][T10230] ip6gretap0: entered allmulticast mode [ 177.955686][T10284] FAULT_INJECTION: forcing a failure. [ 177.955686][T10284] name failslab, interval 1, probability 0, space 0, times 0 [ 177.991862][T10284] CPU: 0 UID: 0 PID: 10284 Comm: syz.3.1264 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 177.991892][T10284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 177.991904][T10284] Call Trace: [ 177.991910][T10284] [ 177.991918][T10284] dump_stack_lvl+0x241/0x360 [ 177.991967][T10284] ? __pfx_dump_stack_lvl+0x10/0x10 [ 177.991994][T10284] ? __pfx__printk+0x10/0x10 [ 177.992021][T10284] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 177.992050][T10284] ? __pfx___might_resched+0x10/0x10 [ 177.992075][T10284] should_fail_ex+0x3b0/0x4e0 [ 177.992099][T10284] should_failslab+0xac/0x100 [ 177.992126][T10284] kmem_cache_alloc_node_noprof+0x77/0x380 [ 177.992154][T10284] ? __alloc_skb+0x1c3/0x440 [ 177.992176][T10284] __alloc_skb+0x1c3/0x440 [ 177.992200][T10284] ? __pfx___alloc_skb+0x10/0x10 [ 177.992221][T10284] ? netlink_autobind+0xd6/0x2f0 [ 177.992242][T10284] ? netlink_autobind+0x2b0/0x2f0 [ 177.992269][T10284] netlink_sendmsg+0x638/0xcb0 [ 177.992302][T10284] ? __pfx_netlink_sendmsg+0x10/0x10 [ 177.992328][T10284] ? aa_sock_msg_perm+0x91/0x160 [ 177.992355][T10284] ? __pfx_netlink_sendmsg+0x10/0x10 [ 177.992375][T10284] __sock_sendmsg+0x221/0x270 [ 177.992406][T10284] ____sys_sendmsg+0x52a/0x7e0 [ 177.992436][T10284] ? __pfx_____sys_sendmsg+0x10/0x10 [ 177.992457][T10284] ? __fget_files+0x2a/0x410 [ 177.992496][T10284] ? __fget_files+0x2a/0x410 [ 177.992532][T10284] __sys_sendmsg+0x269/0x350 [ 177.992560][T10284] ? __pfx___sys_sendmsg+0x10/0x10 [ 177.992595][T10284] ? do_sys_openat2+0x17a/0x1d0 [ 177.992648][T10284] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 177.992675][T10284] ? do_syscall_64+0x100/0x230 [ 177.992697][T10284] ? do_syscall_64+0xb6/0x230 [ 177.992717][T10284] do_syscall_64+0xf3/0x230 [ 177.992735][T10284] ? clear_bhb_loop+0x35/0x90 [ 177.992759][T10284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.992779][T10284] RIP: 0033:0x7fad3258cda9 [ 177.992795][T10284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.992810][T10284] RSP: 002b:00007fad333c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 177.992831][T10284] RAX: ffffffffffffffda RBX: 00007fad327a5fa0 RCX: 00007fad3258cda9 [ 177.992844][T10284] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 177.992855][T10284] RBP: 00007fad333c1090 R08: 0000000000000000 R09: 0000000000000000 [ 177.992867][T10284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 177.992877][T10284] R13: 0000000000000000 R14: 00007fad327a5fa0 R15: 00007ffead2006c8 [ 177.992905][T10284] [ 178.051926][T10264] lo speed is unknown, defaulting to 1000 [ 178.479917][T10297] netlink: 'syz.2.1269': attribute type 5 has an invalid length. [ 178.548400][T10307] netlink: 'syz.4.1271': attribute type 1 has an invalid length. [ 178.556500][T10307] netlink: 'syz.4.1271': attribute type 2 has an invalid length. [ 179.255980][T10335] FAULT_INJECTION: forcing a failure. [ 179.255980][T10335] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 179.310391][T10335] CPU: 1 UID: 0 PID: 10335 Comm: syz.1.1279 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 179.310421][T10335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 179.310432][T10335] Call Trace: [ 179.310439][T10335] [ 179.310446][T10335] dump_stack_lvl+0x241/0x360 [ 179.310483][T10335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.310511][T10335] ? __pfx__printk+0x10/0x10 [ 179.310548][T10335] should_fail_ex+0x3b0/0x4e0 [ 179.310573][T10335] _copy_from_user+0x2d/0xb0 [ 179.310602][T10335] alg_setkey+0xc4/0x1b0 [ 179.310635][T10335] alg_setsockopt+0x383/0x450 [ 179.310658][T10335] ? __pfx_alg_setsockopt+0x10/0x10 [ 179.310675][T10335] do_sock_setsockopt+0x3af/0x720 [ 179.310705][T10335] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 179.310731][T10335] ? __fget_files+0x395/0x410 [ 179.310758][T10335] ? __fget_files+0x2a/0x410 [ 179.310793][T10335] __x64_sys_setsockopt+0x1ee/0x280 [ 179.310821][T10335] do_syscall_64+0xf3/0x230 [ 179.310840][T10335] ? clear_bhb_loop+0x35/0x90 [ 179.310864][T10335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.310884][T10335] RIP: 0033:0x7f754278cda9 [ 179.310901][T10335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.310916][T10335] RSP: 002b:00007f7543561038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 179.310936][T10335] RAX: ffffffffffffffda RBX: 00007f75429a5fa0 RCX: 00007f754278cda9 [ 179.310950][T10335] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003 [ 179.310961][T10335] RBP: 00007f7543561090 R08: 0000000000000008 R09: 0000000000000000 [ 179.310972][T10335] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001 [ 179.310983][T10335] R13: 0000000000000000 R14: 00007f75429a5fa0 R15: 00007ffcf1f4f268 [ 179.311013][T10335] [ 180.072229][T10361] xt_CT: You must specify a L4 protocol and not use inversions on it [ 180.303689][T10371] __nla_validate_parse: 4 callbacks suppressed [ 180.303709][T10371] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1296'. [ 180.788602][T10404] bridge: RTM_NEWNEIGH with invalid ether address [ 180.853819][T10405] pim6reg1: entered promiscuous mode [ 180.862077][T10405] pim6reg1: entered allmulticast mode [ 181.200146][T10431] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1322'. [ 181.311571][T10438] bridge: RTM_NEWNEIGH with invalid ether address [ 181.908398][T10470] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1340'. [ 182.367304][ T972] IPVS: starting estimator thread 0... [ 182.441561][T10494] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1351'. [ 182.464952][T10489] IPVS: using max 18 ests per chain, 43200 per kthread [ 182.495682][T10494] geneve0: left promiscuous mode [ 182.501142][T10494] geneve0: entered allmulticast mode [ 182.507324][T10499] syz.1.1353[10499] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 182.507429][T10499] syz.1.1353[10499] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 182.590895][T10499] x_tables: duplicate underflow at hook 1 [ 183.099445][T10536] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1366'. [ 183.190031][T10541] syz.1.1369[10541] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 183.190147][T10541] syz.1.1369[10541] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 183.228154][T10544] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1371'. [ 183.230795][T10541] syz.1.1369[10541] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 183.576742][T10558] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1379'. [ 183.598636][T10558] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1379'. [ 183.626827][T10558] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1379'. [ 184.310768][T10599] lo speed is unknown, defaulting to 1000 [ 184.425661][T10599] lo speed is unknown, defaulting to 1000 [ 184.870231][T10618] bond2: entered promiscuous mode [ 184.886490][T10618] bond2: entered allmulticast mode [ 184.902240][T10618] 8021q: adding VLAN 0 to HW filter on device bond2 [ 185.162686][T10618] bond2 (unregistering): Released all slaves [ 185.920942][T10667] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1423'. [ 