last executing test programs: 1.921469254s ago: executing program 1 (id=2386): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newsa={0x158, 0x10, 0x413, 0x70bd28, 0x0, {{@in=@local, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x20, 0x20}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x32}, @in=@private=0xa010100, {0x4, 0x7, 0x3d, 0x40000000000004, 0xffffffffffffffff, 0x6, 0x7f}, {0x0, 0xffffffffffffffff, 0x4}, {0xf6, 0x4, 0x4}, 0x0, 0x0, 0x2, 0x1, 0xfe}, [@algo_aead={0x67, 0x12, {{'rfc4309(ccm(aes))\x00'}, 0xd8, 0x60, "6fc3070b4f8f7330202b93875f2d67a6a77871db764ec62c9599d2"}}]}, 0x158}}, 0x804) 1.891438317s ago: executing program 1 (id=2388): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) (async, rerun: 32) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x52}]}, &(0x7f0000000440)=0x10) (rerun: 32) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000100)={r1, 0xfffffffd}, 0x10) (async, rerun: 32) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (rerun: 32) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) (async) setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8) (async) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c8, &(0x7f0000000100)) 1.696589014s ago: executing program 4 (id=2395): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275c, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000001c0)={0x1adb9, 0x100c, 0x0, 0x7, 0x1}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cgroup.max.descendants\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000a00)=ANY=[@ANYRESOCT=r1], 0x9) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="e8000000010901040000000000530000000000000900010073797a31000000000900010073797a310000000008000340000000000c0004800800014000000000100002000c00028007000100000000000800054000000000840002001400018008000100ffffffff08000200ac1e000114000180080001000a01010008000200ffffffff06000340000300000c0002"], 0xe8}}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a0000000000006111770000000000850000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) 1.696471664s ago: executing program 1 (id=2396): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200000000", 0x1c) 1.566042496s ago: executing program 1 (id=2399): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="5c0000002d000121000000000000000004000080450011802fe5afbf24fbcccc554cd9761e79b8dad8a2018544a3f855448c77987d9d7aeb"], 0x5c}], 0x1}, 0x0) 1.565774824s ago: executing program 4 (id=2400): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) (fail_nth: 5) 1.51540447s ago: executing program 1 (id=2401): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$inet6(0xa, 0x3, 0x5) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000080)={'ip6gre0\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x4, 0x3, 0x81, 0x7f7, 0x30, @empty, @loopback, 0x10, 0x7, 0x1000200, 0x9}}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000003200)={'ip6tnl0\x00', &(0x7f0000003180)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @empty}}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001340)=@newtfilter={0x878, 0x2c, 0xd2b, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x1}, {}, {0xe, 0x1}}, [@filter_kind_options=@f_fw={{0x7}, {0x84c, 0x2, [@TCA_FW_POLICE={0x848, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x9, 0xbc6, 0xf, 0x100, 0x800, 0x5, 0xfffffff7, 0xa, 0x8, 0x101, 0x1, 0x49, 0x8, 0x80, 0x4, 0x2, 0x5, 0x2ff, 0x7af, 0x8, 0x6, 0x3, 0x3ff, 0x9b, 0x811, 0x2, 0x100, 0x1, 0x1, 0x6, 0x1, 0x2, 0x1, 0x2, 0x29b3, 0x8, 0x5, 0x9, 0x80000001, 0x8, 0x5, 0x7, 0x2, 0x9, 0x1ff, 0x80000000, 0x77, 0x7fff, 0x7, 0x101, 0xffff, 0xc3, 0xf, 0x2596, 0x1, 0x4, 0xfffffffe, 0xc7eb, 0x3, 0x7, 0x4000000, 0x5, 0x8001, 0xc, 0xf605, 0x8, 0x1, 0x9, 0x2, 0x2a9, 0xc, 0x0, 0x6, 0x5, 0x200, 0x9cbb, 0x9, 0x1, 0x7, 0x80000001, 0x9, 0x7, 0x645, 0x2, 0x800, 0x2, 0x9, 0x9, 0x298, 0x186000, 0x3230, 0xb2, 0x8e, 0x41b, 0x2, 0x1, 0x1ff, 0x5, 0x4, 0xe096, 0x66, 0x8, 0x3, 0x10001, 0x7, 0x0, 0xd53, 0xfffffffd, 0x1, 0x180, 0xa, 0x4, 0x9, 0x0, 0x7, 0x10, 0x6, 0x3, 0x5, 0x6, 0xd72d, 0x0, 0xc9, 0x101, 0x9, 0xf, 0xb1e, 0x481, 0x4, 0x6, 0x9, 0xff, 0x8, 0xe0, 0x3, 0x6ee4, 0x81, 0x5, 0xfffffffa, 0x3, 0x5, 0x4, 0x8, 0x74d, 0x85, 0x80000000, 0x7fffffff, 0x1, 0xfffffff7, 0x1, 0x1, 0x20, 0x6, 0x5, 0x7, 0x8, 0x72, 0x4, 0x7, 0x4, 0x1ff, 0xc, 0x7, 0x613b, 0x3, 0x7ff, 0xefba, 0xf7, 0x5, 0x9, 0xfffffff8, 0x9, 0x100, 0x9, 0x1, 0x2, 0x80000000, 0x401, 0x1, 0x5, 0x81, 0x68, 0x1, 0x85, 0x40000080, 0x0, 0x5, 0x1ff, 0x5, 0x1, 0x7f, 0x7, 0x6, 0xffffbffb, 0xfff, 0x4, 0x2, 0x0, 0x2, 0x9, 0xfff, 0x6, 0x1, 0x5, 0x5, 0x71c, 0x6, 0x699c, 0x41bf, 0x21, 0x5, 0x7f, 0x8a5a, 0x5, 0x9, 0x1fddc4a1, 0xde5c, 0x8, 0x4, 0x6, 0x9366, 0x7, 0x800, 0x401, 0x7, 0x7f, 0x8, 0x3, 0x2, 0x2, 0x5, 0xe, 0xfe, 0x9, 0xd36, 0x0, 0x0, 0x2c5, 0xe, 0x1, 0x8, 0x6, 0x8000, 0x0, 0x3, 0x7fffffff, 0x4, 0x6, 0x1, 0x0, 0x5, 0x9, 0x3f, 0x2, 0x81, 0x9]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x7ff, 0x8, 0x6, 0x6, 0x3, 0x6, 0xe, 0xff, 0xffffffff, 0x2, 0x8, 0x6, 0x13c, 0x800, 0x7, 0x4, 0x7, 0x5, 0xd, 0x1, 0x7, 0x6, 0x2cb9, 0x6, 0x8, 0x7fffffff, 0x3, 0x6, 0x10001, 0xda, 0x689, 0x7fffffff, 0x2, 0x10, 0x1ff, 0x2, 0x101, 0x14, 0x4, 0x4, 0x8000, 0x3c, 0x3, 0xa, 0x8, 0x2, 0x8001, 0x401, 0x4, 0xffffffff, 0x307, 0xda, 0x1ff, 0xa, 0x9, 0x7fff, 0x3, 0xc, 0x4, 0x2, 0x8, 0xfffffff7, 0x10000, 0x3, 0x5, 0x612, 0x0, 0x8, 0x2, 0x6, 0x8, 0x80000000, 0x3, 0x1000, 0x5, 0x2, 0x8, 0x3, 0xf, 0x0, 0xfffffffd, 0x4, 0x2, 0x9, 0xa, 0x8, 0x1257, 0x348, 0x9, 0x3, 0xffff85fd, 0x1, 0x9, 0x6, 0x3, 0x2, 0xff, 0xfffffffc, 0x6, 0x2, 0x5326, 0xb, 0x5, 0x7, 0x6, 0x81, 0xd9f6, 0xa, 0x8000, 0x0, 0x401, 0x2, 0x3, 0x0, 0x7, 0x7f, 0x73a6bd75, 0xfffff5cc, 0x35, 0x4, 0x4, 0xffff8000, 0xc, 0xa, 0x7fffffff, 0x10, 0x4, 0x7, 0x4, 0x80000001, 0x3, 0x0, 0x3, 0x6a4, 0xaa8, 0x9, 0x3c, 0x2, 0x6, 0x2c1, 0xa, 0x2, 0xfffffff7, 0x5, 0xf818, 0x4, 0x7, 0x1, 0x7fffffff, 0x4, 0xd98, 0x6, 0x6, 0xffff, 0x1, 0xaa3a, 0x5, 0x8, 0x9, 0x3, 0x9, 0x6, 0x200, 0x4, 0x5, 0x800, 0x8, 0xa16, 0x101, 0x6, 0x4, 0x5, 0x8001, 0x401, 0x6, 0x5, 0x5, 0xfffffffe, 0x8, 0xffffffff, 0x9, 0x2, 0x8, 0x5, 0x80000001, 0xff, 0xc9, 0x5, 0x7ff, 0x4, 0x0, 0x7, 0x800, 0x3aee, 0xffffffff, 0xc, 0x0, 0x4, 0x0, 0x4, 0x7, 0x80000000, 0x0, 0x5, 0x7ab2a9cb, 0xfffffffe, 0xfff, 0x5, 0xffffffff, 0x0, 0x7f, 0x2, 0xfffffff9, 0x3, 0x10001, 0x4ed, 0x8, 0x6, 0x9, 0x4, 0xfffffff8, 0xe58, 0x80000001, 0x60000000, 0xffff, 0x4c16, 0xa9a, 0x401, 0xf, 0x7fff, 0x9, 0xf9, 0x3, 0x5, 0x7fff, 0xc, 0x8, 0xd674, 0xfff, 0x6, 0x7637, 0x6, 0x40, 0x92b88b6, 0xdc8d, 0x10001, 0x2, 0x5f4, 0x40, 0x373, 0x6, 0x7, 0xfffffffe, 0x1, 0x80, 0x2]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x7, 0x2, 0x6, 0xb, 0x10001, {0x8, 0x2, 0x7, 0xffff, 0x6, 0xa}, {0x5, 0x0, 0xae, 0xd, 0x40, 0xfffeffff}, 0x1, 0xf, 0x1}}]}]}}]}, 0x878}, 0x1, 0x0, 0x0, 0x893}, 0x24040084) 681.396286ms ago: executing program 4 (id=2404): bpf$PROG_LOAD(0x5, &(0x7f0000001680)={0xd, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000100000000000000000000007112bf000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=@delchain={0x64, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xa}}, [@TCA_RATE={0x6}, @filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x24, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x20, 0x0, 0x0, 0x0, {{}, [@TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_NFPROTO={0x5}]}}]}]}]}}]}, 0x64}}, 0x0) accept(r0, &(0x7f0000000200)=@ieee802154={0x24, @long}, &(0x7f00000002c0)=0x80) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x30, r2, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x30}}, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0xaee, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000380], 0x0, &(0x7f0000000000), &(0x7f0000000380)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{0x11, 0x53, 0x80f3, 'erspan0\x00', 'macvlan0\x00', 'veth1_virt_wifi\x00', 'vlan1\x00', @remote, [0x0, 0x0, 0x0, 0xff, 0x0, 0xff], @empty, [0x0, 0x0, 0x0, 0xff, 0xff, 0xff], 0x9de, 0xa26, 0xa5e, [@ip6={{'ip6\x00', 0x0, 0x50}, {{@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x1c}, [0xff000000, 0xffffffff, 0xffffffff], [0xffffff00, 0xffff00, 0xffffffff, 0xffffffff], 0x0, 0x88, 0x4, 0x54, 0x4e24, 0x0, 0x4e21, 0x4e20}}}, @among={{'among\x00', 0x0, 0x8d0}, {{@zero, @offset=0x468, 0x2, {[0x80, 0xc9a, 0x6, 0x2, 0x0, 0x1ff, 0x1, 0x8000, 0x80, 0x4, 0x80000000, 0x0, 0x9bd9, 0x80, 0x3, 0x19e, 0x5, 0x5, 0x2, 0xffc, 0x6, 0x0, 0x4, 0xc79, 0x8, 0x57686a67, 0xfffffffa, 0x3, 0x10, 0x2, 0x4, 0x9, 0x881, 0xc0000000, 0x81, 0xac, 0x4, 0x9, 0x7, 0x0, 0x6, 0x3, 0x3, 0x6, 0x401, 0x1, 0x6, 0x67, 0xfffffffd, 0x29, 0x10, 0x7, 0x6, 0x2, 0x6, 0x80000001, 0x5, 0x0, 0xffff, 0x401, 0x2, 0x75, 0x5, 0x1, 0x0, 0x1955b98c, 0x3ff, 0x4, 0xb4, 0x4, 0x4, 0x1, 0x5a84, 0x5, 0xff, 0x0, 0xaa, 0xfffffffe, 0x2, 0x4, 0x5f, 0x1, 0x9b08, 0xfffff800, 0x80, 0xc, 0xd, 0x3ff, 0x2, 0x7f, 0x5, 0x2, 0x9, 0x1, 0xf, 0xc244, 0x1, 0x4, 0x9, 0x6, 0x8, 0x7, 0x584a, 0x1, 0x8, 0x1, 0x9, 0x7f67, 0x8, 0xb, 0x7fffffff, 0x5, 0x1000, 0x25c9, 0x9, 0xb, 0xf7d, 0xab5, 0x2, 0x8000, 0x7, 0x6, 0x7949244e, 0x5, 0x7ff, 0x7, 0x7ff, 0x5c875444, 0x5, 0x0, 0x9, 0x1, 0xf1f, 0x6, 0x1, 0x5, 0x4, 0x2, 0x9, 0x0, 0x550, 0x7fffffff, 0x3, 0x1, 0x4, 0x6, 0x7ff, 0x2, 0x4, 0x8, 0x2, 0x3ff, 0x1000, 0xffffff81, 0x5, 0x7ff, 0x7, 0xaa77, 0x9, 0x3, 0x7f, 0x4, 0xf, 0x3, 0x7, 0xb39, 0x2, 0x9, 0x9, 0x3, 0x7, 0x8, 0x8, 0x4b, 0x3, 0x0, 0x4, 0x4, 0x3, 0x7fffffff, 0x10001, 0x0, 0x3ff, 0x10, 0x9, 0x8, 0x1, 0x0, 0x9, 0x24b, 0x7, 0x3, 0x7, 0x3, 0xf960, 0xe, 0x6, 0xc22, 0x8, 0x2, 0x4, 0xeb18, 0xc6f6, 0x4, 0x2, 0xc, 0x80000001, 0x0, 0x8c, 0x2c, 0x9, 0x82a, 0x3d, 0x10001, 0x0, 0x80000001, 0x2, 0x7f, 0x1, 0x0, 0x60f, 0x3, 0x773e, 0x6, 0x2, 0x401, 0x66, 0xdb4, 0x0, 0x4e, 0x2b47, 0x7, 0x74, 0x7, 0x3, 0x5, 0x3, 0x5, 0x8, 0xf, 0x4, 0x0, 0xffff4ff2, 0x6, 0x5, 0x3, 0x101, 0xdf, 0x0, 0x5, 0x4, 0x0, 0x4, 0x4, 0x7, 0x7, 0x1], 0x7, [{[0x0, 0xfffffffd], @dev={0xac, 0x14, 0x14, 0x33}}, {[0x10000, 0x3ff], @remote}, {[0x4, 0x200], @loopback}, {[0xa00, 0x3], @private=0xa010101}, {[0x7ff, 0x9], @private=0xa010101}, {[0x3, 0x4], @empty}, {[0xa, 0x8001], @multicast1}]}, {[0x6, 0x7224, 0x81, 0x254, 0x8, 0x7, 0x13, 0xfffffffe, 0xff, 0x7, 0x1, 0x7fffffff, 0x6, 0x8, 0x7abf4bb6, 0x69a, 0x9, 0x492a0351, 0xd, 0x1b, 0x3, 0xe8, 0x8, 0x1, 0x1, 0x8, 0x0, 0x2, 0x6, 0x9, 0x5, 0x1, 0xc8, 0x8, 0x7, 0x4, 0x40000000, 0x7, 0x280, 0x7da00, 0x7fff, 0x737, 0x90c, 0x0, 0x5, 0x3e, 0x79, 0x2, 0xee2, 0xffffff54, 0x7, 0xe0, 0x7, 0x3, 0x2, 0xfffff000, 0x7fff, 0x101, 0xf, 0x6, 0xfffffffd, 0x1, 0x7fffffff, 0x7, 0x5, 0x5, 0x5, 0x8, 0x1, 0xe1, 0x7, 0x400, 0x7, 0xff, 0x0, 0x1, 0x0, 0x3, 0x7f, 0x7, 0x5c, 0x8, 0x6, 0x92f, 0x8, 0x1, 0x101, 0x8, 0x9, 0x3, 0x2, 0x41bd, 0x6, 0x0, 0x2, 0x9, 0x10000, 0x9, 0x6, 0x9, 0x7, 0xdb22, 0x5, 0x7, 0x8, 0x1000, 0x0, 0x6b, 0x3ff, 0x20, 0x1000, 0x6, 0x3, 0x0, 0x4, 0x101, 0x0, 0x4, 0x7c, 0x2, 0x4, 0x2, 0x8, 0x4, 0x0, 0x101, 0x2, 0x0, 0xff, 0x5ad27497, 0x1ff, 0x101, 0xfffff001, 0xc, 0x7ef, 0x9, 0x8, 0x6, 0x7, 0x101, 0x5ad, 0xa, 0x5, 0x4, 0x9, 0x200, 0x5, 0x1eba5b55, 0x9, 0x2c, 0xffff02ed, 0x100, 0x5, 0x6, 0x8, 0x9, 0x1, 0xffff, 0x2, 0xffffffff, 0x2, 0x58, 0x3ff, 0x1, 0x1, 0x7fff, 0xf, 0x7723, 0x7, 0x10000, 0x3280, 0x4, 0x8, 0x0, 0x9, 0x1, 0x1000, 0x3, 0x4, 0x9, 0x5, 0x8, 0x100, 0xdaea, 0x6, 0x8001, 0x20, 0x7f7f, 0x1, 0x5, 0x7, 0xfaba, 0xdce, 0x8, 0x3, 0x3, 0x2, 0x7, 0x3, 0x3, 0x2, 0x100, 0x3, 0x7ff, 0x7, 0x6, 0x2, 0x0, 0xb8, 0x80000001, 0x0, 0xfffff001, 0x0, 0x6, 0x5, 0x0, 0x8, 0xe5f, 0x7ea26632, 0x3, 0x2, 0x7, 0x4, 0x101, 0x400, 0x2, 0x1, 0xb3f, 0x7c6, 0x81, 0x2, 0xd1, 0xc, 0x5, 0xc45, 0x0, 0xfffffff4, 0x38be, 0x8000000, 0x1, 0x8000, 0x7, 0x6, 0x10001, 0x6, 0x8, 0x7, 0x1, 0x6, 0x5, 0x6, 0x8, 0x0, 0xff, 0xb, 0x3, 0x7fff], 0x8, [{[0x8, 0x100], @remote}, {[0xff, 0x7], @rand_addr=0x64010101}, {[0x3, 0x5], @broadcast}, {[0x8000, 0x4], @multicast1}, {[0xb, 0x83], @multicast2}, {[0x3, 0x5], @private=0xa010102}, {[0x27b, 0x40], @empty}, {[0x7, 0x6], @private=0xa010102}]}}}}], [@common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00', 0x9, 0x5, {0xfffffffffffffffb}}}}], @common=@dnat={'dnat\x00', 0x10, {{@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, 0x10}}}}]}, {0x0, '\x00', 0x1, 0x8000000000000000}]}, 0xb66) r4 = socket$inet(0x2, 0x2, 0x81) setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c) syz_emit_ethernet(0xae, &(0x7f0000000140)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tipc={{0x1d, 0x4, 0x1, 0x9, 0xa0, 0x65, 0x0, 0xc5, 0x6, 0x0, @remote, @broadcast, {[@noop, @timestamp_prespec={0x44, 0x2c, 0xd9, 0x3, 0x3, [{@multicast2, 0xf1a}, {@rand_addr=0x64010102}, {@remote, 0xb4e4}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x714e5e4}, {@local, 0x2}]}, @timestamp={0x44, 0x10, 0x44, 0x0, 0x1, [0x80000000, 0x82, 0x8000]}, @ssrr={0x89, 0xb, 0x60, [@local, @dev={0xac, 0x14, 0x14, 0x1d}]}, @rr={0x7, 0x17, 0xfb, [@dev={0xac, 0x14, 0x14, 0x27}, @broadcast, @private=0xa010100, @rand_addr=0x60010102, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}, @payload_named={{{{{0x2c, 0x0, 0x1, 0x0, 0x0, 0xa, 0x0, 0x2, 0x3, 0x0, 0x2, 0x5, 0x1, 0x2, 0x1, 0x5, 0x4, 0x4e24, 0x4e20}, 0x3, 0x3}, 0x3, 0x3}}, [0x0, 0x0, 0x0, 0x0]}}}}}, 0x0) 593.405188ms ago: executing program 1 (id=2407): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000215000/0x1000)=nil, 0x1000, 0x0, 0x6011, r0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet(r1, &(0x7f00000003c0)={&(0x7f0000000040)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000180)="18", 0x1}], 0x1}, 0x4008840) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000380)=[@in6={0xa, 0x0, 0x0, @remote, 0x9}], 0x1c) setsockopt(r1, 0x84, 0x7f, &(0x7f0000000140)="0200000009800089", 0x8) r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r3, &(0x7f0000000440), 0x10) listen(r3, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) sendto$packet(r4, &(0x7f0000000600)="5f0efc", 0xfffffffffffffe4c, 0x44, 0x0, 0x0) setsockopt$rose(r2, 0x104, 0x4, &(0x7f0000000000)=0xffff7ffd, 0x4) ioctl$FS_IOC_RESVSP(r2, 0x40305829, &(0x7f0000000240)={0x1100, 0x2, 0x80000008, 0x10003}) 497.721701ms ago: executing program 0 (id=2409): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000005740)=""/4102, 0x1006}, {&(0x7f0000000480)=""/144, 0x90}], 0x2}, 0x4}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x300, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/97, 0x61}, {&(0x7f0000000280)=""/118, 0x76}, {&(0x7f0000001740)=""/4080, 0xff0}, {&(0x7f0000004740)=""/4073, 0xfe9}], 0x4}, 0x8}], 0x3, 0x10060, 0x0) 496.285881ms ago: executing program 2 (id=2410): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x64, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffff639c}]}, 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="3800000002011d04000000000000000002000000240001801400018008000100e0fc000108000200e00000010c000280050001"], 0x38}}, 0x0) 450.228529ms ago: executing program 3 (id=2411): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = accept4$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, &(0x7f0000000080)=0x10, 0x0) setsockopt$inet_int(r1, 0x0, 0x5, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000001c0000000a"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20008050}, 0x4814) r3 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r3, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x44, 0x453, 0x4, 0x70bd27, 0x25dfdbfc, "d98b8d359ef78c9525e8cd0455fd41ca1181c3cbd9a0eb3005e40381991c6c8574bfdd952fd6ff208e1e36f28aa88ae79b"}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x50) syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r2) 446.638861ms ago: executing program 4 (id=2412): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[], 0xfc}}, 0x0) write$tun(r0, &(0x7f0000000100)={@val={0x0, 0x88b5}, @void, @eth={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x29}, @multicast, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x6, 0x14, 0x65, 0x14, 0x1, 0x6, 0x0, @dev={0xac, 0x14, 0x14, 0x21}, @empty}}}}}}, 0x26) 407.096027ms ago: executing program 0 (id=2413): r0 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x4, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000000c0)=0x80, 0x4) sendto$inet6(r0, &(0x7f0000000040)="00d8", 0x20a00, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback={0xffe0}, 0xc5f}, 0x1c) 358.151817ms ago: executing program 2 (id=2414): r0 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)={0x74, r0, 0x1, 0x0, 0x25dfdbfd, {}, [@WGDEVICE_A_PEERS={0x4c, 0x8, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x74}}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(twofish))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) socket$igmp(0x2, 0x3, 0x2) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000000)={'syz_tun\x00', 0x3}) 354.499394ms ago: executing program 0 (id=2415): r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0)=0xffffffffffffffff, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vxcan0\x00', 0x0}) pipe(&(0x7f0000000440)) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x40, '\x00', r1, r0, 0x3, 0x0, 0x2}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r2}, &(0x7f0000000040), &(0x7f00000000c0)='%-010d \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r2}, 0x4) r3 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33) recvmsg(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000004700)=""/4098, 0x1002}, {&(0x7f0000003700)=""/4081, 0xff1}, {&(0x7f0000005740)=""/4153, 0x1039}, {&(0x7f0000000200)=""/115, 0x73}, {&(0x7f0000000780)=""/198, 0xc6}, {&(0x7f0000000140)=""/165, 0xa5}], 0x6}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x10, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000ff0500000000000000000000b7080000000000007b8af8ff00000000b7080000ff0100007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000380), 0xffffffffffffffff) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000600)={0x50, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x3c, r4, 0x400, 0x70bd29, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:agp_device_t:s0\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x5}, 0x4004) 309.797152ms ago: executing program 3 (id=2416): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x6) r1 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}, 0x1, 0x0, 0x700, 0x4040000}, 0x100) 273.048949ms ago: executing program 4 (id=2417): accept4$unix(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x80000) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req={0x2, 0xffff, 0x800, 0x114}, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r1 = openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_devices(r1, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="22003300d0000000ffffdfffff"], 0x55}}, 0x0) 202.032657ms ago: executing program 0 (id=2418): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{0x0}], 0x1, 0x0, 0x0, 0x7400}, 0x20004800) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48}, 0x8) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x3c, r8, 0x101, 0x70bd27, 0x25dfdc00, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x41}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000000c0)=ANY=[@ANYRES16=r7, @ANYRES32, @ANYBLOB="00000000da44000024001a8020000a8014000700fe8000000000000000020040000000000500080002000000140003007866726d30"], 0x58}}, 0x40408c4) 197.506163ms ago: executing program 2 (id=2419): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="4000000010000100000000000000200000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000a000100aaaaaaaaaabb0000140035006d616373656330"], 0x40}}, 0x0) 187.401907ms ago: executing program 4 (id=2420): r0 = socket$igmp6(0xa, 0x3, 0x2) getsockopt$sock_buf(r0, 0x1, 0x3d, &(0x7f0000000040)=""/32, &(0x7f0000000340)=0x20) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'ip6tnl0\x00', 0x0, 0x2f, 0x8, 0xc2, 0x7, 0x2, @loopback, @local, 0x7800, 0x8068, 0x80000001, 0x9}}) sendmsg$nl_route(r1, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@ipv6_newaddrlabel={0x30, 0x48, 0x100, 0x70bd28, 0x25dfdbfd, {0xa, 0x0, 0x18, 0x0, r2, 0x6}, [@IFAL_ADDRESS={0x14, 0x1, @empty}]}, 0x30}, 0x1, 0x0, 0x0, 0x48880}, 0x20000080) sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="f000000010000d0400"/20, @ANYRES32=0x0, @ANYBLOB="0008000000020000bc0012800c0001006d6163766c616e00ac00028008000300010000000800010010000000010004000180c200000300000a00040000000000030000000800070005000000080007000a0000004c0005800a000400aaaaaaaaaabb00000a000400aaaaaaaaaabb00000a0004004ac92f9d35ed00000a000400aaaaaaaaaaaa00000a000400aaaaaaaaaabb00000a000400aaaaaaaaaaaa000006000200010000000a000400aaaaaaaaaabb0000100005800a000400b25b12b8e5000000140035006d6163766c616e30"], 0xf0}, 0x1, 0x0, 0x0, 0x40}, 0x0) socket$packet(0x11, 0x3, 0x300) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$SIOCGETNODEID(r5, 