last executing test programs: 2.609823222s ago: executing program 1 (id=1984): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000800) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_VERSION(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={0x0}, 0x1, 0x0, 0x0, 0x2400c800}, 0x4000) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r3 = accept$alg(r2, 0x0, 0x0) sendmsg$alg(r3, &(0x7f0000001840)={0x0, 0x0, 0x0, 0x0, &(0x7f00000017c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmsg(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000002540)=[{&(0x7f0000000080)=""/101, 0x65}], 0x1}, 0xf0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$IEEE802154_LIST_PHY(r4, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5, 0x300, 0x70bd26, 0x25dfdbfe, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x14}, 0x20000000) sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, 0x0, 0x40094) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r6, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r7, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) 2.306414484s ago: executing program 1 (id=1987): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000540)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x14, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 2.134024065s ago: executing program 1 (id=1991): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f000801}, 0x0) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000200)={0x1f, @none}, 0x8) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100), 0x4) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={0x1}, 0x4) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000500)) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000540), 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f00000003c0)}, 0x20) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000300)={0x4, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x12, 0xd, &(0x7f0000000640)=@raw=[@jmp={0x5, 0x0, 0x4, 0x1, 0x4, 0x10, 0xfffffffffffffffc}, @call={0x85, 0x0, 0x0, 0x60}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x3}}, @alu={0x7, 0x1, 0xd, 0x1, 0x3, 0x21, 0x8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399eb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3576], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newtfilter={0x34, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, 0x0, {0xa}, {}, {0xb}}, [@TCA_RATE={0x6, 0x5, {0xa, 0x4}}, @TCA_RATE={0x6, 0x5, {0x84}}]}, 0x34}, 0x1, 0xf0ffffffffffff}, 0x0) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r5}, 0x10) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r7, r5, 0x0, r5}, 0x10) r8 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000340)=0x7, 0x4) bind$llc(r8, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r9, &(0x7f0000000000), 0xffffff6a) sendfile(r8, r9, 0x0, 0xffffffff000) 2.056340714s ago: executing program 3 (id=1993): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x61910926728ca924) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000900)={0x41, 0x4}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640004061000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0) 1.784599404s ago: executing program 3 (id=1997): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000700)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d0000000000005f"], 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000007b00000000000000000000009500000000000000ed0759cb47cd90df41fa7a40c72a22dcc53a83731c39b01fceb7"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) 1.492165251s ago: executing program 3 (id=2001): r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs}) 1.432218169s ago: executing program 4 (id=2003): r0 = socket(0x2000000015, 0x80005, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x2, @mcast1, 0x2}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000100010081120e000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400, @void, @value}, 0x94) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r1, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) openat$cgroup_ro(r1, &(0x7f0000000080)='blkio.bfq.io_serviced\x00', 0x0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 1.330070609s ago: executing program 3 (id=2005): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000280)=0x2, 0x4) bind$inet6(r1, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r2}, 0x8) close(r3) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000080654d970008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) r4 = socket$kcm(0xa, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="d8", 0x1}], 0x1, 0x0, 0x0, 0x2663}, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmmsg$unix(r6, &(0x7f0000007a00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000007100)=[{&(0x7f0000006cc0)="95", 0x1}, {&(0x7f0000006fc0)="12", 0x1}], 0x2}}], 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x8918, &(0x7f0000000000)={r4}) close(r0) syz_emit_ethernet(0x8a, &(0x7f0000000500)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}, @broadcast, @val={@void, {0x8100, 0x0, 0x0, 0x2}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "166e70", 0x50, 0x3a, 0xff, @empty, @private1={0xfc, 0x1, '\x00', 0x1}, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x8001, {0xd, 0x6, "422aab", 0x2, 0x3c, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, [@dstopts={0x3a}, @dstopts={0x29}, @fragment={0x6c, 0x0, 0x8, 0x1, 0x0, 0x5, 0x64}, @fragment={0x3c, 0x0, 0xf5, 0x1, 0x0, 0x7, 0x68}]}}}}}}}, &(0x7f0000000040)={0x0, 0x4, [0x6eb, 0xc6, 0x5f9, 0x633]}) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(0xffffffffffffffff, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) r8 = socket(0x2b, 0x2, 0x37) setsockopt$MRT6_ADD_MIF(r8, 0x29, 0xca, &(0x7f00000003c0)={0x0, 0x0, 0xb, 0x0, 0x3}, 0xc) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000140)=@bpf_lsm={0x2, 0x4, &(0x7f0000000040)=@framed={{0x16, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@alu={0x4, 0x0, 0xb, 0xa, 0x4, 0xfffffffffffffff0, 0x120e9f1b5a18d28e}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3f, 0x3f, 0x5, [@datasec={0xa, 0x1, 0x0, 0xf, 0x3, [{0x1, 0x8000, 0xc}], 'Ogh'}, @union={0x1, 0x1, 0x0, 0x5, 0x1, 0xc, [{0x1, 0x0, 0x10000}]}, @fwd={0x5}]}, {0x0, [0x5f, 0x30, 0x0]}}, &(0x7f0000000340)=""/110, 0x5d, 0x6e, 0x0, 0x1, 0x0, @void, @value}, 0x28) 1.233316838s ago: executing program 4 (id=2007): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000040000000030a09020000000000000000020000000900010073797a30000000000900030073797a3200000000140004800800014000000000080002400000000014000000110001"], 0x88}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_DELCHAIN={0x30, 0x5, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x4}]}], {0x14}}, 0x58}, 0x1, 0x0, 0x4400000000000000}, 0x0) 1.040499116s ago: executing program 4 (id=2008): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) epoll_create1(0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x1, 0x803, 0x0) pipe(&(0x7f0000000100)) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newlink={0x54, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}]}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x54}, 0x1, 0x40000}, 0x0) 966.41978ms ago: executing program 2 (id=2010): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000180), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000080)={0x5c8, 0x1, 0x0, 0x0, @vifc_lcl_addr=@broadcast, @multicast2}, 0x10) 919.721398ms ago: executing program 0 (id=2011): syz_emit_ethernet(0x82, &(0x7f0000000a00)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000700088a800008100000086dd60ff690b00442f00fc020000000000000000000000000000ff020000000000000000000000000001242081000000000000000800000086dd080088be"], 0x0) 853.080332ms ago: executing program 2 (id=2012): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'wlan0\x00', 0x400}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000006c0)={'bridge_slave_0\x00', 0x600}) ioctl$TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@empty, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@loopback}}, &(0x7f0000000100)=0xe8) sendmsg$nl_generic(r2, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x9001000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xe4, 0x3b, 0x300, 0x70bd2b, 0x25dfdbfd, {0x16}, [@typed={0x8, 0x35, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0xe}}, @typed={0x8, 0x109, 0x0, 0x0, @uid=r3}, @generic="6da15ef24ed963bedb8a32bfeb0c72f4dfa2615bf04c9d52d96f896ec8f5f17e00dec5ffe4b886c5f1a5c4048bb5c059b4c51721f8cadcee69a0f1a7daa0c6af25705c37e51d5ca1b42325443f8b431c28b5ce7056c599626e3dc4b8955b8af357573e38ceb7960b784bef8078dbce972dfca8983bf2e5f4c9bca77f2528422c36f8d9c3b881d08f9ba45c07b048a4cce62421684052da40649125bdcbc53c9557a5df5a51936b2f55c19fd52a0ee23e05f66af98de0806dc53835defc"]}, 0xe4}, 0x1, 0x0, 0x0, 0x1}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) (async) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'wlan0\x00', 0x400}) (async) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000006c0)={'bridge_slave_0\x00', 0x600}) (async) ioctl$TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000000)) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@empty, @in6=@initdev}}, {{@in6=@remote}, 0x0, @in6=@loopback}}, &(0x7f0000000100)=0xe8) (async) sendmsg$nl_generic(r2, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x9001000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xe4, 0x3b, 0x300, 0x70bd2b, 0x25dfdbfd, {0x16}, [@typed={0x8, 0x35, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0xe}}, @typed={0x8, 0x109, 0x0, 0x0, @uid=r3}, @generic="6da15ef24ed963bedb8a32bfeb0c72f4dfa2615bf04c9d52d96f896ec8f5f17e00dec5ffe4b886c5f1a5c4048bb5c059b4c51721f8cadcee69a0f1a7daa0c6af25705c37e51d5ca1b42325443f8b431c28b5ce7056c599626e3dc4b8955b8af357573e38ceb7960b784bef8078dbce972dfca8983bf2e5f4c9bca77f2528422c36f8d9c3b881d08f9ba45c07b048a4cce62421684052da40649125bdcbc53c9557a5df5a51936b2f55c19fd52a0ee23e05f66af98de0806dc53835defc"]}, 0xe4}, 0x1, 0x0, 0x0, 0x1}, 0x0) (async) 762.409926ms ago: executing program 0 (id=2013): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) sendmsg$nl_generic(r0, 0x0, 0x0) 762.009455ms ago: executing program 4 (id=2014): socket$kcm(0x10, 0x2, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000001740)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x3, @remote, 0x9}, 0x1c, 0x0, 0x0, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695ec1891223a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000440)="49eee5e9a4971ce91ce5cb2eca7a49e1a9dbf79d68fa323e84e420930d1d82f233b8383e01b328a27d1d1c155c", 0x2d}], 0x1}}], 0x2, 0x28048825) unshare(0x4040600) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000280)="11", 0x1}], 0x1}, 0x5000000}], 0x1, 0x80) 712.879406ms ago: executing program 0 (id=2015): r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x7, "f42a97b96d0258"}}) 669.78952ms ago: executing program 4 (id=2016): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000800) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_VERSION(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={0x0}, 0x1, 0x0, 0x0, 0x2400c800}, 0x4000) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r3 = accept$alg(r2, 0x0, 0x0) sendmsg$alg(r3, &(0x7f0000001840)={0x0, 0x0, 0x0, 0x0, &(0x7f00000017c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmsg(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000002540)=[{&(0x7f0000000080)=""/101, 0x65}], 0x1}, 0xf0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$IEEE802154_LIST_PHY(r4, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5, 0x300, 0x70bd26, 0x25dfdbfe, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x14}, 0x20000000) sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, 0x0, 0x40094) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) 668.06211ms ago: executing program 1 (id=2017): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) r1 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4) syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @random="c5f9772bb146", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x1, @private0, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @local, @local, {[], {{0xa1ff, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0xfe80}}}}}}}, 0x0) 590.130546ms ago: executing program 0 (id=2018): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x4, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000014c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {}, {0xfff1, 0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0x8, 0x2, [@TCA_FLOWER_ACT={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x5c840}, 0x2000c005) r2 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8) ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000000380)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x37, 0xffffffffffffffff}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) 526.49115ms ago: executing program 2 (id=2019): r0 = socket$inet6(0xa, 0x1, 0x84) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4) sendto$inet6(r0, &(0x7f00000002c0)='\x00', 0x1, 0x40, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0x300}}, 0x1c) 526.039087ms ago: executing program 4 (id=2020): pipe(0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x8000002, 0xfffffffc, @rand_addr, 0xfffffffc}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) bpf$PROG_LOAD(0x5, 0x0, 0x0) shutdown(r0, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket$vsock_stream(0x28, 0x1, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000006c0)={'ip6gre0\x00', &(0x7f0000000640)={'ip6_vti0\x00', 0x0, 0x4, 0x9, 0x7, 0x9, 0x8, @dev={0xfe, 0x80, '\x00', 0x18}, @ipv4={'\x00', '\xff\xff', @empty}, 0x1, 0x80, 0x5, 0x1}}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x1, 0x7fffffff, 0x10000, @value}, 0x28) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x8025}, 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) accept(r3, 0x0, 0x0) 480.838655ms ago: executing program 0 (id=2021): r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000bc0)=ANY=[@ANYBLOB="180000000000000000000000000000002d000000a800000085000000d000000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x1c, 0x5a, 0x1, 0x0, 0x0, {}, [@typed={0x5, 0x4, 0x0, 0x0, @str='\x00'}]}, 0x1c}}, 0x0) (async, rerun: 64) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) (async, rerun: 64) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xe8001, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'dvmrp1\x00', 0x1}) ioctl$TUNSETOFFLOAD(r4, 0x400454c9, 0xba98575a95aeb70d) (async) ioctl$TUNSETLINK(r4, 0x400454cd, 0x30c) (async) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='$J+\x00', @ANYRES16=r3, @ANYBLOB="10002cbd7000fbdbdf2514000000080003000000000008001400fdffffff"], 0x24}, 0x1, 0x0, 0x0, 0x4054}, 0x4000000) (async) sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r0, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0) 462.262336ms ago: executing program 2 (id=2022): r0 = socket$inet6(0xa, 0x3, 0x8) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback, 0x28}, 0x1c, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00 \x00)\x00\x00\x002\x00'], 0x28}}], 0x1, 0x0) 293.319791ms ago: executing program 3 (id=2023): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x7000000, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) 292.855788ms ago: executing program 2 (id=2024): accept4$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, &(0x7f0000000300)=0x1c, 0x80000) (async) r0 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, &(0x7f0000000300)=0x1c, 0x80000) setsockopt$inet6_buf(r0, 0x29, 0x22, &(0x7f0000000380)="53fa9789fb1901824a75afc1815af980ac8f74d85e79c3b48589947f87aab9fe823e402b23ef11cc1bafca7da2227474bacab0fe7046a941bfb1204a23", 0x3d) (async) setsockopt$inet6_buf(r0, 0x29, 0x22, &(0x7f0000000380)="53fa9789fb1901824a75afc1815af980ac8f74d85e79c3b48589947f87aab9fe823e402b23ef11cc1bafca7da2227474bacab0fe7046a941bfb1204a23", 0x3d) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newlink={0x48, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x12221}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0x30}, @IFLA_GRE_OKEY={0x8, 0x5, 0x1ff}]}}}]}, 0x48}}, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newlink={0x48, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x12221}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0x30}, @IFLA_GRE_OKEY={0x8, 0x5, 0x1ff}]}}}]}, 0x48}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x14, 0x24, 0x301, 0x0, 0x0, {0x1}}, 0x14}}, 0x20040100) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@getrule={0x0, 0x22, 0x400, 0x70bd28, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x44}}, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bond0\x00'}) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYRESOCT, @ANYRES32=r5, @ANYBLOB="00000000000000001c001a800800028008000200080000003e1200"], 0x44}}, 0x0) 269.323093ms ago: executing program 1 (id=2025): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) sendmsg$nl_generic(r0, 0x0, 0x0) 216.224636ms ago: executing program 0 (id=2026): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, 0xffffffffffffffff, 0x0) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket(0xa, 0x40000000002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000880)=@nat={'nat\x00', 0x19, 0x2, 0x348, [0x20000280, 0x0, 0x0, 0x200002b0, 0x200002e0], 0x2, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000000000000000000021000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000400000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff020000000300000000000000ffff0000000000000000000000000000000062726983676530000000000000000000736974300000000000000000000000007465616d300000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaabb0000000000000000d8010000d801000010020000636f6d6d656e7400000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073746174697374696300000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000ffffffff000000001b0000000000000000007465616d5f736c6176655f310000000069726c616e300000000000000000000069726c616e3000e575dd73000000000073797a6b616c6c6572300000000000000180c2000000000000000000f646793b7b3900000000000000007000000070000000a8000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000ffffffff00000000"]}, 0x3c0) getsockopt$EBT_SO_GET_INFO(r0, 0x0, 0x80, &(0x7f00000000c0)={'broute\x00', 0x0, 0x0, 0x0, [0x80000000000008, 0x4, 0xfffffffffffffa9f, 0x2, 0x1, 0x4b3]}, &(0x7f0000000000)=0x78) socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, 0x0, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}}], 0xf00, 0x4c42bb4f92, 0x0) shutdown(r1, 0x0) unshare(0x400) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000600)) pwrite64(r2, 0x0, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540100001000132700000100"/55, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac1414aa00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0004006a0000000000000048200200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c000400070000000000000000000000000000000000000000000000cc754a3cb898e3447a088a8101ee273aeb31f499e3aad6092cebeb29ea68930bd20cdd0df2ad2aa6264e9e19c4cf648fe101c336fe327e430fe00734fe261bd57852092a237832e7a877a1d2e4be"], 0x154}}, 0x0) 146.072767ms ago: executing program 2 (id=2027): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x1f, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES8=r0], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000013000100"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006772653000000000000000000000000034001a80100002800c0001"], 0x68}}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001000020850000002d000000850000000f00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r2}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x1, 0xb, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000080)={r4, &(0x7f0000000240), 0x20000000}, 0x20) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x40000042}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r5, &(0x7f0000000080), 0x0}, 0x20) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000001c0)={0x8000042}, 0x10) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_ADDRFORM(r6, 0x29, 0x1, &(0x7f0000000180), 0x4) r7 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r7, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x0, 0x22}}, 0x10) 116.901214ms ago: executing program 1 (id=2028): r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x4, "f42a97b9"}}) 0s ago: executing program 3 (id=2029): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08000140000000020800014000000030080002400000000308000140000000120800034000000000080003400000000a"], 0x122}}, 0x10) (fail_nth: 44) kernel console output (not intermixed with test programs): [ T8788] xt_SECMARK: invalid mode: 0 [ 133.377653][ T8778] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.576425][ T8778] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.071184][ T8778] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.089123][ T8778] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.104243][ T8778] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.117983][ T8778] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.251015][ T8810] FAULT_INJECTION: forcing a failure. [ 134.251015][ T8810] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 134.265712][ T8810] CPU: 1 UID: 0 PID: 8810 Comm: syz.0.794 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 134.276336][ T8810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 134.286390][ T8810] Call Trace: [ 134.289663][ T8810] [ 134.292594][ T8810] dump_stack_lvl+0x241/0x360 [ 134.297278][ T8810] ? __pfx_dump_stack_lvl+0x10/0x10 [ 134.302484][ T8810] ? __pfx__printk+0x10/0x10 [ 134.307081][ T8810] ? snprintf+0xda/0x120 [ 134.311324][ T8810] should_fail_ex+0x3b0/0x4e0 [ 134.316006][ T8810] _copy_to_user+0x31/0xb0 [ 134.320428][ T8810] simple_read_from_buffer+0xca/0x150 [ 134.325801][ T8810] proc_fail_nth_read+0x1e9/0x250 [ 134.330827][ T8810] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 134.336372][ T8810] ? rw_verify_area+0x55e/0x6f0 [ 134.341216][ T8810] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 134.346758][ T8810] vfs_read+0x1fc/0xb70 [ 134.350915][ T8810] ? __pfx___mutex_lock+0x10/0x10 [ 134.355935][ T8810] ? __pfx_vfs_read+0x10/0x10 [ 134.360607][ T8810] ? __fget_files+0x2a/0x410 [ 134.365216][ T8810] ? __fget_files+0x395/0x410 [ 134.369895][ T8810] ? __fget_files+0x2a/0x410 [ 134.374492][ T8810] ksys_read+0x18f/0x2b0 [ 134.378744][ T8810] ? __pfx_ksys_read+0x10/0x10 [ 134.383505][ T8810] ? do_syscall_64+0x100/0x230 [ 134.388266][ T8810] ? do_syscall_64+0xb6/0x230 [ 134.392937][ T8810] do_syscall_64+0xf3/0x230 [ 134.397433][ T8810] ? clear_bhb_loop+0x35/0x90 [ 134.402141][ T8810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.408030][ T8810] RIP: 0033:0x7f768f58473c [ 134.412441][ T8810] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 134.432080][ T8810] RSP: 002b:00007f768d3d5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 134.440490][ T8810] RAX: ffffffffffffffda RBX: 00007f768f776080 RCX: 00007f768f58473c [ 134.448458][ T8810] RDX: 000000000000000f RSI: 00007f768d3d50a0 RDI: 0000000000000004 [ 134.456425][ T8810] RBP: 00007f768d3d5090 R08: 0000000000000000 R09: 0000000000000000 [ 134.464390][ T8810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 134.472358][ T8810] R13: 0000000000000001 R14: 00007f768f776080 R15: 00007fffe513d5d8 [ 134.480340][ T8810] [ 134.514266][ T8809] netlink: 16 bytes leftover after parsing attributes in process `syz.3.795'. [ 134.662694][ T8814] netlink: 60 bytes leftover after parsing attributes in process `syz.4.799'. [ 135.264608][ T8852] netlink: 300 bytes leftover after parsing attributes in process `syz.2.813'. [ 135.315111][ T8857] netlink: 60 bytes leftover after parsing attributes in process `syz.1.815'. [ 135.540342][ T29] audit: type=1107 audit(1734632203.919:2): pid=8858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='‡'WP‚<|Á0ñl¨ýE× ƒVA>a…—tT«"ßLb [ 135.540342][ T29] 9YçÉŽÆÃ$þP ‚hy]' [ 135.891301][ T8886] netlink: 8 bytes leftover after parsing attributes in process `syz.2.824'. [ 135.915494][ T8886] netlink: 8 bytes leftover after parsing attributes in process `syz.2.824'. [ 136.400466][ T8911] net_ratelimit: 10 callbacks suppressed [ 136.400485][ T8911] dccp_invalid_packet: P.Data Offset(0) too small [ 136.421261][ T8912] FAULT_INJECTION: forcing a failure. [ 136.421261][ T8912] name failslab, interval 1, probability 0, space 0, times 0 [ 136.451481][ T8912] CPU: 0 UID: 0 PID: 8912 Comm: syz.0.831 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 136.462105][ T8912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 136.472175][ T8912] Call Trace: [ 136.475468][ T8912] [ 136.478415][ T8912] dump_stack_lvl+0x241/0x360 [ 136.483121][ T8912] ? __pfx_dump_stack_lvl+0x10/0x10 [ 136.488347][ T8912] ? __pfx__printk+0x10/0x10 [ 136.492987][ T8912] should_fail_ex+0x3b0/0x4e0 [ 136.497703][ T8912] should_failslab+0xac/0x100 [ 136.502414][ T8912] ? skb_clone+0x20c/0x390 [ 136.506856][ T8912] kmem_cache_alloc_noprof+0x70/0x380 [ 136.512261][ T8912] skb_clone+0x20c/0x390 [ 136.516534][ T8912] __netlink_deliver_tap+0x3cc/0x7f0 [ 136.521849][ T8912] ? netlink_deliver_tap+0x2e/0x1b0 [ 136.527070][ T8912] netlink_deliver_tap+0x19d/0x1b0 [ 136.532221][ T8912] netlink_unicast+0x7c4/0x990 [ 136.533718][ T8919] xt_HMARK: spi-set and port-set can't be combined [ 136.537001][ T8912] ? __pfx_netlink_unicast+0x10/0x10 [ 136.537032][ T8912] ? __virt_addr_valid+0x45f/0x530 [ 136.546453][ T8919] netlink: 48 bytes leftover after parsing attributes in process `syz.2.835'. [ 136.548781][ T8912] ? __phys_addr_symbol+0x2f/0x70 [ 136.548809][ T8912] ? __check_object_size+0x47a/0x730 [ 136.556755][ T8917] netlink: 12 bytes leftover after parsing attributes in process `syz.4.834'. [ 136.562720][ T8912] netlink_sendmsg+0x8e4/0xcb0 [ 136.562756][ T8912] ? __pfx_netlink_sendmsg+0x10/0x10 [ 136.591963][ T8912] ? aa_sock_msg_perm+0x91/0x160 [ 136.596927][ T8912] ? __pfx_netlink_sendmsg+0x10/0x10 [ 136.597971][ T8915] bridge2: entered promiscuous mode [ 136.602213][ T8912] __sock_sendmsg+0x221/0x270 [ 136.602247][ T8912] ____sys_sendmsg+0x52a/0x7e0 [ 136.602276][ T8912] ? __pfx_____sys_sendmsg+0x10/0x10 [ 136.608836][ T8915] macsec1: entered promiscuous mode [ 136.612220][ T8912] ? __fget_files+0x2a/0x410 [ 136.612251][ T8912] ? __fget_files+0x2a/0x410 [ 136.617835][ T8915] macsec1: entered allmulticast mode [ 136.622265][ T8912] __sys_sendmsg+0x269/0x350 [ 136.622292][ T8912] ? __pfx_lock_release+0x10/0x10 [ 136.622318][ T8912] ? __pfx___sys_sendmsg+0x10/0x10 [ 136.627676][ T8915] bridge2: entered allmulticast mode [ 136.632076][ T8912] ? __pfx_vfs_write+0x10/0x10 [ 136.632123][ T8912] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 136.639863][ T8915] bridge2: port 1(macsec1) entered blocking state [ 136.641927][ T8912] ? do_syscall_64+0x100/0x230 [ 136.641955][ T8912] ? do_syscall_64+0xb6/0x230 [ 136.646736][ T8915] bridge2: port 1(macsec1) entered disabled state [ 136.651529][ T8912] do_syscall_64+0xf3/0x230 [ 136.651553][ T8912] ? clear_bhb_loop+0x35/0x90 [ 136.651578][ T8912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.651599][ T8912] RIP: 0033:0x7f768f585d29 [ 136.714675][ T8912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.734286][ T8912] RSP: 002b:00007f768d3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 136.742711][ T8912] RAX: ffffffffffffffda RBX: 00007f768f775fa0 RCX: 00007f768f585d29 [ 136.750673][ T8912] RDX: 0000000000040880 RSI: 0000000020000000 RDI: 0000000000000003 [ 136.758645][ T8912] RBP: 00007f768d3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 136.766635][ T8912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.774625][ T8912] R13: 0000000000000000 R14: 00007f768f775fa0 R15: 00007fffe513d5d8 [ 136.782611][ T8912] [ 136.815478][ T8915] bridge2: left allmulticast mode [ 136.826141][ T8915] bridge2: left promiscuous mode [ 136.896694][ T8917] bridge2: entered promiscuous mode [ 136.902003][ T8917] macsec1: entered promiscuous mode [ 136.911471][ T8917] macsec1: entered allmulticast mode [ 136.918024][ T8917] bridge2: entered allmulticast mode [ 136.926065][ T8917] bridge2: port 1(macsec1) entered blocking state [ 136.932827][ T8917] bridge2: port 1(macsec1) entered disabled state [ 136.945990][ T8917] bridge2: left allmulticast mode [ 136.951267][ T8917] bridge2: left promiscuous mode [ 136.986520][ T8912] bond0: entered promiscuous mode [ 136.991766][ T8912] bond_slave_0: entered promiscuous mode [ 137.001417][ T8912] bond_slave_1: entered promiscuous mode [ 137.013772][ T8912] mac80211_hwsim hwsim10 wlan1: entered promiscuous mode [ 137.198333][ T8940] netlink: 'syz.1.840': attribute type 29 has an invalid length. [ 137.224841][ T8940] netlink: 'syz.1.840': attribute type 29 has an invalid length. [ 137.244575][ T8940] netlink: 500 bytes leftover after parsing attributes in process `syz.1.840'. [ 137.273734][ T8940] unsupported nla_type 40 [ 137.319017][ T8945] netlink: 4 bytes leftover after parsing attributes in process `syz.2.843'. [ 137.437382][ T8956] netlink: 32 bytes leftover after parsing attributes in process `syz.3.845'. [ 137.648325][ T8968] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048) [ 137.864936][ T8982] netlink: 'syz.3.857': attribute type 1 has an invalid length. [ 137.976940][ T8993] netlink: 'syz.2.855': attribute type 26 has an invalid length. [ 138.206889][ T8997] sctp: [Deprecated]: syz.4.859 (pid 8997) Use of struct sctp_assoc_value in delayed_ack socket option. [ 138.206889][ T8997] Use struct sctp_sack_info instead [ 138.252578][ T9011] FAULT_INJECTION: forcing a failure. [ 138.252578][ T9011] name failslab, interval 1, probability 0, space 0, times 0 [ 138.280285][ T9011] CPU: 1 UID: 0 PID: 9011 Comm: syz.0.861 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 138.290908][ T9011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 138.300977][ T9011] Call Trace: [ 138.304257][ T9011] [ 138.307194][ T9011] dump_stack_lvl+0x241/0x360 [ 138.311878][ T9011] ? __pfx_dump_stack_lvl+0x10/0x10 [ 138.317122][ T9011] ? __pfx__printk+0x10/0x10 [ 138.321716][ T9011] ? __kmalloc_cache_noprof+0x48/0x390 [ 138.327190][ T9011] ? __pfx___might_resched+0x10/0x10 [ 138.332468][ T9011] ? nsim_nexthop_event_nb+0x34/0x1430 [ 138.337930][ T9011] should_fail_ex+0x3b0/0x4e0 [ 138.342616][ T9011] should_failslab+0xac/0x100 [ 138.347308][ T9011] __kmalloc_cache_noprof+0x70/0x390 [ 138.352600][ T9011] ? nsim_nexthop_event_nb+0x9e/0x1430 [ 138.358062][ T9011] ? down_read+0x82b/0xa40 [ 138.362480][ T9011] nsim_nexthop_event_nb+0x9e/0x1430 [ 138.367769][ T9011] ? __pfx_down_read+0x10/0x10 [ 138.372538][ T9011] ? vxlan_nexthop_event+0x31/0x7c0 [ 138.377738][ T9011] notifier_call_chain+0x1a5/0x3f0 [ 138.382853][ T9011] blocking_notifier_call_chain+0x69/0x90 [ 138.388570][ T9011] call_nexthop_notifiers+0x1c6/0x280 [ 138.393946][ T9011] ? __pfx_call_nexthop_notifiers+0x10/0x10 [ 138.399859][ T9011] rtm_new_nexthop+0x5f5c/0xa540 [ 138.404808][ T9011] ? kasan_save_track+0x51/0x80 [ 138.409657][ T9011] ? kmem_cache_free+0x195/0x410 [ 138.414625][ T9011] ? dev_hard_start_xmit+0x27a/0x7d0 [ 138.419913][ T9011] ? __pfx_rtm_new_nexthop+0x10/0x10 [ 138.425203][ T9011] ? __lock_acquire+0x1397/0x2100 [ 138.430260][ T9011] ? __pfx___mutex_trylock_common+0x10/0x10 [ 138.436160][ T9011] ? rcu_is_watching+0x15/0xb0 [ 138.440951][ T9011] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 138.446089][ T9011] ? __pfx_rtm_new_nexthop+0x10/0x10 [ 138.451378][ T9011] rtnetlink_rcv_msg+0x73f/0xcf0 [ 138.456317][ T9011] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 138.461486][ T9011] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 138.466953][ T9011] ? ref_tracker_free+0x643/0x7e0 [ 138.471982][ T9011] netlink_rcv_skb+0x1e3/0x430 [ 138.476747][ T9011] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 138.482209][ T9011] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 138.487512][ T9011] ? netlink_deliver_tap+0x2e/0x1b0 [ 138.492712][ T9011] netlink_unicast+0x7f6/0x990 [ 138.497484][ T9011] ? __pfx_netlink_unicast+0x10/0x10 [ 138.502768][ T9011] ? __virt_addr_valid+0x45f/0x530 [ 138.507880][ T9011] ? __phys_addr_symbol+0x2f/0x70 [ 138.512904][ T9011] ? __check_object_size+0x47a/0x730 [ 138.518197][ T9011] netlink_sendmsg+0x8e4/0xcb0 [ 138.522968][ T9011] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.528257][ T9011] ? aa_sock_msg_perm+0x91/0x160 [ 138.533193][ T9011] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.538475][ T9011] __sock_sendmsg+0x221/0x270 [ 138.543162][ T9011] ____sys_sendmsg+0x52a/0x7e0 [ 138.547931][ T9011] ? __pfx_____sys_sendmsg+0x10/0x10 [ 138.553210][ T9011] ? __fget_files+0x2a/0x410 [ 138.557804][ T9011] ? __fget_files+0x2a/0x410 [ 138.562404][ T9011] __sys_sendmsg+0x269/0x350 [ 138.566996][ T9011] ? __pfx_lock_release+0x10/0x10 [ 138.572024][ T9011] ? __pfx___sys_sendmsg+0x10/0x10 [ 138.577147][ T9011] ? __pfx_vfs_write+0x10/0x10 [ 138.581936][ T9011] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 138.588262][ T9011] ? do_syscall_64+0x100/0x230 [ 138.593025][ T9011] ? do_syscall_64+0xb6/0x230 [ 138.597706][ T9011] do_syscall_64+0xf3/0x230 [ 138.602205][ T9011] ? clear_bhb_loop+0x35/0x90 [ 138.606881][ T9011] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.612818][ T9011] RIP: 0033:0x7f768f585d29 [ 138.617239][ T9011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.636843][ T9011] RSP: 002b:00007f768d3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 138.645266][ T9011] RAX: ffffffffffffffda RBX: 00007f768f775fa0 RCX: 00007f768f585d29 [ 138.653231][ T9011] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000003 [ 138.661225][ T9011] RBP: 00007f768d3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 138.669234][ T9011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 138.677208][ T9011] R13: 0000000000000000 R14: 00007f768f775fa0 R15: 00007fffe513d5d8 [ 138.685219][ T9011] [ 138.766729][ T8997] 8021q: adding VLAN 0 to HW filter on device bond1 [ 138.782600][ T9001] bond1: (slave bridge3): Enslaving as an active interface with an up link [ 138.906512][ T9019] bond1: entered promiscuous mode [ 138.911733][ T9019] bond1: entered allmulticast mode [ 138.917790][ T9019] 8021q: adding VLAN 0 to HW filter on device bond1 [ 138.972576][ T9025] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 140.104653][ T9058] ipt_REJECT: TCP_RESET invalid for non-tcp [ 140.117816][ T9058] batadv_slave_1: entered promiscuous mode [ 140.154628][ T9057] batadv_slave_1: left promiscuous mode [ 140.255834][ T9063] __nla_validate_parse: 13 callbacks suppressed [ 140.255853][ T9063] netlink: 8 bytes leftover after parsing attributes in process `syz.4.880'. [ 140.313579][ T9063] netlink: 36 bytes leftover after parsing attributes in process `syz.4.880'. [ 140.423270][ T9072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.883'. [ 141.368130][ T9103] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 141.871443][ T9121] netlink: 8 bytes leftover after parsing attributes in process `syz.2.900'. [ 141.946716][ T9119] netlink: 8 bytes leftover after parsing attributes in process `syz.1.899'. [ 141.963608][ T9119] netlink: 36 bytes leftover after parsing attributes in process `syz.1.899'. [ 142.465897][ T9152] netlink: 56 bytes leftover after parsing attributes in process `syz.1.908'. [ 142.821857][ T9176] netlink: 8 bytes leftover after parsing attributes in process `syz.0.915'. [ 142.906704][ T9176] netlink: 4 bytes leftover after parsing attributes in process `syz.0.915'. [ 142.924240][ T9176] netlink: 32 bytes leftover after parsing attributes in process `syz.0.915'. [ 143.007356][ T9188] netlink: 'syz.4.919': attribute type 4 has an invalid length. [ 143.015471][ T9187] netlink: 'syz.4.919': attribute type 4 has an invalid length. [ 143.440598][ T9210] x_tables: duplicate underflow at hook 3 [ 143.455802][ T9210] xt_cgroup: path and classid specified [ 144.478673][ T9273] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.517490][ T9275] nbd: nbd0 already in use [ 144.599821][ T9273] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.621065][ T9281] nbd: nbd0 already in use [ 144.676947][ T9273] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.710477][ T9284] bridge0: port 3(veth0_to_bridge) entered blocking state [ 144.727036][ T9284] bridge0: port 3(veth0_to_bridge) entered disabled state [ 144.744093][ T9284] veth0_to_bridge: entered allmulticast mode [ 144.751465][ T9284] veth0_to_bridge: entered promiscuous mode [ 144.758675][ T9284] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 144.782786][ T9284] bridge0: port 3(veth0_to_bridge) entered blocking state [ 144.790036][ T9284] bridge0: port 3(veth0_to_bridge) entered forwarding state [ 144.815468][ T9273] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.921271][ T9273] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.965825][ T9273] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.034511][ T9273] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.077599][ T9273] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.162015][ T9301] 8021q: adding VLAN 0 to HW filter on device bond2 [ 145.221249][ T9301] 8021q: adding VLAN 0 to HW filter on device bond2 [ 145.228735][ T9301] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 145.240383][ T9301] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 145.298802][ T9307] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma? [ 145.312829][ T9313] __nla_validate_parse: 10 callbacks suppressed [ 145.312846][ T9313] netlink: 8 bytes leftover after parsing attributes in process `syz.1.963'. [ 145.354139][ T9313] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 145.372812][ T9313] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 145.424631][ T9320] netlink: 'syz.0.965': attribute type 4 has an invalid length. [ 146.472527][ T9343] netlink: 4 bytes leftover after parsing attributes in process `syz.0.971'. [ 147.013141][ T9358] netlink: 8 bytes leftover after parsing attributes in process `syz.0.975'. [ 147.048187][ T9358] nbd: nbd0 already in use [ 147.142183][ T9361] FAULT_INJECTION: forcing a failure. [ 147.142183][ T9361] name failslab, interval 1, probability 0, space 0, times 0 [ 147.192720][ T9361] CPU: 0 UID: 0 PID: 9361 Comm: syz.4.976 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 147.203359][ T9361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 147.213431][ T9361] Call Trace: [ 147.216725][ T9361] [ 147.219675][ T9361] dump_stack_lvl+0x241/0x360 [ 147.224387][ T9361] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.229612][ T9361] ? __pfx__printk+0x10/0x10 [ 147.234230][ T9361] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 147.239629][ T9361] ? __pfx___might_resched+0x10/0x10 [ 147.244946][ T9361] should_fail_ex+0x3b0/0x4e0 [ 147.249660][ T9361] should_failslab+0xac/0x100 [ 147.254364][ T9361] __kmalloc_node_noprof+0xe1/0x4d0 [ 147.259588][ T9361] ? __kvmalloc_node_noprof+0x72/0x190 [ 147.265073][ T9361] __kvmalloc_node_noprof+0x72/0x190 [ 147.270386][ T9361] __nf_hook_entries_try_shrink+0x330/0x730 [ 147.276318][ T9361] __nf_unregister_net_hook+0x5cf/0x800 [ 147.281903][ T9361] nf_tables_abort+0x666e/0x87e0 [ 147.286889][ T9361] ? __pfx_nf_tables_abort+0x10/0x10 [ 147.292206][ T9361] ? __pfx_nf_tables_newrule+0x10/0x10 [ 147.297693][ T9361] ? __nla_parse+0x40/0x60 [ 147.302112][ T9361] ? skb_pull+0xc1/0x1e0 [ 147.306372][ T9361] nfnetlink_rcv+0x19c2/0x2ab0 [ 147.311162][ T9361] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 147.316307][ T9361] ? netlink_deliver_tap+0x2e/0x1b0 [ 147.321499][ T9361] ? skb_clone+0x240/0x390 [ 147.325912][ T9361] ? __pfx_lock_release+0x10/0x10 [ 147.330944][ T9361] ? netlink_deliver_tap+0x2e/0x1b0 [ 147.336140][ T9361] netlink_unicast+0x7f6/0x990 [ 147.340911][ T9361] ? __pfx_netlink_unicast+0x10/0x10 [ 147.346194][ T9361] ? __virt_addr_valid+0x45f/0x530 [ 147.351301][ T9361] ? __phys_addr_symbol+0x2f/0x70 [ 147.356323][ T9361] ? __check_object_size+0x47a/0x730 [ 147.361608][ T9361] netlink_sendmsg+0x8e4/0xcb0 [ 147.366383][ T9361] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.371670][ T9361] ? aa_sock_msg_perm+0x91/0x160 [ 147.376623][ T9361] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.381903][ T9361] __sock_sendmsg+0x221/0x270 [ 147.386582][ T9361] ____sys_sendmsg+0x52a/0x7e0 [ 147.391347][ T9361] ? __pfx_____sys_sendmsg+0x10/0x10 [ 147.396626][ T9361] ? __fget_files+0x2a/0x410 [ 147.401220][ T9361] ? __fget_files+0x2a/0x410 [ 147.405812][ T9361] __sys_sendmsg+0x269/0x350 [ 147.410401][ T9361] ? __pfx_lock_release+0x10/0x10 [ 147.415425][ T9361] ? __pfx___sys_sendmsg+0x10/0x10 [ 147.420538][ T9361] ? __pfx_vfs_write+0x10/0x10 [ 147.425318][ T9361] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 147.431640][ T9361] ? do_syscall_64+0x100/0x230 [ 147.436400][ T9361] ? do_syscall_64+0xb6/0x230 [ 147.441101][ T9361] do_syscall_64+0xf3/0x230 [ 147.445602][ T9361] ? clear_bhb_loop+0x35/0x90 [ 147.450277][ T9361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.456166][ T9361] RIP: 0033:0x7f9730185d29 [ 147.460574][ T9361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.480175][ T9361] RSP: 002b:00007f9731027038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 147.488593][ T9361] RAX: ffffffffffffffda RBX: 00007f9730375fa0 RCX: 00007f9730185d29 [ 147.496563][ T9361] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000003 [ 147.504527][ T9361] RBP: 00007f9731027090 R08: 0000000000000000 R09: 0000000000000000 [ 147.512490][ T9361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 147.520453][ T9361] R13: 0000000000000000 R14: 00007f9730375fa0 R15: 00007ffd8b31c538 [ 147.528430][ T9361] [ 147.804349][ T9374] x_tables: duplicate underflow at hook 3 [ 147.860233][ T9374] xt_cgroup: path and classid specified [ 147.874774][ T9374] netlink: 4 bytes leftover after parsing attributes in process `syz.0.979'. [ 147.916837][ T9381] bridge0: port 1(veth0_to_bridge) entered blocking state [ 147.924967][ T9381] bridge0: port 1(veth0_to_bridge) entered disabled state [ 147.932776][ T9381] veth0_to_bridge: entered allmulticast mode [ 147.940527][ T9381] veth0_to_bridge: entered promiscuous mode [ 147.947584][ T9381] bridge0: port 1(veth0_to_bridge) entered blocking state [ 147.954846][ T9381] bridge0: port 1(veth0_to_bridge) entered forwarding state [ 148.255841][ T9403] netlink: 8 bytes leftover after parsing attributes in process `syz.4.988'. [ 148.290046][ T9403] nbd: nbd0 already in use [ 148.597563][ T9423] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1000'. [ 148.670279][ T9428] netlink: 'syz.1.996': attribute type 28 has an invalid length. [ 149.235585][ T9407] netlink: 124 bytes leftover after parsing attributes in process `syz.3.993'. [ 149.243815][ T9454] netlink: 124 bytes leftover after parsing attributes in process `syz.3.993'. [ 149.327927][ T9460] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 149.353030][ T9465] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1009'. [ 149.363018][ T9465] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1009'. [ 150.442031][ T9508] sctp: [Deprecated]: syz.0.1026 (pid 9508) Use of struct sctp_assoc_value in delayed_ack socket option. [ 150.442031][ T9508] Use struct sctp_sack_info instead [ 150.515304][ T9508] openvswitch: netlink: nsh attr 0 has unexpected len 96 expected 0 [ 150.595196][ T9525] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 150.609013][ T9512] __nla_validate_parse: 4 callbacks suppressed [ 150.609031][ T9512] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1026'. [ 150.671007][ T9508] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 150.770681][ T9532] netlink: zone id is out of range [ 150.785940][ T9532] netlink: zone id is out of range [ 150.808255][ T9532] netlink: zone id is out of range [ 150.820611][ T9520] xt_recent: Unsupported userspace flags (00000042) [ 150.836794][ T9532] netlink: zone id is out of range [ 150.882859][ T9532] netlink: zone id is out of range [ 150.915201][ T9532] netlink: set zone limit has 8 unknown bytes [ 151.321700][ T9547] (unnamed net_device) (uninitialized): down delay (2147483647) is not a multiple of miimon (100), value rounded to 2147483600 ms [ 151.365938][ T9547] (unnamed net_device) (uninitialized): peer notification delay (2) is not a multiple of miimon (100), value rounded to 0 ms [ 151.531651][ T9555] Cannot find add_set index 0 as target [ 152.898489][ T9633] FAULT_INJECTION: forcing a failure. [ 152.898489][ T9633] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 152.927669][ T9633] CPU: 1 UID: 0 PID: 9633 Comm: syz.3.1070 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 152.938384][ T9633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 152.948459][ T9633] Call Trace: [ 152.951735][ T9633] [ 152.954667][ T9633] dump_stack_lvl+0x241/0x360 [ 152.959352][ T9633] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.964551][ T9633] ? __pfx__printk+0x10/0x10 [ 152.969153][ T9633] ? snprintf+0xda/0x120 [ 152.973395][ T9633] should_fail_ex+0x3b0/0x4e0 [ 152.978078][ T9633] _copy_to_user+0x31/0xb0 [ 152.982494][ T9633] simple_read_from_buffer+0xca/0x150 [ 152.987866][ T9633] proc_fail_nth_read+0x1e9/0x250 [ 152.992892][ T9633] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 152.998439][ T9633] ? rw_verify_area+0x55e/0x6f0 [ 153.003288][ T9633] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 153.008836][ T9633] vfs_read+0x1fc/0xb70 [ 153.012995][ T9633] ? __pfx___mutex_lock+0x10/0x10 [ 153.018017][ T9633] ? __pfx_vfs_read+0x10/0x10 [ 153.022689][ T9633] ? __fget_files+0x2a/0x410 [ 153.027278][ T9633] ? __fget_files+0x395/0x410 [ 153.031953][ T9633] ? __fget_files+0x2a/0x410 [ 153.036548][ T9633] ksys_read+0x18f/0x2b0 [ 153.040791][ T9633] ? __pfx_ksys_read+0x10/0x10 [ 153.045551][ T9633] ? do_syscall_64+0x100/0x230 [ 153.050318][ T9633] ? do_syscall_64+0xb6/0x230 [ 153.054990][ T9633] do_syscall_64+0xf3/0x230 [ 153.059490][ T9633] ? clear_bhb_loop+0x35/0x90 [ 153.064164][ T9633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.070052][ T9633] RIP: 0033:0x7f3f58b8473c [ 153.074462][ T9633] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 153.094062][ T9633] RSP: 002b:00007f3f59a8a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 153.102475][ T9633] RAX: ffffffffffffffda RBX: 00007f3f58d75fa0 RCX: 00007f3f58b8473c [ 153.110444][ T9633] RDX: 000000000000000f RSI: 00007f3f59a8a0a0 RDI: 0000000000000004 [ 153.118411][ T9633] RBP: 00007f3f59a8a090 R08: 0000000000000000 R09: 0000000000000000 [ 153.126377][ T9633] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001 [ 153.134342][ T9633] R13: 0000000000000000 R14: 00007f3f58d75fa0 R15: 00007fff0d179be8 [ 153.142319][ T9633] [ 153.171128][ T9637] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1072'. [ 153.187274][ T9640] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1071'. [ 153.211208][ T9640] nbd: nbd0 already in use [ 153.779874][ T9675] xt_CT: You must specify a L4 protocol and not use inversions on it [ 153.810325][ T9681] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1088'. [ 153.934696][ T9691] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1089'. [ 153.974231][ T9691] nbd: nbd0 already in use [ 154.156678][ T9699] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1093'. [ 154.283422][ T9701] macvtap1: entered promiscuous mode [ 154.309264][ T9701] macvtap1: entered allmulticast mode [ 154.325939][ T9701] vlan0: entered allmulticast mode [ 154.347997][ T9701] vlan0: entered promiscuous mode [ 154.384490][ T9701] team0: Device macvtap1 failed to register rx_handler [ 154.444382][ T9701] vlan0: left allmulticast mode [ 154.449283][ T9701] vlan0: left promiscuous mode [ 154.590425][ T9706] netlink: 'syz.3.1097': attribute type 30 has an invalid length. [ 154.599743][ T9711] bond0: option packets_per_slave: invalid value (18446744073709550593) [ 154.613549][ T9711] bond0: option packets_per_slave: allowed values 0 - 65535 [ 154.624550][ T9706] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT [ 154.681426][ T9711] Unsupported ieee802154 address type: 0 [ 154.763497][ T9726] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1101'. [ 154.963439][ T9737] netlink: 165 bytes leftover after parsing attributes in process `syz.1.1105'. [ 155.000600][ T9739] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1103'. [ 155.016406][ T9739] nbd: nbd0 already in use [ 155.028740][ T9737] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1105'. [ 155.069247][ T9744] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = -1, id = 0 [ 155.707336][ T9782] __nla_validate_parse: 1 callbacks suppressed [ 155.707356][ T9782] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1120'. [ 155.740009][ T9782] nbd: nbd0 already in use [ 155.789052][ T9788] netlink: 'syz.4.1123': attribute type 4 has an invalid length. [ 155.877759][ T9790] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1124'. [ 155.888893][ T9790] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1124'. [ 155.944131][ T9796] netlink: 'syz.0.1127': attribute type 12 has an invalid length. [ 155.952176][ T9796] netlink: 'syz.0.1127': attribute type 29 has an invalid length. [ 155.965939][ T9796] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1127'. [ 156.052749][ T9800] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 156.553269][ T9832] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1138'. [ 156.595246][ T9832] nbd: nbd0 already in use [ 156.638600][ T9834] bond0: entered promiscuous mode [ 156.647445][ T9834] bond_slave_0: entered promiscuous mode [ 156.668007][ T9834] bond_slave_1: entered promiscuous mode [ 156.688327][ T9834] bond0: left promiscuous mode [ 156.699956][ T9834] bond_slave_0: left promiscuous mode [ 156.709760][ T9834] bond_slave_1: left promiscuous mode [ 156.728191][ T9838] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1142'. [ 156.801131][ T9842] netlink: 'syz.0.1144': attribute type 16 has an invalid length. [ 157.206375][ T9862] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1153'. [ 157.391706][ T9870] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1154'. [ 157.423659][ T9870] nbd: nbd0 already in use [ 157.645106][ T9884] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1160'. [ 157.651967][ T9887] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1161'. [ 158.093941][ T9910] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.175769][ T9910] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.208343][ T9914] nbd: nbd0 already in use [ 158.266414][ T9922] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.573951][ T9940] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 158.590416][ T9940] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 158.603613][ T9940] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 158.621644][ T9940] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 158.641022][ T9940] geneve2: entered promiscuous mode [ 158.646521][ T9940] geneve2: entered allmulticast mode [ 158.764161][ T9952] netlink: 'syz.2.1186': attribute type 1 has an invalid length. [ 158.919344][ T9961] sch_tbf: burst 1399 is lower than device veth0_to_team mtu (1514) ! [ 158.929602][ T9964] nbd: nbd0 already in use [ 159.623242][ T9997] FAULT_INJECTION: forcing a failure. [ 159.623242][ T9997] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 159.654179][ T9997] CPU: 0 UID: 0 PID: 9997 Comm: syz.4.1202 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 159.664897][ T9997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 159.674982][ T9997] Call Trace: [ 159.678275][ T9997] [ 159.681224][ T9997] dump_stack_lvl+0x241/0x360 [ 159.685931][ T9997] ? __pfx_dump_stack_lvl+0x10/0x10 [ 159.691157][ T9997] ? __pfx__printk+0x10/0x10 [ 159.695776][ T9997] ? __pfx_lock_release+0x10/0x10 [ 159.700841][ T9997] should_fail_ex+0x3b0/0x4e0 [ 159.705548][ T9997] _copy_from_user+0x2f/0xc0 [ 159.710167][ T9997] generic_map_update_batch+0x5ba/0x900 [ 159.715752][ T9997] ? __pfx_generic_map_update_batch+0x10/0x10 [ 159.721849][ T9997] ? __fget_files+0x395/0x410 [ 159.726551][ T9997] ? __fget_files+0x2a/0x410 [ 159.731219][ T9997] ? __pfx_generic_map_update_batch+0x10/0x10 [ 159.737311][ T9997] bpf_map_do_batch+0x39a/0x660 [ 159.742188][ T9997] __sys_bpf+0x377/0x810 [ 159.746452][ T9997] ? __pfx___sys_bpf+0x10/0x10 [ 159.751292][ T9997] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 159.757296][ T9997] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 159.763645][ T9997] ? do_syscall_64+0x100/0x230 [ 159.768428][ T9997] __x64_sys_bpf+0x7c/0x90 [ 159.772877][ T9997] do_syscall_64+0xf3/0x230 [ 159.777377][ T9997] ? clear_bhb_loop+0x35/0x90 [ 159.782053][ T9997] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.787942][ T9997] RIP: 0033:0x7f9730185d29 [ 159.792349][ T9997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.812049][ T9997] RSP: 002b:00007f9731027038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 159.820462][ T9997] RAX: ffffffffffffffda RBX: 00007f9730375fa0 RCX: 00007f9730185d29 [ 159.828435][ T9997] RDX: 0000000000000038 RSI: 0000000020000200 RDI: 000000000000001a [ 159.836402][ T9997] RBP: 00007f9731027090 R08: 0000000000000000 R09: 0000000000000000 [ 159.844368][ T9997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 159.852348][ T9997] R13: 0000000000000000 R14: 00007f9730375fa0 R15: 00007ffd8b31c538 [ 159.860333][ T9997] [ 160.168942][T10021] vlan2: entered promiscuous mode [ 160.187514][T10021] syz_tun: entered promiscuous mode [ 160.204025][T10021] syz_tun: left promiscuous mode [ 160.455272][T10032] IPVS: Unknown mcast interface: veth0_virt_wifi [ 160.714170][T10043] __nla_validate_parse: 11 callbacks suppressed [ 160.714191][T10043] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1218'. [ 160.971528][T10058] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1225'. [ 161.006313][T10058] vlan1: entered allmulticast mode [ 161.200694][T10073] netlink: 'syz.4.1231': attribute type 10 has an invalid length. [ 161.224107][T10073] team0: Device veth0_macvtap is up. Set it down before adding it as a team port [ 162.026670][T10074] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 162.127124][T10116] netlink: 172 bytes leftover after parsing attributes in process `syz.4.1242'. [ 162.162502][T10116] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1242'. [ 162.205057][T10116] netlink: 'syz.4.1242': attribute type 1 has an invalid length. [ 162.212865][T10116] netlink: 'syz.4.1242': attribute type 2 has an invalid length. [ 162.243652][ T5844] Bluetooth: hci4: command 0x0405 tx timeout [ 162.520690][T10135] xt_SECMARK: invalid mode: 0 [ 162.662268][T10145] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1256'. [ 162.742419][T10148] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1256'. [ 162.769410][T10152] ebt_limit: overflow, try lower: 0/0 [ 162.831343][T10155] vlan3: entered promiscuous mode [ 163.199202][T10179] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1265'. [ 163.249223][T10182] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1268'. [ 163.378248][T10189] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1266'. [ 163.416138][T10191] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1270'. [ 163.729202][T10208] tipc: Started in network mode [ 163.751792][T10208] tipc: Node identity 7, cluster identity 4711 [ 163.772435][T10208] tipc: Node number set to 7 [ 163.910543][T10226] FAULT_INJECTION: forcing a failure. [ 163.910543][T10226] name failslab, interval 1, probability 0, space 0, times 0 [ 163.946388][T10226] CPU: 1 UID: 0 PID: 10226 Comm: syz.0.1280 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 163.957198][T10226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 163.967268][T10226] Call Trace: [ 163.970557][T10226] [ 163.973501][T10226] dump_stack_lvl+0x241/0x360 [ 163.978211][T10226] ? __pfx_dump_stack_lvl+0x10/0x10 [ 163.983436][T10226] ? __pfx__printk+0x10/0x10 [ 163.988057][T10226] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 163.994064][T10226] ? __pfx___might_resched+0x10/0x10 [ 163.994102][T10231] netlink: 'syz.1.1283': attribute type 1 has an invalid length. [ 163.999381][T10226] should_fail_ex+0x3b0/0x4e0 [ 164.011811][T10226] should_failslab+0xac/0x100 [ 164.016515][T10226] kmem_cache_alloc_node_noprof+0x77/0x380 [ 164.022351][T10226] ? __alloc_skb+0x1c3/0x440 [ 164.026957][T10226] __alloc_skb+0x1c3/0x440 [ 164.031383][T10226] ? __pfx___alloc_skb+0x10/0x10 [ 164.036343][T10226] ? netlink_ack_tlv_len+0x6e/0x200 [ 164.041588][T10226] netlink_ack+0x145/0xa50 [ 164.046026][T10226] ? __nla_parse+0x40/0x60 [ 164.050448][T10226] ? skb_pull+0xc1/0x1e0 [ 164.054703][T10226] nfnetlink_rcv+0x26bd/0x2ab0 [ 164.059494][T10226] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 164.064643][T10226] ? netlink_deliver_tap+0x2e/0x1b0 [ 164.069838][T10226] ? skb_clone+0x240/0x390 [ 164.074253][T10226] ? __pfx_lock_release+0x10/0x10 [ 164.079282][T10226] ? netlink_deliver_tap+0x2e/0x1b0 [ 164.084476][T10226] netlink_unicast+0x7f6/0x990 [ 164.089248][T10226] ? __pfx_netlink_unicast+0x10/0x10 [ 164.094530][T10226] ? __virt_addr_valid+0x45f/0x530 [ 164.099637][T10226] ? __phys_addr_symbol+0x2f/0x70 [ 164.104662][T10226] ? __check_object_size+0x47a/0x730 [ 164.109952][T10226] netlink_sendmsg+0x8e4/0xcb0 [ 164.114729][T10226] ? __pfx_netlink_sendmsg+0x10/0x10 [ 164.120015][T10226] ? aa_sock_msg_perm+0x91/0x160 [ 164.124954][T10226] ? __pfx_netlink_sendmsg+0x10/0x10 [ 164.130233][T10226] __sock_sendmsg+0x221/0x270 [ 164.134911][T10226] ____sys_sendmsg+0x52a/0x7e0 [ 164.139681][T10226] ? __pfx_____sys_sendmsg+0x10/0x10 [ 164.144960][T10226] ? __fget_files+0x2a/0x410 [ 164.149551][T10226] ? __fget_files+0x2a/0x410 [ 164.154145][T10226] __sys_sendmsg+0x269/0x350 [ 164.158728][T10226] ? __pfx_lock_release+0x10/0x10 [ 164.163761][T10226] ? __pfx___sys_sendmsg+0x10/0x10 [ 164.168893][T10226] ? __pfx_vfs_write+0x10/0x10 [ 164.173680][T10226] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 164.180011][T10226] ? do_syscall_64+0x100/0x230 [ 164.184773][T10226] ? do_syscall_64+0xb6/0x230 [ 164.189454][T10226] do_syscall_64+0xf3/0x230 [ 164.193952][T10226] ? clear_bhb_loop+0x35/0x90 [ 164.198629][T10226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.204522][T10226] RIP: 0033:0x7f768f585d29 [ 164.208933][T10226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.228559][T10226] RSP: 002b:00007f768d3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 164.236973][T10226] RAX: ffffffffffffffda RBX: 00007f768f775fa0 RCX: 00007f768f585d29 [ 164.244945][T10226] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000003 [ 164.252911][T10226] RBP: 00007f768d3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 164.260887][T10226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 164.268859][T10226] R13: 0000000000000000 R14: 00007f768f775fa0 R15: 00007fffe513d5d8 [ 164.276839][T10226] [ 164.314143][T10231] 8021q: adding VLAN 0 to HW filter on device bond4 [ 164.337503][T10231] bond3: (slave bond4): making interface the new active one [ 164.351257][T10231] bond3: (slave bond4): Enslaving as an active interface with an up link [ 164.719744][T10253] netlink: 'syz.0.1288': attribute type 3 has an invalid length. [ 164.776500][T10256] geneve2: entered promiscuous mode [ 164.872838][T10265] bridge2: entered promiscuous mode [ 164.888772][T10265] bridge2: entered allmulticast mode [ 164.900284][T10265] team0: Port device bridge2 added [ 164.916164][T10266] netlink: 'syz.0.1294': attribute type 10 has an invalid length. [ 165.088922][T10265] bridge0: port 3(ip6gretap0) entered blocking state [ 165.114002][T10265] bridge0: port 3(ip6gretap0) entered disabled state [ 165.120893][T10265] ip6gretap0: entered allmulticast mode [ 165.134822][T10265] ip6gretap0: entered promiscuous mode [ 165.141123][T10265] bridge0: port 3(ip6gretap0) entered blocking state [ 165.148941][T10265] bridge0: port 3(ip6gretap0) entered forwarding state [ 165.248947][ C0] TCP: request_sock_subflow_v6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 165.291744][T10283] vlan2: entered promiscuous mode [ 165.521147][T10296] netlink: 'syz.2.1304': attribute type 30 has an invalid length. [ 165.730205][T10306] __nla_validate_parse: 8 callbacks suppressed [ 165.730226][T10306] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1309'. [ 165.758456][T10309] FAULT_INJECTION: forcing a failure. [ 165.758456][T10309] name failslab, interval 1, probability 0, space 0, times 0 [ 165.770189][T10306] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1309'. [ 165.779044][T10309] CPU: 0 UID: 0 PID: 10309 Comm: syz.1.1308 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 165.790670][T10309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 165.800753][T10309] Call Trace: [ 165.804051][T10309] [ 165.807001][T10309] dump_stack_lvl+0x241/0x360 [ 165.811710][T10309] ? __pfx_dump_stack_lvl+0x10/0x10 [ 165.816943][T10309] ? __pfx__printk+0x10/0x10 [ 165.821566][T10309] ? __kmalloc_noprof+0xb5/0x4c0 [ 165.826532][T10309] ? __pfx___might_resched+0x10/0x10 [ 165.831841][T10309] ? aa_get_newest_label+0xff/0x6f0 [ 165.837060][T10309] should_fail_ex+0x3b0/0x4e0 [ 165.841749][T10309] should_failslab+0xac/0x100 [ 165.846434][T10309] __kmalloc_noprof+0xdd/0x4c0 [ 165.851200][T10309] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 165.857442][T10309] ? apparmor_capable+0x13b/0x1b0 [ 165.862497][T10309] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 165.868587][T10309] genl_rcv_msg+0x802/0xec0 [ 165.873137][T10309] ? __pfx_genl_rcv_msg+0x10/0x10 [ 165.878189][T10309] ? __pfx_lock_acquire+0x10/0x10 [ 165.883219][T10309] ? __pfx_mptcp_pm_nl_del_addr_doit+0x10/0x10 [ 165.889385][T10309] ? __pfx___might_resched+0x10/0x10 [ 165.894719][T10309] netlink_rcv_skb+0x1e3/0x430 [ 165.899492][T10309] ? __pfx_genl_rcv_msg+0x10/0x10 [ 165.904551][T10309] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 165.909851][T10309] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 165.915315][T10309] genl_rcv+0x28/0x40 [ 165.919305][T10309] netlink_unicast+0x7f6/0x990 [ 165.924123][T10309] ? __pfx_netlink_unicast+0x10/0x10 [ 165.929409][T10309] ? __virt_addr_valid+0x45f/0x530 [ 165.934521][T10309] ? __phys_addr_symbol+0x2f/0x70 [ 165.939551][T10309] ? __check_object_size+0x47a/0x730 [ 165.944842][T10309] netlink_sendmsg+0x8e4/0xcb0 [ 165.949615][T10309] ? __pfx_netlink_sendmsg+0x10/0x10 [ 165.954901][T10309] ? aa_sock_msg_perm+0x91/0x160 [ 165.959840][T10309] ? __pfx_netlink_sendmsg+0x10/0x10 [ 165.965122][T10309] __sock_sendmsg+0x221/0x270 [ 165.969805][T10309] ____sys_sendmsg+0x52a/0x7e0 [ 165.974577][T10309] ? __pfx_____sys_sendmsg+0x10/0x10 [ 165.979860][T10309] ? __fget_files+0x2a/0x410 [ 165.984456][T10309] ? __fget_files+0x2a/0x410 [ 165.989054][T10309] __sys_sendmsg+0x269/0x350 [ 165.993640][T10309] ? __pfx_lock_release+0x10/0x10 [ 165.998663][T10309] ? __pfx___sys_sendmsg+0x10/0x10 [ 166.003785][T10309] ? __pfx_vfs_write+0x10/0x10 [ 166.008571][T10309] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 166.014900][T10309] ? do_syscall_64+0x100/0x230 [ 166.019665][T10309] ? do_syscall_64+0xb6/0x230 [ 166.024345][T10309] do_syscall_64+0xf3/0x230 [ 166.028845][T10309] ? clear_bhb_loop+0x35/0x90 [ 166.033524][T10309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.039415][T10309] RIP: 0033:0x7f5955985d29 [ 166.043826][T10309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.063466][T10309] RSP: 002b:00007f595672f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 166.071886][T10309] RAX: ffffffffffffffda RBX: 00007f5955b76080 RCX: 00007f5955985d29 [ 166.079854][T10309] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000007 [ 166.087819][T10309] RBP: 00007f595672f090 R08: 0000000000000000 R09: 0000000000000000 [ 166.095784][T10309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 166.103750][T10309] R13: 0000000000000000 R14: 00007f5955b76080 R15: 00007fffeaec50a8 [ 166.111747][T10309] [ 166.187099][T10311] tipc: Started in network mode [ 166.191999][T10311] tipc: Node identity 7, cluster identity 4711 [ 166.206911][T10311] tipc: Node number set to 7 [ 166.341505][T10327] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1316'. [ 166.341996][T10321] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1315'. [ 166.428762][T10332] netlink: 'syz.2.1318': attribute type 4 has an invalid length. [ 166.580014][T10334] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1319'. [ 166.643667][T10345] FAULT_INJECTION: forcing a failure. [ 166.643667][T10345] name failslab, interval 1, probability 0, space 0, times 0 [ 166.688345][T10345] CPU: 1 UID: 0 PID: 10345 Comm: syz.1.1323 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 166.699143][T10345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 166.709212][T10345] Call Trace: [ 166.712485][T10345] [ 166.715411][T10345] dump_stack_lvl+0x241/0x360 [ 166.720115][T10345] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.725325][T10345] ? __pfx__printk+0x10/0x10 [ 166.729924][T10345] ? __kmalloc_noprof+0xb5/0x4c0 [ 166.734861][T10345] ? __pfx___might_resched+0x10/0x10 [ 166.740157][T10345] ? 0xffffffffa0003c00 [ 166.744309][T10345] should_fail_ex+0x3b0/0x4e0 [ 166.748997][T10345] should_failslab+0xac/0x100 [ 166.753686][T10345] __kmalloc_noprof+0xdd/0x4c0 [ 166.758449][T10345] ? do_setlink+0x68b/0x4210 [ 166.763043][T10345] do_setlink+0x68b/0x4210 [ 166.767476][T10345] ? __pfx_do_setlink+0x10/0x10 [ 166.772333][T10345] ? __pfx___might_resched+0x10/0x10 [ 166.777616][T10345] ? __pfx___mutex_trylock_common+0x10/0x10 [ 166.783515][T10345] ? rcu_is_watching+0x15/0xb0 [ 166.788278][T10345] ? trace_contention_end+0x3c/0x120 [ 166.793573][T10345] ? __mutex_lock+0x37f/0xee0 [ 166.798244][T10345] ? __pfx_aa_get_newest_label+0x10/0x10 [ 166.803873][T10345] ? __pfx_aa_get_newest_label+0x10/0x10 [ 166.809500][T10345] ? rtnl_newlink+0xbcb/0x2150 [ 166.814273][T10345] ? __pfx___mutex_lock+0x10/0x10 [ 166.819297][T10345] ? ns_capable+0x8a/0xf0 [ 166.823649][T10345] ? rtnl_link_get_net_capable+0x168/0x340 [ 166.829482][T10345] rtnl_newlink+0x1519/0x2150 [ 166.834173][T10345] ? __pfx_rtnl_newlink+0x10/0x10 [ 166.839201][T10345] ? __netlink_deliver_tap+0x56b/0x7f0 [ 166.844717][T10345] ? __pfx_validate_chain+0x10/0x10 [ 166.849930][T10345] ? __sock_sendmsg+0x221/0x270 [ 166.854783][T10345] ? ____sys_sendmsg+0x52a/0x7e0 [ 166.859716][T10345] ? __sys_sendmsg+0x269/0x350 [ 166.864478][T10345] ? do_syscall_64+0xf3/0x230 [ 166.869152][T10345] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.875230][T10345] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 166.881208][T10345] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 166.887539][T10345] ? mark_lock+0x9a/0x360 [ 166.891870][T10345] ? __lock_acquire+0x1397/0x2100 [ 166.896914][T10345] ? __pfx_lock_release+0x10/0x10 [ 166.901959][T10345] ? __pfx_rtnl_newlink+0x10/0x10 [ 166.906985][T10345] rtnetlink_rcv_msg+0x791/0xcf0 [ 166.911918][T10345] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 166.917032][T10345] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 166.922515][T10345] ? ref_tracker_free+0x643/0x7e0 [ 166.927557][T10345] netlink_rcv_skb+0x1e3/0x430 [ 166.932340][T10345] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 166.937818][T10345] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 166.943122][T10345] ? netlink_deliver_tap+0x2e/0x1b0 [ 166.948321][T10345] netlink_unicast+0x7f6/0x990 [ 166.953096][T10345] ? __pfx_netlink_unicast+0x10/0x10 [ 166.958379][T10345] ? __virt_addr_valid+0x45f/0x530 [ 166.963495][T10345] ? __phys_addr_symbol+0x2f/0x70 [ 166.968531][T10345] ? __check_object_size+0x47a/0x730 [ 166.973826][T10345] netlink_sendmsg+0x8e4/0xcb0 [ 166.978597][T10345] ? __pfx_netlink_sendmsg+0x10/0x10 [ 166.983882][T10345] ? aa_sock_msg_perm+0x91/0x160 [ 166.988824][T10345] ? __pfx_netlink_sendmsg+0x10/0x10 [ 166.994103][T10345] __sock_sendmsg+0x221/0x270 [ 166.998791][T10345] ____sys_sendmsg+0x52a/0x7e0 [ 167.003567][T10345] ? __pfx_____sys_sendmsg+0x10/0x10 [ 167.008856][T10345] ? __fget_files+0x2a/0x410 [ 167.013451][T10345] ? __fget_files+0x2a/0x410 [ 167.018051][T10345] __sys_sendmsg+0x269/0x350 [ 167.022639][T10345] ? __pfx_lock_release+0x10/0x10 [ 167.027664][T10345] ? __pfx___sys_sendmsg+0x10/0x10 [ 167.032786][T10345] ? __pfx_vfs_write+0x10/0x10 [ 167.037572][T10345] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 167.043902][T10345] ? do_syscall_64+0x100/0x230 [ 167.048662][T10345] ? do_syscall_64+0xb6/0x230 [ 167.053344][T10345] do_syscall_64+0xf3/0x230 [ 167.057846][T10345] ? clear_bhb_loop+0x35/0x90 [ 167.062522][T10345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.068409][T10345] RIP: 0033:0x7f5955985d29 [ 167.072821][T10345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.092422][T10345] RSP: 002b:00007f5956750038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 167.100835][T10345] RAX: ffffffffffffffda RBX: 00007f5955b75fa0 RCX: 00007f5955985d29 [ 167.108803][T10345] RDX: 0000000000040880 RSI: 0000000020000000 RDI: 0000000000000003 [ 167.116768][T10345] RBP: 00007f5956750090 R08: 0000000000000000 R09: 0000000000000000 [ 167.124735][T10345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.132702][T10345] R13: 0000000000000000 R14: 00007f5955b75fa0 R15: 00007fffeaec50a8 [ 167.140688][T10345] [ 167.179720][T10350] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1325'. [ 167.189170][T10350] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1325'. [ 167.398617][T10363] xt_CT: You must specify a L4 protocol and not use inversions on it [ 167.471205][T10367] veth0_virt_wifi: entered promiscuous mode [ 167.497888][T10367] macvlan1: entered promiscuous mode [ 167.524531][T10367] veth0_virt_wifi: left promiscuous mode [ 167.560411][T10371] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1334'. [ 167.586061][T10373] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1336'. [ 167.656681][T10373] netlink: 'syz.0.1336': attribute type 5 has an invalid length. [ 167.664661][T10373] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1336'. [ 167.961818][T10392] FAULT_INJECTION: forcing a failure. [ 167.961818][T10392] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 167.975100][T10392] CPU: 0 UID: 0 PID: 10392 Comm: syz.3.1343 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 167.985890][T10392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 167.995963][T10392] Call Trace: [ 167.999257][T10392] [ 168.002210][T10392] dump_stack_lvl+0x241/0x360 [ 168.006920][T10392] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.012149][T10392] ? __pfx__printk+0x10/0x10 [ 168.016766][T10392] ? snprintf+0xda/0x120 [ 168.021038][T10392] should_fail_ex+0x3b0/0x4e0 [ 168.025745][T10392] _copy_to_user+0x31/0xb0 [ 168.030194][T10392] simple_read_from_buffer+0xca/0x150 [ 168.035593][T10392] proc_fail_nth_read+0x1e9/0x250 [ 168.040639][T10392] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 168.046216][T10392] ? rw_verify_area+0x55e/0x6f0 [ 168.051090][T10392] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 168.056662][T10392] vfs_read+0x1fc/0xb70 [ 168.060838][T10392] ? __pfx___mutex_lock+0x10/0x10 [ 168.065882][T10392] ? __pfx_vfs_read+0x10/0x10 [ 168.070581][T10392] ? __fget_files+0x2a/0x410 [ 168.075200][T10392] ? __fget_files+0x395/0x410 [ 168.079904][T10392] ? __fget_files+0x2a/0x410 [ 168.084520][T10392] ksys_read+0x18f/0x2b0 [ 168.088770][T10392] ? __pfx_ksys_read+0x10/0x10 [ 168.093535][T10392] ? trace_sys_enter+0x74/0x120 [ 168.098392][T10392] ? rcu_is_watching+0x15/0xb0 [ 168.103158][T10392] ? trace_sys_enter+0x25/0x120 [ 168.108035][T10392] do_syscall_64+0xf3/0x230 [ 168.112534][T10392] ? clear_bhb_loop+0x35/0x90 [ 168.117208][T10392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.123097][T10392] RIP: 0033:0x7f3f58b8473c [ 168.127509][T10392] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 168.147111][T10392] RSP: 002b:00007f3f59a8a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 168.155527][T10392] RAX: ffffffffffffffda RBX: 00007f3f58d75fa0 RCX: 00007f3f58b8473c [ 168.163497][T10392] RDX: 000000000000000f RSI: 00007f3f59a8a0a0 RDI: 0000000000000004 [ 168.171485][T10392] RBP: 00007f3f59a8a090 R08: 0000000000000000 R09: 0000000000000000 [ 168.179453][T10392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.187452][T10392] R13: 0000000000000000 R14: 00007f3f58d75fa0 R15: 00007fff0d179be8 [ 168.195437][T10392] [ 168.663345][T10433] FAULT_INJECTION: forcing a failure. [ 168.663345][T10433] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 168.733246][T10433] CPU: 1 UID: 0 PID: 10433 Comm: syz.3.1359 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 168.744057][T10433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 168.754133][T10433] Call Trace: [ 168.757422][T10433] [ 168.760367][T10433] dump_stack_lvl+0x241/0x360 [ 168.765072][T10433] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.770294][T10433] ? __pfx__printk+0x10/0x10 [ 168.774907][T10433] ? __pfx_lock_release+0x10/0x10 [ 168.779960][T10433] should_fail_ex+0x3b0/0x4e0 [ 168.784669][T10433] _copy_from_user+0x2f/0xc0 [ 168.789288][T10433] copy_msghdr_from_user+0xae/0x680 [ 168.794515][T10433] ? __pfx___might_resched+0x10/0x10 [ 168.799824][T10433] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 168.805664][T10433] ? do_recvmmsg+0x44e/0xab0 [ 168.810284][T10433] ? __might_fault+0xaa/0x120 [ 168.815001][T10433] do_recvmmsg+0x3bd/0xab0 [ 168.819458][T10433] ? __pfx_do_recvmmsg+0x10/0x10 [ 168.824439][T10433] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 168.830361][T10433] ? ksys_write+0x22a/0x2b0 [ 168.834889][T10433] ? __pfx_lock_release+0x10/0x10 [ 168.839996][T10433] ? vfs_write+0x730/0xd30 [ 168.844446][T10433] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 168.850455][T10433] ? __fget_files+0x2a/0x410 [ 168.855070][T10433] __x64_sys_recvmmsg+0x199/0x250 [ 168.860096][T10433] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 168.865634][T10433] ? do_syscall_64+0x100/0x230 [ 168.870394][T10433] ? do_syscall_64+0xb6/0x230 [ 168.875084][T10433] do_syscall_64+0xf3/0x230 [ 168.879580][T10433] ? clear_bhb_loop+0x35/0x90 [ 168.884252][T10433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.890137][T10433] RIP: 0033:0x7f3f58b85d29 [ 168.894552][T10433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.914173][T10433] RSP: 002b:00007f3f59a8a038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 168.922627][T10433] RAX: ffffffffffffffda RBX: 00007f3f58d75fa0 RCX: 00007f3f58b85d29 [ 168.930602][T10433] RDX: 0204083acb88ff8b RSI: 0000000020000600 RDI: 0000000000000004 [ 168.938572][T10433] RBP: 00007f3f59a8a090 R08: 0000000000000000 R09: 0000000000000000 [ 168.946539][T10433] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 168.954507][T10433] R13: 0000000000000000 R14: 00007f3f58d75fa0 R15: 00007fff0d179be8 [ 168.962488][T10433] [ 169.011551][T10440] netlink: 'syz.1.1360': attribute type 1 has an invalid length. [ 169.482986][T10468] netlink: 'syz.4.1372': attribute type 10 has an invalid length. [ 169.671186][T10475] netlink: 'syz.4.1372': attribute type 7 has an invalid length. [ 169.679508][T10475] netlink: 'syz.4.1372': attribute type 3 has an invalid length. [ 169.996930][T10487] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 170.479848][T10502] netlink: 'syz.2.1383': attribute type 3 has an invalid length. [ 170.740460][T10521] __nla_validate_parse: 18 callbacks suppressed [ 170.740480][T10521] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1385'. [ 170.787792][T10521] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1385'. [ 170.806727][T10520] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1385'. [ 170.845047][T10520] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1385'. [ 171.037561][T10535] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1388'. [ 171.668037][T10569] rdma_op ffff8880227ff9f0 conn xmit_rdma 0000000000000000 [ 171.704517][T10569] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1403'. [ 171.809339][T10575] FAULT_INJECTION: forcing a failure. [ 171.809339][T10575] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 171.837671][T10575] CPU: 1 UID: 0 PID: 10575 Comm: syz.3.1405 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 171.848470][T10575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 171.858555][T10575] Call Trace: [ 171.861852][T10575] [ 171.864810][T10575] dump_stack_lvl+0x241/0x360 [ 171.869556][T10575] ? __pfx_dump_stack_lvl+0x10/0x10 [ 171.874787][T10575] ? __pfx__printk+0x10/0x10 [ 171.879404][T10575] ? __pfx_lock_release+0x10/0x10 [ 171.884455][T10575] should_fail_ex+0x3b0/0x4e0 [ 171.889165][T10575] _copy_from_user+0x2f/0xc0 [ 171.893783][T10575] __sys_bpf+0x1a4/0x810 [ 171.898043][T10575] ? __pfx___sys_bpf+0x10/0x10 [ 171.902833][T10575] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 171.908837][T10575] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 171.915186][T10575] ? do_syscall_64+0x100/0x230 [ 171.919987][T10575] __x64_sys_bpf+0x7c/0x90 [ 171.924430][T10575] do_syscall_64+0xf3/0x230 [ 171.929129][T10575] ? clear_bhb_loop+0x35/0x90 [ 171.933828][T10575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.939733][T10575] RIP: 