186.030370][T10671] syzkaller0: entered allmulticast mode [ 186.069410][T10671] syzkaller0 (unregistering): left allmulticast mode [ 186.165096][T10675] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1430'. [ 186.182440][T10680] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1429'. [ 186.225451][T10680] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 186.235344][T10680] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 186.549100][T10703] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1441'. [ 186.574849][T10703] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1441'. [ 186.592853][T10703] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1441'. [ 186.633423][T10707] (unnamed net_device) (uninitialized): down delay (4) is not a multiple of miimon (100), value rounded to 0 ms [ 186.830830][T10720] x_tables: ip6_tables: socket match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT [ 186.899611][T10725] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1451'. [ 187.168456][T10740] bridge0: port 1(vlan0) entered blocking state [ 187.179473][T10740] bridge0: port 1(vlan0) entered disabled state [ 187.186568][T10740] vlan0: entered allmulticast mode [ 187.205003][T10740] vlan0: left allmulticast mode [ 187.277070][T10746] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1460'. [ 187.288865][T10746] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1460'. [ 187.298491][T10746] (unnamed net_device) (uninitialized): peer notification delay (114) is not a multiple of miimon (100), value rounded to 100 ms [ 187.390393][T10753] syz.3.1462[10753] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 187.390506][T10753] syz.3.1462[10753] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 187.402839][T10753] syz.3.1462[10753] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 187.726629][T10771] netlink: 'syz.1.1470': attribute type 32 has an invalid length. [ 187.778772][T10771] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1470'. [ 188.089516][T10796] netlink: 'syz.4.1480': attribute type 8 has an invalid length. [ 188.127067][T10796] bridge0: port 1(syz_tun) entered blocking state [ 188.134367][T10796] bridge0: port 1(syz_tun) entered disabled state [ 188.140991][T10796] syz_tun: entered allmulticast mode [ 188.168117][T10796] syz_tun: entered promiscuous mode [ 188.235669][T10807] syz.0.1485: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 188.250789][T10807] CPU: 1 UID: 0 PID: 10807 Comm: syz.0.1485 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 188.250820][T10807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 188.250833][T10807] Call Trace: [ 188.250841][T10807] [ 188.250850][T10807] dump_stack_lvl+0x241/0x360 [ 188.250892][T10807] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.250925][T10807] ? __pfx__printk+0x10/0x10 [ 188.250961][T10807] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 188.250998][T10807] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 188.251038][T10807] warn_alloc+0x278/0x410 [ 188.251065][T10807] ? __vmalloc_node_range_noprof+0x106/0x1380 [ 188.251092][T10807] ? __pfx_warn_alloc+0x10/0x10 [ 188.251118][T10807] ? kasan_save_track+0x3f/0x80 [ 188.251141][T10807] ? __kasan_kmalloc+0x98/0xb0 [ 188.251168][T10807] ? xsk_setsockopt+0x598/0x950 [ 188.251193][T10807] ? do_sock_setsockopt+0x3af/0x720 [ 188.251216][T10807] ? __x64_sys_setsockopt+0x1ee/0x280 [ 188.251238][T10807] ? do_syscall_64+0xf3/0x230 [ 188.251257][T10807] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.251292][T10807] __vmalloc_node_range_noprof+0x126/0x1380 [ 