0x89e1, &(0x7f0000000080)) setsockopt$inet6_int(r4, 0x29, 0x35, &(0x7f0000000000)=0x3, 0x4) sendto$inet6(r4, 0x0, 0x0, 0x20000004, &(0x7f0000000700)={0xa, 0x2, 0x0, @rand_addr, 0x2}, 0x1c) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r6, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r3], 0x38}}, 0x10) 181.202692ms ago: executing program 3 (id=2421): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f0000000240)=0x9, 0x4) setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f00000002c0)=0xffff, 0x4) bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) syz_emit_ethernet(0xd2, &(0x7f0000000d00)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd60ffffff079c1100fe8000000000000000000000000000bbff02000000000000000000000000000100000e22009c90"], 0x0) 113.881475ms ago: executing program 2 (id=2422): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0) syz_emit_ethernet(0x82, &(0x7f0000000080)={@broadcast, @multicast, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "fec000", 0x48, 0x3a, 0x0, @private0, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "18b088", 0x0, 0x0, 0x0, @local, @local, [@hopopts={0x11}], "fafb17c133d11e59bb99c35bdfcf89f5"}}}}}}}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2, 0xffffffffffffffff}, 0x4) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000240)={r3, 0x0}, 0x20) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x21, &(0x7f0000000140)=[{&(0x7f00000004c0)="d8000000190081154e81f782db4cb904021d0800fd02fe02e8fe50a10a000548258848000c600e41b0000900ac00080325000000040015000a00ff150048035c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x4c, 0x28, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffdfc, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0x2, 0xb}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9c, 0xa, 0x4, 0x75e}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4049004}, 0x4000080) 113.412832ms ago: executing program 0 (id=2423): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@updpolicy={0xb8, 0x14, 0x1, 0x0, 0x0, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x80ffffff}}, 0xb8}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x4000000) 107.516788ms ago: executing program 3 (id=2424): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) syz_emit_ethernet(0x1f, &(0x7f0000000180)=ANY=[@ANYBLOB="ffffffffffff000000e8ff000003424203"], 0x0) r1 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x25, 0x10, @val=@netfilter={0x7, 0x1, 0x7b6}}, 0x20) bpf$LINK_DETACH(0x22, &(0x7f00000001c0)=r1, 0x4) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000840)=ANY=[@ANYBLOB="3800000056000100000000133800af0300000000", @ANYRES32, @ANYBLOB="20004e0bdfa2ec301cdd8caa03a9dfbd93d5f443f467a8015c9a2073919b96ac23a152b73e518145727d93b6052b6606397e6f0257e602e86ba9882b6c6620ea51c75297be0a7e147e52e68e0093475a46b0715dde09757e3cd021fec648ebf6f028ef5bd0bdfac396d192b6d520f5f3743436fface53edf998839e49444e626fa7adc90b206f4f10500186d0ddfcb71d1a0f3053811b57581084e45faf05041c82d11fdc968d3432fda32b7f0a13babb0ae6d6268e56123bb1db680426be9a9e653e8b366b388a553d286fd3f2528c0fd330ec042cee56ecd6fd4ce1593d140599585448483c61a272b95c1e30de5f1b2159e84b4d5494f011acf93b97614e523ed7f0dcecb7619e7"], 0x38}}, 0x0) r3 = accept$alg(r0, 0x0, 0x0) r4 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000600)='syz0\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000005c0)={@cgroup=r4, 0x10, 0x0, 0x1, &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f0000000500)=[0x0], &(0x7f0000000540)=[0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0]}, 0x40) sendmmsg$alg(r3, &(0x7f0000001140)=[{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)="f51cd12150816a2ba4e93c70d3ab9251d011a119c0a0bd", 0x17}, {&(0x7f0000000040)="2321fd251640680e0722dcaec284fae45fd5c283cf1e6d3b3b46f5a735d1f8a711b14865707257c158e9896d6e557bcc1920", 0x32}, {&(0x7f00000000c0)="f1a9ad35b3c771d20c8ea152002a996f8c88bff86701c572467ace190c1da1c009582d76f18b3625117011524ad108dd524159b94751ab47cc11603d5cca6d554b49a98ce552f6dc0c2a01655dfff2a25398d3bbf8e56a3fd9adab0c7cf8a4d04e9c4a6b5e69864481d1e0c219af659b40615364169058b44f717f790262b7b5ebd274811ad58a44c5ffa35a38c569fe06f9180cd0267aea3b493f05798af2dfda0e9580895e1ff02e94afed108d57d4ade0b7c74a69c5cf7cdb98f8422ebef7f66e554f9c", 0xc5}, {&(0x7f00000022c0)="ccd14d667a379245ad18210cb3811662cb41bda64c221f5f63940ed5484fbf6549b540935a8c38ecf7df4ab5089365e6108ad6619cd32997b49d57c62c2fd744254689a2a959d26c0478baa9da5d908117af89ee2b42ae2025f6311003dd31feb466264a7eb16aaf4b5e4164cc2360d494fe5551c4802172ec1a128154cb8bae8a5a8b598bb9bf66c61cca42df91fee89ab2dd65ea553acb6a5f3f6e1fd790b803bed568f99a152da6a470a1efcbdfa5f7ac7d97d135d040bc5b472953e62971399b839fa7c7d999e5d60a69dabd13", 0xcf}], 0x4, 0x0, 0x0, 0x400c080}], 0x1, 0x8080) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_BT_SECURITY(r5, 0x112, 0x4, 0x0, 0x0) recvmmsg(r3, &(0x7f00000006c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000240)=""/211, 0xd3}, {&(0x7f0000000380)=""/231, 0xe7}, {&(0x7f0000000640)=""/35, 0x23}], 0x3}, 0x5}], 0x1, 0x2001, 0x0) 78.930292ms ago: executing program 0 (id=2425): sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)}, 0x0) r0 = socket$inet(0x2, 0x3, 0x2) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2, 0x0, {0x1, 0x0, 0x4}, 0x1}, 0x18) sendmsg$can_j1939(r1, &(0x7f0000001680)={&(0x7f0000001700)={0x1d, r2, 0x0, {0x1, 0xfe, 0x3}, 0x1fe}, 0x18, &(0x7f0000000200)={&(0x7f0000000440)="fd98a2b5d26c75348f703578d3d66a0dd76c74721a197ec6eb5d2392e6423771a3f60d80a2a8e371814912c9914957298d1d5b5863a2b18bd0a86be33e6285914571fa6dd76421b0fca2af8ba7c17d4571d86b1232e673e7b35d7df8f0b3276e8fe1b19e3408bec350389182b3aabb980d6c80353176d8e494229bd797dab32ffe27f84436be6ef8539227d559392a405863061bb11c2c12c734c3b2d95c21c3795b2b83cdb65a5cfacb618707e2e945ac7c40752d781cc3723d19690122103d6dde78c84cce9c46828e20fbe67ee46a32a3b2a9f61f2699baad975230b36249dc260f282b1988f57400f6d905855f6a937c050b9accf880490fa69a1e6648b587c710a003c89c811c43b8f1e75a16672af27282ebecf77931dae0a2f9a7b7618a4960088182cb559f952c4833db96581b0cb9e46348f027d8351ef3978e62006cda6b22a5abfb432a1127f682eb87ffaa652243428526c9527356fe1b7b712402b2a8be9f17dcb1c634dccab6e8943813ed144e1c10d9d6f76b6e8b1069f3874990f36afc2951d735217b76e8772e6c0622b14f9e03aad215c800556027a951beb93ee9f9c8ddfcc72e8e927bb9fe8c95bff42e1d1346ff8dc5038599ea1d60aa4f8d0f6de9d2c37e1a915e903bb7374aa5ace967e86bb7e9f40a9d6f53b07757d1bac8abf33b464aae6131e50aae50f28b6e8c27d6f0996357ed35742afd8ab09ea31498ae0e0270b054af13f8a356d49100d9dee1d3204536f582abdc09573c25246e826edaa739c0b072a6650f0d1b8c2415a8ec60faf99cf23fa23c4b3d98636dc51ac6c9967a1bfc070e092118e1bd13eaedc35081eeff1d96b5acd984974c1af5b0b7bab63a88eb2ad5868949907625c2d71edec80ee9c7c20cee59382e206db6f600815a1f093500d5679280a4a4e9560dadb5227fa104b9d96d0974dd009089b4c0b4a674c453a717de6c1a2929cb70cf6caf905a45267f45a3278d6d465d2837dcd697381f47b72f54822acc2b84be8545ce67e61af22838436bb55f43e9e2a7d5e1bf4a11c963d79a9409db5eed6ce4d805027b0e613b8e06ce27ac1e0f3c438233eb64c4def5185d70a906f114d08db571803f8a1955d2243511354d5a4da77b2856ae6532dc018f463cfaefce1a8ea9079554d012e12508afeb342ab5502e31e2d5fbf076f7c501a6deb99d6f0792134712a520b61b6d56bea8e0f15e16b38a456cc5a6f005f1cb13047709cf05e1a731eb901b2be5d28de81392f17fa645a3737d5e3b32fa9ea3477544e804d1ffe72759903dfdcc8e3868fe5b10c68e0208f0e033a79786a4616cb3d90044d20edb8a061acbc36f2288026ecdd2e86b88ac1d76c53710dd68dadb3a7a82947a3810b2ce02a7aa572023dbcbbbc09680e8d71d04886191daa067b071d8109388e651a7f6874a662a8a80eb52c21947e634c2d4cc300aa0ddf48c9363e7a04d2c4f8981c0b0684977e035bd1bf8930082ba5f79f09ad0e8a991895b80b6e136c1361332124bb903a12fb1079e0eb5b77a0dc9ef5243b502f8ebd458a277a3b7dd261fcb452ce826eb22c28c577d5db107b6a015b7c2fad0ca1410ad933ae1ca3cf887aa8aa3bb299ce2fb2350299b785273bc4e6aac418dd14be19a03a0b7062893a69d6d19507bd537eae0dfd9b2ad1f98c87da1758d450bd6af5049bc6ffbb3515289dfdf513e4c337ee60300f4f5f48ac891c58e06f599f5abd293e5f295bf8966752c608df91cccc2120a5be8398b7aba6bd1d737a780bfb3a38070a416a32d9ef99da58c1b6a48a9dc8e72689947489af81bbbdbf17d08f69b147b8d8a1753e4532f115789e6801c1a01aa44c985082620bae0f82079cc62608a477c5285c888c65f0a8df921edfc3ebbc39fc4de9718d27d23141cda3bc3bbe2fdfb219c5213cc6a60a5f190ffb9fb04c086e0fa5f590a300a0ade3f49936c9348922e3ebc27205542db50a2ee4922e3e0952f72b721de59efd5972a2c29371d3ff8b607fb7b51a33bbf22b3d9facdce2d5607345a757b995e904841d6dec99a7c48ba3f33dfda23c22ca9b2629458313a1a85ae3e96bf4e86d057301846825d0dd0fad79cbbb422e0b9ebc726ddbe64846499db63fce4d367928898c0133857f260ba3872a213fc0fd50436b827b2ff90363218ab1e7e2c453c13c0ccb45db68eb63ba822d3a012e77f4a13060b6568e663f913c4705b19662235f2c15c5694843fbf0195bbf423618b50409ca82e1b4bddfd3b5ce68c4ec19b689a889d6d17cb5627aa303e0f5ac78a3fa65b26167dfc44e2565e27dffc740182e51d921de2a50eb33084e11abb985382be7407af64264814e89e3618bb262a85e12b4acad8c517576585ea332912f377c7dc33c745d2f772c4d0ebce95593db70e87329d4471e5332d5325baa881847b6b03633547f72e5070df49979d1e92f6bdc31028921305567e35e8216309af6d392c3b97acf986226e93ea2661636e8a37a9c0e05f1b8a8d2c81006afe24e2", 0x6fa}, 0x1, 0x0, 0x0, 0x40}, 0x24000005) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty=0x200000, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x0, 0xff80000}}}}}, 0x0) 15.067575ms ago: executing program 3 (id=2426): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async) r1 = socket(0x1, 0x3, 0xeac3) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000a40)={0x0, @in={{0x2, 0x4e23, @private=0xa010101}}, 0xb90f, 0x4f, 0x7, 0x9, 0x9}, &(0x7f0000000b00)=0x98) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0xa, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x24}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400000c0}, 0x880) (async) bind$inet6(r1, &(0x7f0000000b80)={0xa, 0x4e23, 0x81, @mcast2, 0x7}, 0x1c) (async) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000b40)={r2, 0x6}, 0x8) (async) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@updsa={0xf0, 0x1a, 0x1, 0x0, 0x0, {{@in=@local, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x2}, {@in6=@local, 0x0, 0x3c}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa, 0x2}}, 0xf0}}, 0x0) (async) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x6c, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010100}}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x5c}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x6c}}, 0x8000) sendmsg$OSF_MSG_ADD(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000880)={&(0x7f0000000140)={0x710, 0x0, 0x5, 0x101, 0x0, 0x0, {}, [{{0x254, 0x1, {{0x3, 0x3}, 0x4a, 0x7f, 0x6, 0x80, 0x19, 'syz1\x00', "c411e56836b7ed74ee3099d3ea36cf2e44934eb73573d2a7ac9fe07b343b3cda", "7500a26f2037eb9647515c2920409eefbc4353504a7b863c9bc01b864a1cdb59", [{0x3, 0x5, {0x1, 0x34}}, {0x8000, 0x8, {0x0, 0xc}}, {0x40, 0xc, {0x0, 0x7f}}, {0x0, 0x200, {0x1, 0x4}}, {0xaf16, 0x9, {0x6, 0x7f}}, {0x6f99, 0x2, {0x1, 0x1}}, {0x3, 0x5, {0x1}}, {0x8000, 0x1, {0x1, 0x9}}, {0x6, 0x9, {0x0, 0x8000}}, {0x401, 0xfffe, {0x3, 0x4}}, {0xc000, 0x8001, {0x1, 0xfffff001}}, {0x4, 0x20a, {0x3}}, {0x9, 0x2, {0x3, 0x1}}, {0xea2, 0xa16b, {0x3}}, {0x7, 0x1b73, {0x1, 0x7baead3}}, {0x3, 0x8, {0x2, 0x3}}, {0x81, 0x8, {0x1, 0xb}}, {0x5, 0x4, {0x0, 0x81}}, {0x0, 0x4, {0x0, 0xff}}, {0x2, 0x2, {0x0, 0x9a}}, {0x5, 0x2, {0x3, 0x81}}, {0x3800, 0x200, {0x0, 0xc77e}}, {0x1, 0x6, {0x1, 0x9}}, {0x0, 0x2, {0x1, 0x3ff}}, {0x1, 0x8000, {0x2, 0x9}}, {0x1, 0x2, {0x2, 0x9a}}, {0x8, 0x4658, {0x0, 0x5}}, {0x7, 0x8000, {0x1, 0x9}}, {0x774, 0xfff1, {0x0, 0x2}}, {0xfff8, 0xe, {0x0, 0x7f}}, {0x9, 0x7, {0x0, 0x200}}, {0x1000, 0x8000, {0x1, 0x8}}, {0x6, 0x7, {0x2, 0x7f}}, {0x4, 0x800, {0x3, 0x1}}, {0x4, 0x8, {0x1, 0x7}}, {0x1, 0x1, {0x1, 0x3}}, {0xffff, 0x3, {0x1, 0xaf5}}, {0x2, 0xebab, {0x3, 0x1ff}}, {0x4, 0x7, {0x0, 0x1ff}}, {0xe, 0x3, {0x1, 0x3}}]}}}, {{0x254, 0x1, {{0x3, 0x101}, 0x5, 0xff, 0x6e, 0x2, 0x1, 'syz1\x00', "5f26b48b91bd2de96f8334974913d8a6574a14915998fbac2034aa82f99b844d", "082ffe8cad4be7cd41684757fbfeef33b4298f04d80493668e25c97dd24d1d94", [{0x4, 0x4}, {0x0, 0x5, {0x2, 0x4b2}}, {0x1, 0x9, {0x3, 0x8}}, {0xfc00, 0xff, {0x2, 0x2}}, {0x937, 0x0, {0x3, 0x4}}, {0x101, 0x8d7, {0x0, 0x4}}, {0x2, 0x0, {0x1, 0x7}}, {0x9, 0x81, {0x2, 0x101}}, {0x3ff, 0x3, {0x3, 0x4}}, {0x5, 0x9, {0x2, 0xffffffff}}, {0x4a4, 0x3, {0x3, 0x10001}}, {0x1ff, 0x80, {0x0, 0x9}}, {0x2, 0x0, {0x1, 0x9}}, {0x6, 0x2, {0x2, 0x8}}, {0x5, 0x4, {0x3, 0x3}}, {0x0, 0xcbd6, {0x1, 0x81}}, {0x9, 0x9, {0x2, 0x9}}, {0x7aba, 0x934, {0x2, 0xfffffff9}}, {0xfff8, 0x8, {0x0, 0x3}}, {0x2, 0x4, {0x2, 0x8}}, {0x9, 0x3, {0x2, 0xf}}, {0x1, 0x8, {0x3, 0x8}}, {0xb2d, 0x3, {0x2, 0x4}}, {0x101, 0x2, {0x0, 0x8}}, {0x9, 0x19, {0x3, 0x101}}, {0x7f, 0xfffd, {0x0, 0x800}}, {0x9, 0x3, {0x0, 0xb97}}, {0x400, 0x84b, {0x3, 0xbc}}, {0x42, 0x2b, {0x3, 0x5}}, {0x101, 0x81, {0x3, 0x7}}, {0x9, 0x2, {0x3, 0x9}}, {0x2c06, 0x2, {0x2, 0x8}}, {0x8, 0x2, {0x0, 0x8}}, {0xa5, 0x2, {0x2, 0xfffffff8}}, {0x80, 0x401, {0x1, 0x800}}, {0x781c, 0x8, {0x3, 0x4}}, {0x2, 0x8, {0x0, 0x81e}}, {0x2, 0xe, {0x3, 0xffffffff}}, {0xfffe, 0x3, {0x0, 0x5}}, {0xa, 0x5, {0x3, 0xffffff54}}]}}}, {{0x254, 0x1, {{0x1, 0x328}, 0x3, 0x6, 0x8, 0x0, 0x5, 'syz1\x00', "5fa12eb197eece54b0d9053d762f51a6cd151328edffc5da964c6b626bf6a147", "3ec81506c0c18691e3c8d03a03a058c28c12894bc817e21e6223abaffe5f6d03", [{0x1ff, 0x3, {0x1, 0x5f8}}, {0x4, 0x4, {0x2, 0xe}}, {0x400, 0x1, {0x1, 0x5}}, {0x6, 0x0, {0x1, 0x800}}, {0x0, 0x4, {0x2, 0x4}}, {0x1, 0x8, {0x2, 0x6ab1}}, {0x2, 0x3, {0x3, 0x80}}, {0x4503, 0x200, {0x0, 0xffffffff}}, {0x0, 0x800, {0x2}}, {0xfa83, 0xfff7, {0x1, 0x2}}, {0x5, 0x3, {0x3, 0x10000}}, {0x7f, 0x50ff, {0x0, 0x9}}, {0x7, 0xf, {0x0, 0x9}}, {0x100, 0x4, {0x0, 0x3}}, {0x926, 0x81, {0x0, 0x96}}, {0x2, 0x3, {0x3, 0xc}}, {0x6, 0x2, {0x0, 0x9a55}}, {0x5, 0x2, {0x1, 0x6}}, {0x5, 0x4, {0x0, 0x3}}, {0x4, 0xb, {0x3, 0x8}}, {0x4, 0xb355, {0x2, 0x81}}, {0x1, 0x7f, {0x0, 0x4}}, {0x180, 0x7f, {0x3, 0x942}}, {0x9, 0x9, {0x0, 0x4}}, {0x800, 0xfff, {0x3, 0x1}}, {0x92, 0x5, {0x2, 0x4}}, {0x6, 0x5, {0x0, 0xb}}, {0x1ff, 0x5, {0x0, 0x7}}, {0x5, 0x5, {0x2, 0xfffffbff}}, {0x3, 0xfff7, {0x3, 0x7ff}}, {0x401, 0x4, {0x2, 0x5}}, {0x5e9, 0x52b, {0x0, 0xc39a}}, {0x2, 0x8001, {0x1, 0xe504}}, {0x101, 0xa, {0x3, 0x5}}, {0x3, 0x9, {0x3, 0x7f}}, {0x8, 0x8, {0x2, 0xf}}, {0x7ff, 0xe0e1, {0x1, 0x4}}, {0x9, 0x9, {0x1, 0x6}}, {0x4, 0x40, {0x1, 0x6}}, {0xf28, 0x200}]}}}]}, 0x710}, 0x1, 0x0, 0x0, 0x40000}, 0x1) (async) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) (async) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000027c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x38}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='rxrpc_recvmsg\x00', r6}, 0x10) (async) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a2f0000060001"], 0x1c}}, 0x0) (async) r8 = socket(0x21, 0x2, 0x10000000000002) connect$rxrpc(r8, &(0x7f0000000140)=@in4={0x21, 0x100, 0x2, 0x10, {0x2, 0x4000, @empty}}, 0x24) sendmmsg(r8, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) (async) recvmmsg(r8, &(0x7f0000002d40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) (async) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="7a0af8ff75257075bfa100000000000007010000f9ffffffb702000005000000bf130000000000008500000006000000b7000000000000009500000000000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b257183fa3bcd48666d1ddd73f3047d248df061222193165274bc7f2382f6cda4bfdd45be583823c0f09601f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce7243d1aebd00000000000000005839c77edf2d34b12cd48a0c20fb7dd843267e0331759f4ec6b5b0af58e604f4942eb613eff289026d5045ef76d7d864409eb2dcc718a09f4886afc26abba34635d0e8b54bc76be40d435aa8b5202db761014b1b999a12df6bee431a666100"/296], &(0x7f0000000100)='GPL\x00'}, 0x48) syz_emit_ethernet(0x32, &(0x7f0000000100)={@link_local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @broadcast=0xe0000001}, {0x4e21, 0xe22, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x1, 0x0, @val=0x80}}}}}}}, 0x0) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r9, 0x2800000002000000, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x7300, 0x4000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x4}, 0x28) (async) sendmsg$IPSET_CMD_TYPE(r0, &(0x7f00000009c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000980)={&(0x7f0000000a00)=ANY=[@ANYBLOB="240000000d0605000000000000000000070000000500010007000000050001000700000055f58081226cfcdb967240543e964cec"], 0x24}, 0x1, 0x0, 0x0, 0x48040}, 0x80) 13.099709ms ago: executing program 2 (id=2427): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000005740)=""/4102, 0x1006}, {&(0x7f0000000480)=""/144, 0x90}], 0x2}, 0x4}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x500, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/97, 0x61}, {&(0x7f0000000280)=""/118, 0x76}, {&(0x7f0000001740)=""/4080, 0xff0}, {&(0x7f0000004740)=""/4073, 0xfe9}], 0x4}, 0x8}], 0x3, 0x10060, 0x0) 4.335231ms ago: executing program 3 (id=2428): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) setsockopt$RDS_GET_MR(r1, 0x114, 0x2, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) (async) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="240000002d000100000000000000000008000c00", @ANYRES32], 0x24}], 0x1, 0x0, 0x0, 0x2000000}, 0x20040000) (async) sendmsg$netlink(r2, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="240000002d000100000000000000000008000c00", @ANYRES32], 0x24}], 0x1, 0x0, 0x0, 0x2000000}, 0x20040000) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000001700)=0x5, 0x4) socket(0x10, 0x3, 0x0) (async) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="000e000000000000240012800b0001006d616373656300001400028005000c0001"], 0x44}}, 0x0) bind$inet(r3, &(0x7f0000000140)={0x2, 0x4e21, @remote}, 0x10) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r5 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_TABLE(r5, 0x29, 0xc8, 0x0, 0x0) ioctl$SIOCRSACCEPT(r4, 0x89e3) ioctl$SIOCRSSL2CALL(r4, 0x891c, 0x0) (async) ioctl$SIOCRSSL2CALL(r4, 0x891c, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) (async) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000180)={'wlan0\x00', &(0x7f0000000140)=@ethtool_sset_info={0x37, 0x7, 0x7}}) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r0}, 0x8) (async) r7 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r0}, 0x8) socket$inet(0xa, 0x801, 0x84) (async) r8 = socket$inet(0xa, 0x801, 0x84) connect$inet(r8, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r8, 0x8) accept4(r8, 0x0, 0x0, 0x0) (async) r9 = accept4(r8, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r9, 0x84, 0x71, &(0x7f0000000680)={0x0, 0x9}, 0x8) socket$nl_netfilter(0x10, 0x3, 0xc) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="4000000010000100000000030000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000a000100aaaaaaaaaabb0000140035006d616373656330"], 0x40}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) accept$inet(r0, 0x0, &(0x7f0000000340)) r11 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb010018000000000000005c0000005c000000040000000d0000000000000a01000000040000000000000900000000010000000000000e0200000000000000000000000000000300000000040000000300000001f0ffff040000000000001103e4ffff02000000000000000000000204000000005f3000"], &(0x7f00000003c0)=""/162, 0x78, 0xa2, 0x0, 0x3ff, 0x10000, @value=r7}, 0x28) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0x3}, 0x8) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0x3, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x13, 0x16, &(0x7f0000000240)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, r11, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r12}, 0x94) ioctl$sock_rose_SIOCRSCLRRT(r4, 0x89e4) (async) ioctl$sock_rose_SIOCRSCLRRT(r4, 0x89e4) 0s ago: executing program 2 (id=2429): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x300, &(0x7f0000000300)={&(0x7f0000000440)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TOS={0x5, 0x4, 0x8}, @IFLA_GENEVE_DF={0x5, 0xd, 0x2}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) kernel console output (not intermixed with test programs): 0xb0 [ 149.264814][ T9171] ? __pfx___might_resched+0x10/0x10 [ 149.264833][ T9171] ? lock_acquire+0x5f/0x360 [ 149.264865][ T9171] should_fail_ex+0x414/0x560 [ 149.264895][ T9171] should_failslab+0xa8/0x100 [ 149.264926][ T9171] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 149.264956][ T9171] ? __alloc_skb+0x112/0x2d0 [ 149.264990][ T9171] __alloc_skb+0x112/0x2d0 [ 149.265025][ T9171] netlink_sendmsg+0x5c6/0xb30 [ 149.265062][ T9171] ? __pfx_netlink_sendmsg+0x10/0x10 [ 149.265094][ T9171] ? aa_sock_msg_perm+0xf1/0x1d0 [ 149.265115][ T9171] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 149.265138][ T9171] ? __pfx_netlink_sendmsg+0x10/0x10 [ 149.265170][ T9171] __sock_sendmsg+0x21c/0x270 [ 149.265199][ T9171] ____sys_sendmsg+0x505/0x830 [ 149.265223][ T9171] ? __pfx_____sys_sendmsg+0x10/0x10 [ 149.265249][ T9171] ? import_iovec+0x74/0xa0 [ 149.265274][ T9171] ___sys_sendmsg+0x21f/0x2a0 [ 149.265295][ T9171] ? __pfx____sys_sendmsg+0x10/0x10 [ 149.265335][ T9171] ? __fget_files+0x2a/0x420 [ 149.265366][ T9171] ? __fget_files+0x3a0/0x420 [ 149.265404][ T9171] __x64_sys_sendmsg+0x19b/0x260 [ 149.265427][ T9171] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 149.265453][ T9171] ? __pfx_ksys_write+0x10/0x10 [ 149.265481][ T9171] ? rcu_is_watching+0x15/0xb0 [ 149.265503][ T9171] ? rcu_is_watching+0x15/0xb0 [ 149.265525][ T9171] do_syscall_64+0xfa/0x3b0 [ 149.265558][ T9171] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.265583][ T9171] ? clear_bhb_loop+0x60/0xb0 [ 149.265607][ T9171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.265627][ T9171] RIP: 0033:0x7f1a3d78ebe9 [ 149.265646][ T9171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.265665][ T9171] RSP: 002b:00007f1a3e561038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 149.265689][ T9171] RAX: ffffffffffffffda RBX: 00007f1a3d9b5fa0 RCX: 00007f1a3d78ebe9 [ 149.265705][ T9171] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000004 [ 149.265718][ T9171] RBP: 00007f1a3e561090 R08: 0000000000000000 R09: 0000000000000000 [ 149.265738][ T9171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.265751][ T9171] R13: 00007f1a3d9b6038 R14: 00007f1a3d9b5fa0 R15: 00007ffddd4f0468 [ 149.265775][ T9171] [ 149.577812][ T9174] netlink: 112 bytes leftover after parsing attributes in process `syz.1.1222'. [ 149.593925][ T9174] netlink: 210612 bytes leftover after parsing attributes in process `syz.1.1222'. [ 149.608043][ T9174] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1222'. [ 149.641486][ T9178] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1225'. [ 149.831857][ T9196] netlink: 'syz.1.1232': attribute type 1 has an invalid length. [ 149.840308][ T9196] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1232'. [ 149.871917][ T9202] netlink: 'syz.0.1234': attribute type 2 has an invalid length. [ 149.922118][ T9205] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1236'. [ 150.373553][ T9246] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1252'. [ 150.442693][ T9251] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1254'. [ 150.456156][ T9240] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1252'. [ 150.459007][ T9251] netlink: 'syz.1.1254': attribute type 7 has an invalid length. [ 150.475190][ T9251] netlink: 'syz.1.1254': attribute type 8 has an invalid length. [ 150.499925][ T9251] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1254'. [ 150.731762][ T9277] xt_limit: Overflow, try lower: 271964/0 [ 150.774932][ T9272] syzkaller1: entered promiscuous mode [ 150.781679][ T9272] syzkaller1: entered allmulticast mode [ 150.822446][ T9282] erspan0: entered allmulticast mode [ 150.897446][ T9284] block nbd1: server does not support multiple connections per device. [ 150.906256][ T9284] block nbd1: shutting down sockets [ 150.929098][ T9288] netlink: 'syz.4.1269': attribute type 2 has an invalid length. [ 151.048082][ T9299] team0: Port device geneve0 removed [ 151.138915][ T9303] netlink: 'syz.0.1274': attribute type 11 has an invalid length. [ 151.239348][ T9316] FAULT_INJECTION: forcing a failure. [ 151.239348][ T9316] name failslab, interval 1, probability 0, space 0, times 0 [ 151.263231][ T9316] CPU: 0 UID: 0 PID: 9316 Comm: syz.4.1281 Not tainted syzkaller #0 PREEMPT(full) [ 151.263261][ T9316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 151.263275][ T9316] Call Trace: [ 151.263282][ T9316] [ 151.263291][ T9316] dump_stack_lvl+0x189/0x250 [ 151.263320][ T9316] ? __pfx____ratelimit+0x10/0x10 [ 151.263349][ T9316] ? __pfx_dump_stack_lvl+0x10/0x10 [ 151.263374][ T9316] ? __pfx__printk+0x10/0x10 [ 151.263408][ T9316] should_fail_ex+0x414/0x560 [ 151.263438][ T9316] should_failslab+0xa8/0x100 [ 151.263469][ T9316] kmem_cache_alloc_noprof+0x73/0x3c0 [ 151.263497][ T9316] ? skb_clone+0x212/0x3a0 [ 151.263522][ T9316] skb_clone+0x212/0x3a0 [ 151.263546][ T9316] __netlink_deliver_tap+0x404/0x850 [ 151.263594][ T9316] ? netlink_deliver_tap+0x2e/0x1b0 [ 151.263626][ T9316] netlink_deliver_tap+0x19c/0x1b0 [ 151.263667][ T9316] netlink_unicast+0x7fa/0x9e0 [ 151.263697][ T9316] ? __pfx_netlink_unicast+0x10/0x10 [ 151.263724][ T9316] ? netlink_sendmsg+0x642/0xb30 [ 151.263754][ T9316] ? skb_put+0x11b/0x210 [ 151.263775][ T9316] netlink_sendmsg+0x805/0xb30 [ 151.263812][ T9316] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.263846][ T9316] ? aa_sock_msg_perm+0xf1/0x1d0 [ 151.263866][ T9316] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 151.263889][ T9316] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.263921][ T9316] __sock_sendmsg+0x21c/0x270 [ 151.263950][ T9316] ____sys_sendmsg+0x505/0x830 [ 151.263974][ T9316] ? __pfx_____sys_sendmsg+0x10/0x10 [ 151.263999][ T9316] ? import_iovec+0x74/0xa0 [ 151.264042][ T9316] ___sys_sendmsg+0x21f/0x2a0 [ 151.264064][ T9316] ? __pfx____sys_sendmsg+0x10/0x10 [ 151.264104][ T9316] ? __fget_files+0x2a/0x420 [ 151.264136][ T9316] ? __fget_files+0x3a0/0x420 [ 151.264173][ T9316] __x64_sys_sendmsg+0x19b/0x260 [ 151.264195][ T9316] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 151.264223][ T9316] ? __pfx_ksys_write+0x10/0x10 [ 151.264250][ T9316] ? rcu_is_watching+0x15/0xb0 [ 151.264273][ T9316] ? rcu_is_watching+0x15/0xb0 [ 151.264295][ T9316] do_syscall_64+0xfa/0x3b0 [ 151.264328][ T9316] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.264349][ T9316] ? clear_bhb_loop+0x60/0xb0 [ 151.264371][ T9316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.264391][ T9316] RIP: 0033:0x7f52aeb8ebe9 [ 151.264410][ T9316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.264429][ T9316] RSP: 002b:00007f52afa19038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.264451][ T9316] RAX: ffffffffffffffda RBX: 00007f52aedb5fa0 RCX: 00007f52aeb8ebe9 [ 151.264467][ T9316] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000004 [ 151.264481][ T9316] RBP: 00007f52afa19090 R08: 0000000000000000 R09: 0000000000000000 [ 151.264493][ T9316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.264505][ T9316] R13: 00007f52aedb6038 R14: 00007f52aedb5fa0 R15: 00007ffebe046798 [ 151.264530][ T9316] [ 151.350212][ T9320] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 151.889210][ T9356] FAULT_INJECTION: forcing a failure. [ 151.889210][ T9356] name failslab, interval 1, probability 0, space 0, times 0 [ 151.938805][ T9356] CPU: 1 UID: 0 PID: 9356 Comm: syz.0.1295 Not tainted syzkaller #0 PREEMPT(full) [ 151.938841][ T9356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 151.938855][ T9356] Call Trace: [ 151.938862][ T9356] [ 151.938871][ T9356] dump_stack_lvl+0x189/0x250 [ 151.938902][ T9356] ? __pfx____ratelimit+0x10/0x10 [ 151.938932][ T9356] ? __pfx_dump_stack_lvl+0x10/0x10 [ 151.938957][ T9356] ? __pfx__printk+0x10/0x10 [ 151.938984][ T9356] ? rcu_is_watching+0x15/0xb0 [ 151.939006][ T9356] ? __pfx___might_resched+0x10/0x10 [ 151.939026][ T9356] ? lock_acquire+0x5f/0x360 [ 151.939058][ T9356] should_fail_ex+0x414/0x560 [ 151.939089][ T9356] should_failslab+0xa8/0x100 [ 151.939121][ T9356] __kmalloc_noprof+0xcb/0x4f0 [ 151.939149][ T9356] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 151.939179][ T9356] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 151.939210][ T9356] genl_family_rcv_msg_doit+0xb8/0x300 [ 151.939238][ T9356] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 151.939274][ T9356] ? apparmor_capable+0x137/0x1b0 [ 151.939300][ T9356] ? bpf_lsm_capable+0x9/0x20 [ 151.939329][ T9356] ? security_capable+0x7e/0x2e0 [ 151.939362][ T9356] genl_rcv_msg+0x60e/0x790 [ 151.939389][ T9356] ? __pfx_genl_rcv_msg+0x10/0x10 [ 151.939412][ T9356] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 151.939434][ T9356] ? __pfx_nl80211_register_mgmt+0x10/0x10 [ 151.939464][ T9356] ? __pfx_nl80211_post_doit+0x10/0x10 [ 151.939488][ T9356] ? __asan_memcpy+0x40/0x70 [ 151.939511][ T9356] ? __pfx_ref_tracker_free+0x10/0x10 [ 151.939545][ T9356] netlink_rcv_skb+0x208/0x470 [ 151.939575][ T9356] ? __pfx_genl_rcv_msg+0x10/0x10 [ 151.939599][ T9356] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 151.939635][ T9356] ? lock_release+0x4b/0x3e0 [ 151.939667][ T9356] ? down_read+0x1ad/0x2e0 [ 151.939689][ T9356] genl_rcv+0x28/0x40 [ 151.939709][ T9356] netlink_unicast+0x82c/0x9e0 [ 151.939741][ T9356] ? __pfx_netlink_unicast+0x10/0x10 [ 151.939769][ T9356] ? netlink_sendmsg+0x642/0xb30 [ 151.939799][ T9356] ? skb_put+0x11b/0x210 [ 151.939821][ T9356] netlink_sendmsg+0x805/0xb30 [ 151.939857][ T9356] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.939890][ T9356] ? aa_sock_msg_perm+0xf1/0x1d0 [ 151.939910][ T9356] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 151.939933][ T9356] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.939965][ T9356] __sock_sendmsg+0x21c/0x270 [ 151.939993][ T9356] ____sys_sendmsg+0x505/0x830 [ 151.940017][ T9356] ? __pfx_____sys_sendmsg+0x10/0x10 [ 151.940044][ T9356] ? import_iovec+0x74/0xa0 [ 151.940069][ T9356] ___sys_sendmsg+0x21f/0x2a0 [ 151.940091][ T9356] ? __pfx____sys_sendmsg+0x10/0x10 [ 151.940131][ T9356] ? __fget_files+0x2a/0x420 [ 151.940162][ T9356] ? __fget_files+0x3a0/0x420 [ 151.940200][ T9356] __x64_sys_sendmsg+0x19b/0x260 [ 151.940222][ T9356] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 151.940327][ T9356] ? __pfx_ksys_write+0x10/0x10 [ 151.940354][ T9356] ? rcu_is_watching+0x15/0xb0 [ 151.940377][ T9356] ? rcu_is_watching+0x15/0xb0 [ 151.940399][ T9356] do_syscall_64+0xfa/0x3b0 [ 151.940431][ T9356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.940452][ T9356] ? clear_bhb_loop+0x60/0xb0 [ 151.940476][ T9356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.940497][ T9356] RIP: 0033:0x7f1a3d78ebe9 [ 151.940514][ T9356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.940531][ T9356] RSP: 002b:00007f1a3e561038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.940554][ T9356] RAX: ffffffffffffffda RBX: 00007f1a3d9b5fa0 RCX: 00007f1a3d78ebe9 [ 151.940571][ T9356] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000004 [ 151.940584][ T9356] RBP: 00007f1a3e561090 R08: 0000000000000000 R09: 0000000000000000 [ 151.940596][ T9356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.940609][ T9356] R13: 00007f1a3d9b6038 R14: 00007f1a3d9b5fa0 R15: 00007ffddd4f0468 [ 151.940633][ T9356] [ 152.667309][ T9382] block nbd1: server does not support multiple connections per device. [ 152.675750][ T9382] block nbd1: shutting down sockets [ 152.683586][ T9378] ksmbd: Unknown IPC event: 3, ignore. [ 152.707617][ T9378] netlink: 'syz.3.1307': attribute type 2 has an invalid length. [ 152.779405][ T9395] wireguard: wg1: Could not create IPv4 socket [ 153.101288][ T9424] netlink: 'syz.0.1324': attribute type 10 has an invalid length. [ 153.135622][ T9424] team0: Port device dummy0 added [ 153.234826][ T9440] netlink: 'syz.1.1330': attribute type 10 has an invalid length. [ 153.243994][ T9427] block nbd1: server does not support multiple connections per device. [ 153.255065][ T9427] block nbd1: shutting down sockets [ 153.258532][ T36] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.272257][ T36] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.288613][ T36] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.299281][ T36] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.430454][ T9451] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 153.534077][ T9468] rdma_rxe: rxe_newlink: failed to add lo [ 153.682780][ T9471] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 153.732638][ T9486] netlink: 'syz.0.1343': attribute type 10 has an invalid length. [ 153.833699][ T9492] netlink: 'syz.4.1347': attribute type 8 has an invalid length. [ 153.844118][ T9490] netdevsim netdevsim3: Direct firmware load for /. failed with error -2 [ 153.884926][ T9490] netdevsim netdevsim3: Falling back to sysfs fallback for: /. [ 154.344072][ T9541] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 154.615744][ T9560] __nla_validate_parse: 29 callbacks suppressed [ 154.615766][ T9560] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1376'. [ 154.681226][ T9562] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.806737][ T9572] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1383'. [ 154.948940][ T9580] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 155.126178][ T9597] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1393'. [ 155.367231][ T9617] Bluetooth: MGMT ver 1.23 [ 155.373673][ T9617] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1402'. [ 155.394008][ T9617] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1402'. [ 155.396154][ T9625] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1405'. [ 155.532925][ T9632] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 155.773218][ T9654] netlink: 'syz.3.1417': attribute type 10 has an invalid length. [ 155.799353][ T9654] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1417'. [ 155.830816][ T9654] team0: Port device geneve0 added [ 155.839322][ T9659] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1419'. [ 155.927583][ T9665] netlink: 'syz.3.1422': attribute type 1 has an invalid length. [ 155.945952][ T9665] netlink: 'syz.3.1422': attribute type 3 has an invalid length. [ 155.954777][ T9665] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1422'. [ 155.974230][ T9665] NCSI netlink: No device for ifindex 0 [ 156.092238][ T9679] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 156.161569][ T9688] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1431'. [ 156.303443][ T9696] 8021q: adding VLAN 0 to HW filter on device bond3 [ 156.469307][ T9721] netlink: 'syz.0.1441': attribute type 83 has an invalid length. [ 156.493560][ T9720] netlink: 'syz.1.1443': attribute type 1 has an invalid length. [ 156.564870][ T9731] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 156.596075][ T9720] 8021q: adding VLAN 0 to HW filter on device bond3 [ 156.604320][ T9720] bond2: (slave bond3): making interface the new active one [ 156.612432][ T9720] bond2: (slave bond3): Enslaving as an active interface with an up link [ 156.640188][ T9733] bond2: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 156.658661][ T9733] bond2: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 156.987922][ T9764] syz_tun: entered promiscuous mode [ 157.001733][ T9764] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 157.312869][ T9789] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 157.324326][ T9793] lo speed is unknown, defaulting to 1000 [ 157.369449][ T9792] block nbd1: server does not support multiple connections per device. [ 157.386936][ T9792] block nbd1: shutting down sockets [ 157.466461][ T9796] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 157.473785][ T9796] IPv6: NLM_F_CREATE should be set when creating new route [ 157.686180][ T9793] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 158.065741][ T9812] tipc: Started in network mode [ 158.078952][ T9812] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 158.101821][ T9812] tipc: Enabled bearer , priority 10 [ 158.147595][ T9822] validate_nla: 4 callbacks suppressed [ 158.147615][ T9822] netlink: 'syz.4.1481': attribute type 1 has an invalid length. [ 158.165928][ T9820] 8021q: adding VLAN 0 to HW filter on device bond4 [ 158.521507][ T9841] lo speed is unknown, defaulting to 1000 [ 158.538274][ T9835] netlink: 'syz.0.1486': attribute type 8 has an invalid length. [ 158.718814][ T9856] bridge4: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 158.876840][ T9862] netlink: 'syz.3.1495': attribute type 13 has an invalid length. [ 158.918663][ T9862] lo: entered promiscuous mode [ 158.970828][ T9862] lo: entered allmulticast mode [ 158.982876][ T9862] tunl0: entered promiscuous mode [ 158.996671][ T9862] tunl0: entered allmulticast mode [ 159.021810][ T9862] gre0: entered promiscuous mode [ 159.036370][ T9862] gre0: entered allmulticast mode [ 159.079551][ T9862] gretap0: entered promiscuous mode [ 159.093720][ T9862] gretap0: entered allmulticast mode [ 159.105885][ T9862] gretap0: refused to change device tx_queue_len [ 159.116416][ T9862] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 159.218826][ T979] tipc: Node number set to 10136234 [ 159.237754][ T9881] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 159.396270][ T9886] hsr_slave_1 (unregistering): left promiscuous mode [ 159.425779][ T9896] netlink: 'syz.1.1504': attribute type 1 has an invalid length. [ 159.512439][ T9897] veth0: entered promiscuous mode [ 159.521387][ T9884] veth0: left promiscuous mode [ 159.651546][ T9911] __nla_validate_parse: 18 callbacks suppressed [ 159.651570][ T9911] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1510'. [ 159.702314][ T9911] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 159.709655][ T9911] IPv6: NLM_F_CREATE should be set when creating new route [ 159.740983][ T9915] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1511'. [ 159.741255][ T9914] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1512'. [ 159.753772][ T9915] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1511'. [ 160.632133][ T25] block nbd0: Possible stuck request ffff888025300000: control (read@0,1024B). Runtime 30 seconds [ 160.642916][ T25] block nbd0: Possible stuck request ffff8880253001c0: control (read@1024,1024B). Runtime 30 seconds [ 160.654527][ T25] block nbd0: Possible stuck request ffff888025300380: control (read@2048,1024B). Runtime 30 seconds [ 160.666082][ T25] block nbd0: Possible stuck request ffff888025300540: control (read@3072,1024B). Runtime 30 seconds [ 161.279556][ T9933] netlink: 'syz.2.1517': attribute type 1 has an invalid length. [ 161.290074][ T9933] netlink: 'syz.2.1517': attribute type 1 has an invalid length. [ 161.326788][ T9933] netlink: 'syz.2.1517': attribute type 1 has an invalid length. [ 161.376885][ T9933] netlink: 'syz.2.1517': attribute type 2 has an invalid length. [ 161.384673][ T9933] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1517'. [ 161.403474][ T9942] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 161.443105][ T9946] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1524'. [ 161.517749][ T9950] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1526'. [ 161.521503][ T9952] netlink: 'syz.2.1527': attribute type 1 has an invalid length. [ 161.554580][ T9952] 8021q: adding VLAN 0 to HW filter on device bond5 [ 161.588779][ T9955] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1528'. [ 161.673683][ T9961] C: renamed from lo (while UP) [ 161.741724][ T9971] macsec1: entered promiscuous mode [ 161.753882][ T9971] macsec1: entered allmulticast mode [ 161.929321][ T9985] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1541'. [ 161.991825][ T9989] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1545'. [ 162.020855][ T9996] sctp: [Deprecated]: syz.1.1543 (pid 9996) Use of struct sctp_assoc_value in delayed_ack socket option. [ 162.020855][ T9996] Use struct sctp_sack_info instead [ 162.043594][ T9996] netlink: 'syz.1.1543': attribute type 3 has an invalid length. [ 162.556658][T10045] team0: Port device geneve0 added [ 162.974377][T10080] Bluetooth: MGMT ver 1.23 [ 162.981428][T10078] netlink: 'syz.0.1581': attribute type 11 has an invalid length. [ 163.007036][T10085] syzkaller0: tun_chr_ioctl cmd 1074025673 [ 163.032600][T10085] syzkaller0: tun_chr_ioctl cmd 1074025673 [ 163.137599][T10094] netlink: zone id is out of range [ 163.142876][T10094] netlink: zone id is out of range [ 163.148550][T10094] netlink: zone id is out of range [ 163.156954][T10094] netlink: zone id is out of range [ 163.173100][T10094] netlink: zone id is out of range [ 163.189556][T10097] validate_nla: 2 callbacks suppressed [ 163.189586][T10097] netlink: 'syz.1.1589': attribute type 13 has an invalid length. [ 163.200112][T10094] netlink: zone id is out of range [ 163.203716][T10097] lo: entered promiscuous mode [ 163.213951][T10097] lo: entered allmulticast mode [ 163.219467][T10097] tunl0: entered promiscuous mode [ 163.224640][T10097] tunl0: entered allmulticast mode [ 163.231230][T10097] gre0: entered promiscuous mode [ 163.236311][T10097] gre0: entered allmulticast mode [ 163.237111][T10094] netlink: zone id is out of range [ 163.257475][T10094] netlink: zone id is out of range [ 163.266688][T10094] netlink: zone id is out of range [ 163.269198][T10097] gretap0: entered promiscuous mode [ 163.283596][T10097] gretap0: entered allmulticast mode [ 163.290400][T10097] erspan0: entered promiscuous mode [ 