188.251349][T10807] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 188.251378][T10807] ? __kasan_kmalloc+0x98/0xb0 [ 188.251411][T10807] vmalloc_user_noprof+0x74/0x80 [ 188.251434][T10807] ? xskq_create+0xb6/0x170 [ 188.251461][T10807] xskq_create+0xb6/0x170 [ 188.251490][T10807] xsk_init_queue+0xa1/0x100 [ 188.251519][T10807] xsk_setsockopt+0x598/0x950 [ 188.251548][T10807] ? __pfx_xsk_setsockopt+0x10/0x10 [ 188.251575][T10807] ? __pfx_aa_sk_perm+0x10/0x10 [ 188.251608][T10807] ? __pfx_lock_acquire+0x10/0x10 [ 188.251636][T10807] ? aa_sock_opt_perm+0x79/0x120 [ 188.251665][T10807] ? __pfx_xsk_setsockopt+0x10/0x10 [ 188.251690][T10807] do_sock_setsockopt+0x3af/0x720 [ 188.251721][T10807] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 188.251751][T10807] ? __fget_files+0x395/0x410 [ 188.251781][T10807] ? __fget_files+0x2a/0x410 [ 188.251822][T10807] __x64_sys_setsockopt+0x1ee/0x280 [ 188.251855][T10807] do_syscall_64+0xf3/0x230 [ 188.251875][T10807] ? clear_bhb_loop+0x35/0x90 [ 188.251904][T10807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.251926][T10807] RIP: 0033:0x7ff008b8cda9 [ 188.251945][T10807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.251962][T10807] RSP: 002b:00007ff0099c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 188.251997][T10807] RAX: ffffffffffffffda RBX: 00007ff008da5fa0 RCX: 00007ff008b8cda9 [ 188.252012][T10807] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 188.252024][T10807] RBP: 00007ff008c0e2a0 R08: 0000000000000020 R09: 0000000000000000 [ 188.252037][T10807] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000000 [ 188.252049][T10807] R13: 0000000000000000 R14: 00007ff008da5fa0 R15: 00007fffe10e5768 [ 188.252082][T10807] [ 188.252090][T10807] Mem-Info: [ 188.546057][T10807] active_anon:5350 inactive_anon:0 isolated_anon:0 [ 188.546057][T10807] active_file:1674 inactive_file:38346 isolated_file:0 [ 188.546057][T10807] unevictable:768 dirty:278 writeback:0 [ 188.546057][T10807] slab_reclaimable:10696 slab_unreclaimable:93711 [ 188.546057][T10807] mapped:28673 shmem:1418 pagetables:652 [ 188.546057][T10807] sec_pagetables:0 bounce:0 [ 188.546057][T10807] kernel_misc_reclaimable:0 [ 188.546057][T10807] free:1350311 free_pcp:520 free_cma:0 [ 188.612905][T10807] Node 0 active_anon:21300kB inactive_anon:0kB active_file:6696kB inactive_file:153304kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:114692kB dirty:1108kB writeback:0kB shmem:4136kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10308kB pagetables:2508kB sec_pagetables:0kB all_unreclaimable? no [ 188.672221][T10807] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:80kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 188.703608][T10807] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 188.731730][T10807] lowmem_reserve[]: 0 2490 2491 0 0 [ 188.737219][T10807] Node 0 DMA32 free:1476968kB boost:0kB min:34184kB low:42728kB high:51272kB reserved_highatomic:0KB active_anon:21360kB inactive_anon:0kB active_file:6696kB inactive_file:152724kB unevictable:1536kB writepending:1108kB present:3129332kB managed:2550704kB mlocked:0kB bounce:0kB free_pcp:2116kB local_pcp:1188kB free_cma:0kB [ 188.773902][T10807] lowmem_reserve[]: 0 0 0 0 0 [ 188.781042][T10807] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:580kB unevictable:0kB writepending:0kB present:1048580kB managed:620kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 188.808170][T10807] lowmem_reserve[]: 0 0 0 0 0 [ 188.813568][T10807] Node 1 Normal free:3908916kB boost:0kB min:55708kB low:69632kB high:83556kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:80kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 188.888255][T10807] lowmem_reserve[]: 0 0 0 0 0 [ 188.893518][T10807] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 188.906859][T10807] Node 0 DMA32: 468*4kB (UME) 1247*8kB (UME) 753*16kB (UME) 338*32kB (UME) 398*64kB (UME) 119*128kB (UME) 47*256kB (UM) 19*512kB (UME) 20*1024kB (UM) 14*2048kB (UME) 325*4096kB (UM) = 1477528kB [ 188.927435][T10807] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 188.939297][T10807] Node 1 Normal: 222*4kB (UME) 52*8kB (UME) 34*16kB (UME) 228*32kB (UME) 96*64kB (UME) 31*128kB (UME) 16*256kB (UME) 7*512kB (UME) 5*1024kB (UM) 3*2048kB (UE) 945*4096kB (M) = 3908920kB [ 188.958743][T10807] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 188.968517][T10807] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 188.978093][T10807] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 189.031888][T10807] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 189.042620][T10807] 41438 total pagecache pages [ 189.047443][T10807] 0 pages in swap cache [ 189.051691][T10807] Free swap = 124996kB [ 189.056066][T10807] Total swap = 124996kB [ 189.083334][T10807] 2097051 pages RAM [ 189.094049][T10807] 0 pages HighMem/MovableOnly [ 189.106499][T10807] 427589 pages reserved [ 189.110707][T10807] 0 pages cma reserved [ 189.519409][T10863] syz.3.1509[10863] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.519543][T10863] syz.3.1509[10863] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.554998][T10863] syz.3.1509[10863] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 190.957627][T10948] bridge: RTM_NEWNEIGH with invalid ether address [ 191.292226][T10971] __nla_validate_parse: 6 callbacks suppressed [ 191.292247][T10971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1555'. [ 191.654253][T10991] bridge: RTM_NEWNEIGH with invalid ether address [ 191.855112][T11007] syz.4.1569[11007] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 191.855400][T11007] syz.4.1569[11007] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 191.873172][T11007] syz.4.1569[11007] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 191.982859][T11015] x_tables: unsorted underflow at hook 3 [ 192.065257][T11020] syz.1.1576[11020] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 192.065374][T11020] syz.1.1576[11020] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 192.077660][T11020] syz.1.1576[11020] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 192.084521][T11021] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled [ 192.206354][T11025] bridge: RTM_NEWNEIGH with invalid ether address [ 192.650815][T11057] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1591'. [ 192.663585][T11056] netlink: 'syz.4.1592': attribute type 10 has an invalid length. [ 192.671672][T11056] geneve0: left allmulticast mode [ 192.679172][T11059] bridge: RTM_NEWNEIGH with invalid ether address [ 193.142991][T11086] bridge: RTM_NEWNEIGH with invalid ether address [ 193.577020][T11110] IPVS: stopping backup sync thread 8226 ... [ 193.603131][T11110] [ 193.605511][T11110] ====================================================== [ 193.612531][T11110] WARNING: possible circular locking dependency detected [ 193.619548][T11110] 6.13.0-syzkaller-04046-g0ad9617c78ac #0 Not tainted [ 193.626304][T11110] ------------------------------------------------------ [ 193.633322][T11110] syz.1.1617/11110 is trying to acquire lock: [ 193.639388][T11110] ffffffff8fcc5a88 (rtnl_mutex){+.+.