163.295845][T10097] erspan0: entered allmulticast mode [ 163.302196][T10097] erspan0: refused to change device tx_queue_len [ 163.385263][T10107] netlink: 'syz.1.1592': attribute type 1 has an invalid length. [ 163.406808][T10107] netlink: 'syz.1.1592': attribute type 3 has an invalid length. [ 163.567465][T10119] netlink: 'syz.3.1597': attribute type 10 has an invalid length. [ 163.721789][T10137] netlink: 'syz.4.1607': attribute type 11 has an invalid length. [ 163.735558][T10134] tipc: Enabled bearer , priority 0 [ 163.770498][T10134] syzkaller0: entered promiscuous mode [ 163.782396][T10134] syzkaller0: entered allmulticast mode [ 163.863370][T10132] tipc: Resetting bearer [ 163.884033][T10132] tipc: Disabling bearer [ 163.940008][T10142] team0: Device gtp0 is of different type [ 164.014030][T10166] netlink: 'syz.1.1615': attribute type 10 has an invalid length. [ 164.185879][T10181] netlink: 'syz.0.1621': attribute type 1 has an invalid length. [ 164.229609][T10181] 8021q: adding VLAN 0 to HW filter on device bond4 [ 164.376238][T10199] netlink: 'syz.2.1629': attribute type 10 has an invalid length. [ 164.668037][T10223] __nla_validate_parse: 21 callbacks suppressed [ 164.668057][T10223] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1639'. [ 164.725724][T10231] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 164.816970][T10238] sch_fq: defrate 0 ignored. [ 164.853688][T10240] netlink: 'syz.4.1646': attribute type 1 has an invalid length. [ 164.861682][T10240] netlink: 5624 bytes leftover after parsing attributes in process `syz.4.1646'. [ 164.989434][T10251] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1649'. [ 165.130972][T10266] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1656'. [ 165.332080][T10279] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 165.400450][T10284] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1664'. [ 165.418302][T10284] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1664'. [ 165.542550][T10296] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1670'. [ 165.659789][T10308] netlink: 'syz.1.1673': attribute type 10 has an invalid length. [ 165.673739][T10303] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1676'. [ 165.679197][T10310] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1677'. [ 165.683329][T10308] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1673'. [ 166.473102][T10405] netdevsim netdevsim4: Direct firmware load for failed with error -2 [ 166.482149][T10405] netdevsim netdevsim4: Falling back to sysfs fallback for: [ 167.256394][T10459] net_ratelimit: 9 callbacks suppressed [ 167.256418][T10459] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 167.489225][T10479] tipc: Enabled bearer , priority 12 [ 167.844576][T10511] IPVS: sync thread started: state = MASTER, mcast_ifn = team0, syncid = 1, id = 0 [ 168.210679][T10533] validate_nla: 1 callbacks suppressed [ 168.210700][T10533] netlink: 'syz.0.1747': attribute type 1 has an invalid length. [ 168.440585][T10539] bond5: (slave bridge5): making interface the new active one [ 168.453501][T10539] bond5: (slave bridge5): Enslaving as an active interface with an up link [ 168.624965][T10558] netlink: 'syz.0.1752': attribute type 1 has an invalid length. [ 168.724113][T10565] netlink: 'syz.2.1758': attribute type 17 has an invalid length. [ 168.767435][T10565] veth1_to_hsr: mtu greater than device maximum [ 168.795643][T10570] 8021q: VLANs not supported on wg0 [ 168.820087][T10571] netlink: 'syz.4.1760': attribute type 1 has an invalid length. [ 168.975000][T10571] bond3: (slave gretap1): making interface the new active one [ 168.984035][T10571] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 169.001196][T10576] netlink: 'syz.3.1762': attribute type 6 has an invalid length. [ 169.022272][T10578] macvlan0: entered allmulticast mode [ 169.029420][T10578] bond0: (slave macvlan0): Opening slave failed [ 169.196364][T10600] netlink: 'syz.1.1769': attribute type 1 has an invalid length. [ 169.217001][T10600] netlink: 'syz.1.1769': attribute type 2 has an invalid length. [ 169.658832][T10640] tipc: Started in network mode [ 169.670504][T10640] tipc: Node identity aaaaaaaaaa33, cluster identity 4711 [ 169.681278][T10640] tipc: Enabled bearer , priority 12 [ 169.802780][T10653] __nla_validate_parse: 23 callbacks suppressed [ 169.802804][T10653] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1789'. [ 169.828081][T10653] Illegal XDP return value 4294967274 on prog (id 142) dev N/A, expect packet loss! [ 169.940671][T10661] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1792'. [ 170.000106][T10663] tipc: Enabled bearer , priority 0 [ 170.011020][T10663] syzkaller0: entered promiscuous mode [ 170.018862][T10663] syzkaller0: entered allmulticast mode [ 170.037901][T10663] tipc: Resetting bearer [ 170.045758][T10665] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1794'. [ 170.058804][T10663] tipc: Resetting bearer [ 170.060192][T10665] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1794'. [ 170.080143][T10663] tipc: Disabling bearer [ 170.087906][T10665] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1794'. [ 170.464880][T10692] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1803'. [ 170.528862][T10697] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1807'. [ 170.543331][T10698] netlink: 'syz.0.1807': attribute type 11 has an invalid length. [ 170.634615][T10704] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 170.782162][T10714] lo speed is unknown, defaulting to 1000 [ 170.805195][T10719] netlink: 'syz.2.1814': attribute type 8 has an invalid length. [ 170.816892][ T979] tipc: Node number set to 10070698 [ 170.847697][T10721] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1811'. [ 170.867150][T10721] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1811'. [ 170.888942][T10721] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1811'. [ 171.141764][T10733] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 171.334220][T10739] !: renamed from bond_slave_0 (while UP) [ 172.174500][T10785] netlink: 'syz.0.1839': attribute type 7 has an invalid length. [ 173.120241][T10832] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 173.138659][T10831] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 173.441372][T10854] netlink: 'syz.1.1862': attribute type 5 has an invalid length. [ 173.494081][T10854] geneve3: entered promiscuous mode [ 173.501211][T10854] geneve3: entered allmulticast mode [ 173.510403][T10375] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0 [ 173.535640][T10375] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0 [ 173.563164][T10375] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0 [ 173.575037][T10375] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0 [ 173.710390][T10872] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:20001 [ 173.864434][T10889] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled [ 173.905566][ T5906] IPVS: starting estimator thread 0... [ 174.007483][T10896] IPVS: using max 39 ests per chain, 93600 per kthread [ 174.103811][T10919] netlink: 'syz.2.1886': attribute type 10 has an invalid length. [ 174.163345][T10919] syz_tun: entered promiscuous mode [ 174.174621][T10925] FAULT_INJECTION: forcing a failure. [ 174.174621][T10925] name failslab, interval 1, probability 0, space 0, times 0 [ 174.178925][T10919] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 174.200075][T10925] CPU: 0 UID: 0 PID: 10925 Comm: syz.3.1888 Not tainted syzkaller #0 PREEMPT(full) [ 174.200104][T10925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 174.200118][T10925] Call Trace: [ 174.200126][T10925] [ 174.200134][T10925] dump_stack_lvl+0x189/0x250 [ 174.200164][T10925] ? __pfx____ratelimit+0x10/0x10 [ 174.200193][T10925] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.200217][T10925] ? __pfx__printk+0x10/0x10 [ 174.200248][T10925] ? fs_reclaim_acquire+0x7d/0x100 [ 174.200280][T10925] ? __pfx___might_resched+0x10/0x10 [ 174.200300][T10925] ? lock_acquire+0x5f/0x360 [ 174.200333][T10925] should_fail_ex+0x414/0x560 [ 174.200363][T10925] should_failslab+0xa8/0x100 [ 174.200394][T10925] __kmalloc_cache_noprof+0x70/0x3d0 [ 174.200423][T10925] ? sctp_auth_asoc_copy_shkeys+0x14e/0x5a0 [ 174.200455][T10925] sctp_auth_asoc_copy_shkeys+0x14e/0x5a0 [ 174.200490][T10925] sctp_association_new+0x15d3/0x25f0 [ 174.200520][T10925] sctp_connect_new_asoc+0x2c5/0x690 [ 174.200543][T10925] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 174.200562][T10925] ? __local_bh_enable_ip+0x12d/0x1c0 [ 174.200586][T10925] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 174.200612][T10925] ? security_sctp_bind_connect+0x7e/0x2e0 [ 174.200647][T10925] sctp_sendmsg+0x155c/0x2810 [ 174.200693][T10925] ? __pfx_sctp_sendmsg+0x10/0x10 [ 174.200727][T10925] ? aa_sk_perm+0x81e/0x950 [ 174.200761][T10925] ? __pfx_aa_sk_perm+0x10/0x10 [ 174.200793][T10925] ? sock_rps_record_flow+0x19/0x410 [ 174.200821][T10925] ? inet_sendmsg+0x2f4/0x370 [ 174.200849][T10925] __sock_sendmsg+0x19c/0x270 [ 174.200876][T10925] __sys_sendto+0x3bd/0x520 [ 174.200909][T10925] ? __pfx___sys_sendto+0x10/0x10 [ 174.200939][T10925] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 174.200978][T10925] ? __fget_files+0x3a0/0x420 [ 174.201016][T10925] ? ksys_write+0x22a/0x250 [ 174.201044][T10925] ? __pfx_ksys_write+0x10/0x10 [ 174.201069][T10925] ? rcu_is_watching+0x15/0xb0 [ 174.201092][T10925] __x64_sys_sendto+0xde/0x100 [ 174.201125][T10925] do_syscall_64+0xfa/0x3b0 [ 174.201156][T10925] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.201177][T10925] ? clear_bhb_loop+0x60/0xb0 [ 174.201200][T10925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.201220][T10925] RIP: 0033:0x7f9f9a58ebe9 [ 174.201238][T10925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.201258][T10925] RSP: 002b:00007f9f987f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 174.201280][T10925] RAX: ffffffffffffffda RBX: 00007f9f9a7b5fa0 RCX: 00007f9f9a58ebe9 [ 174.201296][T10925] RDX: 0000000000020a00 RSI: 0000200000000040 RDI: 0000000000000003 [ 174.201310][T10925] RBP: 00007f9f987f6090 R08: 0000200000000100 R09: 000000000000001c [ 174.201324][T10925] R10: 0000000000044004 R11: 0000000000000246 R12: 0000000000000001 [ 174.201337][T10925] R13: 00007f9f9a7b6038 R14: 00007f9f9a7b5fa0 R15: 00007ffd4fec5d88 [ 174.201362][T10925] [ 174.592823][T10933] batadv1: entered allmulticast mode [ 174.884303][T10963] netlink: 'syz.1.1902': attribute type 10 has an invalid length. [ 174.894736][T10963] syz_tun: left allmulticast mode [ 174.904832][T10963] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 175.008988][T10975] netlink: 'syz.2.1908': attribute type 11 has an invalid length. [ 175.017352][T10975] __nla_validate_parse: 19 callbacks suppressed [ 175.017370][T10975] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1908'. [ 175.103978][T10982] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1910'. [ 175.207270][T10993] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1914'. [ 175.259603][T10995] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1913'. [ 175.696764][T11023] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1924'. [ 175.724037][T11026] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1923'. [ 175.749348][T11026] netlink: 'syz.4.1923': attribute type 5 has an invalid length. [ 175.831398][T11032] lo speed is unknown, defaulting to 1000 [ 176.247444][T11044] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 176.307461][T11044] sctp: [Deprecated]: syz.4.1931 (pid 11044) Use of int in max_burst socket option. [ 176.307461][T11044] Use struct sctp_assoc_value instead [ 176.380076][T11048] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 176.509076][T11050] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 176.695714][T11062] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1936'. [ 176.883623][T11075] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1940'. [ 176.969453][T11083] FAULT_INJECTION: forcing a failure. [ 176.969453][T11083] name failslab, interval 1, probability 0, space 0, times 0 [ 176.985664][T11083] CPU: 1 UID: 0 PID: 11083 Comm: syz.3.1942 Not tainted syzkaller #0 PREEMPT(full) [ 176.985694][T11083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 176.985707][T11083] Call Trace: [ 176.985714][T11083] [ 176.985721][T11083] dump_stack_lvl+0x189/0x250 [ 176.985747][T11083] ? __pfx____ratelimit+0x10/0x10 [ 176.985772][T11083] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.985792][T11083] ? __pfx__printk+0x10/0x10 [ 176.985821][T11083] should_fail_ex+0x414/0x560 [ 176.985846][T11083] should_failslab+0xa8/0x100 [ 176.985872][T11083] __kmalloc_cache_noprof+0x70/0x3d0 [ 176.985896][T11083] ? sctp_add_bind_addr+0x8c/0x370 [ 176.985921][T11083] sctp_add_bind_addr+0x8c/0x370 [ 176.985945][T11083] sctp_copy_local_addr_list+0x30b/0x4e0 [ 176.985970][T11083] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 176.985993][T11083] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 176.986017][T11083] ? sctp_v6_is_any+0x64/0x80 [ 176.986042][T11083] ? sctp_copy_one_addr+0x93/0x360 [ 176.986065][T11083] sctp_bind_addr_copy+0xb3/0x3c0 [ 176.986088][T11083] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 176.986110][T11083] sctp_connect_new_asoc+0x2e0/0x690 [ 176.986129][T11083] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 176.986145][T11083] ? __local_bh_enable_ip+0x12d/0x1c0 [ 176.986166][T11083] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 176.986187][T11083] ? security_sctp_bind_connect+0x7e/0x2e0 [ 176.986211][T11083] sctp_sendmsg+0x155c/0x2810 [ 176.986243][T11083] ? __pfx_sctp_sendmsg+0x10/0x10 [ 176.986271][T11083] ? aa_sk_perm+0x81e/0x950 [ 176.986298][T11083] ? __pfx_aa_sk_perm+0x10/0x10 [ 176.986323][T11083] ? sock_rps_record_flow+0x19/0x410 [ 176.986347][T11083] ? inet_sendmsg+0x2f4/0x370 [ 176.986376][T11083] __sock_sendmsg+0x19c/0x270 [ 176.986399][T11083] __sys_sendto+0x3bd/0x520 [ 176.986426][T11083] ? __pfx___sys_sendto+0x10/0x10 [ 176.986453][T11083] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 176.986494][T11083] ? __fget_files+0x3a0/0x420 [ 176.986530][T11083] ? ksys_write+0x22a/0x250 [ 176.986558][T11083] ? __pfx_ksys_write+0x10/0x10 [ 176.986584][T11083] ? rcu_is_watching+0x15/0xb0 [ 176.986607][T11083] __x64_sys_sendto+0xde/0x100 [ 176.986641][T11083] do_syscall_64+0xfa/0x3b0 [ 176.986673][T11083] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.986694][T11083] ? clear_bhb_loop+0x60/0xb0 [ 176.986714][T11083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.986731][T11083] RIP: 0033:0x7f9f9a58ebe9 [ 176.986747][T11083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.986763][T11083] RSP: 002b:00007f9f987f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 176.986782][T11083] RAX: ffffffffffffffda RBX: 00007f9f9a7b5fa0 RCX: 00007f9f9a58ebe9 [ 176.986796][T11083] RDX: 0000000000020a00 RSI: 0000200000000040 RDI: 0000000000000003 [ 176.986808][T11083] RBP: 00007f9f987f6090 R08: 0000200000000100 R09: 000000000000001c [ 176.986820][T11083] R10: 0000000000044004 R11: 0000000000000246 R12: 0000000000000001 [ 176.986830][T11083] R13: 00007f9f9a7b6038 R14: 00007f9f9a7b5fa0 R15: 00007ffd4fec5d88 [ 176.986850][T11083] [ 177.372114][T11087] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 177.435744][T11087] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1944'. [ 177.573863][T11100] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1950'. [ 177.703261][T11110] netlink: 'syz.3.1952': attribute type 10 has an invalid length. [ 177.757437][T11113] FAULT_INJECTION: forcing a failure. [ 177.757437][T11113] name failslab, interval 1, probability 0, space 0, times 0 [ 177.784874][T11113] CPU: 0 UID: 0 PID: 11113 Comm: syz.0.1954 Not tainted syzkaller #0 PREEMPT(full) [ 177.784905][T11113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 177.784917][T11113] Call Trace: [ 177.784925][T11113] [ 177.784934][T11113] dump_stack_lvl+0x189/0x250 [ 177.784963][T11113] ? __pfx____ratelimit+0x10/0x10 [ 177.784994][T11113] ? __pfx_dump_stack_lvl+0x10/0x10 [ 177.785018][T11113] ? __pfx__printk+0x10/0x10 [ 177.785049][T11113] ? rcu_is_watching+0x15/0xb0 [ 177.785070][T11113] should_fail_ex+0x414/0x560 [ 177.785100][T11113] should_failslab+0xa8/0x100 [ 177.785129][T11113] kmem_cache_alloc_noprof+0x73/0x3c0 [ 177.785156][T11113] ? _sctp_make_chunk+0x14e/0x430 [ 177.785187][T11113] _sctp_make_chunk+0x14e/0x430 [ 177.785218][T11113] sctp_make_init+0x58b/0xd30 [ 177.785250][T11113] ? __pfx_sctp_make_init+0x10/0x10 [ 177.785286][T11113] ? arch_stack_walk+0xfc/0x150 [ 177.785317][T11113] ? stack_trace_save+0x9c/0xe0 [ 177.785343][T11113] sctp_sf_do_prm_asoc+0xd2/0x3f0 [ 177.785368][T11113] sctp_do_sm+0x1e4/0x5a20 [ 177.785392][T11113] ? __pfx_sctp_pname+0x10/0x10 [ 177.785417][T11113] ? kasan_save_track+0x3e/0x80 [ 177.785441][T11113] ? sctp_stream_init_ext+0x57/0x180 [ 177.785466][T11113] ? sctp_sendmsg_to_asoc+0x12fd/0x1810 [ 177.785498][T11113] ? sctp_sendmsg+0x1941/0x2810 [ 177.785529][T11113] ? __sock_sendmsg+0x19c/0x270 [ 177.785552][T11113] ? __sys_sendto+0x3bd/0x520 [ 177.785580][T11113] ? do_syscall_64+0xfa/0x3b0 [ 177.785608][T11113] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.785629][T11113] ? __pfx_sctp_do_sm+0x10/0x10 [ 177.785670][T11113] ? __sk_mem_raise_allocated+0xaa9/0x1240 [ 177.785700][T11113] sctp_primitive_ASSOCIATE+0x95/0xc0 [ 177.785722][T11113] sctp_sendmsg_to_asoc+0x102d/0x1810 [ 177.785753][T11113] ? __asan_memcpy+0x40/0x70 [ 177.785779][T11113] ? sctp_assoc_add_peer+0xcfa/0x13b0 [ 177.785808][T11113] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 177.785840][T11113] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 177.785863][T11113] ? lock_release+0x4b/0x3e0 [ 177.785893][T11113] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 177.785914][T11113] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 177.785933][T11113] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 177.785951][T11113] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 177.785974][T11113] ? security_sctp_bind_connect+0x7e/0x2e0 [ 177.786002][T11113] sctp_sendmsg+0x1941/0x2810 [ 177.786040][T11113] ? __pfx_sctp_sendmsg+0x10/0x10 [ 177.786073][T11113] ? aa_sk_perm+0x81e/0x950 [ 177.786103][T11113] ? __pfx_aa_sk_perm+0x10/0x10 [ 177.786132][T11113] ? sock_rps_record_flow+0x19/0x410 [ 177.786160][T11113] ? inet_sendmsg+0x2f4/0x370 [ 177.786185][T11113] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 177.786208][T11113] __sock_sendmsg+0x19c/0x270 [ 177.786236][T11113] __sys_sendto+0x3bd/0x520 [ 177.786269][T11113] ? __pfx___sys_sendto+0x10/0x10 [ 177.786329][T11113] __x64_sys_sendto+0xde/0x100 [ 177.786364][T11113] do_syscall_64+0xfa/0x3b0 [ 177.786394][T11113] ? rcu_is_watching+0x15/0xb0 [ 177.786415][T11113] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.786436][T11113] ? clear_bhb_loop+0x60/0xb0 [ 177.786460][T11113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.786479][T11113] RIP: 0033:0x7f1a3d78ebe9 [ 177.786498][T11113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.786516][T11113] RSP: 002b:00007f1a3e561038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 177.786538][T11113] RAX: ffffffffffffffda RBX: 00007f1a3d9b5fa0 RCX: 00007f1a3d78ebe9 [ 177.786553][T11113] RDX: 0000000000020a00 RSI: 0000200000000040 RDI: 0000000000000003 [ 177.786566][T11113] RBP: 00007f1a3e561090 R08: 0000200000000100 R09: 000000000000001c [ 177.786580][T11113] R10: 0000000000044004 R11: 0000000000000246 R12: 0000000000000002 [ 177.786593][T11113] R13: 00007f1a3d9b6038 R14: 00007f1a3d9b5fa0 R15: 00007ffddd4f0468 [ 177.786617][T11113] [ 178.575235][T11149] lo speed is unknown, defaulting to 1000 [ 178.845149][T11165] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 178.861972][T11162] netlink: 'syz.3.1972': attribute type 1 has an invalid length. [ 179.015946][T11173] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 179.374441][T11194] netlink: 'syz.4.1985': attribute type 1 has an invalid length. [ 179.413174][T11194] 8021q: adding VLAN 0 to HW filter on device bond4 [ 180.371838][T11228] __nla_validate_parse: 7 callbacks suppressed [ 180.371859][T11228] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2000'. [ 180.435761][T11228] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2000'. [ 180.739884][T11271] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2014'. [ 180.834424][T11276] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2018'. [ 181.089642][T11294] netlink: 'syz.4.2025': attribute type 1 has an invalid length. [ 181.154762][T11294] 8021q: adding VLAN 0 to HW filter on device bond5 [ 181.192707][T11298] 8021q: adding VLAN 0 to HW filter