}-{4:4}, at: ip_mc_drop_socket+0x81/0x280 [ 193.648375][T11110] [ 193.648375][T11110] but task is already holding lock: [ 193.655737][T11110] ffff88805dce38a8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_setsockopt+0x1c3/0xe50 [ 193.665850][T11110] [ 193.665850][T11110] which lock already depends on the new lock. [ 193.665850][T11110] [ 193.676247][T11110] [ 193.676247][T11110] the existing dependency chain (in reverse order) is: [ 193.685252][T11110] [ 193.685252][T11110] -> #2 (&smc->clcsock_release_lock){+.+.}-{4:4}: [ 193.693856][T11110] lock_acquire+0x1ed/0x550 [ 193.698886][T11110] __mutex_lock+0x19c/0x1010 [ 193.704010][T11110] smc_switch_to_fallback+0x35/0xd90 [ 193.709822][T11110] smc_sendmsg+0x11f/0x530 [ 193.714765][T11110] __sock_sendmsg+0x221/0x270 [ 193.719966][T11110] __sys_sendto+0x363/0x4c0 [ 193.724987][T11110] __x64_sys_sendto+0xde/0x100 [ 193.730268][T11110] do_syscall_64+0xf3/0x230 [ 193.735288][T11110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.741700][T11110] [ 193.741700][T11110] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 193.749372][T11110] lock_acquire+0x1ed/0x550 [ 193.754407][T11110] lock_sock_nested+0x48/0x100 [ 193.759697][T11110] do_ip_setsockopt+0x1a2d/0x3cd0 [ 193.765248][T11110] ip_setsockopt+0x63/0x100 [ 193.770275][T11110] do_sock_setsockopt+0x3af/0x720 [ 193.775814][T11110] __x64_sys_setsockopt+0x1ee/0x280 [ 193.781531][T11110] do_syscall_64+0xf3/0x230 [ 193.786556][T11110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.792965][T11110] [ 193.792965][T11110] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 193.800180][T11110] validate_chain+0x18ef/0x5920 [ 193.805561][T11110] __lock_acquire+0x1397/0x2100 [ 193.810936][T11110] lock_acquire+0x1ed/0x550 [ 193.815964][T11110] __mutex_lock+0x19c/0x1010 [ 193.821083][T11110] ip_mc_drop_socket+0x81/0x280 [ 193.826469][T11110] inet_release+0x96/0x200 [ 193.831409][T11110] sock_release+0x82/0x150 [ 193.836352][T11110] stop_sync_thread+0x4e6/0x5e0 [ 193.841724][T11110] do_ip_vs_set_ctl+0x47b/0x13d0 [ 193.847187][T11110] nf_setsockopt+0x295/0x2c0 [ 193.852301][T11110] smc_setsockopt+0x275/0xe50 [ 193.857507][T11110] do_sock_setsockopt+0x3af/0x720 [ 193.863053][T11110] __x64_sys_setsockopt+0x1ee/0x280 [ 193.868771][T11110] do_syscall_64+0xf3/0x230 [ 193.873807][T11110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.880239][T11110] [ 193.880239][T11110] other info that might help us debug this: [ 193.880239][T11110] [ 193.890462][T11110] Chain exists of: [ 193.890462][T11110] rtnl_mutex --> sk_lock-AF_INET --> &smc->clcsock_release_lock [ 193.890462][T11110] [ 193.904046][T11110] Possible unsafe locking scenario: [ 193.904046][T11110] [ 193.911490][T11110] CPU0 CPU1 [ 193.916850][T11110] ---- ---- [ 193.922207][T11110] lock(&smc->clcsock_release_lock); [ 193.927580][T11110] lock(sk_lock-AF_INET); [ 193.934518][T11110] lock(&smc->clcsock_release_lock); [ 193.942414][T11110] lock(rtnl_mutex); [ 193.946403][T11110] [ 193.946403][T11110] *** DEADLOCK *** [ 193.946403][T11110] [ 193.954575][T11110] 1 lock held by syz.1.1617/11110: [ 193.959694][T11110] #0: ffff88805dce38a8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_setsockopt+0x1c3/0xe50 [ 193.970257][T11110] [ 193.970257][T11110] stack backtrace: [ 193.976149][T11110] CPU: 0 UID: 0 PID: 11110 Comm: syz.1.1617 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 193.976171][T11110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 193.976182][T11110] Call Trace: [ 193.976188][T11110] [ 193.976195][T11110] dump_stack_lvl+0x241/0x360 [ 193.976227][T11110] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.976252][T11110] ? __pfx__printk+0x10/0x10 [ 193.976282][T11110] print_circular_bug+0x13a/0x1b0 [ 193.976313][T11110] check_noncircular+0x36a/0x4a0 [ 193.976342][T11110] ? __pfx_check_noncircular+0x10/0x10 [ 193.976374][T11110] ? lockdep_lock+0x123/0x2b0 [ 193.976401][T11110] validate_chain+0x18ef/0x5920 [ 193.976426][T11110] ? mark_lock+0x9a/0x360 [ 193.976459][T11110] ? __pfx_validate_chain+0x10/0x10 [ 193.976489][T11110] ? mark_lock+0x9a/0x360 [ 193.976516][T11110] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 193.976541][T11110] ? finish_task_switch+0x1e5/0x870 [ 193.976566][T11110] ? lockdep_hardirqs_on+0x99/0x150 [ 193.976594][T11110] ? mark_lock+0x9a/0x360 [ 193.976618][T11110] __lock_acquire+0x1397/0x2100 [ 193.976648][T11110] lock_acquire+0x1ed/0x550 [ 193.976668][T11110] ? ip_mc_drop_socket+0x81/0x280 [ 193.976699][T11110] ? __pfx_lock_acquire+0x10/0x10 [ 193.976721][T11110] ? __pfx___might_resched+0x10/0x10 [ 193.976747][T11110] __mutex_lock+0x19c/0x1010 [ 193.976773][T11110] ? ip_mc_drop_socket+0x81/0x280 [ 193.976800][T11110] ? __pfx_lock_release+0x10/0x10 [ 193.976823][T11110] ? lockdep_hardirqs_on+0x99/0x150 [ 193.976848][T11110] ? ip_mc_drop_socket+0x81/0x280 [ 193.976874][T11110] ? wait_for_completion+0x555/0x620 [ 193.976899][T11110] ? __pfx___mutex_lock+0x10/0x10 [ 193.976924][T11110] ? try_to_wake_up+0x9c3/0x1470 [ 193.976951][T11110] ? _printk+0xd5/0x120 [ 193.976975][T11110] ip_mc_drop_socket+0x81/0x280 [ 193.977003][T11110] inet_release+0x96/0x200 [ 193.977024][T11110] sock_release+0x82/0x150 [ 193.977048][T11110] stop_sync_thread+0x4e6/0x5e0 [ 193.977065][T11110] ? __might_fault+0xc6/0x120 [ 193.977086][T11110] do_ip_vs_set_ctl+0x47b/0x13d0 [ 193.977110][T11110] ? nf_setsockopt+0x240/0x2c0 [ 193.977135][T11110] ? do_ip_setsockopt+0x1f44/0x3cd0 [ 193.977159][T11110] ? __pfx_do_ip_vs_set_ctl+0x10/0x10 [ 193.977181][T11110] ? __mutex_lock+0x397/0x1010 [ 193.977210][T11110] ? __mutex_unlock_slowpath+0x227/0x800 [ 193.977242][T11110] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 193.977271][T11110] ? __pfx___mutex_lock+0x10/0x10 [ 193.977302][T11110] nf_setsockopt+0x295/0x2c0 [ 193.977323][T11110] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 193.977351][T11110] smc_setsockopt+0x275/0xe50 [ 193.977382][T11110] ? __pfx_smc_setsockopt+0x10/0x10 [ 193.977408][T11110] ? aa_sock_opt_perm+0x79/0x120 [ 193.977430][T11110] ? __pfx_smc_setsockopt+0x10/0x10 [ 193.977456][T11110] do_sock_setsockopt+0x3af/0x720 [ 193.977479][T11110] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 193.977500][T11110] ? __fget_files+0x395/0x410 [ 193.977525][T11110] ? __fget_files+0x2a/0x410 [ 193.977553][T11110] __x64_sys_setsockopt+0x1ee/0x280 [ 193.977575][T11110] do_syscall_64+0xf3/0x230 [ 193.977591][T11110] ? clear_bhb_loop+0x35/0x90 [ 193.977611][T11110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.977630][T11110] RIP: 0033:0x7f754278cda9 [ 193.977645][T11110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.977660][T11110] RSP: 002b:00007f7543561038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 193.977678][T11110] RAX: ffffffffffffffda RBX: 00007f75429a5fa0 RCX: 00007f754278cda9 [ 193.977691][T11110] RDX: 000000000000048c RSI: 0000000000000000 RDI: 0000000000000003 [ 193.977701][T11110] RBP: 00007f754280e2a0 R08: 0000000000000018 R09: 0000000000000000 [ 193.977712][T11110] R10: 00000000200033c0 R11: 0000000000000246 R12: 0000000000000000 [ 193.977723][T11110] R13: 0000000000000000 R14: 00007f75429a5fa0 R15: 00007ffcf1f4f268 [ 193.977742][T11110] [ 196.464079][ T5841] Bluetooth: hci2: command 0x0406 tx timeout [ 196.470374][ T5832] Bluetooth: hci3: command 0x0401 tx timeout [ 196.470584][T11116] Bluetooth: hci1: command 0x0406 tx timeout