on device bond5 [ 181.225206][T11298] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address [ 181.269692][T11298] bond5: (slave vxcan3): Error -95 calling set_mac_address [ 181.412668][T11294] veth5: entered promiscuous mode [ 181.416001][T11298] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2025'. [ 181.431378][T11294] bond5: (slave veth5): Enslaving as an active interface with a down link [ 181.443918][T11298] 8021q: adding VLAN 0 to HW filter on device bond5 [ 181.524817][T11317] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2030'. [ 181.594528][T11320] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2031'. [ 181.653859][T11327] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2035'. [ 181.731614][T11334] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2038'. [ 182.476358][T11336] openvswitch: netlink: Missing valid actions attribute. [ 182.491503][T11336] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 182.513985][T11336] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2041'. [ 182.533963][T11337] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 183.049387][T11378] syzkaller0: entered promiscuous mode [ 183.061700][T11378] syzkaller0: entered allmulticast mode [ 183.547959][T11411] FAULT_INJECTION: forcing a failure. [ 183.547959][T11411] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.596559][T11411] CPU: 1 UID: 0 PID: 11411 Comm: syz.1.2071 Not tainted syzkaller #0 PREEMPT(full) [ 183.596590][T11411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 183.596604][T11411] Call Trace: [ 183.596619][T11411] [ 183.596627][T11411] dump_stack_lvl+0x189/0x250 [ 183.596657][T11411] ? __pfx____ratelimit+0x10/0x10 [ 183.596687][T11411] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.596711][T11411] ? __pfx__printk+0x10/0x10 [ 183.596738][T11411] ? __might_fault+0xb0/0x130 [ 183.596770][T11411] ? rcu_is_watching+0x15/0xb0 [ 183.596791][T11411] should_fail_ex+0x414/0x560 [ 183.596820][T11411] _copy_from_iter+0x1db/0x16f0 [ 183.596842][T11411] ? rcu_is_watching+0x15/0xb0 [ 183.596863][T11411] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 183.596892][T11411] ? __pfx__copy_from_iter+0x10/0x10 [ 183.596913][T11411] ? __build_skb_around+0x257/0x3e0 [ 183.596946][T11411] ? netlink_sendmsg+0x642/0xb30 [ 183.596976][T11411] ? skb_put+0x11b/0x210 [ 183.596996][T11411] netlink_sendmsg+0x6b2/0xb30 [ 183.597032][T11411] ? __pfx_netlink_sendmsg+0x10/0x10 [ 183.597064][T11411] ? aa_sock_msg_perm+0xf1/0x1d0 [ 183.597083][T11411] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 183.597106][T11411] ? __pfx_netlink_sendmsg+0x10/0x10 [ 183.597137][T11411] __sock_sendmsg+0x21c/0x270 [ 183.597166][T11411] ____sys_sendmsg+0x505/0x830 [ 183.597192][T11411] ? __pfx_____sys_sendmsg+0x10/0x10 [ 183.597216][T11411] ? import_iovec+0x74/0xa0 [ 183.597241][T11411] ___sys_sendmsg+0x21f/0x2a0 [ 183.597264][T11411] ? __pfx____sys_sendmsg+0x10/0x10 [ 183.597303][T11411] ? __fget_files+0x2a/0x420 [ 183.597334][T11411] ? __fget_files+0x3a0/0x420 [ 183.597370][T11411] __x64_sys_sendmsg+0x19b/0x260 [ 183.597392][T11411] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 183.597419][T11411] ? __pfx_ksys_write+0x10/0x10 [ 183.597448][T11411] ? rcu_is_watching+0x15/0xb0 [ 183.597470][T11411] do_syscall_64+0xfa/0x3b0 [ 183.597501][T11411] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.597521][T11411] ? clear_bhb_loop+0x60/0xb0 [ 183.597544][T11411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.597563][T11411] RIP: 0033:0x7f11ef18ebe9 [ 183.597581][T11411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.597600][T11411] RSP: 002b:00007f11f006d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 183.597630][T11411] RAX: ffffffffffffffda RBX: 00007f11ef3b5fa0 RCX: 00007f11ef18ebe9 [ 183.597646][T11411] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 183.597659][T11411] RBP: 00007f11f006d090 R08: 0000000000000000 R09: 0000000000000000 [ 183.597672][T11411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.597685][T11411] R13: 00007f11ef3b6038 R14: 00007f11ef3b5fa0 R15: 00007fff78abf828 [ 183.597709][T11411] [ 184.349157][T11461] FAULT_INJECTION: forcing a failure. [ 184.349157][T11461] name failslab, interval 1, probability 0, space 0, times 0 [ 184.364751][T11461] CPU: 1 UID: 0 PID: 11461 Comm: syz.3.2094 Not tainted syzkaller #0 PREEMPT(full) [ 184.364781][T11461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 184.364794][T11461] Call Trace: [ 184.364801][T11461] [ 184.364809][T11461] dump_stack_lvl+0x189/0x250 [ 184.364838][T11461] ? __pfx____ratelimit+0x10/0x10 [ 184.364866][T11461] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.364890][T11461] ? __pfx__printk+0x10/0x10 [ 184.364925][T11461] should_fail_ex+0x414/0x560 [ 184.364954][T11461] should_failslab+0xa8/0x100 [ 184.364987][T11461] kmem_cache_alloc_noprof+0x73/0x3c0 [ 184.365014][T11461] ? skb_clone+0x212/0x3a0 [ 184.365040][T11461] skb_clone+0x212/0x3a0 [ 184.365064][T11461] __netlink_deliver_tap+0x404/0x850 [ 184.365100][T11461] ? netlink_deliver_tap+0x2e/0x1b0 [ 184.365129][T11461] netlink_deliver_tap+0x19c/0x1b0 [ 184.365161][T11461] netlink_unicast+0x7fa/0x9e0 [ 184.365192][T11461] ? __pfx_netlink_unicast+0x10/0x10 [ 184.365221][T11461] ? netlink_sendmsg+0x642/0xb30 [ 184.365250][T11461] ? skb_put+0x11b/0x210 [ 184.365270][T11461] netlink_sendmsg+0x805/0xb30 [ 184.365306][T11461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 184.365338][T11461] ? aa_sock_msg_perm+0xf1/0x1d0 [ 184.365357][T11461] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 184.365380][T11461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 184.365413][T11461] __sock_sendmsg+0x21c/0x270 [ 184.365442][T11461] ____sys_sendmsg+0x505/0x830 [ 184.365465][T11461] ? __pfx_____sys_sendmsg+0x10/0x10 [ 184.365501][T11461] ? import_iovec+0x74/0xa0 [ 184.365527][T11461] ___sys_sendmsg+0x21f/0x2a0 [ 184.365549][T11461] ? __pfx____sys_sendmsg+0x10/0x10 [ 184.365588][T11461] ? __fget_files+0x2a/0x420 [ 184.365620][T11461] ? __fget_files+0x3a0/0x420 [ 184.365656][T11461] __x64_sys_sendmsg+0x19b/0x260 [ 184.365679][T11461] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 184.365705][T11461] ? __pfx_ksys_write+0x10/0x10 [ 184.365736][T11461] ? rcu_is_watching+0x15/0xb0 [ 184.365758][T11461] do_syscall_64+0xfa/0x3b0 [ 184.365790][T11461] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.365810][T11461] ? clear_bhb_loop+0x60/0xb0 [ 184.365834][T11461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.365854][T11461] RIP: 0033:0x7f9f9a58ebe9 [ 184.365872][T11461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.365892][T11461] RSP: 002b:00007f9f987f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 184.365915][T11461] RAX: ffffffffffffffda RBX: 00007f9f9a7b5fa0 RCX: 00007f9f9a58ebe9 [ 184.365931][T11461] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 184.365945][T11461] RBP: 00007f9f987f6090 R08: 0000000000000000 R09: 0000000000000000 [ 184.365959][T11461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 184.365972][T11461] R13: 00007f9f9a7b6038 R14: 00007f9f9a7b5fa0 R15: 00007ffd4fec5d88 [ 184.365996][T11461] [ 185.072846][T11502] FAULT_INJECTION: forcing a failure. [ 185.072846][T11502] name failslab, interval 1, probability 0, space 0, times 0 [ 185.093685][T11502] CPU: 1 UID: 0 PID: 11502 Comm: syz.4.2111 Not tainted syzkaller #0 PREEMPT(full) [ 185.093714][T11502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 185.093728][T11502] Call Trace: [ 185.093737][T11502] [ 185.093746][T11502] dump_stack_lvl+0x189/0x250 [ 185.093777][T11502] ? __pfx____ratelimit+0x10/0x10 [ 185.093807][T11502] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.093832][T11502] ? __pfx__printk+0x10/0x10 [ 185.093867][T11502] should_fail_ex+0x414/0x560 [ 185.093898][T11502] should_failslab+0xa8/0x100 [ 185.093931][T11502] kmem_cache_alloc_noprof+0x73/0x3c0 [ 185.093960][T11502] ? skb_clone+0x212/0x3a0 [ 185.093985][T11502] skb_clone+0x212/0x3a0 [ 185.094010][T11502] __netlink_deliver_tap+0x404/0x850 [ 185.094048][T11502] ? netlink_deliver_tap+0x2e/0x1b0 [ 185.094080][T11502] netlink_deliver_tap+0x19c/0x1b0 [ 185.094112][T11502] netlink_unicast+0x7fa/0x9e0 [ 185.094144][T11502] ? __pfx_netlink_unicast+0x10/0x10 [ 185.094173][T11502] ? netlink_sendmsg+0x642/0xb30 [ 185.094204][T11502] ? skb_put+0x11b/0x210 [ 185.094224][T11502] netlink_sendmsg+0x805/0xb30 [ 185.094261][T11502] ? __pfx_netlink_sendmsg+0x10/0x10 [ 185.094295][T11502] ? aa_sock_msg_perm+0xf1/0x1d0 [ 185.094315][T11502] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 185.094338][T11502] ? __pfx_netlink_sendmsg+0x10/0x10 [ 185.094370][T11502] __sock_sendmsg+0x21c/0x270 [ 185.094399][T11502] ____sys_sendmsg+0x505/0x830 [ 185.094423][T11502] ? __pfx_____sys_sendmsg+0x10/0x10 [ 185.094448][T11502] ? import_iovec+0x74/0xa0 [ 185.094478][T11502] ___sys_sendmsg+0x21f/0x2a0 [ 185.094500][T11502] ? __pfx____sys_sendmsg+0x10/0x10 [ 185.094539][T11502] ? __fget_files+0x2a/0x420 [ 185.094570][T11502] ? __fget_files+0x3a0/0x420 [ 185.094606][T11502] __x64_sys_sendmsg+0x19b/0x260 [ 185.094629][T11502] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 185.094655][T11502] ? __pfx_ksys_write+0x10/0x10 [ 185.094680][T11502] ? rcu_is_watching+0x15/0xb0 [ 185.094702][T11502] ? rcu_is_watching+0x15/0xb0 [ 185.094723][T11502] do_syscall_64+0xfa/0x3b0 [ 185.094754][T11502] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.094773][T11502] ? clear_bhb_loop+0x60/0xb0 [ 185.094794][T11502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.094814][T11502] RIP: 0033:0x7f52aeb8ebe9 [ 185.094833][T11502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.094852][T11502] RSP: 002b:00007f52afa19038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 185.094875][T11502] RAX: ffffffffffffffda RBX: 00007f52aedb5fa0 RCX: 00007f52aeb8ebe9 [ 185.094891][T11502] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 185.094904][T11502] RBP: 00007f52afa19090 R08: 0000000000000000 R09: 0000000000000000 [ 185.094917][T11502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.094928][T11502] R13: 00007f52aedb6038 R14: 00007f52aedb5fa0 R15: 00007ffebe046798 [ 185.094951][T11502] [ 185.413225][T11513] IPVS: set_ctl: invalid protocol: 44 172.20.20.170:20002 [ 185.484004][T11520] tipc: Enabling of bearer rejected, failed to enable media [ 185.771885][T11541] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 185.878391][T11553] FAULT_INJECTION: forcing a failure. [ 185.878391][T11553] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 185.892037][T11553] CPU: 0 UID: 0 PID: 11553 Comm: syz.3.2128 Not tainted syzkaller #0 PREEMPT(full) [ 185.892065][T11553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 185.892079][T11553] Call Trace: [ 185.892086][T11553] [ 185.892094][T11553] dump_stack_lvl+0x189/0x250 [ 185.892124][T11553] ? __pfx____ratelimit+0x10/0x10 [ 185.892156][T11553] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.892180][T11553] ? __pfx__printk+0x10/0x10 [ 185.892211][T11553] ? rcu_is_watching+0x15/0xb0 [ 185.892231][T11553] should_fail_ex+0x414/0x560 [ 185.892260][T11553] _copy_to_user+0x31/0xb0 [ 185.892284][T11553] simple_read_from_buffer+0xe1/0x170 [ 185.892316][T11553] proc_fail_nth_read+0x1b3/0x220 [ 185.892352][T11553] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 185.892376][T11553] ? rw_verify_area+0x2a6/0x4d0 [ 185.892402][T11553] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 185.892426][T11553] vfs_read+0x200/0xa30 [ 185.892450][T11553] ? fdget_pos+0x247/0x320 [ 185.892470][T11553] ? __pfx___mutex_lock+0x10/0x10 [ 185.892501][T11553] ? __pfx_vfs_read+0x10/0x10 [ 185.892532][T11553] ? __fget_files+0x3a0/0x420 [ 185.892563][T11553] ? __fget_files+0x2a/0x420 [ 185.892599][T11553] ksys_read+0x145/0x250 [ 185.892628][T11553] ? __pfx_ksys_read+0x10/0x10 [ 185.892653][T11553] ? rcu_is_watching+0x15/0xb0 [ 185.892676][T11553] ? rcu_is_watching+0x15/0xb0 [ 185.892698][T11553] do_syscall_64+0xfa/0x3b0 [ 185.892734][T11553] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.892755][T11553] ? clear_bhb_loop+0x60/0xb0 [ 185.892778][T11553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.892799][T11553] RIP: 0033:0x7f9f9a58d5fc [ 185.892818][T11553] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 185.892838][T11553] RSP: 002b:00007f9f987f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 185.892861][T11553] RAX: ffffffffffffffda RBX: 00007f9f9a7b5fa0 RCX: 00007f9f9a58d5fc [ 185.892877][T11553] RDX: 000000000000000f RSI: 00007f9f987f60a0 RDI: 0000000000000004 [ 185.892890][T11553] RBP: 00007f9f987f6090 R08: 0000000000000000 R09: 0000000000000000 [ 185.892904][T11553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.892917][T11553] R13: 00007f9f9a7b6038 R14: 00007f9f9a7b5fa0 R15: 00007ffd4fec5d88 [ 185.892942][T11553] [ 185.921737][T11558] __nla_validate_parse: 17 callbacks suppressed [ 185.921761][T11558] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2130'. [ 186.435562][ T5906] IPVS: starting estimator thread 0... [ 186.526793][T11596] IPVS: using max 33 ests per chain, 79200 per kthread [ 186.781462][T11623] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2154'. [ 186.941213][T11636] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2159'. [ 187.000462][T10376] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 187.025737][T10376] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 187.046342][T10376] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 187.065867][T10376] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 187.068782][T11647] FAULT_INJECTION: forcing a failure. [ 187.068782][T11647] name failslab, interval 1, probability 0, space 0, times 0 [ 187.087360][T11647] CPU: 0 UID: 0 PID: 11647 Comm: syz.3.2164 Not tainted syzkaller #0 PREEMPT(full) [ 187.087390][T11647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 187.087403][T11647] Call Trace: [ 187.087411][T11647] [ 187.087420][T11647] dump_stack_lvl+0x189/0x250 [ 187.087450][T11647] ? __pfx____ratelimit+0x10/0x10 [ 187.087479][T11647] ? __pfx_dump_stack_lvl+0x10/0x10 [ 187.087502][T11647] ? __pfx__printk+0x10/0x10 [ 187.087531][T11647] ? skb_network_protocol+0x4fe/0x760 [ 187.087562][T11647] ? unwind_next_frame+0xa5/0x2390 [ 187.087587][T11647] should_fail_ex+0x414/0x560 [ 187.087617][T11647] should_failslab+0xa8/0x100 [ 187.087649][T11647] kmem_cache_alloc_noprof+0x73/0x3c0 [ 187.087677][T11647] ? skb_clone+0x212/0x3a0 [ 187.087702][T11647] skb_clone+0x212/0x3a0 [ 187.087722][T11647] ? dev_queue_xmit_nit+0x25a/0xcc0 [ 187.087743][T11647] dev_queue_xmit_nit+0x416/0xcc0 [ 187.087762][T11647] ? dev_queue_xmit_nit+0x2d/0xcc0 [ 187.087780][T11647] ? unwind_get_return_address+0x4d/0x90 [ 187.087808][T11647] dev_hard_start_xmit+0x1be/0x830 [ 187.087838][T11647] __dev_queue_xmit+0x1b8d/0x3b50 [ 187.087867][T11647] ? __dev_queue_xmit+0x27b/0x3b50 [ 187.087899][T11647] ? __pfx___dev_queue_xmit+0x10/0x10 [ 187.087930][T11647] ? __copy_skb_header+0xa7/0x550 [ 187.087953][T11647] ? __asan_memcpy+0x40/0x70 [ 187.087985][T11647] ? skb_clone+0x246/0x3a0 [ 187.088009][T11647] __netlink_deliver_tap+0x5ad/0x850 [ 187.088047][T11647] ? netlink_deliver_tap+0x2e/0x1b0 [ 187.088078][T11647] netlink_deliver_tap+0x19c/0x1b0 [ 187.088109][T11647] netlink_unicast+0x7fa/0x9e0 [ 187.088141][T11647] ? __pfx_netlink_unicast+0x10/0x10 [ 187.088169][T11647] ? netlink_sendmsg+0x642/0xb30 [ 187.088199][T11647] ? skb_put+0x11b/0x210 [ 187.088219][T11647] netlink_sendmsg+0x805/0xb30 [ 187.088255][T11647] ? __pfx_netlink_sendmsg+0x10/0x10 [ 187.088288][T11647] ? aa_sock_msg_perm+0xf1/0x1d0 [ 187.088309][T11647] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 187.088331][T11647] ? __pfx_netlink_sendmsg+0x10/0x10 [ 187.088363][T11647] __sock_sendmsg+0x21c/0x270 [ 187.088392][T11647] ____sys_sendmsg+0x505/0x830 [ 187.088416][T11647] ? __pfx_____sys_sendmsg+0x10/0x10 [ 187.088442][T11647] ? import_iovec+0x74/0xa0 [ 187.088467][T11647] ___sys_sendmsg+0x21f/0x2a0 [ 187.088489][T11647] ? __pfx____sys_sendmsg+0x10/0x10 [ 187.088530][T11647] ? __fget_files+0x2a/0x420 [ 187.088567][T11647] ? __fget_files+0x3a0/0x420 [ 187.088604][T11647] __x64_sys_sendmsg+0x19b/0x260 [ 187.088627][T11647] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 187.088654][T11647] ? __pfx_ksys_write+0x10/0x10 [ 187.088680][T11647] ? rcu_is_watching+0x15/0xb0 [ 187.088704][T11647] ? rcu_is_watching+0x15/0xb0 [ 187.088726][T11647] do_syscall_64+0xfa/0x3b0 [ 187.088759][T11647] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.088779][T11647] ? clear_bhb_loop+0x60/0xb0 [ 187.088802][T11647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.088823][T11647] RIP: 0033:0x7f9f9a58ebe9 [ 187.088841][T11647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.088860][T11647] RSP: 002b:00007f9f987f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 187.088883][T11647] RAX: ffffffffffffffda RBX: 00007f9f9a7b5fa0 RCX: 00007f9f9a58ebe9 [ 187.088899][T11647] RDX: 0000000000000010 RSI: 0000200000000680 RDI: 0000000000000005 [ 187.088912][T11647] RBP: 00007f9f987f6090 R08: 0000000000000000 R09: 0000000000000000 [ 187.088926][T11647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 187.088939][T11647] R13: 00007f9f9a7b6038 R14: 00007f9f9a7b5fa0 R15: 00007ffd4fec5d88 [ 187.088963][T11647] [ 187.605033][T11660] netdevsim netdevsim0: Direct firmware load for .. failed with error -2 [ 187.613673][T11660] netdevsim netdevsim0: Falling back to sysfs fallback for: .. [ 187.686953][T11672] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2173'. [ 187.736195][T11678] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2170'. [ 188.031829][T11704] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2183'. [ 188.042862][T11704] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 188.053837][T11704] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 188.084902][T11707] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2185'. [ 188.106396][T11708] netlink: 'syz.2.2184': attribute type 1 has an invalid length. [ 188.154035][T11708] 8021q: adding VLAN 0 to HW filter on device bond6 [ 188.305852][T11726] netlink: 'syz.2.2190': attribute type 10 has an invalid length. [ 188.353891][T11726] veth1_macvtap: left promiscuous mode [ 188.399992][T11731] lo speed is unknown, defaulting to 1000 [ 189.518370][T11786] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2210'. [ 189.576418][T11793] lo speed is unknown, defaulting to 1000 [ 189.751042][T11811] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2219'. [ 190.100603][T11838] netlink: 'syz.1.2229': attribute type 10 has an invalid length. [ 190.130634][T11841] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2231'. [ 190.215174][T11845] netlink: 'syz.0.2230': attribute type 1 has an invalid length. [ 190.315416][T11845] 8021q: adding VLAN 0 to HW filter on device bond6 [ 190.410001][T11865] netlink: 'syz.0.2238': attribute type 1 has an invalid length. [ 190.442382][T11865] netlink: 'syz.0.2238': attribute type 3 has an invalid length. [ 190.510488][T11865] pim6reg1: entered promiscuous mode [ 190.515851][T11865] pim6reg1: entered allmulticast mode [ 190.607111][T11874] netlink: 'syz.2.2242': attribute type 1 has an invalid length. [ 190.670033][ T25] block nbd0: Possible stuck request ffff888025300000: control (read@0,1024B). Runtime 60 seconds [ 190.681523][ T25] block nbd0: Possible stuck request ffff8880253001c0: control (read@1024,1024B). Runtime 60 seconds [ 190.692811][ T25] block nbd0: Possible stuck request ffff888025300380: control (read@2048,1024B). Runtime 60 seconds [ 190.723737][ T25] block nbd0: Possible stuck request ffff888025300540: control (read@3072,1024B). Runtime 60 seconds [ 190.736152][T11874] bond7: entered promiscuous mode [ 190.742240][T11874] 8021q: adding VLAN 0 to HW filter on device bond7 [ 190.768760][T11875] 8021q: adding VLAN 0 to HW filter on device bond8 [ 190.777330][T11875] bond7: (slave bond8): making interface the new active one [ 190.784672][T11875] bond8: entered promiscuous mode [ 190.793219][T11875] bond7: (slave bond8): Enslaving as an active interface with an up link [ 190.853367][T11881] netlink: 'syz.4.2244': attribute type 10 has an invalid length. [ 190.884449][T11881] syz_tun: entered promiscuous mode [ 190.912977][T11881] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 190.989824][T11897] FAULT_INJECTION: forcing a failure. [ 190.989824][T11897] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 191.011116][T11897] CPU: 1 UID: 0 PID: 11897 Comm: syz.4.2250 Not tainted syzkaller #0 PREEMPT(full) [ 191.011146][T11897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 191.011160][T11897] Call Trace: [ 191.011168][T11897] [ 191.011178][T11897] dump_stack_lvl+0x189/0x250 [ 191.011209][T11897] ? __pfx____ratelimit+0x10/0x10 [ 191.011240][T11897] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.011265][T11897] ? __pfx__printk+0x10/0x10 [ 191.011292][T11897] ? __might_fault+0xb0/0x130 [ 191.011326][T11897] ? rcu_is_watching+0x15/0xb0 [ 191.011348][T11897] should_fail_ex+0x414/0x560 [ 191.011377][T11897] _copy_from_user+0x2d/0xb0 [ 191.011400][T11897] ___sys_sendmsg+0x158/0x2a0 [ 191.011423][T11897] ? __pfx____sys_sendmsg+0x10/0x10 [ 191.011461][T11897] ? __fget_files+0x2a/0x420 [ 191.011492][T11897] ? __fget_files+0x3a0/0x420 [ 191.011526][T11897] __x64_sys_sendmsg+0x19b/0x260 [ 191.011548][T11897] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 191.011574][T11897] ? __pfx_ksys_write+0x10/0x10 [ 191.011600][T11897] ? rcu_is_watching+0x15/0xb0 [ 191.011622][T11897] ? rcu_is_watching+0x15/0xb0 [ 191.011651][T11897] do_syscall_64+0xfa/0x3b0 [ 191.011683][T11897] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.011704][T11897] ? clear_bhb_loop+0x60/0xb0 [ 191.011728][T11897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.011749][T11897] RIP: 0033:0x7f52aeb8ebe9 [ 191.011767][T11897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.011795][T11897] RSP: 002b:00007f52afa19038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 191.011820][T11897] RAX: ffffffffffffffda RBX: 00007f52aedb5fa0 RCX: 00007f52aeb8ebe9 [ 191.011836][T11897] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 191.011850][T11897] RBP: 00007f52afa19090 R08: 0000000000000000 R09: 0000000000000000 [ 191.011863][T11897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 191.011876][T11897] R13: 00007f52aedb6038 R14: 00007f52aedb5fa0 R15: 00007ffebe046798 [ 191.011907][T11897] [ 191.025778][T11900] FAULT_INJECTION: forcing a failure. [ 191.025778][T11900] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 191.245893][T11900] CPU: 0 UID: 0 PID: 11900 Comm: syz.1.2251 Not tainted syzkaller #0 PREEMPT(full) [ 191.245926][T11900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 191.245939][T11900] Call Trace: [ 191.245947][T11900] [ 191.245955][T11900] dump_stack_lvl+0x189/0x250 [ 191.245985][T11900] ? __pfx____ratelimit+0x10/0x10 [ 191.246012][T11900] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.246035][T11900] ? __pfx__printk+0x10/0x10 [ 191.246058][T11900] ? __might_fault+0xb0/0x130 [ 191.246084][T11900] ? __pfx_get_page_from_freelist+0x10/0x10 [ 191.246105][T11900] ? rcu_is_watching+0x15/0xb0 [ 191.246134][T11900] should_fail_ex+0x414/0x560 [ 191.246165][T11900] _copy_from_iter+0x1db/0x16f0 [ 191.246189][T11900] ? unwind_next_frame+0xa5/0x2390 [ 191.246214][T11900] ? policy_nodemask+0x27c/0x720 [ 191.246241][T11900] ? __pfx__copy_from_iter+0x10/0x10 [ 191.246263][T11900] ? set_page_refcounted+0xa0/0x1e0 [ 191.246292][T11900] ? page_copy_sane+0x4e/0x280 [ 191.246310][T11900] copy_page_from_iter+0xdd/0x170 [ 191.246331][T11900] tun_get_user+0x1d7b/0x3e20 [ 191.246356][T11900] ? tun_get_user+0x6f6/0x3e20 [ 191.246380][T11900] ? aa_file_perm+0x44d/0x1550 [ 191.246400][T11900] ? __pfx_tun_get_user+0x10/0x10 [ 191.246419][T11900] ? _parse_integer_limit+0x1ae/0x1f0 [ 191.246452][T11900] ? kstrtoull+0x12f/0x1d0 [ 191.246488][T11900] ? ref_tracker_alloc+0x318/0x460 [ 191.246516][T11900] ? get_pid_task+0x20/0x1f0 [ 191.246542][T11900] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 191.246571][T11900] ? tun_get+0x1c/0x2f0 [ 191.246588][T11900] ? tun_get+0x1c/0x2f0 [ 191.246606][T11900] ? rcu_is_watching+0x15/0xb0 [ 191.246634][T11900] ? tun_get+0x1c/0x2f0 [ 191.246651][T11900] ? lock_release+0x4b/0x3e0 [ 191.246687][T11900] ? common_file_perm+0x1b5/0x230 [ 191.246720][T11900] ? tun_get+0x1c/0x2f0 [ 191.246740][T11900] tun_chr_write_iter+0x113/0x200 [ 191.246760][T11900] vfs_write+0x5c9/0xb30 [ 191.246789][T11900] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 191.246808][T11900] ? __pfx_vfs_write+0x10/0x10 [ 191.246839][T11900] ? __fget_files+0x2a/0x420 [ 191.246875][T11900] ksys_write+0x145/0x250 [ 191.246903][T11900] ? __pfx_ksys_write+0x10/0x10 [ 191.246928][T11900] ? rcu_is_watching+0x15/0xb0 [ 191.246950][T11900] ? rcu_is_watching+0x15/0xb0 [ 191.246971][T11900] do_syscall_64+0xfa/0x3b0 [ 191.247003][T11900] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.247023][T11900] ? clear_bhb_loop+0x60/0xb0 [ 191.247046][T11900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.247067][T11900] RIP: 0033:0x7f11ef18d69f [ 191.247085][T11900] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 191.247104][T11900] RSP: 002b:00007f11f006d000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 191.247133][T11900] RAX: ffffffffffffffda RBX: 00007f11ef3b5fa0 RCX: 00007f11ef18d69f [ 191.247149][T11900] RDX: 00000000000000d2 RSI: 0000200000000d00 RDI: 00000000000000c8 [ 191.247163][T11900] RBP: 00007f11f006d090 R08: 0000000000000000 R09: 0000000000000000 [ 191.247176][T11900] R10: 00000000000000d2 R11: 0000000000000293 R12: 0000000000000001 [ 191.247188][T11900] R13: 00007f11ef3b6038 R14: 00007f11ef3b5fa0 R15: 00007fff78abf828 [ 191.247212][T11900] [ 191.638073][T11920] __nla_validate_parse: 2 callbacks suppressed [ 191.638097][T11920] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2257'. [ 191.658749][T11865] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 191.753461][T11926] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}z' [ 191.763921][T11926] CPU: 0 UID: 0 PID: 11926 Comm: syz.2.2260 Not tainted syzkaller #0 PREEMPT(full) [ 191.763953][T11926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 191.763967][T11926] Call Trace: [ 191.763975][T11926] [ 191.763984][T11926] dump_stack_lvl+0x189/0x250 [ 191.764017][T11926] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.764044][T11926] ? __pfx__printk+0x10/0x10 [ 191.764073][T11926] ? kernfs_root+0x1c/0x230 [ 191.764098][T11926] ? kernfs_path_from_node+0x2f/0x290 [ 191.764122][T11926] ? kernfs_path_from_node+0x250/0x290 [ 191.764145][T11926] ? kernfs_path_from_node+0x2f/0x290 [ 191.764171][T11926] sysfs_warn_dup+0x8e/0xa0 [ 191.764192][T11926] sysfs_do_create_link_sd+0xc0/0x110 [ 191.764217][T11926] device_add_class_symlinks+0x1cf/0x240 [ 191.764242][T11926] device_add+0x475/0xb50 [ 191.764265][T11926] wiphy_register+0x1ba6/0x28d0 [ 191.764302][T11926] ? __pfx_wiphy_register+0x10/0x10 [ 191.764331][T11926] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 191.764356][T11926] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 191.764380][T11926] ieee80211_register_hw+0x3425/0x4080 [ 191.764412][T11926] ? ieee80211_register_hw+0x13f1/0x4080 [ 191.764440][T11926] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 191.764464][T11926] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 191.764496][T11926] ? __hrtimer_setup+0x187/0x210 [ 191.764514][T11926] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 191.764546][T11926] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 191.764586][T11926] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 191.764612][T11926] ? trace_kmalloc+0x1f/0xd0 [ 191.764635][T11926] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 191.764664][T11926] ? kstrndup+0xbf/0x160 [ 191.764689][T11926] hwsim_new_radio_nl+0xea4/0x1b10 [ 191.764717][T11926] ? __pfx___nla_validate_parse+0x10/0x10 [ 191.764755][T11926] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 191.764787][T11926] ? __nla_parse+0x40/0x60 [ 191.764819][T11926] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 191.764861][T11926] genl_family_rcv_msg_doit+0x215/0x300 [ 191.764892][T11926] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 191.764924][T11926] ? bpf_lsm_capable+0x9/0x20 [ 191.764953][T11926] ? security_capable+0x7e/0x2e0 [ 191.764987][T11926] genl_rcv_msg+0x60e/0x790 [ 191.765014][T11926] ? __pfx_genl_rcv_msg+0x10/0x10 [ 191.765036][T11926] ? __kasan_slab_alloc+0x6c/0x80 [ 191.765063][T11926] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 191.765090][T11926] ? __netlink_lookup+0xbd/0x810 [ 191.765108][T11926] ? rcu_is_watching+0x15/0xb0 [ 191.765133][T11926] netlink_rcv_skb+0x208/0x470 [ 191.765164][T11926] ? __pfx_genl_rcv_msg+0x10/0x10 [ 191.765187][T11926] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 191.765223][T11926] ? lock_release+0x4b/0x3e0 [ 191.765255][T11926] ? down_read+0x1ad/0x2e0 [ 191.765276][T11926] genl_rcv+0x28/0x40 [ 191.765298][T11926] netlink_unicast+0x82c/0x9e0 [ 191.765330][T11926] ? __pfx_netlink_unicast+0x10/0x10 [ 191.765360][T11926] ? netlink_sendmsg+0x642/0xb30 [ 191.765389][T11926] ? skb_put+0x11b/0x210 [ 191.765411][T11926] netlink_sendmsg+0x805/0xb30 [ 191.765447][T11926] ? __pfx_netlink_sendmsg+0x10/0x10 [ 191.765481][T11926] ? futex_unqueue+0x22/0x240 [ 191.765504][T11926] ? aa_sock_msg_perm+0xf1/0x1d0 [ 191.765524][T11926] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 191.765547][T11926] ? __pfx_netlink_sendmsg+0x10/0x10 [ 191.765580][T11926] __sock_sendmsg+0x21c/0x270 [ 191.765608][T11926] ____sys_sendmsg+0x505/0x830 [ 191.765633][T11926] ? __pfx_____sys_sendmsg+0x10/0x10 [ 191.765659][T11926] ? import_iovec+0x74/0xa0 [ 191.765685][T11926] ___sys_sendmsg+0x21f/0x2a0 [ 191.765707][T11926] ? __pfx____sys_sendmsg+0x10/0x10 [ 191.765732][T11926] ? futex_wait+0x285/0x360 [ 191.765776][T11926] ? __fget_files+0x2a/0x420 [ 191.765807][T11926] ? __fget_files+0x3a0/0x420 [ 191.765852][T11926] __x64_sys_sendmsg+0x19b/0x260 [ 191.765876][T11926] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 191.765904][T11926] ? rcu_is_watching+0x15/0xb0 [ 191.765927][T11926] ? rcu_is_watching+0x15/0xb0 [ 191.765949][T11926] do_syscall_64+0xfa/0x3b0 [ 191.765981][T11926] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.766003][T11926] ? clear_bhb_loop+0x60/0xb0 [ 191.766027][T11926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.766047][T11926] RIP: 0033:0x7fc68ed8ebe9 [ 191.766067][T11926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.766086][T11926] RSP: 002b:00007fc68fc12038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 191.766110][T11926] RAX: ffffffffffffffda RBX: 00007fc68efb5fa0 RCX: 00007fc68ed8ebe9 [ 191.766126][T11926] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 191.766139][T11926] RBP: 00007fc68ee11e19 R08: 0000000000000000 R09: 0000000000000000 [ 191.766153][T11926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 191.766166][T11926] R13: 00007fc68efb6038 R14: 00007fc68efb5fa0 R15: 00007ffce5b26e78 [ 191.766190][T11926] [ 192.436878][T11951] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2269'. [ 192.513747][T11949] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2268'. [ 192.583842][T11962] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2274'. [ 192.634969][T11964] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744073709551585) [ 192.664844][T11964] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647 [ 192.675521][T11962] netlink: 'syz.2.2274': attribute type 11 has an invalid length. [ 192.712118][T11968] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}z' [ 192.729058][T11962] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2274'. [ 192.741450][T11968] CPU: 0 UID: 0 PID: 11968 Comm: syz.0.2277 Not tainted syzkaller #0 PREEMPT(full) [ 192.741485][T11968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 192.741500][T11968] Call Trace: [ 192.741508][T11968] [ 192.741518][T11968] dump_stack_lvl+0x189/0x250 [ 192.741550][T11968] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.741576][T11968] ? __pfx__printk+0x10/0x10 [ 192.741605][T11968] ? kernfs_root+0x1c/0x230 [ 192.741632][T11968] ? kernfs_path_from_node+0x2f/0x290 [ 192.741656][T11968] ? kernfs_path_from_node+0x250/0x290 [ 192.741679][T11968] ? kernfs_path_from_node+0x2f/0x290 [ 192.741716][T11968] sysfs_warn_dup+0x8e/0xa0 [ 192.741737][T11968] sysfs_do_create_link_sd+0xc0/0x110 [ 192.741762][T11968] device_add_class_symlinks+0x1cf/0x240 [ 192.741787][T11968] device_add+0x475/0xb50 [ 192.741810][T11968] wiphy_register+0x1ba6/0x28d0 [ 192.741849][T11968] ? __pfx_wiphy_register+0x10/0x10 [ 192.741880][T11968] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 192.741907][T11968] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 192.741932][T11968] ieee80211_register_hw+0x3425/0x4080 [ 192.741965][T11968] ? ieee80211_register_hw+0x13f1/0x4080 [ 192.741999][T11968] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 192.742026][T11968] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 192.742071][T11968] ? __hrtimer_setup+0x187/0x210 [ 192.742090][T11968] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 192.742125][T11968] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 192.742167][T11968] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 192.742195][T11968] ? trace_kmalloc+0x1f/0xd0 [ 192.742222][T11968] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 192.742253][T11968] ? kstrndup+0xbf/0x160 [ 192.742279][T11968] hwsim_new_radio_nl+0xea4/0x1b10 [ 192.742308][T11968] ? __pfx___nla_validate_parse+0x10/0x10 [ 192.742349][T11968] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 192.742383][T11968] ? __nla_parse+0x40/0x60 [ 192.742416][T11968] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 192.742447][T11968] genl_family_rcv_msg_doit+0x215/0x300 [ 192.742476][T11968] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 192.742509][T11968] ? bpf_lsm_capable+0x9/0x20 [ 192.742539][T11968] ? security_capable+0x7e/0x2e0 [ 192.742574][T11968] genl_rcv_msg+0x60e/0x790 [ 192.742602][T11968] ? __pfx_genl_rcv_msg+0x10/0x10 [ 192.742625][T11968] ? __kasan_slab_alloc+0x6c/0x80 [ 192.742653][T11968] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 192.742680][T11968] ? __netlink_lookup+0xbd/0x810 [ 192.742698][T11968] ? rcu_is_watching+0x15/0xb0 [ 192.742724][T11968] netlink_rcv_skb+0x208/0x470 [ 192.742756][T11968] ? __pfx_genl_rcv_msg+0x10/0x10 [ 192.742781][T11968] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 192.742818][T11968] ? lock_release+0x4b/0x3e0 [ 192.742850][T11968] ? down_read+0x1ad/0x2e0 [ 192.742870][T11968] genl_rcv+0x28/0x40 [ 192.742890][T11968] netlink_unicast+0x82c/0x9e0 [ 192.742923][T11968] ? __pfx_netlink_unicast+0x10/0x10 [ 192.742951][T11968] ? netlink_sendmsg+0x642/0xb30 [ 192.742982][T11968] ? skb_put+0x11b/0x210 [ 192.743002][T11968] netlink_sendmsg+0x805/0xb30 [ 192.743040][T11968] ? __pfx_netlink_sendmsg+0x10/0x10 [ 192.743079][T11968] ? futex_unqueue+0x22/0x240 [ 192.743100][T11968] ? aa_sock_msg_perm+0xf1/0x1d0 [ 192.743118][T11968] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 192.743140][T11968] ? __pfx_netlink_sendmsg+0x10/0x10 [ 192.743171][T11968] __sock_sendmsg+0x21c/0x270 [ 192.743201][T11968] ____sys_sendmsg+0x505/0x830 [ 192.743225][T11968] ? __pfx_____sys_sendmsg+0x10/0x10 [ 192.743252][T11968] ? import_iovec+0x74/0xa0 [ 192.743276][T11968] ___sys_sendmsg+0x21f/0x2a0 [ 192.743298][T11968] ? __pfx____sys_sendmsg+0x10/0x10 [ 192.743321][T11968] ? futex_wait+0x285/0x360 [ 192.743365][T11968] ? __fget_files+0x2a/0x420 [ 192.743396][T11968] ? __fget_files+0x3a0/0x420 [ 192.743432][T11968] __x64_sys_sendmsg+0x19b/0x260 [ 192.743456][T11968] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 192.743484][T11968] ? rcu_is_watching+0x15/0xb0 [ 192.743508][T11968] ? rcu_is_watching+0x15/0xb0 [ 192.743530][T11968] do_syscall_64+0xfa/0x3b0 [ 192.743562][T11968] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.743584][T11968] ? clear_bhb_loop+0x60/0xb0 [ 192.743608][T11968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.743629][T11968] RIP: 0033:0x7f1a3d78ebe9 [ 192.743648][T11968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.743669][T11968] RSP: 002b:00007f1a3e561038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 192.743692][T11968] RAX: ffffffffffffffda RBX: 00007f1a3d9b5fa0 RCX: 00007f1a3d78ebe9 [ 192.743709][T11968] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 192.743724][T11968] RBP: 00007f1a3d811e19 R08: 0000000000000000 R09: 0000000000000000 [ 192.743737][T11968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.743750][T11968] R13: 00007f1a3d9b6038 R14: 00007f1a3d9b5fa0 R15: 00007ffddd4f0468 [ 192.743775][T11968] [ 193.331839][T11983] netlink: 'syz.0.2281': attribute type 32 has an invalid length. [ 193.342471][T11982] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2283'. [ 193.382176][T11985] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2284'. [ 193.431310][T11982] hsr_slave_0 (unregistering): left promiscuous mode [ 193.520981][T11996] block nbd2: not configured, cannot reconfigure [ 193.698151][T12007] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}z' [ 193.708639][T12007] CPU: 0 UID: 0 PID: 12007 Comm: syz.2.2292 Not tainted syzkaller #0 PREEMPT(full) [ 193.708687][T12007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 193.708702][T12007] Call Trace: [ 193.708710][T12007] [ 193.708720][T12007] dump_stack_lvl+0x189/0x250 [ 193.708754][T12007] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.708782][T12007] ? __pfx__printk+0x10/0x10 [ 193.708810][T12007] ? kernfs_root+0x1c/0x230 [ 193.708836][T12007] ? kernfs_path_from_node+0x2f/0x290 [ 193.708860][T12007] ? kernfs_path_from_node+0x250/0x290 [ 193.708883][T12007] ? kernfs_path_from_node+0x2f/0x290 [ 193.708910][T12007] sysfs_warn_dup+0x8e/0xa0 [ 193.708930][T12007] sysfs_do_create_link_sd+0xc0/0x110 [ 193.708955][T12007] device_add_class_symlinks+0x1cf/0x240 [ 193.708979][T12007] device_add+0x475/0xb50 [ 193.709002][T12007] wiphy_register+0x1ba6/0x28d0 [ 193.709041][T12007] ? __pfx_wiphy_register+0x10/0x10 [ 193.709070][T12007] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 193.709097][T12007] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 193.709122][T12007] ieee80211_register_hw+0x3425/0x4080 [ 193.709153][T12007] ? ieee80211_register_hw+0x13f1/0x4080 [ 193.709180][T12007] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 193.709204][T12007] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 193.709236][T12007] ? __hrtimer_setup+0x187/0x210 [ 193.709256][T12007] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 193.709288][T12007] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 193.709332][T12007] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 193.709359][T12007] ? trace_kmalloc+0x1f/0xd0 [ 193.709385][T12007] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 193.709415][T12007] ? kstrndup+0xbf/0x160 [ 193.709443][T12007] hwsim_new_radio_nl+0xea4/0x1b10 [ 193.709470][T12007] ? __pfx___nla_validate_parse+0x10/0x10 [ 193.709505][T12007] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 193.709534][T12007] ? __nla_parse+0x40/0x60 [ 193.709563][T12007] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 193.709589][T12007] genl_family_rcv_msg_doit+0x215/0x300 [ 193.709615][T12007] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 193.709642][T12007] ? bpf_lsm_capable+0x9/0x20 [ 193.709668][T12007] ? security_capable+0x7e/0x2e0 [ 193.709707][T12007] genl_rcv_msg+0x60e/0x790 [ 193.709731][T12007] ? __pfx_genl_rcv_msg+0x10/0x10 [ 193.709750][T12007] ? __kasan_slab_alloc+0x6c/0x80 [ 193.709775][T12007] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 193.709799][T12007] ? __netlink_lookup+0xbd/0x810 [ 193.709815][T12007] ? rcu_is_watching+0x15/0xb0 [ 193.709837][T12007] netlink_rcv_skb+0x208/0x470 [ 193.709865][T12007] ? __pfx_genl_rcv_msg+0x10/0x10 [ 193.709886][T12007] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 193.709918][T12007] ? lock_release+0x4b/0x3e0 [ 193.709948][T12007] ? down_read+0x1ad/0x2e0 [ 193.709965][T12007] genl_rcv+0x28/0x40 [ 193.709984][T12007] netlink_unicast+0x82c/0x9e0 [ 193.710012][T12007] ? __pfx_netlink_unicast+0x10/0x10 [ 193.710037][T12007] ? netlink_sendmsg+0x642/0xb30 [ 193.710064][T12007] ? skb_put+0x11b/0x210 [ 193.710081][T12007] netlink_sendmsg+0x805/0xb30 [ 193.710114][T12007] ? __pfx_netlink_sendmsg+0x10/0x10 [ 193.710143][T12007] ? futex_unqueue+0x22/0x240 [ 193.710163][T12007] ? aa_sock_msg_perm+0xf1/0x1d0 [ 193.710181][T12007] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 193.710200][T12007] ? __pfx_netlink_sendmsg+0x10/0x10 [ 193.710229][T12007] __sock_sendmsg+0x21c/0x270 [ 193.710253][T12007] ____sys_sendmsg+0x505/0x830 [ 193.710274][T12007] ? __pfx_____sys_sendmsg+0x10/0x10 [ 193.710296][T12007] ? import_iovec+0x74/0xa0 [ 193.710318][T12007] ___sys_sendmsg+0x21f/0x2a0 [ 193.710337][T12007] ? __pfx____sys_sendmsg+0x10/0x10 [ 193.710359][T12007] ? futex_wait+0x285/0x360 [ 193.710398][T12007] ? __fget_files+0x2a/0x420 [ 193.710426][T12007] ? __fget_files+0x3a0/0x420 [ 193.710458][T12007] __x64_sys_sendmsg+0x19b/0x260 [ 193.710478][T12007] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 193.710518][T12007] ? rcu_is_watching+0x15/0xb0 [ 193.710539][T12007] ? rcu_is_watching+0x15/0xb0 [ 193.710558][T12007] do_syscall_64+0xfa/0x3b0 [ 193.710587][T12007] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.710605][T12007] ? clear_bhb_loop+0x60/0xb0 [ 193.710626][T12007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.710645][T12007] RIP: 0033:0x7fc68ed8ebe9 [ 193.710662][T12007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.710684][T12007] RSP: 002b:00007fc68fc12038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 193.710705][T12007] RAX: ffffffffffffffda RBX: 00007fc68efb5fa0 RCX: 00007fc68ed8ebe9 [ 193.710719][T12007] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 193.710731][T12007] RBP: 00007fc68ee11e19 R08: 0000000000000000 R09: 0000000000000000 [ 193.710743][T12007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.710754][T12007] R13: 00007fc68efb6038 R14: 00007fc68efb5fa0 R15: 00007ffce5b26e78 [ 193.710776][T12007] [ 194.281311][T12013] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2294'. [ 194.569066][T12039] netlink: 'syz.4.2304': attribute type 1 has an invalid length. [ 194.596118][T12041] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2306'. [ 194.639296][T12039] 8021q: adding VLAN 0 to HW filter on device bond6 [ 194.662330][T12046] FAULT_INJECTION: forcing a failure. [ 194.662330][T12046] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 194.678630][T12046] CPU: 0 UID: 0 PID: 12046 Comm: syz.4.2304 Not tainted syzkaller #0 PREEMPT(full) [ 194.678661][T12046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 194.678676][T12046] Call Trace: [ 194.678683][T12046] [ 194.678693][T12046] dump_stack_lvl+0x189/0x250 [ 194.678724][T12046] ? __pfx____ratelimit+0x10/0x10 [ 194.678759][T12046] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.678783][T12046] ? __pfx__printk+0x10/0x10 [ 194.678817][T12046] ? __might_fault+0xb0/0x130 [ 194.678851][T12046] ? rcu_is_watching+0x15/0xb0 [ 194.678872][T12046] should_fail_ex+0x414/0x560 [ 194.678902][T12046] _copy_from_user+0x2d/0xb0 [ 194.678928][T12046] ___sys_sendmsg+0x158/0x2a0 [ 194.678950][T12046] ? __pfx____sys_sendmsg+0x10/0x10 [ 194.678990][T12046] ? __fget_files+0x2a/0x420 [ 194.679021][T12046] ? __fget_files+0x3a0/0x420 [ 194.679057][T12046] __x64_sys_sendmsg+0x19b/0x260 [ 194.679080][T12046] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 194.679106][T12046] ? __pfx_ksys_write+0x10/0x10 [ 194.679136][T12046] ? rcu_is_watching+0x15/0xb0 [ 194.679158][T12046] do_syscall_64+0xfa/0x3b0 [ 194.679190][T12046] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.679211][T12046] ? clear_bhb_loop+0x60/0xb0 [ 194.679234][T12046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.679255][T12046] RIP: 0033:0x7f52aeb8ebe9 [ 194.679274][T12046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 194.679292][T12046] RSP: 002b:00007f52af9f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 194.679316][T12046] RAX: ffffffffffffffda RBX: 00007f52aedb6090 RCX: 00007f52aeb8ebe9 [ 194.679332][T12046] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 194.679345][T12046] RBP: 00007f52af9f8090 R08: 0000000000000000 R09: 0000000000000000 [ 194.679357][T12046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 194.679368][T12046] R13: 00007f52aedb6128 R14: 00007f52aedb6090 R15: 00007ffebe046798 [ 194.679392][T12046] [ 194.693402][T12044] syzkaller1: entered promiscuous mode [ 194.903952][T12044] syzkaller1: entered allmulticast mode [ 194.983353][T12060] FAULT_INJECTION: forcing a failure. [ 194.983353][T12060] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 194.997475][T12060] CPU: 1 UID: 0 PID: 12060 Comm: syz.4.2312 Not tainted syzkaller #0 PREEMPT(full) [ 194.997505][T12060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 194.997519][T12060] Call Trace: [ 194.997527][T12060] [ 194.997535][T12060] dump_stack_lvl+0x189/0x250 [ 194.997567][T12060] ? __pfx____ratelimit+0x10/0x10 [ 194.997597][T12060] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.997621][T12060] ? __pfx__printk+0x10/0x10 [ 194.997653][T12060] ? rcu_is_watching+0x15/0xb0 [ 194.997677][T12060] should_fail_ex+0x414/0x560 [ 194.997706][T12060] _copy_to_user+0x31/0xb0 [ 194.997730][T12060] simple_read_from_buffer+0xe1/0x170 [ 194.997762][T12060] proc_fail_nth_read+0x1b3/0x220 [ 194.997800][T12060] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 194.997825][T12060] ? rw_verify_area+0x2a6/0x4d0 [ 194.997851][T12060] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 194.997876][T12060] vfs_read+0x200/0xa30 [ 194.997900][T12060] ? fdget_pos+0x247/0x320 [ 194.997921][T12060] ? __pfx___mutex_lock+0x10/0x10 [ 194.997952][T12060] ? __pfx_vfs_read+0x10/0x10 [ 194.997983][T12060] ? __fget_files+0x3a0/0x420 [ 194.998015][T12060] ? __fget_files+0x2a/0x420 [ 194.998051][T12060] ksys_read+0x145/0x250 [ 194.998079][T12060] ? __pfx_ksys_read+0x10/0x10 [ 194.998105][T12060] ? rcu_is_watching+0x15/0xb0 [ 194.998128][T12060] ? rcu_is_watching+0x15/0xb0 [ 194.998151][T12060] do_syscall_64+0xfa/0x3b0 [ 194.998184][T12060] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.998206][T12060] ? clear_bhb_loop+0x60/0xb0 [ 194.998231][T12060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.998252][T12060] RIP: 0033:0x7f52aeb8d5fc [ 194.998271][T12060] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 194.998292][T12060] RSP: 002b:00007f52afa19030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 194.998315][T12060] RAX: ffffffffffffffda RBX: 00007f52aedb5fa0 RCX: 00007f52aeb8d5fc [ 194.998332][T12060] RDX: 000000000000000f RSI: 00007f52afa190a0 RDI: 0000000000000006 [ 194.998346][T12060] RBP: 00007f52afa19090 R08: 0000000000000000 R09: 0000000000000000 [ 194.998360][T12060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 194.998374][T12060] R13: 00007f52aedb6038 R14: 00007f52aedb5fa0 R15: 00007ffebe046798 [ 194.998398][T12060] [ 195.498498][T12083] netlink: 'syz.0.2321': attribute type 2 has an invalid length. [ 195.509573][T12083] netlink: 'syz.0.2321': attribute type 2 has an invalid length. [ 195.601522][T12080] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 195.634321][T12081] lo speed is unknown, defaulting to 1000 [ 195.640829][T12091] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}z' [ 195.671169][T12091] CPU: 0 UID: 0 PID: 12091 Comm: syz.0.2324 Not tainted syzkaller #0 PREEMPT(full) [ 195.671204][T12091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 195.671219][T12091] Call Trace: [ 195.671228][T12091] [ 195.671239][T12091] dump_stack_lvl+0x189/0x250 [ 195.671275][T12091] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.671302][T12091] ? __pfx__printk+0x10/0x10 [ 195.671332][T12091] ? kernfs_root+0x1c/0x230 [ 195.671359][T12091] ? kernfs_path_from_node+0x2f/0x290 [ 195.671384][T12091] ? kernfs_path_from_node+0x250/0x290 [ 195.671408][T12091] ? kernfs_path_from_node+0x2f/0x290 [ 195.671434][T12091] sysfs_warn_dup+0x8e/0xa0 [ 195.671457][T12091] sysfs_do_create_link_sd+0xc0/0x110 [ 195.671482][T12091] device_add_class_symlinks+0x1cf/0x240 [ 195.671510][T12091] device_add+0x475/0xb50 [ 195.671534][T12091] wiphy_register+0x1ba6/0x28d0 [ 195.671575][T12091] ? __pfx_wiphy_register+0x10/0x10 [ 195.671606][T12091] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 195.671635][T12091] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 195.671661][T12091] ieee80211_register_hw+0x3425/0x4080 [ 195.671695][T12091] ? ieee80211_register_hw+0x13f1/0x4080 [ 195.671724][T12091] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 195.671761][T12091] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 195.671795][T12091] ? __hrtimer_setup+0x187/0x210 [ 195.671816][T12091] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 195.671850][T12091] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 195.671899][T12091] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 195.671926][T12091] ? trace_kmalloc+0x1f/0xd0 [ 195.671953][T12091] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 195.671984][T12091] ? kstrndup+0xbf/0x160 [ 195.672012][T12091] hwsim_new_radio_nl+0xea4/0x1b10 [ 195.672042][T12091] ? __pfx___nla_validate_parse+0x10/0x10 [ 195.672084][T12091] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 195.672119][T12091] ? __nla_parse+0x40/0x60 [ 195.672155][T12091] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 195.672188][T12091] genl_family_rcv_msg_doit+0x215/0x300 [ 195.672218][T12091] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 195.672252][T12091] ? bpf_lsm_capable+0x9/0x20 [ 195.672281][T12091] ? security_capable+0x7e/0x2e0 [ 195.672316][T12091] genl_rcv_msg+0x60e/0x790 [ 195.672344][T12091] ? __pfx_genl_rcv_msg+0x10/0x10 [ 195.672368][T12091] ? __kasan_slab_alloc+0x6c/0x80 [ 195.672396][T12091] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 195.672423][T12091] ? __netlink_lookup+0xbd/0x810 [ 195.672442][T12091] ? rcu_is_watching+0x15/0xb0 [ 195.672469][T12091] netlink_rcv_skb+0x208/0x470 [ 195.672501][T12091] ? __pfx_genl_rcv_msg+0x10/0x10 [ 195.672527][T12091] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 195.672565][T12091] ? lock_release+0x4b/0x3e0 [ 195.672600][T12091] ? down_read+0x1ad/0x2e0 [ 195.672622][T12091] genl_rcv+0x28/0x40 [ 195.672644][T12091] netlink_unicast+0x82c/0x9e0 [ 195.672678][T12091] ? __pfx_netlink_unicast+0x10/0x10 [ 195.672709][T12091] ? netlink_sendmsg+0x642/0xb30 [ 195.672742][T12091] ? skb_put+0x11b/0x210 [ 195.672774][T12091] netlink_sendmsg+0x805/0xb30 [ 195.672813][T12091] ? __pfx_netlink_sendmsg+0x10/0x10 [ 195.672848][T12091] ? futex_unqueue+0x22/0x240 [ 195.672874][T12091] ? aa_sock_msg_perm+0xf1/0x1d0 [ 195.672896][T12091] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 195.672920][T12091] ? __pfx_netlink_sendmsg+0x10/0x10 [ 195.672955][T12091] __sock_sendmsg+0x21c/0x270 [ 195.672985][T12091] ____sys_sendmsg+0x505/0x830 [ 195.673011][T12091] ? __pfx_____sys_sendmsg+0x10/0x10 [ 195.673039][T12091] ? import_iovec+0x74/0xa0 [ 195.673066][T12091] ___sys_sendmsg+0x21f/0x2a0 [ 195.673090][T12091] ? __pfx____sys_sendmsg+0x10/0x10 [ 195.673117][T12091] ? futex_wait+0x285/0x360 [ 195.673164][T12091] ? __fget_files+0x2a/0x420 [ 195.673197][T12091] ? __fget_files+0x3a0/0x420 [ 195.673236][T12091] __x64_sys_sendmsg+0x19b/0x260 [ 195.673261][T12091] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 195.673289][T12091] ? rcu_is_watching+0x15/0xb0 [ 195.673314][T12091] ? rcu_is_watching+0x15/0xb0 [ 195.673338][T12091] do_syscall_64+0xfa/0x3b0 [ 195.673370][T12091] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.673394][T12091] ? clear_bhb_loop+0x60/0xb0 [ 195.673418][T12091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.673441][T12091] RIP: 0033:0x7f1a3d78ebe9 [ 195.673462][T12091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.673483][T12091] RSP: 002b:00007f1a3e561038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 195.673507][T12091] RAX: ffffffffffffffda RBX: 00007f1a3d9b5fa0 RCX: 00007f1a3d78ebe9 [ 195.673525][T12091] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 195.673540][T12091] RBP: 00007f1a3d811e19 R08: 0000000000000000 R09: 0000000000000000 [ 195.673554][T12091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 195.673568][T12091] R13: 00007f1a3d9b6038 R14: 00007f1a3d9b5fa0 R15: 00007ffddd4f0468 [ 195.673594][T12091] [ 195.912253][T12095] FAULT_INJECTION: forcing a failure. [ 195.912253][T12095] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 196.179109][T12095] CPU: 0 UID: 0 PID: 12095 Comm: syz.1.2325 Not tainted syzkaller #0 PREEMPT(full) [ 196.179140][T12095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 196.179155][T12095] Call Trace: [ 196.179164][T12095] [ 196.179173][T12095] dump_stack_lvl+0x189/0x250 [ 196.179204][T12095] ? __pfx____ratelimit+0x10/0x10 [ 196.179234][T12095] ? __pfx_dump_stack_lvl+0x10/0x10 [ 196.179259][T12095] ? __pfx__printk+0x10/0x10 [ 196.179287][T12095] ? __might_fault+0xb0/0x130 [ 196.179321][T12095] ? rcu_is_watching+0x15/0xb0 [ 196.179344][T12095] should_fail_ex+0x414/0x560 [ 196.179375][T12095] _copy_from_user+0x2d/0xb0 [ 196.179400][T12095] ___sys_sendmsg+0x158/0x2a0 [ 196.179424][T12095] ? __pfx____sys_sendmsg+0x10/0x10 [ 196.179466][T12095] ? __fget_files+0x2a/0x420 [ 196.179498][T12095] ? __fget_files+0x3a0/0x420 [ 196.179536][T12095] __x64_sys_sendmsg+0x19b/0x260 [ 196.179560][T12095] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 196.179588][T12095] ? __pfx_ksys_write+0x10/0x10 [ 196.179614][T12095] ? rcu_is_watching+0x15/0xb0 [ 196.179638][T12095] ? rcu_is_watching+0x15/0xb0 [ 196.179664][T12095] do_syscall_64+0xfa/0x3b0 [ 196.179698][T12095] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.179719][T12095] ? clear_bhb_loop+0x60/0xb0 [ 196.179744][T12095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.179772][T12095] RIP: 0033:0x7f11ef18ebe9 [ 196.179791][T12095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 196.179811][T12095] RSP: 002b:00007f11f006d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 196.179834][T12095] RAX: ffffffffffffffda RBX: 00007f11ef3b5fa0 RCX: 00007f11ef18ebe9 [ 196.179850][T12095] RDX: 0000000020000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 196.179865][T12095] RBP: 00007f11f006d090 R08: 0000000000000000 R09: 0000000000000000 [ 196.179878][T12095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 196.179892][T12095] R13: 00007f11ef3b6038 R14: 00007f11ef3b5fa0 R15: 00007fff78abf828 [ 196.179917][T12095] [ 196.523125][T12108] netlink: 'syz.2.2330': attribute type 1 has an invalid length. [ 196.561320][T12108] bond9: (slave vxcan3): The slave device specified does not support setting the MAC address [ 196.573946][T12108] bond9: (slave vxcan3): Error -95 calling set_mac_address [ 196.591359][ T5871] Bluetooth: hci3: command 0x0406 tx timeout [ 196.593187][T12109] gretap2: entered promiscuous mode [ 196.597719][ T5871] Bluetooth: hci2: command 0x0406 tx timeout [ 196.597754][ T5871] Bluetooth: hci1: command 0x0406 tx timeout [ 196.623744][T12109] bond9: (slave gretap2): making interface the new active one [ 196.636737][T12109] bond9: (slave gretap2): Enslaving as an active interface with an up link [ 196.684459][T12108] macvlan0: entered promiscuous mode [ 196.690002][T12108] macvlan0: entered allmulticast mode [ 196.699615][T12108] bond9: entered promiscuous mode [ 196.705417][T12108] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 196.724653][T12108] bond9: (slave macvlan0): the slave hw address is in use by the bond; giving it the hw address of gretap2 [ 196.766087][T12108] bond9: left promiscuous mode [ 196.925072][T12135] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2337'. [ 196.935947][T12135] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (64) [ 197.059467][ T30] audit: type=1800 audit(1756310636.803:4): pid=12144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2341" name="memory.events" dev="tmpfs" ino=2335 res=0 errno=0 [ 197.089342][T12142] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 197.089616][ T30] audit: type=1800 audit(1756310636.803:5): pid=12144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2341" name="memory.events" dev="tmpfs" ino=2335 res=0 errno=0 [ 197.121856][ T30] audit: type=1800 audit(1756310636.803:6): pid=12144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2341" name="memory.events" dev="tmpfs" ino=2335 res=0 errno=0 [ 197.160083][ T30] audit: type=1800 audit(1756310636.803:7): pid=12144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2341" name="memory.events" dev="tmpfs" ino=2335 res=0 errno=0 [ 197.184339][ T30] audit: type=1800 audit(1756310636.803:8): pid=12144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2341" name="memory.events" dev="tmpfs" ino=2335 res=0 errno=0 [ 197.216254][ T30] audit: type=1800 audit(1756310636.803:9): pid=12144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2341" name="memory.events" dev="tmpfs" ino=2335 res=0 errno=0 [ 197.259630][ T30] audit: type=1800 audit(1756310636.803:10): pid=12144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2341" name="memory.events" dev="tmpfs" ino=2335 res=0 errno=0 [ 197.286150][ T30] audit: type=1800 audit(1756310636.803:11): pid=12144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2341" name="memory.events" dev="tmpfs" ino=2335 res=0 errno=0 [ 197.326797][T12154] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2345'. [ 197.363069][ T30] audit: type=1800 audit(1756310636.803:12): pid=12144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2341" name="memory.events" dev="tmpfs" ino=2335 res=0 errno=0 [ 197.395562][T12156] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}z' [ 197.415682][ T30] audit: type=1800 audit(1756310636.803:13): pid=12144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2341" name="memory.events" dev="tmpfs" ino=2335 res=0 errno=0 [ 197.442819][T12156] CPU: 0 UID: 0 PID: 12156 Comm: syz.4.2346 Not tainted syzkaller #0 PREEMPT(full) [ 197.442850][T12156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 197.442864][T12156] Call Trace: [ 197.442873][T12156] [ 197.442883][T12156] dump_stack_lvl+0x189/0x250 [ 197.442916][T12156] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.442942][T12156] ? __pfx__printk+0x10/0x10 [ 197.442971][T12156] ? kernfs_root+0x1c/0x230 [ 197.442998][T12156] ? kernfs_path_from_node+0x2f/0x290 [ 197.443021][T12156] ? kernfs_path_from_node+0x250/0x290 [ 197.443045][T12156] ? kernfs_path_from_node+0x2f/0x290 [ 197.443072][T12156] sysfs_warn_dup+0x8e/0xa0 [ 197.443094][T12156] sysfs_do_create_link_sd+0xc0/0x110 [ 197.443119][T12156] device_add_class_symlinks+0x1cf/0x240 [ 197.443144][T12156] device_add+0x475/0xb50 [ 197.443167][T12156] wiphy_register+0x1ba6/0x28d0 [ 197.443206][T12156] ? __pfx_wiphy_register+0x10/0x10 [ 197.443236][T12156] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 197.443262][T12156] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 197.443288][T12156] ieee80211_register_hw+0x3425/0x4080 [ 197.443330][T12156] ? ieee80211_register_hw+0x13f1/0x4080 [ 197.443360][T12156] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 197.443387][T12156] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 197.443421][T12156] ? __hrtimer_setup+0x187/0x210 [ 197.443441][T12156] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 197.443475][T12156] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 197.443519][T12156] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 197.443547][T12156] ? trace_kmalloc+0x1f/0xd0 [ 197.443574][T12156] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 197.443605][T12156] ? kstrndup+0xbf/0x160 [ 197.443633][T12156] hwsim_new_radio_nl+0xea4/0x1b10 [ 197.443661][T12156] ? __pfx___nla_validate_parse+0x10/0x10 [ 197.443701][T12156] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 197.443733][T12156] ? __nla_parse+0x40/0x60 [ 197.443762][T12156] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 197.443788][T12156] genl_family_rcv_msg_doit+0x215/0x300 [ 197.443812][T12156] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 197.443838][T12156] ? bpf_lsm_capable+0x9/0x20 [ 197.443863][T12156] ? security_capable+0x7e/0x2e0 [ 197.443891][T12156] genl_rcv_msg+0x60e/0x790 [ 197.443914][T12156] ? __pfx_genl_rcv_msg+0x10/0x10 [ 197.443932][T12156] ? __kasan_slab_alloc+0x6c/0x80 [ 197.443956][T12156] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 197.443978][T12156] ? __netlink_lookup+0xbd/0x810 [ 197.443993][T12156] ? rcu_is_watching+0x15/0xb0 [ 197.444014][T12156] netlink_rcv_skb+0x208/0x470 [ 197.444040][T12156] ? __pfx_genl_rcv_msg+0x10/0x10 [ 197.444061][T12156] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 197.444091][T12156] ? lock_release+0x4b/0x3e0 [ 197.444118][T12156] ? down_read+0x1ad/0x2e0 [ 197.444135][T12156] genl_rcv+0x28/0x40 [ 197.444153][T12156] netlink_unicast+0x82c/0x9e0 [ 197.444181][T12156] ? __pfx_netlink_unicast+0x10/0x10 [ 197.444205][T12156] ? netlink_sendmsg+0x642/0xb30 [ 197.444231][T12156] ? skb_put+0x11b/0x210 [ 197.444248][T12156] netlink_sendmsg+0x805/0xb30 [ 197.444278][T12156] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.444306][T12156] ? futex_unqueue+0x22/0x240 [ 197.444336][T12156] ? aa_sock_msg_perm+0xf1/0x1d0 [ 197.444353][T12156] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 197.444373][T12156] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.444400][T12156] __sock_sendmsg+0x21c/0x270 [ 197.444425][T12156] ____sys_sendmsg+0x505/0x830 [ 197.444445][T12156] ? __pfx_____sys_sendmsg+0x10/0x10 [ 197.444468][T12156] ? import_iovec+0x74/0xa0 [ 197.444489][T12156] ___sys_sendmsg+0x21f/0x2a0 [ 197.444508][T12156] ? __pfx____sys_sendmsg+0x10/0x10 [ 197.444528][T12156] ? futex_wait+0x285/0x360 [ 197.444565][T12156] ? __fget_files+0x2a/0x420 [ 197.444592][T12156] ? __fget_files+0x3a0/0x420 [ 197.444623][T12156] __x64_sys_sendmsg+0x19b/0x260 [ 197.444643][T12156] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 197.444666][T12156] ? rcu_is_watching+0x15/0xb0 [ 197.444684][T12156] ? rcu_is_watching+0x15/0xb0 [ 197.444703][T12156] do_syscall_64+0xfa/0x3b0 [ 197.444731][T12156] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.444749][T12156] ? clear_bhb_loop+0x60/0xb0 [ 197.444768][T12156] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.444786][T12156] RIP: 0033:0x7f52aeb8ebe9 [ 197.444802][T12156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.444818][T12156] RSP: 002b:00007f52afa19038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 197.444838][T12156] RAX: ffffffffffffffda RBX: 00007f52aedb5fa0 RCX: 00007f52aeb8ebe9 [ 197.444852][T12156] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 197.444864][T12156] RBP: 00007f52aec11e19 R08: 0000000000000000 R09: 0000000000000000 [ 197.444876][T12156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 197.444887][T12156] R13: 00007f52aedb6038 R14: 00007f52aedb5fa0 R15: 00007ffebe046798 [ 197.444907][T12156] [ 197.997473][T12172] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2354'. [ 198.071755][T12178] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2357'. [ 198.155972][T12184] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2358'. [ 198.184421][T12184] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2358'. [ 198.383207][T12202] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2365'. [ 198.482796][T12213] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2370'. [ 198.568935][T12214] syz.2.2367 (12214) used greatest stack depth: 17992 bytes left [ 198.722401][T12232] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}z' [ 198.747633][T12232] CPU: 1 UID: 0 PID: 12232 Comm: syz.2.2377 Not tainted syzkaller #0 PREEMPT(full) [ 198.747667][T12232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 198.747682][T12232] Call Trace: [ 198.747691][T12232] [ 198.747702][T12232] dump_stack_lvl+0x189/0x250 [ 198.747737][T12232] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.747765][T12232] ? __pfx__printk+0x10/0x10 [ 198.747795][T12232] ? kernfs_root+0x1c/0x230 [ 198.747821][T12232] ? kernfs_path_from_node+0x2f/0x290 [ 198.747846][T12232] ? kernfs_path_from_node+0x250/0x290 [ 198.747870][T12232] ? kernfs_path_from_node+0x2f/0x290 [ 198.747897][T12232] sysfs_warn_dup+0x8e/0xa0 [ 198.747918][T12232] sysfs_do_create_link_sd+0xc0/0x110 [ 198.747944][T12232] device_add_class_symlinks+0x1cf/0x240 [ 198.747969][T12232] device_add+0x475/0xb50 [ 198.747993][T12232] wiphy_register+0x1ba6/0x28d0 [ 198.748034][T12232] ? __pfx_wiphy_register+0x10/0x10 [ 198.748065][T12232] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 198.748092][T12232] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 198.748118][T12232] ieee80211_register_hw+0x3425/0x4080 [ 198.748152][T12232] ? ieee80211_register_hw+0x13f1/0x4080 [ 198.748182][T12232] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 198.748210][T12232] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 198.748253][T12232] ? __hrtimer_setup+0x187/0x210 [ 198.748274][T12232] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 198.748308][T12232] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 198.748352][T12232] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 198.748381][T12232] ? trace_kmalloc+0x1f/0xd0 [ 198.748408][T12232] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 198.748440][T12232] ? kstrndup+0xbf/0x160 [ 198.748468][T12232] hwsim_new_radio_nl+0xea4/0x1b10 [ 198.748498][T12232] ? __pfx___nla_validate_parse+0x10/0x10 [ 198.748540][T12232] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 198.748575][T12232] ? __nla_parse+0x40/0x60 [ 198.748608][T12232] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 198.748641][T12232] genl_family_rcv_msg_doit+0x215/0x300 [ 198.748671][T12232] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 198.748704][T12232] ? bpf_lsm_capable+0x9/0x20 [ 198.748733][T12232] ? security_capable+0x7e/0x2e0 [ 198.748769][T12232] genl_rcv_msg+0x60e/0x790 [ 198.748796][T12232] ? __pfx_genl_rcv_msg+0x10/0x10 [ 198.748819][T12232] ? __kasan_slab_alloc+0x6c/0x80 [ 198.748847][T12232] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 198.748875][T12232] ? __netlink_lookup+0xbd/0x810 [ 198.748894][T12232] ? rcu_is_watching+0x15/0xb0 [ 198.748921][T12232] netlink_rcv_skb+0x208/0x470 [ 198.748953][T12232] ? __pfx_genl_rcv_msg+0x10/0x10 [ 198.748979][T12232] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 198.749017][T12232] ? lock_release+0x4b/0x3e0 [ 198.749050][T12232] ? down_read+0x1ad/0x2e0 [ 198.749072][T12232] genl_rcv+0x28/0x40 [ 198.749094][T12232] netlink_unicast+0x82c/0x9e0 [ 198.749127][T12232] ? __pfx_netlink_unicast+0x10/0x10 [ 198.749157][T12232] ? netlink_sendmsg+0x642/0xb30 [ 198.749188][T12232] ? skb_put+0x11b/0x210 [ 198.749210][T12232] netlink_sendmsg+0x805/0xb30 [ 198.749256][T12232] ? __pfx_netlink_sendmsg+0x10/0x10 [ 198.749290][T12232] ? futex_unqueue+0x22/0x240 [ 198.749315][T12232] ? aa_sock_msg_perm+0xf1/0x1d0 [ 198.749337][T12232] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 198.749362][T12232] ? __pfx_netlink_sendmsg+0x10/0x10 [ 198.749395][T12232] __sock_sendmsg+0x21c/0x270 [ 198.749425][T12232] ____sys_sendmsg+0x505/0x830 [ 198.749451][T12232] ? __pfx_____sys_sendmsg+0x10/0x10 [ 198.749479][T12232] ? import_iovec+0x74/0xa0 [ 198.749503][T12232] ___sys_sendmsg+0x21f/0x2a0 [ 198.749526][T12232] ? __pfx____sys_sendmsg+0x10/0x10 [ 198.749553][T12232] ? futex_wait+0x285/0x360 [ 198.749599][T12232] ? __fget_files+0x2a/0x420 [ 198.749631][T12232] ? __fget_files+0x3a0/0x420 [ 198.749671][T12232] __x64_sys_sendmsg+0x19b/0x260 [ 198.749695][T12232] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 198.749723][T12232] ? rcu_is_watching+0x15/0xb0 [ 198.749747][T12232] ? rcu_is_watching+0x15/0xb0 [ 198.749770][T12232] do_syscall_64+0xfa/0x3b0 [ 198.749803][T12232] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.749825][T12232] ? clear_bhb_loop+0x60/0xb0 [ 198.749850][T12232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.749872][T12232] RIP: 0033:0x7fc68ed8ebe9 [ 198.749892][T12232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.749914][T12232] RSP: 002b:00007fc68fc12038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 198.749937][T12232] RAX: ffffffffffffffda RBX: 00007fc68efb5fa0 RCX: 00007fc68ed8ebe9 [ 198.749955][T12232] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 198.749970][T12232] RBP: 00007fc68ee11e19 R08: 0000000000000000 R09: 0000000000000000 [ 198.749984][T12232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.749997][T12232] R13: 00007fc68efb6038 R14: 00007fc68efb5fa0 R15: 00007ffce5b26e78 [ 198.750023][T12232] [ 199.334811][T12247] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2383'. [ 199.387807][T12251] netdevsim netdevsim3 : renamed from netdevsim0 (while UP) [ 199.415050][T12251] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2385'. [ 199.630053][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.662015][T12279] netlink: 'syz.4.2395': attribute type 1 has an invalid length. [ 199.672147][T12279] netlink: 'syz.4.2395': attribute type 1 has an invalid length. [ 199.704352][T12279] netlink: 'syz.4.2395': attribute type 2 has an invalid length. [ 199.760921][T12285] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}z' [ 199.772040][T12285] CPU: 1 UID: 0 PID: 12285 Comm: syz.1.2399 Not tainted syzkaller #0 PREEMPT(full) [ 199.772069][T12285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 199.772083][T12285] Call Trace: [ 199.772091][T12285] [ 199.772101][T12285] dump_stack_lvl+0x189/0x250 [ 199.772146][T12285] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.772174][T12285] ? __pfx__printk+0x10/0x10 [ 199.772202][T12285] ? kernfs_root+0x1c/0x230 [ 199.772229][T12285] ? kernfs_path_from_node+0x2f/0x290 [ 199.772254][T12285] ? kernfs_path_from_node+0x250/0x290 [ 199.772279][T12285] ? kernfs_path_from_node+0x2f/0x290 [ 199.772307][T12285] sysfs_warn_dup+0x8e/0xa0 [ 199.772328][T12285] sysfs_do_create_link_sd+0xc0/0x110 [ 199.772354][T12285] device_add_class_symlinks+0x1cf/0x240 [ 199.772380][T12285] device_add+0x475/0xb50 [ 199.772403][T12285] wiphy_register+0x1ba6/0x28d0 [ 199.772444][T12285] ? __pfx_wiphy_register+0x10/0x10 [ 199.772476][T12285] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 199.772504][T12285] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 199.772530][T12285] ieee80211_register_hw+0x3425/0x4080 [ 199.772565][T12285] ? ieee80211_register_hw+0x13f1/0x4080 [ 199.772595][T12285] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 199.772623][T12285] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 199.772657][T12285] ? __hrtimer_setup+0x187/0x210 [ 199.772677][T12285] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 199.772699][T12283] netlink: 'syz.3.2397': attribute type 1 has an invalid length. [ 199.772711][T12285] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 199.772752][T12285] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 199.772783][T12285] ? trace_kmalloc+0x1f/0xd0 [ 199.772817][T12285] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 199.772854][T12285] ? kstrndup+0xbf/0x160 [ 199.772886][T12285] hwsim_new_radio_nl+0xea4/0x1b10 [ 199.772922][T12285] ? __pfx___nla_validate_parse+0x10/0x10 [ 199.772969][T12285] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 199.773009][T12285] ? __nla_parse+0x40/0x60 [ 199.773049][T12285] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 199.773086][T12285] genl_family_rcv_msg_doit+0x215/0x300 [ 199.773133][T12285] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 199.773172][T12285] ? bpf_lsm_capable+0x9/0x20 [ 199.773208][T12285] ? security_capable+0x7e/0x2e0 [ 199.773250][T12285] genl_rcv_msg+0x60e/0x790 [ 199.773282][T12285] ? __pfx_genl_rcv_msg+0x10/0x10 [ 199.773308][T12285] ? __kasan_slab_alloc+0x6c/0x80 [ 199.773343][T12285] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 199.773375][T12285] ? __netlink_lookup+0xbd/0x810 [ 199.773395][T12285] ? rcu_is_watching+0x15/0xb0 [ 199.773425][T12285] netlink_rcv_skb+0x208/0x470 [ 199.773462][T12285] ? __pfx_genl_rcv_msg+0x10/0x10 [ 199.773491][T12285] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 199.773534][T12285] ? lock_release+0x4b/0x3e0 [ 199.773572][T12285] ? down_read+0x1ad/0x2e0 [ 199.773597][T12285] genl_rcv+0x28/0x40 [ 199.773621][T12285] netlink_unicast+0x82c/0x9e0 [ 199.773658][T12285] ? __pfx_netlink_unicast+0x10/0x10 [ 199.773693][T12285] ? netlink_sendmsg+0x642/0xb30 [ 199.773729][T12285] ? skb_put+0x11b/0x210 [ 199.773752][T12285] netlink_sendmsg+0x805/0xb30 [ 199.773796][T12285] ? __pfx_netlink_sendmsg+0x10/0x10 [ 199.773834][T12285] ? futex_unqueue+0x22/0x240 [ 199.773861][T12285] ? aa_sock_msg_perm+0xf1/0x1d0 [ 199.773886][T12285] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 199.773913][T12285] ? __pfx_netlink_sendmsg+0x10/0x10 [ 199.773950][T12285] __sock_sendmsg+0x21c/0x270 [ 199.773985][T12285] ____sys_sendmsg+0x505/0x830 [ 199.774012][T12285] ? __pfx_____sys_sendmsg+0x10/0x10 [ 199.774043][T12285] ? import_iovec+0x74/0xa0 [ 199.774073][T12285] ___sys_sendmsg+0x21f/0x2a0 [ 199.774100][T12285] ? __pfx____sys_sendmsg+0x10/0x10 [ 199.774140][T12285] ? futex_wait+0x285/0x360 [ 199.774193][T12285] ? __fget_files+0x2a/0x420 [ 199.774234][T12285] ? __fget_files+0x3a0/0x420 [ 199.774279][T12285] __x64_sys_sendmsg+0x19b/0x260 [ 199.774307][T12285] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 199.774340][T12285] ? rcu_is_watching+0x15/0xb0 [ 199.774372][T12285] ? rcu_is_watching+0x15/0xb0 [ 199.774397][T12285] do_syscall_64+0xfa/0x3b0 [ 199.774436][T12285] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.774462][T12285] ? clear_bhb_loop+0x60/0xb0 [ 199.774492][T12285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.774515][T12285] RIP: 0033:0x7f11ef18ebe9 [ 199.774535][T12285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.774560][T12285] RSP: 002b:00007f11f006d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 199.774588][T12285] RAX: ffffffffffffffda RBX: 00007f11ef3b5fa0 RCX: 00007f11ef18ebe9 [ 199.774607][T12285] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 199.774624][T12285] RBP: 00007f11ef211e19 R08: 0000000000000000 R09: 0000000000000000 [ 199.774641][T12285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 199.774658][T12285] R13: 00007f11ef3b6038 R14: 00007f11ef3b5fa0 R15: 00007fff78abf828 [ 199.774688][T12285] [ 199.810803][T12287] FAULT_INJECTION: forcing a failure. [ 199.810803][T12287] name failslab, interval 1, probability 0, space 0, times 0 [ 199.896684][T12283] 8021q: adding VLAN 0 to HW filter on device bond5 [ 199.906711][T12287] CPU: 1 UID: 0 PID: 12287 Comm: syz.4.2400 Not tainted syzkaller #0 PREEMPT(full) [ 199.906746][T12287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 199.906763][T12287] Call Trace: [ 199.906773][T12287] [ 199.906783][T12287] dump_stack_lvl+0x189/0x250 [ 199.906820][T12287] ? __pfx____ratelimit+0x10/0x10 [ 199.906856][T12287] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.906884][T12287] ? __pfx__printk+0x10/0x10 [ 199.906926][T12287] should_fail_ex+0x414/0x560 [ 199.906963][T12287] should_failslab+0xa8/0x100 [ 199.907002][T12287] kmem_cache_alloc_noprof+0x73/0x3c0 [ 199.907035][T12287] ? skb_clone+0x212/0x3a0 [ 199.907065][T12287] skb_clone+0x212/0x3a0 [ 199.907093][T12287] __netlink_deliver_tap+0x404/0x850 [ 199.907155][T12287] ? netlink_deliver_tap+0x2e/0x1b0 [ 199.907191][T12287] netlink_deliver_tap+0x19c/0x1b0 [ 199.907227][T12287] netlink_unicast+0x7fa/0x9e0 [ 199.907265][T12287] ? __pfx_netlink_unicast+0x10/0x10 [ 199.907298][T12287] ? netlink_sendmsg+0x642/0xb30 [ 199.907333][T12287] ? skb_put+0x11b/0x210 [ 199.907356][T12287] netlink_sendmsg+0x805/0xb30 [ 199.907398][T12287] ? __pfx_netlink_sendmsg+0x10/0x10 [ 199.907438][T12287] ? aa_sock_msg_perm+0xf1/0x1d0 [ 199.907461][T12287] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 199.907488][T12287] ? __pfx_netlink_sendmsg+0x10/0x10 [ 199.907524][T12287] __sock_sendmsg+0x21c/0x270 [ 199.907558][T12287] ____sys_sendmsg+0x505/0x830 [ 199.907587][T12287] ? __pfx_____sys_sendmsg+0x10/0x10 [ 199.907618][T12287] ? import_iovec+0x74/0xa0 [ 199.907647][T12287] ___sys_sendmsg+0x21f/0x2a0 [ 199.907674][T12287] ? __pfx____sys_sendmsg+0x10/0x10 [ 199.907719][T12287] ? __fget_files+0x2a/0x420 [ 199.907756][T12287] ? __fget_files+0x3a0/0x420 [ 199.907798][T12287] __x64_sys_sendmsg+0x19b/0x260 [ 199.907825][T12287] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 199.907856][T12287] ? __pfx_ksys_write+0x10/0x10 [ 199.907888][T12287] ? rcu_is_watching+0x15/0xb0 [ 199.907915][T12287] ? rcu_is_watching+0x15/0xb0 [ 199.907942][T12287] do_syscall_64+0xfa/0x3b0 [ 199.907979][T12287] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.908004][T12287] ? clear_bhb_loop+0x60/0xb0 [ 199.908031][T12287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.908056][T12287] RIP: 0033:0x7f52aeb8ebe9 [ 199.908079][T12287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.908109][T12287] RSP: 002b:00007f52afa19038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 199.908138][T12287] RAX: ffffffffffffffda RBX: 00007f52aedb5fa0 RCX: 00007f52aeb8ebe9 [ 199.908157][T12287] RDX: 0000000020000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 199.908174][T12287] RBP: 00007f52afa19090 R08: 0000000000000000 R09: 0000000000000000 [ 199.908189][T12287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 199.908205][T12287] R13: 00007f52aedb6038 R14: 00007f52aedb5fa0 R15: 00007ffebe046798 [ 199.908234][T12287] [ 200.664922][T12301] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.682587][T12301] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.689783][T12301] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.354182][T12369] netlink: 'syz.2.2429': attribute type 1 has an invalid length. [ 201.382229][T12369] 8021q: adding VLAN 0 to HW filter on device bond10 [ 201.407338][T12368] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI [ 201.419308][T12368] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [ 201.427754][T12368] CPU: 0 UID: 0 PID: 12368 Comm: syz.3.2428 Not tainted syzkaller #0 PREEMPT(full) [ 201.437157][T12368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 201.447297][T12368] RIP: 0010:rose_rt_ioctl+0x162/0x1250 [ 201.452805][T12368] Code: 3f 31 ff 44 89 fe e8 3d de 52 f7 45 85 ff 74 0a e8 33 db 52 f7 e9 76 02 00 00 48 8b 44 24 28 48 8d 50 10 49 89 d7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 48 89 54 24 20 0f 85 87 02 00 00 44 0f b6 22 [ 201.472435][T12368] RSP: 0018:ffffc90004ac7ae0 EFLAGS: 00010202 [ 201.478521][T12368] RAX: 0000000000000000 RBX: ffff888053e0cc00 RCX: 0000000000000000 [ 201.486514][T12368] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 201.494507][T12368] RBP: ffffc90004ac7c10 R08: ffffffff8fa38537 R09: 1ffffffff1f470a6 [ 201.502498][T12368] R10: dffffc0000000000 R11: fffffbfff1f470a7 R12: ffff88805b2d3900 [ 201.510577][T12368] R13: dffffc0000000000 R14: ffff88805b2d3900 R15: 0000000000000002 [ 201.518565][T12368] FS: 00007f9f987d56c0(0000) GS:ffff888125c1b000(0000) knlGS:0000000000000000 [ 201.527508][T12368] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 201.534104][T12368] CR2: 0000200000004cc0 CR3: 0000000059a2a000 CR4: 00000000003526f0 [ 201.542088][T12368] Call Trace: [ 201.545375][T12368] [ 201.548323][T12368] ? __pfx_rose_rt_ioctl+0x10/0x10 [ 201.553455][T12368] ? bpf_lsm_capable+0x9/0x20 [ 201.558148][T12368] ? security_capable+0x7e/0x2e0 [ 201.563112][T12368] rose_ioctl+0x3ce/0x8b0 [ 201.567451][T12368] ? __pfx_rose_ioctl+0x10/0x10 [ 201.572311][T12368] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 201.577352][T12368] sock_do_ioctl+0xd9/0x300 [ 201.581874][T12368] ? __pfx_sock_do_ioctl+0x10/0x10 [ 201.586996][T12368] ? do_futex+0x333/0x420 [ 201.591341][T12368] ? security_bpf+0x7e/0x300 [ 201.595959][T12368] sock_ioctl+0x576/0x790 [ 201.600306][T12368] ? lock_release+0x4b/0x3e0 [ 201.604935][T12368] ? __pfx_sock_ioctl+0x10/0x10 [ 201.609805][T12368] ? __fget_files+0x2a/0x420 [ 201.614454][T12368] ? __fget_files+0x3a0/0x420 [ 201.619169][T12368] ? __fget_files+0x2a/0x420 [ 201.623783][T12368] ? bpf_lsm_file_ioctl+0x9/0x20 [ 201.628740][T12368] ? __pfx_sock_ioctl+0x10/0x10 [ 201.633605][T12368] __se_sys_ioctl+0xfc/0x170 [ 201.638221][T12368] do_syscall_64+0xfa/0x3b0 [ 201.642744][T12368] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.648826][T12368] ? clear_bhb_loop+0x60/0xb0 [ 201.653526][T12368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.659440][T12368] RIP: 0033:0x7f9f9a58ebe9 [ 201.663865][T12368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.683508][T12368] RSP: 002b:00007f9f987d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 201.692115][T12368] RAX: ffffffffffffffda RBX: 00007f9f9a7b6090 RCX: 00007f9f9a58ebe9 [ 201.700099][T12368] RDX: 0000000000000000 RSI: 00000000000089e4 RDI: 000000000000000a [ 201.708080][T12368] RBP: 00007f9f9a611e19 R08: 0000000000000000 R09: 0000000000000000 [ 201.716060][T12368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 201.724053][T12368] R13: 00007f9f9a7b6128 R14: 00007f9f9a7b6090 R15: 00007ffd4fec5d88 [ 201.732050][T12368] [ 201.735083][T12368] Modules linked in: [ 201.739146][T12368] ---[ end trace 0000000000000000 ]--- [ 201.744675][T12368] RIP: 0010:rose_rt_ioctl+0x162/0x1250 [ 201.750218][T12368] Code: 3f 31 ff 44 89 fe e8 3d de 52 f7 45 85 ff 74 0a e8 33 db 52 f7 e9 76 02 00 00 48 8b 44 24 28 48 8d 50 10 49 89 d7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 48 89 54 24 20 0f 85 87 02 00 00 44 0f b6 22 [ 201.769887][T12368] RSP: 0018:ffffc90004ac7ae0 EFLAGS: 00010202 [ 201.775972][T12368] RAX: 0000000000000000 RBX: ffff888053e0cc00 RCX: 0000000000000000 [ 201.784016][T12368] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 201.792020][T12368] RBP: ffffc90004ac7c10 R08: ffffffff8fa38537 R09: 1ffffffff1f470a6 [ 201.800018][T12368] R10: dffffc0000000000 R11: fffffbfff1f470a7 R12: ffff88805b2d3900 [ 201.808107][T12368] R13: dffffc0000000000 R14: ffff88805b2d3900 R15: 0000000000000002 [ 201.816186][T12368] FS: 00007f9f987d56c0(0000) GS:ffff888125c1b000(0000) knlGS:0000000000000000 [ 201.825168][T12368] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 201.831781][T12368] CR2: 0000200000004cc0 CR3: 0000000059a2a000 CR4: 00000000003526f0 [ 201.839883][T12368] Kernel panic - not syncing: Fatal exception in interrupt [ 201.847369][T12368] Kernel Offset: disabled [ 201.851698][T12368] Rebooting in 86400 seconds..