0033:0x7f3f58b85d29 [ 171.944150][T10575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.963753][T10575] RSP: 002b:00007f3f59a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 171.972198][T10575] RAX: ffffffffffffffda RBX: 00007f3f58d75fa0 RCX: 00007f3f58b85d29 [ 171.980175][T10575] RDX: 0000000000000094 RSI: 0000000020000a80 RDI: 0000000000000005 [ 171.988145][T10575] RBP: 00007f3f59a8a090 R08: 0000000000000000 R09: 0000000000000000 [ 171.996115][T10575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 172.004089][T10575] R13: 0000000000000000 R14: 00007f3f58d75fa0 R15: 00007fff0d179be8 [ 172.012080][T10575] [ 172.145770][T10581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:24) already exists on: dummy0 [ 172.156688][T10581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.301705][T10591] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1412'. [ 172.591939][T10610] netdevsim netdevsim4 eth0: set [1, 2] type 2 family 0 port 20001 - 0 [ 172.620783][T10610] netdevsim netdevsim4 eth1: set [1, 2] type 2 family 0 port 20001 - 0 [ 172.660976][T10610] netdevsim netdevsim4 eth2: set [1, 2] type 2 family 0 port 20001 - 0 [ 172.671299][T10610] netdevsim netdevsim4 eth3: set [1, 2] type 2 family 0 port 20001 - 0 [ 172.679765][T10610] geneve3: entered promiscuous mode [ 173.061968][T10631] netlink: 'syz.4.1426': attribute type 5 has an invalid length. [ 173.064159][T10633] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1427'. [ 173.162896][T10636] bond0: entered promiscuous mode [ 173.171335][T10636] bond_slave_0: entered promiscuous mode [ 173.188331][T10636] bond_slave_1: entered promiscuous mode [ 173.211954][T10636] bond0: left promiscuous mode [ 173.216990][T10636] bond_slave_0: left promiscuous mode [ 173.231782][T10636] bond_slave_1: left promiscuous mode [ 173.442738][T10640] tc_dump_action: action bad kind [ 173.540857][T10646] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1432'. [ 173.560809][T10647] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1432'. [ 173.923878][ C0] batman_adv: batadv0: Local translation table size (120) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 174.961466][T10709] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 175.023176][T10710] netlink: 'syz.2.1460': attribute type 21 has an invalid length. [ 175.749164][T10748] vlan3: entered allmulticast mode [ 175.754617][T10748] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode [ 175.805343][T10752] ebt_among: wrong size: 2080 against expected 2280, rounded to 2280 [ 175.915446][T10759] netlink: 'syz.1.1476': attribute type 10 has an invalid length. [ 175.923414][T10759] team0: Device veth0_macvtap is up. Set it down before adding it as a team port [ 176.582299][T10797] dvmrp0: entered allmulticast mode [ 176.587297][T10801] xt_SECMARK: invalid mode: 0 [ 176.595836][T10793] dvmrp0: left allmulticast mode [ 176.961932][T10824] __nla_validate_parse: 13 callbacks suppressed [ 176.961952][T10824] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1503'. [ 177.002836][T10824] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 177.030519][T10824] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 177.257777][T10840] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1509'. [ 177.277732][T10841] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1508'. [ 177.286962][T10841] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1508'. [ 177.601248][T10855] syz.2.1513 (10855) used greatest stack depth: 17816 bytes left [ 178.149373][T10864] bridge0: port 3(macvlan1) entered disabled state [ 178.157335][T10864] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.164790][T10864] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.248908][T10864] 0ªX¹¦À: left allmulticast mode [ 178.297633][T10886] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 178.459765][T10864] veth0_to_team: left promiscuous mode [ 178.473549][T10864] veth0_to_team: left allmulticast mode [ 178.514526][T10864] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 178.548381][T10864] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 178.725490][T10864] veth1_vlan: left allmulticast mode [ 178.808042][T10864] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.819189][T10864] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.827567][T10864] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.836101][T10864] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.854667][T10879] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 178.896377][T10864] bond0: left promiscuous mode [ 178.912524][T10864] batadv1: left promiscuous mode [ 178.920903][T10864] batadv1: left allmulticast mode [ 178.956562][T10882] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.037069][T10882] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.053067][ C0] batman_adv: batadv0: Local translation table size (120) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:1c [ 179.117169][T10882] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.212591][T10882] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.259751][T10904] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1530'. [ 179.288873][ C1] TCP: request_sock_subflow_v6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 179.362354][T10882] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.392044][T10882] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.426766][T10909] vlan2: entered promiscuous mode [ 179.469272][T10882] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.497289][T10882] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.655948][T10918] batadv_slave_1: entered promiscuous mode [ 179.663367][T10918] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 179.756333][T10918] batadv_slave_1 (unregistering): left promiscuous mode [ 179.763384][T10918] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 180.445128][T10945] netlink: 'syz.1.1542': attribute type 2 has an invalid length. [ 180.601101][T10947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1547'. [ 180.710007][T10956] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1549'. [ 180.729283][T10956] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1549'. [ 180.776980][T10956] FAULT_INJECTION: forcing a failure. [ 180.776980][T10956] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 180.792454][T10961] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 180.814325][T10956] CPU: 1 UID: 0 PID: 10956 Comm: syz.4.1549 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 180.825128][T10956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 180.826959][T10960] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 180.835187][T10956] Call Trace: [ 180.835221][T10956] [ 180.835231][T10956] dump_stack_lvl+0x241/0x360 [ 180.853888][T10956] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.859139][T10956] ? __pfx__printk+0x10/0x10 [ 180.863761][T10956] ? __pfx_lock_release+0x10/0x10 [ 180.868822][T10956] ? __lock_acquire+0x1397/0x2100 [ 180.873870][T10956] should_fail_ex+0x3b0/0x4e0 [ 180.878578][T10956] _copy_from_user+0x2f/0xc0 [ 180.883188][T10956] kstrtouint_from_user+0xc6/0x190 [ 180.888310][T10956] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 180.894034][T10956] ? __pfx_lock_acquire+0x10/0x10 [ 180.899070][T10956] proc_fail_nth_write+0xaa/0x2d0 [ 180.904097][T10956] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 180.909996][T10956] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 180.915632][T10956] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 180.921267][T10956] vfs_write+0x2a3/0xd30 [ 180.925521][T10956] ? __pfx_vfs_write+0x10/0x10 [ 180.930286][T10956] ? __fget_files+0x2a/0x410 [ 180.934879][T10956] ? __fget_files+0x395/0x410 [ 180.939562][T10956] ? __fget_files+0x2a/0x410 [ 180.944162][T10956] ksys_write+0x18f/0x2b0 [ 180.948491][T10956] ? __pfx_ksys_write+0x10/0x10 [ 180.953340][T10956] ? do_syscall_64+0x100/0x230 [ 180.958109][T10956] ? do_syscall_64+0xb6/0x230 [ 180.962795][T10956] do_syscall_64+0xf3/0x230 [ 180.967302][T10956] ? clear_bhb_loop+0x35/0x90 [ 180.971984][T10956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.977871][T10956] RIP: 0033:0x7f97301847df [ 180.982292][T10956] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 181.001891][T10956] RSP: 002b:00007f9731006030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 181.010307][T10956] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f97301847df [ 181.018277][T10956] RDX: 0000000000000001 RSI: 00007f97310060a0 RDI: 0000000000000008 [ 181.026246][T10956] RBP: 00007f9731006090 R08: 0000000000000000 R09: 0000000000000000 [ 181.034216][T10956] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 181.042186][T10956] R13: 0000000000000000 R14: 00007f9730376080 R15: 00007ffd8b31c538 [ 181.050169][T10956] [ 181.127050][ T5145] Bluetooth: hci2: command 0x0406 tx timeout [ 181.134906][ T5145] Bluetooth: hci1: command 0x0406 tx timeout [ 181.143342][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 181.247111][T10972] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1554'. [ 181.269299][T10973] tipc: Started in network mode [ 181.281113][T10973] tipc: Node identity 7, cluster identity 4711 [ 181.287548][T10973] tipc: Node number set to 7 [ 181.680643][T11004] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1563'. [ 181.729852][T11006] batman_adv: batadv0: Local translation table size (128) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:2a [ 181.778667][T11006] bridge0: port 3(batadv0) entered disabled state [ 181.786008][T11006] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.794731][T11006] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.282222][T11037] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1579'. [ 182.321032][T11024] bond0 (unregistering): (slave batadv1): Releasing active interface [ 182.344719][T11024] bond0 (unregistering): Released all slaves [ 182.415954][T11043] FAULT_INJECTION: forcing a failure. [ 182.415954][T11043] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 182.437174][T11043] CPU: 0 UID: 0 PID: 11043 Comm: syz.2.1581 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 182.447970][T11043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 182.458041][T11043] Call Trace: [ 182.461340][T11043] [ 182.464288][T11043] dump_stack_lvl+0x241/0x360 [ 182.469000][T11043] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.474227][T11043] ? __pfx__printk+0x10/0x10 [ 182.478851][T11043] ? snprintf+0xda/0x120 [ 182.483137][T11043] should_fail_ex+0x3b0/0x4e0 [ 182.487848][T11043] _copy_to_user+0x31/0xb0 [ 182.492307][T11043] simple_read_from_buffer+0xca/0x150 [ 182.497718][T11043] proc_fail_nth_read+0x1e9/0x250 [ 182.502765][T11043] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 182.508332][T11043] ? rw_verify_area+0x55e/0x6f0 [ 182.513200][T11043] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 182.518776][T11043] vfs_read+0x1fc/0xb70 [ 182.523024][T11043] ? __pfx___mutex_lock+0x10/0x10 [ 182.528046][T11043] ? __pfx_vfs_read+0x10/0x10 [ 182.532722][T11043] ? __fget_files+0x2a/0x410 [ 182.537311][T11043] ? __fget_files+0x395/0x410 [ 182.541985][T11043] ? __fget_files+0x2a/0x410 [ 182.546581][T11043] ksys_read+0x18f/0x2b0 [ 182.550824][T11043] ? __pfx_ksys_read+0x10/0x10 [ 182.555589][T11043] ? do_syscall_64+0x100/0x230 [ 182.560351][T11043] ? do_syscall_64+0xb6/0x230 [ 182.565026][T11043] do_syscall_64+0xf3/0x230 [ 182.569523][T11043] ? clear_bhb_loop+0x35/0x90 [ 182.574198][T11043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.580083][T11043] RIP: 0033:0x7fcd96b8473c [ 182.584502][T11043] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 182.604113][T11043] RSP: 002b:00007fcd9796e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 182.612527][T11043] RAX: ffffffffffffffda RBX: 00007fcd96d75fa0 RCX: 00007fcd96b8473c [ 182.620504][T11043] RDX: 000000000000000f RSI: 00007fcd9796e0a0 RDI: 0000000000000004 [ 182.628469][T11043] RBP: 00007fcd9796e090 R08: 0000000000000000 R09: 0000000000000000 [ 182.636449][T11043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 182.644423][T11043] R13: 0000000000000000 R14: 00007fcd96d75fa0 R15: 00007ffd84445238 [ 182.652411][T11043] [ 182.745989][T11052] FAULT_INJECTION: forcing a failure. [ 182.745989][T11052] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 182.759260][T11052] CPU: 0 UID: 0 PID: 11052 Comm: syz.2.1585 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 182.770046][T11052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 182.780107][T11052] Call Trace: [ 182.783383][T11052] [ 182.786305][T11052] dump_stack_lvl+0x241/0x360 [ 182.790981][T11052] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.796170][T11052] ? __pfx__printk+0x10/0x10 [ 182.800767][T11052] ? __pfx_lock_release+0x10/0x10 [ 182.805815][T11052] should_fail_ex+0x3b0/0x4e0 [ 182.810493][T11052] _copy_from_user+0x2f/0xc0 [ 182.815094][T11052] copy_msghdr_from_user+0xae/0x680 [ 182.820325][T11052] ? __pfx___might_resched+0x10/0x10 [ 182.825640][T11052] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 182.831470][T11052] ? do_recvmmsg+0x44e/0xab0 [ 182.836058][T11052] ? __might_fault+0xaa/0x120 [ 182.840736][T11052] do_recvmmsg+0x3bd/0xab0 [ 182.845147][T11052] ? __pfx_do_recvmmsg+0x10/0x10 [ 182.850083][T11052] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 182.856066][T11052] ? ksys_write+0x22a/0x2b0 [ 182.860578][T11052] ? __pfx_lock_release+0x10/0x10 [ 182.865617][T11052] ? vfs_write+0x730/0xd30 [ 182.870064][T11052] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 182.876059][T11052] ? __fget_files+0x2a/0x410 [ 182.880656][T11052] __x64_sys_recvmmsg+0x199/0x250 [ 182.885679][T11052] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 182.891215][T11052] ? do_syscall_64+0x100/0x230 [ 182.895970][T11052] ? do_syscall_64+0xb6/0x230 [ 182.900655][T11052] do_syscall_64+0xf3/0x230 [ 182.905176][T11052] ? clear_bhb_loop+0x35/0x90 [ 182.909854][T11052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.915753][T11052] RIP: 0033:0x7fcd96b85d29 [ 182.920182][T11052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.939789][T11052] RSP: 002b:00007fcd9796e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 182.948201][T11052] RAX: ffffffffffffffda RBX: 00007fcd96d75fa0 RCX: 00007fcd96b85d29 [ 182.956161][T11052] RDX: 0204083acb88ff8b RSI: 0000000020000600 RDI: 0000000000000004 [ 182.964134][T11052] RBP: 00007fcd9796e090 R08: 0000000000000000 R09: 0000000000000000 [ 182.972112][T11052] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 182.980071][T11052] R13: 0000000000000000 R14: 00007fcd96d75fa0 R15: 00007ffd84445238 [ 182.988066][T11052] [ 183.472040][T11083] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1594'. [ 183.491802][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 183.510159][T11087] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1597'. [ 183.519680][T11087] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1597'. [ 183.557552][T11087] batadv1: entered promiscuous mode [ 183.563862][T11087] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 184.014016][T11108] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1604'. [ 184.054692][T11105] netlink: 'syz.2.1603': attribute type 10 has an invalid length. [ 184.103897][T11105] bridge0: port 1(veth0_to_bridge) entered disabled state [ 184.114856][T11105] bridge0: port 1(veth0_to_bridge) entered blocking state [ 184.122137][T11105] bridge0: port 1(veth0_to_bridge) entered forwarding state [ 184.154750][T11105] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 184.247441][T11118] netlink: 'syz.4.1610': attribute type 34 has an invalid length. [ 184.490823][T11133] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1615'. [ 184.624171][T11124] netlink: 'syz.1.1613': attribute type 9 has an invalid length. [ 184.739171][T11151] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1621'. [ 184.758597][T11148] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1620'. [ 184.965252][T11163] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1626'. [ 185.106130][T11171] netlink: 'syz.1.1630': attribute type 6 has an invalid length. [ 185.125237][T11171] netlink: 'syz.1.1630': attribute type 7 has an invalid length. [ 185.141864][T11171] netlink: 'syz.1.1630': attribute type 8 has an invalid length. [ 185.222926][T11171] x_tables: duplicate underflow at hook 1 [ 185.264321][T11182] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1632'. [ 185.284680][T11185] FAULT_INJECTION: forcing a failure. [ 185.284680][T11185] name failslab, interval 1, probability 0, space 0, times 0 [ 185.323685][T11185] CPU: 1 UID: 0 PID: 11185 Comm: syz.0.1633 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 185.334488][T11185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 185.344566][T11185] Call Trace: [ 185.347860][T11185] [ 185.350804][T11185] dump_stack_lvl+0x241/0x360 [ 185.355516][T11185] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.360745][T11185] ? __pfx__printk+0x10/0x10 [ 185.365363][T11185] ? __kmalloc_cache_node_noprof+0x47/0x3a0 [ 185.371279][T11185] ? __pfx___might_resched+0x10/0x10 [ 185.376590][T11185] should_fail_ex+0x3b0/0x4e0 [ 185.381308][T11185] should_failslab+0xac/0x100 [ 185.385994][T11185] ? __get_vm_area_node+0x132/0x2d0 [ 185.391193][T11185] __kmalloc_cache_node_noprof+0x6f/0x3a0 [ 185.396916][T11185] __get_vm_area_node+0x132/0x2d0 [ 185.401942][T11185] __vmalloc_node_range_noprof+0x344/0x1380 [ 185.407839][T11185] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 185.413382][T11185] ? mark_lock+0x9a/0x360 [ 185.417732][T11185] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 185.424067][T11185] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 185.429606][T11185] __vmalloc_noprof+0x79/0x90 [ 185.434283][T11185] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 185.439827][T11185] bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 185.445199][T11185] ? bpf_prog_alloc+0x28/0x1b0 [ 185.449965][T11185] bpf_prog_alloc+0x3a/0x1b0 [ 185.454552][T11185] bpf_prog_load+0x7f7/0x20f0 [ 185.459234][T11185] ? __pfx_bpf_prog_load+0x10/0x10 [ 185.464346][T11185] ? __pfx___might_resched+0x10/0x10 [ 185.469648][T11185] ? __might_fault+0xc6/0x120 [ 185.474324][T11185] __sys_bpf+0x4ee/0x810 [ 185.478568][T11185] ? __pfx___sys_bpf+0x10/0x10 [ 185.483335][T11185] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 185.489313][T11185] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 185.495642][T11185] ? do_syscall_64+0x100/0x230 [ 185.500406][T11185] __x64_sys_bpf+0x7c/0x90 [ 185.504826][T11185] do_syscall_64+0xf3/0x230 [ 185.509326][T11185] ? clear_bhb_loop+0x35/0x90 [ 185.514002][T11185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.519891][T11185] RIP: 0033:0x7f768f585d29 [ 185.524301][T11185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.543905][T11185] RSP: 002b:00007f768d3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 185.552329][T11185] RAX: ffffffffffffffda RBX: 00007f768f775fa0 RCX: 00007f768f585d29 [ 185.560298][T11185] RDX: 0000000000000094 RSI: 0000000020000a80 RDI: 0000000000000005 [ 185.568273][T11185] RBP: 00007f768d3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 185.576257][T11185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.584242][T11185] R13: 0000000000000000 R14: 00007f768f775fa0 R15: 00007fffe513d5d8 [ 185.592230][T11185] [ 185.683314][T11185] syz.0.1633: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 185.700840][T11185] CPU: 0 UID: 0 PID: 11185 Comm: syz.0.1633 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 185.711635][T11185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 185.721710][T11185] Call Trace: [ 185.725002][T11185] [ 185.727953][T11185] dump_stack_lvl+0x241/0x360 [ 185.732659][T11185] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.737886][T11185] ? __pfx__printk+0x10/0x10 [ 185.742504][T11185] ? __rcu_read_unlock+0xa1/0x110 [ 185.747643][T11185] warn_alloc+0x278/0x410 [ 185.751996][T11185] ? __pfx_warn_alloc+0x10/0x10 [ 185.756870][T11185] ? __kasan_kmalloc+0x23/0xb0 [ 185.761660][T11185] ? __kmalloc_cache_node_noprof+0x25d/0x3a0 [ 185.767668][T11185] ? __get_vm_area_node+0x280/0x2d0 [ 185.772908][T11185] __vmalloc_node_range_noprof+0x369/0x1380 [ 185.778823][T11185] ? mark_lock+0x9a/0x360 [ 185.783195][T11185] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 185.789556][T11185] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 185.795125][T11185] __vmalloc_noprof+0x79/0x90 [ 185.799820][T11185] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 185.805389][T11185] bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 185.810783][T11185] ? bpf_prog_alloc+0x28/0x1b0 [ 185.815570][T11185] bpf_prog_alloc+0x3a/0x1b0 [ 185.820189][T11185] bpf_prog_load+0x7f7/0x20f0 [ 185.824905][T11185] ? __pfx_bpf_prog_load+0x10/0x10 [ 185.830044][T11185] ? __pfx___might_resched+0x10/0x10 [ 185.835371][T11185] ? __might_fault+0xc6/0x120 [ 185.840075][T11185] __sys_bpf+0x4ee/0x810 [ 185.844347][T11185] ? __pfx___sys_bpf+0x10/0x10 [ 185.849146][T11185] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 185.855155][T11185] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 185.861509][T11185] ? do_syscall_64+0x100/0x230 [ 185.866305][T11185] __x64_sys_bpf+0x7c/0x90 [ 185.870755][T11185] do_syscall_64+0xf3/0x230 [ 185.875285][T11185] ? clear_bhb_loop+0x35/0x90 [ 185.879984][T11185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.885899][T11185] RIP: 0033:0x7f768f585d29 [ 185.890334][T11185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.909962][T11185] RSP: 002b:00007f768d3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 185.918400][T11185] RAX: ffffffffffffffda RBX: 00007f768f775fa0 RCX: 00007f768f585d29 [ 185.926390][T11185] RDX: 0000000000000094 RSI: 0000000020000a80 RDI: 0000000000000005 [ 185.934385][T11185] RBP: 00007f768d3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 185.942375][T11185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.950361][T11185] R13: 0000000000000000 R14: 00007f768f775fa0 R15: 00007fffe513d5d8 [ 185.958369][T11185] [ 185.983854][T11185] Mem-Info: [ 186.009430][T11185] active_anon:3303 inactive_anon:0 isolated_anon:0 [ 186.009430][T11185] active_file:1743 inactive_file:38298 isolated_file:0 [ 186.009430][T11185] unevictable:768 dirty:239 writeback:0 [ 186.009430][T11185] slab_reclaimable:11065 slab_unreclaimable:100564 [ 186.009430][T11185] mapped:31767 shmem:1415 pagetables:628 [ 186.009430][T11185] sec_pagetables:0 bounce:0 [ 186.009430][T11185] kernel_misc_reclaimable:0 [ 186.009430][T11185] free:1316504 free_pcp:1484 free_cma:0 [ 186.128965][T11185] Node 0 active_anon:13316kB inactive_anon:0kB active_file:6972kB inactive_file:153124kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:127080kB dirty:988kB writeback:0kB shmem:4124kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10892kB pagetables:2692kB sec_pagetables:0kB all_unreclaimable? no [ 186.183165][T11185] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 186.213744][T11185] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 186.255102][T11204] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 186.277618][T11185] lowmem_reserve[]: 0 2465 2466 0 0 [ 186.290311][T11185] Node 0 DMA32 free:1352580kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:13072kB inactive_anon:0kB active_file:6972kB inactive_file:152300kB unevictable:1536kB writepending:988kB present:3129332kB managed:2552764kB mlocked:0kB bounce:0kB free_pcp:16108kB local_pcp:192kB free_cma:0kB [ 186.364388][T11185] lowmem_reserve[]: 0 0 0 0 0 [ 186.373647][T11185] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 186.411373][T11185] lowmem_reserve[]: 0 0 0 0 0 [ 186.416327][T11185] Node 1 Normal free:3907732kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:32kB free_cma:0kB [ 186.473739][T11185] lowmem_reserve[]: 0 0 0 0 0 [ 186.491165][T11185] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 186.510763][T11209] FAULT_INJECTION: forcing a failure. [ 186.510763][T11209] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 186.530208][T11185] Node 0 DMA32: 635*4kB (UME) 834*8kB (UME) 522*16kB (UME) 220*32kB (UME) 78*64kB (UME) 83*128kB (UM) 87*256kB (UME) 42*512kB (UM) 22*1024kB (UME) 8*2048kB (UM) 302*4096kB (UM) = 1359900kB [ 186.547989][T11209] CPU: 1 UID: 0 PID: 11209 Comm: syz.3.1640 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 186.559857][T11209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 186.569743][T11185] Node 0 [ 186.569907][T11209] Call Trace: [ 186.569919][T11209] [ 186.569928][T11209] dump_stack_lvl+0x241/0x360 [ 186.572843][T11185] Normal: [ 186.576108][T11209] ? __pfx_dump_stack_lvl+0x10/0x10 [ 186.576134][T11209] ? __pfx__printk+0x10/0x10 [ 186.576158][T11209] ? __pfx_lock_release+0x10/0x10 [ 186.576185][T11209] should_fail_ex+0x3b0/0x4e0 [ 186.576216][T11209] _copy_from_user+0x2f/0xc0 [ 186.610823][T11209] copy_msghdr_from_user+0xae/0x680 [ 186.616036][T11209] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 186.621840][T11209] ? __fget_files+0x2a/0x410 [ 186.626433][T11209] ? __fget_files+0x2a/0x410 [ 186.631028][T11209] __sys_sendmsg+0x209/0x350 [ 186.635616][T11209] ? __pfx_lock_release+0x10/0x10 [ 186.640641][T11209] ? __pfx___sys_sendmsg+0x10/0x10 [ 186.645755][T11209] ? __pfx_vfs_write+0x10/0x10 [ 186.650530][T11209] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 186.656854][T11209] ? do_syscall_64+0x100/0x230 [ 186.661637][T11209] ? do_syscall_64+0xb6/0x230 [ 186.666328][T11209] do_syscall_64+0xf3/0x230 [ 186.670843][T11209] ? clear_bhb_loop+0x35/0x90 [ 186.675531][T11209] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.681432][T11209] RIP: 0033:0x7f3f58b85d29 [ 186.685850][T11209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 186.705468][T11209] RSP: 002b:00007f3f59a8a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 186.713886][T11209] RAX: ffffffffffffffda RBX: 00007f3f58d75fa0 RCX: 00007f3f58b85d29 [ 186.721853][T11209] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 186.729820][T11209] RBP: 00007f3f59a8a090 R08: 0000000000000000 R09: 0000000000000000 [ 186.737794][T11209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 186.745761][T11209] R13: 0000000000000000 R14: 00007f3f58d75fa0 R15: 00007fff0d179be8 [ 186.753740][T11209] [ 186.770540][T11185] 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 186.781256][T11185] Node 1 Normal: 197*4kB (UE) 44*8kB (UME) 32*16kB (UME) 217*32kB (UME) 86*64kB (UME) 29*128kB (UME) 21*256kB (UME) 13*512kB (UME) 5*1024kB (UME) 5*2048kB (UE) 943*4096kB (M) = 3907732kB [ 186.801759][T11185] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 186.811473][T11185] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 186.820860][T11185] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 186.830509][T11185] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 186.839910][T11185] 41458 total pagecache pages [ 186.844645][T11185] 0 pages in swap cache [ 186.848820][T11185] Free swap = 124996kB [ 186.853002][T11185] Total swap = 124996kB [ 186.857764][T11185] 2097051 pages RAM [ 186.861893][T11185] 0 pages HighMem/MovableOnly [ 186.866702][T11185] 427010 pages reserved [ 186.870871][T11185] 0 pages cma reserved [ 186.946983][T11214] vxcan1: entered allmulticast mode [ 187.006033][T11215] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 20001 - 0 [ 187.016755][T11215] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 20001 - 0 [ 187.041064][T11215] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 20001 - 0 [ 187.059284][T11215] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 20001 - 0 [ 187.075101][T11215] geneve2: entered promiscuous mode [ 187.167820][T11225] bridge_slave_1: left allmulticast mode [ 187.185665][T11225] bridge_slave_1: left promiscuous mode [ 187.191422][T11225] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.230213][T11225] bridge3: port 1(bridge_slave_1) entered blocking state [ 187.267355][T11225] bridge3: port 1(bridge_slave_1) entered disabled state [ 187.274986][T11225] bridge_slave_1: entered allmulticast mode [ 187.294016][T11233] netlink: 'syz.1.1645': attribute type 39 has an invalid length. [ 187.304141][T11225] bridge_slave_1: entered promiscuous mode [ 187.383729][T11236] __nla_validate_parse: 1 callbacks suppressed [ 187.383747][T11236] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1646'. [ 187.441111][T11236] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1646'. [ 188.375548][T11271] bridge0: port 4(veth0_to_bridge) entered blocking state [ 188.387662][T11272] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1658'. [ 188.404183][T11271] bridge0: port 4(veth0_to_bridge) entered disabled state [ 188.423717][T11274] FAULT_INJECTION: forcing a failure. [ 188.423717][T11274] name failslab, interval 1, probability 0, space 0, times 0 [ 188.450206][T11271] veth0_to_bridge: entered allmulticast mode [ 188.474311][T11271] veth0_to_bridge: entered promiscuous mode [ 188.474310][T11274] CPU: 1 UID: 0 PID: 11274 Comm: syz.2.1660 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 188.491003][T11274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 188.501079][T11274] Call Trace: [ 188.504385][T11274] [ 188.507334][T11274] dump_stack_lvl+0x241/0x360 [ 188.512043][T11274] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.517282][T11274] ? __pfx__printk+0x10/0x10 [ 188.521902][T11274] ? fs_reclaim_acquire+0x93/0x130 [ 188.527043][T11274] ? __pfx___might_resched+0x10/0x10 [ 188.532361][T11274] should_fail_ex+0x3b0/0x4e0 [ 188.537069][T11274] should_failslab+0xac/0x100 [ 188.541771][T11274] __kmalloc_noprof+0xdd/0x4c0 [ 188.546557][T11274] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 188.552306][T11274] tomoyo_realpath_from_path+0xcf/0x5e0 [ 188.557892][T11274] tomoyo_path_number_perm+0x236/0x860 [ 188.563376][T11274] ? __lock_acquire+0x1397/0x2100 [ 188.568429][T11274] ? tomoyo_path_number_perm+0x206/0x860 [ 188.574098][T11274] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 188.580141][T11274] ? __pfx___schedule+0x10/0x10 [ 188.585021][T11274] ? __fget_files+0x2a/0x410 [ 188.589643][T11274] ? __fget_files+0x2a/0x410 [ 188.594272][T11274] security_file_ioctl+0xc6/0x2a0 [ 188.599326][T11274] __se_sys_ioctl+0x46/0x170 [ 188.603942][T11274] do_syscall_64+0xf3/0x230 [ 188.608467][T11274] ? clear_bhb_loop+0x35/0x90 [ 188.613168][T11274] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.619085][T11274] RIP: 0033:0x7fcd96b85d29 [ 188.623519][T11274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.643145][T11274] RSP: 002b:00007fcd9796e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 188.651589][T11274] RAX: ffffffffffffffda RBX: 00007fcd96d75fa0 RCX: 00007fcd96b85d29 [ 188.659579][T11274] RDX: 0000000020000080 RSI: 00000000000089f0 RDI: 0000000000000003 [ 188.667565][T11274] RBP: 00007fcd9796e090 R08: 0000000000000000 R09: 0000000000000000 [ 188.675534][T11274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.683509][T11274] R13: 0000000000000000 R14: 00007fcd96d75fa0 R15: 00007ffd84445238 [ 188.691497][T11274] [ 188.750011][T11274] ERROR: Out of memory at tomoyo_realpath_from_path. [ 189.926549][T11326] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1678'. [ 189.980094][T11312] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1674'. [ 190.030499][T11312] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 190.351127][ T29] audit: type=1107 audit(1734632258.729:3): pid=11333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='‡'WP‚<|Á0ñl¨ýE× ƒVA>a…—tT«"ßLb [ 190.351127][ T29] 9YçÉŽÆÃ$þP ‚hy]' [ 190.420795][T11336] FAULT_INJECTION: forcing a failure. [ 190.420795][T11336] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 190.427927][T11345] vlan1: entered promiscuous mode [ 190.443735][T11336] CPU: 0 UID: 0 PID: 11336 Comm: syz.0.1682 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 190.454701][T11336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 190.459975][T11345] syz_tun: entered promiscuous mode [ 190.464754][T11336] Call Trace: [ 190.464767][T11336] [ 190.464776][T11336] dump_stack_lvl+0x241/0x360 [ 190.464809][T11336] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.464833][T11336] ? __pfx__printk+0x10/0x10 [ 190.464858][T11336] ? __pfx_lock_release+0x10/0x10 [ 190.495730][T11336] should_fail_ex+0x3b0/0x4e0 [ 190.500473][T11336] _copy_from_user+0x2f/0xc0 [ 190.505087][T11336] generic_map_update_batch+0x5ba/0x900 [ 190.510665][T11336] ? __pfx_generic_map_update_batch+0x10/0x10 [ 190.516731][T11336] ? __fget_files+0x395/0x410 [ 190.521405][T11336] ? __fget_files+0x2a/0x410 [ 190.526001][T11336] ? __pfx_generic_map_update_batch+0x10/0x10 [ 190.532064][T11336] bpf_map_do_batch+0x39a/0x660 [ 190.536919][T11336] __sys_bpf+0x377/0x810 [ 190.541159][T11336] ? __pfx___sys_bpf+0x10/0x10 [ 190.545925][T11336] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 190.551900][T11336] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 190.558226][T11336] ? do_syscall_64+0x100/0x230 [ 190.562998][T11336] __x64_sys_bpf+0x7c/0x90 [ 190.567417][T11336] do_syscall_64+0xf3/0x230 [ 190.571922][T11336] ? clear_bhb_loop+0x35/0x90 [ 190.576596][T11336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.582491][T11336] RIP: 0033:0x7f768f585d29 [ 190.586905][T11336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.606507][T11336] RSP: 002b:00007f768d3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 190.614920][T11336] RAX: ffffffffffffffda RBX: 00007f768f775fa0 RCX: 00007f768f585d29 [ 190.622885][T11336] RDX: 0000000000000038 RSI: 0000000020000200 RDI: 000000000000001a [ 190.630866][T11336] RBP: 00007f768d3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 190.638845][T11336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 190.646814][T11336] R13: 0000000000000000 R14: 00007f768f775fa0 R15: 00007fffe513d5d8 [ 190.654800][T11336] [ 190.689823][T11345] syz_tun: left promiscuous mode [ 190.873788][T11362] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1690'. [ 191.124356][T11378] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1697'. [ 191.178269][T11378] 1ªX¹¦À: renamed from 60ªX¹¦À [ 191.187552][T11378] 1ªX¹¦À: entered allmulticast mode [ 191.192843][T11378] A link change request failed with some changes committed already. Interface 61ªX¹¦À may have been left with an inconsistent configuration, please check. [ 191.255316][T11384] x_tables: ip6_tables: SECMARK.0 target: invalid size 264 (kernel) != (user) 0 [ 191.471790][T11397] netlink: 'syz.1.1704': attribute type 2 has an invalid length. [ 191.523883][T11397] netlink: 'syz.1.1704': attribute type 9 has an invalid length. [ 191.539510][T11397] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1704'. [ 191.558664][T11402] netlink: 'syz.4.1706': attribute type 3 has an invalid length. [ 191.566616][T11402] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1706'. [ 192.361331][T11450] vlan1: entered promiscuous mode [ 192.784056][T11474] netlink: 'syz.4.1732': attribute type 1 has an invalid length. [ 192.880909][T11481] 8021q: adding VLAN 0 to HW filter on device bond4 [ 192.891512][T11481] bond3: (slave bond4): making interface the new active one [ 192.904012][T11481] bond3: (slave bond4): Enslaving as an active interface with an up link [ 193.273924][T11501] netlink: 'syz.0.1738': attribute type 21 has an invalid length. [ 193.282001][T11501] IPv6: NLM_F_CREATE should be specified when creating new route [ 193.295464][T11501] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 193.303048][T11501] IPv6: NLM_F_CREATE should be set when creating new route [ 193.310334][T11501] IPv6: NLM_F_CREATE should be set when creating new route [ 193.317590][T11501] IPv6: NLM_F_CREATE should be set when creating new route [ 193.416639][T11512] netlink: 'syz.1.1743': attribute type 1 has an invalid length. [ 193.431628][T11512] netlink: 'syz.1.1743': attribute type 3 has an invalid length. [ 193.450354][T11512] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1743'. [ 193.467171][T11512] NCSI netlink: No device for ifindex 0 [ 193.478554][T11515] vlan2: entered promiscuous mode [ 193.483910][T11515] ip6gretap0: entered promiscuous mode [ 193.502014][T11515] ip6gretap0: left promiscuous mode [ 193.594148][T11517] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.623710][T11517] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 193.638355][T11517] netdevsim netdevsim4 eth3 (unregistering): unset [1, 2] type 2 family 0 port 20001 - 0 [ 193.760250][T11517] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.809283][T11517] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 193.834772][T11517] netdevsim netdevsim4 eth2 (unregistering): unset [1, 2] type 2 family 0 port 20001 - 0 [ 193.875797][T11539] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1754'. [ 193.919663][T11517] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.935921][T11517] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 193.954693][T11517] netdevsim netdevsim4 eth1 (unregistering): unset [1, 2] type 2 family 0 port 20001 - 0 [ 194.032811][T11550] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 194.051806][T11517] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.075804][T11517] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 194.098582][T11517] netdevsim netdevsim4 eth0 (unregistering): unset [1, 2] type 2 family 0 port 20001 - 0 [ 194.346205][T11517] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20001 - 0 [ 194.364021][T11569] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1762'. [ 194.371629][T11517] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 194.393529][T11517] netdevsim netdevsim4 eth0: set [1, 2] type 2 family 0 port 6081 - 0 [ 194.442929][T11517] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20001 - 0 [ 194.471646][T11517] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 194.493787][T11517] netdevsim netdevsim4 eth1: set [1, 2] type 2 family 0 port 6081 - 0 [ 194.528554][T11517] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20001 - 0 [ 194.543168][T11517] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 194.552094][T11517] netdevsim netdevsim4 eth2: set [1, 2] type 2 family 0 port 6081 - 0 [ 194.946027][T11574] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 194.994180][T11574] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 195.018438][T11574] bond0 (unregistering): Released all slaves [ 195.047329][T11517] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20001 - 0 [ 195.067000][T11517] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 195.079244][T11517] netdevsim netdevsim4 eth3: set [1, 2] type 2 family 0 port 6081 - 0 [ 195.098238][T11592] FAULT_INJECTION: forcing a failure. [ 195.098238][T11592] name failslab, interval 1, probability 0, space 0, times 0 [ 195.112987][T11590] tipc: Started in network mode [ 195.126556][T11590] tipc: Node identity 7, cluster identity 4711 [ 195.163286][T11592] CPU: 0 UID: 0 PID: 11592 Comm: syz.2.1768 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 195.174091][T11592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 195.184163][T11592] Call Trace: [ 195.187462][T11592] [ 195.190412][T11592] dump_stack_lvl+0x241/0x360 [ 195.195121][T11592] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.200349][T11592] ? __pfx__printk+0x10/0x10 [ 195.204968][T11592] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 195.210974][T11592] ? __pfx___might_resched+0x10/0x10 [ 195.216285][T11592] should_fail_ex+0x3b0/0x4e0 [ 195.217500][T11590] tipc: Node number set to 7 [ 195.220976][T11592] should_failslab+0xac/0x100 [ 195.221008][T11592] kmem_cache_alloc_node_noprof+0x77/0x380 [ 195.236071][T11592] ? __alloc_skb+0x1c3/0x440 [ 195.240687][T11592] __alloc_skb+0x1c3/0x440 [ 195.245135][T11592] ? __pfx___alloc_skb+0x10/0x10 [ 195.250099][T11592] ? netlink_ack_tlv_len+0x6e/0x200 [ 195.255308][T11592] netlink_ack+0x145/0xa50 [ 195.259785][T11592] netlink_rcv_skb+0x262/0x430 [ 195.264555][T11592] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 195.270038][T11592] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 195.275358][T11592] ? netlink_deliver_tap+0x2e/0x1b0 [ 195.280678][T11592] netlink_unicast+0x7f6/0x990 [ 195.285471][T11592] ? __pfx_netlink_unicast+0x10/0x10 [ 195.290761][T11592] ? __virt_addr_valid+0x45f/0x530 [ 195.295878][T11592] ? __phys_addr_symbol+0x2f/0x70 [ 195.300903][T11592] ? __check_object_size+0x47a/0x730 [ 195.306188][T11592] netlink_sendmsg+0x8e4/0xcb0 [ 195.310955][T11592] ? __pfx_netlink_sendmsg+0x10/0x10 [ 195.316242][T11592] ? aa_sock_msg_perm+0x91/0x160 [ 195.321177][T11592] ? __pfx_netlink_sendmsg+0x10/0x10 [ 195.326455][T11592] __sock_sendmsg+0x221/0x270 [ 195.331133][T11592] ____sys_sendmsg+0x52a/0x7e0 [ 195.335899][T11592] ? __pfx_____sys_sendmsg+0x10/0x10 [ 195.341193][T11592] ? __fget_files+0x2a/0x410 [ 195.345803][T11592] ? __fget_files+0x2a/0x410 [ 195.350407][T11592] __sys_sendmsg+0x269/0x350 [ 195.355001][T11592] ? __pfx_lock_release+0x10/0x10 [ 195.360030][T11592] ? __pfx___sys_sendmsg+0x10/0x10 [ 195.365150][T11592] ? __pfx_vfs_write+0x10/0x10 [ 195.369926][T11592] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 195.376247][T11592] ? do_syscall_64+0x100/0x230 [ 195.381006][T11592] ? do_syscall_64+0xb6/0x230 [ 195.385679][T11592] do_syscall_64+0xf3/0x230 [ 195.390176][T11592] ? clear_bhb_loop+0x35/0x90 [ 195.394858][T11592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.400744][T11592] RIP: 0033:0x7fcd96b85d29 [ 195.405154][T11592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.424759][T11592] RSP: 002b:00007fcd9796e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 195.433169][T11592] RAX: ffffffffffffffda RBX: 00007fcd96d75fa0 RCX: 00007fcd96b85d29 [ 195.441134][T11592] RDX: 0000000000040880 RSI: 0000000020000000 RDI: 0000000000000003 [ 195.449099][T11592] RBP: 00007fcd9796e090 R08: 0000000000000000 R09: 0000000000000000 [ 195.457066][T11592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 195.465028][T11592] R13: 0000000000000000 R14: 00007fcd96d75fa0 R15: 00007ffd84445238 [ 195.473005][T11592] [ 195.485329][T11595] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1769'. [ 195.786161][T11610] netlink: 'syz.2.1776': attribute type 1 has an invalid length. [ 195.826995][T11610] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1776'. [ 195.841434][T11617] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1776'. [ 195.873794][T11610] netlink: 508 bytes leftover after parsing attributes in process `syz.2.1776'. [ 195.964445][T11621] lo speed is unknown, defaulting to 1000 [ 195.985880][T11621] lo speed is unknown, defaulting to 1000 [ 196.014654][T11621] lo speed is unknown, defaulting to 1000 [ 196.064639][T11625] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1782'. [ 196.196685][T11635] hsr0: entered promiscuous mode [ 196.324124][T11621] infiniband syz0: set down [ 196.337402][T11621] infiniband syz0: added lo [ 196.368716][ T5922] lo speed is unknown, defaulting to 1000 [ 196.368783][T11640] mac80211_hwsim hwsim10 syzkaller0: entered promiscuous mode [ 196.390917][T11640] mac80211_hwsim hwsim10 syzkaller0: entered allmulticast mode [ 196.426193][T11645] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1787'. [ 196.470236][T11621] RDS/IB: syz0: added [ 196.481316][T11621] smc: adding ib device syz0 with port count 1 [ 196.487967][T11621] smc: ib device syz0 port 1 has pnetid [ 196.579664][T11651] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1787'. [ 196.708828][ T5840] lo speed is unknown, defaulting to 1000 [ 196.720275][T11638] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.731203][T11638] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0 [ 196.749920][T11621] lo speed is unknown, defaulting to 1000 [ 196.880538][T11621] lo speed is unknown, defaulting to 1000 [ 196.931666][T11638] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.948595][T11638] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0 [ 197.011934][T11621] lo speed is unknown, defaulting to 1000 [ 197.038109][T11638] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.067034][T11638] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0 [ 197.121820][T11621] lo speed is unknown, defaulting to 1000 [ 197.158096][T11638] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.183137][T11638] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0 [ 197.261634][T11621] lo speed is unknown, defaulting to 1000 [ 197.291337][T11638] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20001 - 0 [ 197.302745][T11638] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 197.326768][T11638] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20001 - 0 [ 197.336784][T11638] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 197.373186][T11638] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20001 - 0 [ 197.392624][T11638] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 197.418885][T11638] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20001 - 0 [ 197.427530][T11638] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 197.553753][T11678] FAULT_INJECTION: forcing a failure. [ 197.553753][T11678] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 197.574268][T11678] CPU: 1 UID: 0 PID: 11678 Comm: syz.3.1798 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 197.585071][T11678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 197.595156][T11678] Call Trace: [ 197.598446][T11678] [ 197.601392][T11678] dump_stack_lvl+0x241/0x360 [ 197.606098][T11678] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.611327][T11678] ? __pfx__printk+0x10/0x10 [ 197.615938][T11678] ? __pfx_lock_release+0x10/0x10 [ 197.620993][T11678] should_fail_ex+0x3b0/0x4e0 [ 197.625707][T11678] _copy_from_user+0x2f/0xc0 [ 197.630326][T11678] copy_msghdr_from_user+0xae/0x680 [ 197.635548][T11678] ? __pfx___might_resched+0x10/0x10 [ 197.641092][T11678] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 197.646924][T11678] ? do_recvmmsg+0x44e/0xab0 [ 197.651514][T11678] ? __might_fault+0xaa/0x120 [ 197.656189][T11678] do_recvmmsg+0x3bd/0xab0 [ 197.660697][T11678] ? __pfx_do_recvmmsg+0x10/0x10 [ 197.665656][T11678] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 197.671573][T11678] ? ksys_write+0x22a/0x2b0 [ 197.676081][T11678] ? __pfx_lock_release+0x10/0x10 [ 197.681135][T11678] ? vfs_write+0x730/0xd30 [ 197.685555][T11678] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 197.691538][T11678] ? __fget_files+0x2a/0x410 [ 197.696145][T11678] __x64_sys_recvmmsg+0x199/0x250 [ 197.701176][T11678] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 197.706723][T11678] ? do_syscall_64+0x100/0x230 [ 197.711484][T11678] ? do_syscall_64+0xb6/0x230 [ 197.716166][T11678] do_syscall_64+0xf3/0x230 [ 197.720664][T11678] ? clear_bhb_loop+0x35/0x90 [ 197.725339][T11678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.731247][T11678] RIP: 0033:0x7f3f58b85d29 [ 197.735670][T11678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.755283][T11678] RSP: 002b:00007f3f59a8a038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 197.763698][T11678] RAX: ffffffffffffffda RBX: 00007f3f58d75fa0 RCX: 00007f3f58b85d29 [ 197.771664][T11678] RDX: 0204083acb88ff8b RSI: 0000000020000600 RDI: 0000000000000004 [ 197.779630][T11678] RBP: 00007f3f59a8a090 R08: 0000000000000000 R09: 0000000000000000 [ 197.788289][T11678] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 197.796273][T11678] R13: 0000000000000000 R14: 00007f3f58d75fa0 R15: 00007fff0d179be8 [ 197.804256][T11678] [ 197.988628][T11693] Bluetooth: MGMT ver 1.23 [ 198.030670][T11693] mac80211_hwsim hwsim10 syzkaller0: left promiscuous mode [ 198.059561][T11693] mac80211_hwsim hwsim10 syzkaller0: left allmulticast mode [ 198.486315][T11719] netlink: 'syz.3.1815': attribute type 34 has an invalid length. [ 198.606978][T11727] netlink: 'syz.3.1818': attribute type 34 has an invalid length. [ 198.690123][T11733] __nla_validate_parse: 4 callbacks suppressed [ 198.690142][T11733] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1819'. [ 198.988112][T11745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1828'. [ 199.025227][T11749] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1826'. [ 199.047324][T11749] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1826'. [ 199.215340][T11756] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1831'. [ 199.438402][T11765] lo speed is unknown, defaulting to 1000 [ 199.950498][T11779] lo speed is unknown, defaulting to 1000 [ 200.064922][T11791] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1844'. [ 200.105680][T11794] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1845'. [ 200.690952][T11796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:24) already exists on: dummy0 [ 200.705401][T11796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.192930][T11812] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 201.203826][T11812] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 201.405835][T11812] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 201.433592][T11812] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 201.567877][T11812] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 201.590094][T11812] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 201.671531][T11812] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 201.681703][T11812] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 201.782925][T11812] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20001 - 0 [ 201.834026][T11812] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 201.861827][T11812] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20001 - 0 [ 201.883631][T11812] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 201.899843][T11812] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20001 - 0 [ 201.934271][T11812] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 201.991502][T11812] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20001 - 0 [ 202.002354][T11830] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1856'. [ 202.057967][T11812] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 202.365886][T11842] lo speed is unknown, defaulting to 1000 [ 202.436839][T11849] netlink: 'syz.4.1862': attribute type 12 has an invalid length. [ 202.455218][T11849] netlink: 'syz.4.1862': attribute type 29 has an invalid length. [ 202.468457][T11849] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1862'. [ 202.797588][T11854] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1864'. [ 203.856848][T11874] netlink: 'syz.1.1870': attribute type 4 has an invalid length. [ 203.897579][T11874] __nla_validate_parse: 4 callbacks suppressed [ 203.897599][T11874] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1870'. [ 203.981484][T11878] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1872'. [ 204.046890][T11876] vlan4: entered promiscuous mode [ 204.064603][T11876] ip6gretap0: entered promiscuous mode [ 204.089949][T11876] ip6gretap0: left promiscuous mode [ 204.115520][T11884] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1872'. [ 204.130226][T11884] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1872'. [ 204.462174][T11897] bond0: entered promiscuous mode [ 204.474106][T11897] bond0: left promiscuous mode [ 204.505020][T11899] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1880'. [ 204.690234][T11905] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1882'. [ 204.784116][T11905] netlink: 'syz.3.1882': attribute type 5 has an invalid length. [ 204.802220][T11905] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1882'. [ 205.336503][T11947] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1896'. [ 206.135473][T11978] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1909'. [ 206.339158][T11984] xt_bpf: check failed: parse error [ 206.487159][T11993] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1914'. [ 206.916656][T12025] netlink: 'syz.2.1925': attribute type 10 has an invalid length. [ 206.930764][T12025] team0: Device veth0_macvtap is up. Set it down before adding it as a team port [ 207.305413][T12044] veth1_macvtap: left promiscuous mode [ 207.523121][ T29] audit: type=1107 audit(1734632275.899:4): pid=12046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='‡'WP‚<|Á0ñl¨ýE× ƒVA>a…—tT«"ßLb [ 207.523121][ T29] 9YçÉŽÆÃ$þP ‚hy]' [ 207.667422][T12069] netlink: 'syz.0.1940': attribute type 9 has an invalid length. [ 207.671287][T12074] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 207.683190][T12070] netlink: 'syz.0.1940': attribute type 9 has an invalid length. [ 207.703060][T12074] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 207.853249][T12081] 1ªX¹¦À: renamed from 60ªX¹¦À [ 207.894736][T12085] rdma_op ffff88805eafb9f0 conn xmit_rdma 0000000000000000 [ 207.920191][T12081] A link change request failed with some changes committed already. Interface 61ªX¹¦À may have been left with an inconsistent configuration, please check. [ 207.986379][T12083] batadv_slave_1: entered promiscuous mode [ 208.177710][T12097] xt_SECMARK: invalid mode: 0 [ 208.570537][T12115] netlink: 'syz.4.1958': attribute type 16 has an invalid length. [ 208.585490][T12115] netlink: 'syz.4.1958': attribute type 17 has an invalid length. [ 208.597100][T12123] netlink: 'syz.1.1960': attribute type 34 has an invalid length. [ 208.912858][T12140] lo speed is unknown, defaulting to 1000 [ 209.108909][T12147] __nla_validate_parse: 13 callbacks suppressed [ 209.108929][T12147] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1971'. [ 209.271038][T12151] lo: entered allmulticast mode [ 209.292467][T12151] tunl0: entered allmulticast mode [ 209.331307][T12151] gre0: entered allmulticast mode [ 209.375652][T12151] gretap0: entered allmulticast mode [ 209.411952][T12160] sctp: [Deprecated]: syz.1.1974 (pid 12160) Use of struct sctp_assoc_value in delayed_ack socket option. [ 209.411952][T12160] Use struct sctp_sack_info instead [ 209.469582][T12151] erspan0: entered allmulticast mode [ 209.502182][T12151] ip_vti0: entered allmulticast mode [ 209.544905][T12151] ip6_vti0: entered allmulticast mode [ 209.574784][T12151] sit0: entered allmulticast mode [ 209.607511][T12151] ip6tnl0: entered allmulticast mode [ 209.639634][T12151] ip6gre0: entered allmulticast mode [ 209.747243][T12151] bridge0: port 3(ip6gretap0) entered disabled state [ 209.776723][T12151] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.784848][T12151] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.793896][T12151] bridge0: entered allmulticast mode [ 209.811915][T12151] vcan0: entered allmulticast mode [ 209.825329][T12151] bond0: left promiscuous mode [ 209.836046][T12151] bond_slave_0: left promiscuous mode [ 209.841836][T12151] bond_slave_1: left promiscuous mode [ 209.847730][T12151] mac80211_hwsim hwsim10 wlan1: left promiscuous mode [ 209.858741][T12151] bond0: entered allmulticast mode [ 209.864167][T12151] bond_slave_0: entered allmulticast mode [ 209.871227][T12151] bond_slave_1: entered allmulticast mode [ 209.892665][T12151] team0: entered allmulticast mode [ 209.902091][T12151] team_slave_0: entered allmulticast mode [ 209.908119][T12151] team_slave_1: entered allmulticast mode [ 209.921339][T12151] dummy0: entered allmulticast mode [ 209.940710][T12151] nlmon0: entered allmulticast mode [ 209.959103][T12151] batadv0: left promiscuous mode [ 209.976326][T12151] batadv0: entered allmulticast mode [ 210.005118][T12151] veth0: entered allmulticast mode [ 210.022651][T12151] veth1: entered allmulticast mode [ 210.053435][T12151] wg0: entered allmulticast mode [ 210.085660][T12151] wg1: entered allmulticast mode [ 210.118542][T12151] wg2: entered allmulticast mode [ 210.151959][T12151] veth0_to_bridge: entered allmulticast mode [ 210.184114][T12151] veth1_to_bridge: entered allmulticast mode [ 210.239826][T12151] veth0_to_bond: entered allmulticast mode [ 210.312318][T12151] veth1_to_bond: entered allmulticast mode [ 210.369110][T12151] veth0_to_team: left promiscuous mode [ 210.393278][T12151] veth1_to_team: entered allmulticast mode [ 210.420648][T12151] veth0_to_batadv: entered allmulticast mode [ 210.440071][T12151] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 210.454081][T12151] batadv_slave_0: entered allmulticast mode [ 210.473722][T12151] xfrm0: entered allmulticast mode [ 210.490218][T12151] veth0_to_hsr: entered allmulticast mode [ 210.510227][T12151] hsr_slave_0: entered allmulticast mode [ 210.532688][T12151] veth1_to_hsr: entered allmulticast mode [ 210.579784][T12151] hsr_slave_1: entered allmulticast mode [ 210.597211][T12151] hsr0: entered allmulticast mode [ 210.616283][T12151] veth1_virt_wifi: entered allmulticast mode [ 210.634557][T12151] veth0_virt_wifi: entered allmulticast mode [ 210.657589][T12151] veth1_macvtap: entered allmulticast mode [ 210.676705][T12151] veth0_macvtap: entered allmulticast mode [ 210.696129][T12151] macvtap0: entered allmulticast mode [ 210.714626][T12151] macsec0: entered allmulticast mode [ 210.731600][T12151] netdevsim netdevsim0 eth0: unset [1, 1] type 2 family 0 port 6081 - 0 [ 210.745364][T12151] netdevsim netdevsim0 eth1: unset [1, 1] type 2 family 0 port 6081 - 0 [ 210.754600][T12151] netdevsim netdevsim0 eth2: unset [1, 1] type 2 family 0 port 6081 - 0 [ 210.762956][T12151] netdevsim netdevsim0 eth3: unset [1, 1] type 2 family 0 port 6081 - 0 [ 210.772195][T12151] geneve0: entered allmulticast mode [ 210.783594][T12151] geneve1: entered allmulticast mode [ 210.805692][T12151] mac80211_hwsim hwsim10 syzkaller0: entered allmulticast mode [ 210.815055][T12151] bridge1: entered allmulticast mode [ 210.820455][T12151] vlan0: entered allmulticast mode [ 210.832314][T12151] syztnl1: entered allmulticast mode [ 210.838804][T12151] uóu8ä†ÝcÎ": entered allmulticast mode [ 210.849821][T12151] veth2: entered allmulticast mode [ 210.855836][T12151] veth3: entered allmulticast mode [ 210.861597][T12151] bridge2: left promiscuous mode [ 210.871077][T12151] veth4: entered allmulticast mode [ 210.876861][T12151] veth5: entered allmulticast mode [ 210.882862][T12151] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 20001 - 0 [ 210.891606][T12151] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 20001 - 0 [ 210.900259][T12151] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 20001 - 0 [ 210.908851][T12151] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 20001 - 0 [ 210.922262][T12151] geneve2: left promiscuous mode [ 210.927562][T12151] geneve2: entered allmulticast mode [ 210.940133][T12151] netdevsim netdevsim0 eth0: entered allmulticast mode [ 210.947477][T12151] netdevsim netdevsim0 eth1: entered allmulticast mode [ 210.954679][T12151] netdevsim netdevsim0 eth2: entered allmulticast mode [ 210.962182][T12151] netdevsim netdevsim0 eth3: entered allmulticast mode [ 210.972143][T12162] tap0: tun_chr_ioctl cmd 1074025677 [ 210.977866][T12162] tap0: linktype set to 805 [ 211.197237][T12197] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1984'. [ 211.455065][T12205] xt_bpf: check failed: parse error [ 211.536233][T12210] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1989'. [ 211.555822][T12210] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1989'. [ 211.684357][T12221] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1992'. [ 211.748518][T12222] netlink: 'syz.1.1991': attribute type 5 has an invalid length. [ 211.750371][T12221] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1992'. [ 212.184099][T12237] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1998'. [ 212.408105][T12250] netlink: 'syz.2.2004': attribute type 28 has an invalid length. [ 212.467170][T12250] x_tables: ip_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 212.617718][T12261] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2005'. [ 212.637361][T12261] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2005'. [ 212.775512][T12265] vlan4: entered promiscuous mode [ 213.363647][T12301] netlink: 'syz.0.2021': attribute type 4 has an invalid length. [ 213.398848][T12301] netlink: 'syz.0.2021': attribute type 4 has an invalid length. [ 213.495527][T12306] netlink: 'syz.3.2023': attribute type 1 has an invalid length. [ 213.616921][T12313] 8021q: adding VLAN 0 to HW filter on device bond2 [ 213.649466][T12313] bond0: (slave bond2): making interface the new active one [ 213.669749][T12313] bond0: (slave bond2): Enslaving as an active interface with an up link [ 213.712027][T12321] bridge0: port 2(gretap0) entered blocking state [ 213.720503][T12321] bridge0: port 2(gretap0) entered disabled state [ 213.742952][T12321] gretap0: entered allmulticast mode [ 213.753394][T12324] FAULT_INJECTION: forcing a failure. [ 213.753394][T12324] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 213.754248][T12324] [ 213.754254][T12324] ====================================================== [ 213.754259][T12324] WARNING: possible circular locking dependency detected [ 213.754266][T12324] 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 Not tainted [ 213.754274][T12324] ------------------------------------------------------ [ 213.754279][T12324] syz.3.2029/12324 is trying to acquire lock: [ 213.754286][T12324] ffffffff8e813440 (console_owner){..-.}-{0:0}, at: console_flush_all+0x1a3/0xeb0 [ 213.754321][T12324] [ 213.754321][T12324] but task is already holding lock: [ 213.754325][T12324] ffff8880b873e8d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 213.754358][T12324] [ 213.754358][T12324] which lock already depends on the new lock. [ 213.754358][T12324] [ 213.754363][T12324] [ 213.754363][T12324] the existing dependency chain (in reverse order) is: [ 213.754368][T12324] [ 213.754368][T12324] -> #4 (&rq->__lock){-.-.}-{2:2}: [ 213.754386][T12324] lock_acquire+0x1ed/0x550 [ 213.754400][T12324] _raw_spin_lock_nested+0x31/0x40 [ 213.754411][T12324] raw_spin_rq_lock_nested+0x2a/0x140 [ 213.754431][T12324] task_rq_lock+0xc6/0x360 [ 213.754442][T12324] cgroup_move_task+0x9b/0x5a0 [ 213.754455][T12324] css_set_move_task+0x72e/0x950 [ 213.754464][T12324] cgroup_post_fork+0x256/0x880 [ 213.754472][T12324] copy_process+0x39e9/0x3d50 [ 213.754480][T12324] kernel_clone+0x226/0x8e0 [ 213.754489][T12324] user_mode_thread+0x132/0x1a0 [ 213.754499][T12324] rest_init+0x23/0x300 [ 213.754509][T12324] start_kernel+0x47f/0x500 [ 213.754525][T12324] x86_64_start_reservations+0x2a/0x30 [ 213.754535][T12324] x86_64_start_kernel+0x9f/0xa0 [ 213.754543][T12324] common_startup_64+0x13e/0x147 [ 213.754556][T12324] [ 213.754556][T12324] -> #3 (&p->pi_lock){-.-.}-{2:2}: [ 213.754569][T12324] lock_acquire+0x1ed/0x550 [ 213.754579][T12324] _raw_spin_lock_irqsave+0xd5/0x120 [ 213.754592][T12324] try_to_wake_up+0xc2/0x1470 [ 213.754602][T12324] __wake_up_common_lock+0x130/0x1e0 [ 213.754612][T12324] tty_port_default_wakeup+0xa6/0xf0 [ 213.754622][T12324] serial8250_tx_chars+0x6e2/0x930 [ 213.754636][T12324] serial8250_handle_irq+0x630/0xb80 [ 213.754649][T12324] serial8250_default_handle_irq+0xd1/0x1f0 [ 213.754659][T12324] serial8250_interrupt+0xa9/0x1f0 [ 213.754670][T12324] __handle_irq_event_percpu+0x29a/0xa60 [ 213.754679][T12324] handle_irq_event+0x89/0x1f0 [ 213.754687][T12324] handle_edge_irq+0x25f/0xc20 [ 213.754700][T12324] __common_interrupt+0x136/0x230 [ 213.754714][T12324] common_interrupt+0x5e/0xd0 [ 213.754725][T12324] asm_common_interrupt+0x26/0x40 [ 213.754736][T12324] [ 213.754736][T12324] -> #2 (&tty->write_wait){-...}-{3:3}: [ 213.754749][T12324] lock_acquire+0x1ed/0x550 [ 213.754759][T12324] _raw_spin_lock_irqsave+0xd5/0x120 [ 213.754778][T12324] __wake_up_common_lock+0x25/0x1e0 [ 213.754788][T12324] tty_port_default_wakeup+0xa6/0xf0 [ 213.754796][T12324] serial8250_tx_chars+0x6e2/0x930 [ 213.754809][T12324] serial8250_handle_irq+0x630/0xb80 [ 213.754821][T12324] serial8250_default_handle_irq+0xd1/0x1f0 [ 213.754830][T12324] serial8250_interrupt+0xa9/0x1f0 [ 213.754841][T12324] __handle_irq_event_percpu+0x29a/0xa60 [ 213.754850][T12324] handle_irq_event+0x89/0x1f0 [ 213.754858][T12324] handle_edge_irq+0x25f/0xc20 [ 213.754870][T12324] __common_interrupt+0x136/0x230 [ 213.754883][T12324] common_interrupt+0xb4/0xd0 [ 213.754894][T12324] asm_common_interrupt+0x26/0x40 [ 213.754903][T12324] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 213.754916][T12324] uart_write+0x3e4/0xa40 [ 213.754928][T12324] n_tty_write+0xd62/0x1230 [ 213.754938][T12324] file_tty_write+0x546/0x9b0 [ 213.754949][T12324] vfs_write+0xaeb/0xd30 [ 213.754958][T12324] ksys_write+0x18f/0x2b0 [ 213.754966][T12324] do_syscall_64+0xf3/0x230 [ 213.754975][T12324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.754985][T12324] [ 213.754985][T12324] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 213.754997][T12324] lock_acquire+0x1ed/0x550 [ 213.755007][T12324] _raw_spin_lock_irqsave+0xd5/0x120 [ 213.755019][T12324] serial8250_console_write+0x1a7/0x1ed0 [ 213.755033][T12324] console_flush_all+0x86b/0xeb0 [ 213.755041][T12324] console_unlock+0x14f/0x3b0 [ 213.755053][T12324] vprintk_emit+0x730/0xa10 [ 213.755065][T12324] _printk+0xd5/0x120 [ 213.755075][T12324] register_console+0xbf5/0xfd0 [ 213.755083][T12324] univ8250_console_init+0x52/0x90 [ 213.755092][T12324] console_init+0x1b8/0x6f0 [ 213.755103][T12324] start_kernel+0x2d8/0x500 [ 213.755114][T12324] x86_64_start_reservations+0x2a/0x30 [ 213.755122][T12324] x86_64_start_kernel+0x9f/0xa0 [ 213.755130][T12324] common_startup_64+0x13e/0x147 [ 213.755141][T12324] [ 213.755141][T12324] -> #0 (console_owner){..-.}-{0:0}: [ 213.755154][T12324] validate_chain+0x18ef/0x5920 [ 213.755166][T12324] __lock_acquire+0x1397/0x2100 [ 213.755175][T12324] lock_acquire+0x1ed/0x550 [ 213.755185][T12324] console_flush_all+0x7f8/0xeb0 [ 213.755193][T12324] console_unlock+0x14f/0x3b0 [ 213.755204][T12324] vprintk_emit+0x730/0xa10 [ 213.755216][T12324] _printk+0xd5/0x120 [ 213.755226][T12324] should_fail_ex+0x391/0x4e0 [ 213.755240][T12324] strncpy_from_user+0x36/0x270 [ 213.755252][T12324] strncpy_from_user_nofault+0x71/0x140 [ 213.755263][T12324] bpf_probe_read_compat_str+0xe9/0x180 [ 213.755275][T12324] bpf_prog_974c9af84fce2c6c+0x41/0x48 [ 213.755282][T12324] bpf_trace_run2+0x2ec/0x540 [ 213.755291][T12324] trace_tlb_flush+0x11c/0x140 [ 213.755302][T12324] switch_mm_irqs_off+0x77a/0xa70 [ 213.755312][T12324] __schedule+0x10c8/0x4c30 [ 213.755325][T12324] preempt_schedule_common+0x84/0xd0 [ 213.755338][T12324] preempt_schedule+0xe1/0xf0 [ 213.755350][T12324] preempt_schedule_thunk+0x1a/0x30 [ 213.755360][T12324] __local_bh_enable_ip+0x179/0x200 [ 213.755374][T12324] __dev_queue_xmit+0x1775/0x3f50 [ 213.755384][T12324] __netlink_deliver_tap+0x56b/0x7f0 [ 213.755394][T12324] netlink_deliver_tap+0x19d/0x1b0 [ 213.755403][T12324] netlink_sendskb+0x68/0x140 [ 213.755416][T12324] netlink_unicast+0x39d/0x990 [ 213.755428][T12324] nfnetlink_rcv+0x26bd/0x2ab0 [ 213.755439][T12324] netlink_unicast+0x7f6/0x990 [ 213.755451][T12324] netlink_sendmsg+0x8e4/0xcb0 [ 213.755461][T12324] __sock_sendmsg+0x221/0x270 [ 213.755473][T12324] ____sys_sendmsg+0x52a/0x7e0 [ 213.755483][T12324] __sys_sendmsg+0x269/0x350 [ 213.755492][T12324] do_syscall_64+0xf3/0x230 [ 213.755502][T12324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.755511][T12324] [ 213.755511][T12324] other info that might help us debug this: [ 213.755511][T12324] [ 213.755515][T12324] Chain exists of: [ 213.755515][T12324] console_owner --> &p->pi_lock --> &rq->__lock [ 213.755515][T12324] [ 213.755529][T12324] Possible unsafe locking scenario: [ 213.755529][T12324] [ 213.755531][T12324] CPU0 CPU1 [ 213.755534][T12324] ---- ---- [ 213.755537][T12324] lock(&rq->__lock); [ 213.755543][T12324] lock(&p->pi_lock); [ 213.755549][T12324] lock(&rq->__lock); [ 213.755556][T12324] lock(console_owner); [ 213.755562][T12324] [ 213.755562][T12324] *** DEADLOCK *** [ 213.755562][T12324] [ 213.755564][T12324] 5 locks held by syz.3.2029/12324: [ 213.755571][T12324] #0: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: netlink_deliver_tap+0x2e/0x1b0 [ 213.755594][T12324] #1: ffff8880b873e8d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 213.755620][T12324] #2: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1fc/0x540 [ 213.755642][T12324] #3: ffffffff8e8134a0 (console_lock){+.+.}-{0:0}, at: _printk+0xd5/0x120 [ 213.755665][T12324] #4: ffffffff8e8130b0 (console_srcu){....}-{0:0}, at: console_flush_all+0x1a3/0xeb0 [ 213.755686][T12324] [ 213.755686][T12324] stack backtrace: [ 213.755690][T12324] CPU: 1 UID: 0 PID: 12324 Comm: syz.3.2029 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 213.755702][T12324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 213.755708][T12324] Call Trace: [ 213.755711][T12324] [ 213.755715][T12324] dump_stack_lvl+0x241/0x360 [ 213.755730][T12324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 213.755742][T12324] ? __pfx__printk+0x10/0x10 [ 213.755756][T12324] print_circular_bug+0x13a/0x1b0 [ 213.755775][T12324] check_noncircular+0x36a/0x4a0 [ 213.755788][T12324] ? __pfx_check_noncircular+0x10/0x10 [ 213.755802][T12324] ? lockdep_lock+0x123/0x2b0 [ 213.755812][T12324] ? add_lock_to_list+0x1e8/0x2f0 [ 213.755826][T12324] validate_chain+0x18ef/0x5920 [ 213.755843][T12324] ? __pfx_validate_chain+0x10/0x10 [ 213.755856][T12324] ? sprintf+0xda/0x120 [ 213.755869][T12324] ? vsnprintf+0x1cc3/0x1da0 [ 213.755881][T12324] ? __pfx_sprintf+0x10/0x10 [ 213.755897][T12324] ? __pfx_info_print_prefix+0x10/0x10 [ 213.755908][T12324] ? mark_lock+0x9a/0x360 [ 213.755920][T12324] __lock_acquire+0x1397/0x2100 [ 213.755934][T12324] lock_acquire+0x1ed/0x550 [ 213.755944][T12324] ? console_flush_all+0x1a3/0xeb0 [ 213.755955][T12324] ? __pfx_lock_acquire+0x10/0x10 [ 213.755965][T12324] ? __pfx_lock_release+0x10/0x10 [ 213.755975][T12324] ? do_raw_spin_lock+0x14f/0x370 [ 213.755986][T12324] ? do_raw_spin_unlock+0x13c/0x8b0 [ 213.755995][T12324] ? console_flush_all+0x511/0xeb0 [ 213.756003][T12324] ? console_flush_all+0x1a3/0xeb0 [ 213.756012][T12324] console_flush_all+0x7f8/0xeb0 [ 213.756021][T12324] ? console_flush_all+0x1a3/0xeb0 [ 213.756030][T12324] ? console_flush_all+0x1a3/0xeb0 [ 213.756040][T12324] ? __pfx_console_flush_all+0x10/0x10 [ 213.756049][T12324] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 213.756062][T12324] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 213.756076][T12324] ? validate_chain+0x11e/0x5920 [ 213.756089][T12324] ? this_cpu_in_panic+0x4f/0x80 [ 213.756101][T12324] ? is_printk_legacy_deferred+0x43/0x50 [ 213.756111][T12324] ? printk_get_console_flush_type+0x1fe/0x4f0 [ 213.756126][T12324] console_unlock+0x14f/0x3b0 [ 213.756139][T12324] ? __pfx_console_unlock+0x10/0x10 [ 213.756152][T12324] ? this_cpu_in_panic+0x4f/0x80 [ 213.756164][T12324] ? is_printk_legacy_deferred+0x43/0x50 [ 213.756175][T12324] ? printk_get_console_flush_type+0x1fe/0x4f0 [ 213.756189][T12324] vprintk_emit+0x730/0xa10 [ 213.756202][T12324] ? __pfx_vprintk_emit+0x10/0x10 [ 213.756215][T12324] ? validate_chain+0x11e/0x5920 [ 213.756227][T12324] ? __pfx_validate_chain+0x10/0x10 [ 213.756242][T12324] _printk+0xd5/0x120 [ 213.756254][T12324] ? __pfx__printk+0x10/0x10 [ 213.756268][T12324] should_fail_ex+0x391/0x4e0 [ 213.756282][T12324] strncpy_from_user+0x36/0x270 [ 213.756296][T12324] strncpy_from_user_nofault+0x71/0x140 [ 213.756307][T12324] bpf_probe_read_compat_str+0xe9/0x180 [ 213.756320][T12324] ? bpf_trace_run2+0x1fc/0x540 [ 213.756328][T12324] bpf_prog_974c9af84fce2c6c+0x41/0x48 [ 213.756336][T12324] bpf_trace_run2+0x2ec/0x540 [ 213.756346][T12324] ? __pfx_bpf_trace_run2+0x10/0x10 [ 213.756357][T12324] trace_tlb_flush+0x11c/0x140 [ 213.756369][T12324] switch_mm_irqs_off+0x77a/0xa70 [ 213.756380][T12324] ? psi_task_switch+0x387/0x7a0 [ 213.756394][T12324] ? __pfx_switch_mm_irqs_off+0x10/0x10 [ 213.756407][T12324] __schedule+0x10c8/0x4c30 [ 213.756422][T12324] ? kasan_save_track+0x3f/0x80 [ 213.756432][T12324] ? kmem_cache_free+0x195/0x410 [ 213.756445][T12324] ? nlmon_xmit+0xaf/0x100 [ 213.756456][T12324] ? dev_hard_start_xmit+0x27a/0x7d0 [ 213.756466][T12324] ? __netlink_deliver_tap+0x56b/0x7f0 [ 213.756476][T12324] ? netlink_deliver_tap+0x19d/0x1b0 [ 213.756486][T12324] ? netlink_sendskb+0x68/0x140 [ 213.756499][T12324] ? netlink_unicast+0x7f6/0x990 [ 213.756512][T12324] ? ____sys_sendmsg+0x52a/0x7e0 [ 213.756522][T12324] ? do_syscall_64+0xf3/0x230 [ 213.756532][T12324] ? __pfx___schedule+0x10/0x10 [ 213.756548][T12324] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 213.756559][T12324] ? preempt_schedule+0xe1/0xf0 [ 213.756573][T12324] preempt_schedule_common+0x84/0xd0 [ 213.756586][T12324] preempt_schedule+0xe1/0xf0 [ 213.756600][T12324] ? __pfx_preempt_schedule+0x10/0x10 [ 213.756613][T12324] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 213.756624][T12324] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 213.756636][T12324] preempt_schedule_thunk+0x1a/0x30 [ 213.756648][T12324] __local_bh_enable_ip+0x179/0x200 [ 213.756663][T12324] ? dev_hard_start_xmit+0x768/0x7d0 [ 213.756673][T12324] ? __dev_queue_xmit+0x2f4/0x3f50 [ 213.756683][T12324] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 213.756698][T12324] ? __dev_queue_xmit+0x2f4/0x3f50 [ 213.756709][T12324] __dev_queue_xmit+0x1775/0x3f50 [ 213.756721][T12324] ? netlink_unicast+0x39d/0x990 [ 213.756735][T12324] ? __sys_sendmsg+0x269/0x350 [ 213.756745][T12324] ? __dev_queue_xmit+0x2f4/0x3f50 [ 213.756756][T12324] ? __pfx___dev_queue_xmit+0x10/0x10 [ 213.756782][T12324] ? __copy_skb_header+0x437/0x5b0 [ 213.756794][T12324] ? __asan_memcpy+0x40/0x70 [ 213.756804][T12324] ? __copy_skb_header+0x437/0x5b0 [ 213.756816][T12324] ? __skb_clone+0x454/0x6c0 [ 213.756828][T12324] ? skb_clone+0x240/0x390 [ 213.756840][T12324] __netlink_deliver_tap+0x56b/0x7f0 [ 213.756852][T12324] ? netlink_deliver_tap+0x2e/0x1b0 [ 213.756862][T12324] netlink_deliver_tap+0x19d/0x1b0 [ 213.756872][T12324] netlink_sendskb+0x68/0x140 [ 213.756886][T12324] netlink_unicast+0x39d/0x990 [ 213.756900][T12324] ? __pfx_netlink_unicast+0x10/0x10 [ 213.756914][T12324] ? __nla_parse+0x40/0x60 [ 213.756926][T12324] nfnetlink_rcv+0x26bd/0x2ab0 [ 213.756943][T12324] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 213.756964][T12324] ? netlink_deliver_tap+0x2e/0x1b0 [ 213.756973][T12324] ? skb_clone+0x240/0x390 [ 213.756984][T12324] ? __pfx_lock_release+0x10/0x10 [ 213.756997][T12324] ? netlink_deliver_tap+0x2e/0x1b0 [ 213.757007][T12324] netlink_unicast+0x7f6/0x990 [ 213.757022][T12324] ? __pfx_netlink_unicast+0x10/0x10 [ 213.757035][T12324] ? __virt_addr_valid+0x45f/0x530 [ 213.757046][T12324] ? __phys_addr_symbol+0x2f/0x70 [ 213.757057][T12324] ? __check_object_size+0x47a/0x730 [ 213.757070][T12324] netlink_sendmsg+0x8e4/0xcb0 [ 213.757082][T12324] ? __pfx_netlink_sendmsg+0x10/0x10 [ 213.757096][T12324] ? aa_sock_msg_perm+0x91/0x160 [ 213.757107][T12324] ? __pfx_netlink_sendmsg+0x10/0x10 [ 213.757117][T12324] __sock_sendmsg+0x221/0x270 [ 213.757130][T12324] ____sys_sendmsg+0x52a/0x7e0 [ 213.757142][T12324] ? __pfx_____sys_sendmsg+0x10/0x10 [ 213.757152][T12324] ? __fget_files+0x2a/0x410 [ 213.757165][T12324] ? __fget_files+0x2a/0x410 [ 213.757178][T12324] __sys_sendmsg+0x269/0x350 [ 213.757189][T12324] ? __pfx_lock_release+0x10/0x10 [ 213.757200][T12324] ? __pfx___sys_sendmsg+0x10/0x10 [ 213.757213][T12324] ? __pfx_vfs_write+0x10/0x10 [ 213.757227][T12324] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 213.757238][T12324] ? do_syscall_64+0x100/0x230 [ 213.757249][T12324] ? do_syscall_64+0xb6/0x230 [ 213.757259][T12324] do_syscall_64+0xf3/0x230 [ 213.757269][T12324] ? clear_bhb_loop+0x35/0x90 [ 213.757280][T12324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.757290][T12324] RIP: 0033:0x7f3f58b85d29 [ 213.757299][T12324] Code: Unable to access opcode bytes at 0x7f3f58b85cff. [ 213.757304][T12324] RSP: 002b:00007f3f59a8a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 213.757314][T12324] RAX: ffffffffffffffda RBX: 00007f3f58d75fa0 RCX: 00007f3f58b85d29 [ 213.757322][T12324] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000003 [ 213.757329][T12324] RBP: 00007f3f59a8a090 R08: 0000000000000000 R09: 0000000000000000 [ 213.757335][T12324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 213.757341][T12324] R13: 0000000000000000 R14: 00007f3f58d75fa0 R15: 00007fff0d179be8 [ 213.757352][T12324] [ 215.289188][T12324] CPU: 1 UID: 0 PID: 12324 Comm: syz.3.2029 Not tainted 6.13.0-rc2-syzkaller-00516-g6b3099ebca13 #0 [ 215.299936][T12324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 215.309969][T12324] Call Trace: [ 215.313227][T12324] [ 215.316141][T12324] dump_stack_lvl+0x241/0x360 [ 215.320804][T12324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.326000][T12324] ? __pfx__printk+0x10/0x10 [ 215.330572][T12324] should_fail_ex+0x3b0/0x4e0 [ 215.335240][T12324] strncpy_from_user+0x36/0x270 [ 215.340074][T12324] strncpy_from_user_nofault+0x71/0x140 [ 215.345601][T12324] bpf_probe_read_compat_str+0xe9/0x180 [ 215.351127][T12324] ? bpf_trace_run2+0x1fc/0x540 [ 215.355952][T12324] bpf_prog_974c9af84fce2c6c+0x41/0x48 [ 215.361389][T12324] bpf_trace_run2+0x2ec/0x540 [ 215.366044][T12324] ? __pfx_bpf_trace_run2+0x10/0x10 [ 215.371220][T12324] trace_tlb_flush+0x11c/0x140 [ 215.375964][T12324] switch_mm_irqs_off+0x77a/0xa70 [ 215.380970][T12324] ? psi_task_switch+0x387/0x7a0 [ 215.385889][T12324] ? __pfx_switch_mm_irqs_off+0x10/0x10 [ 215.391414][T12324] __schedule+0x10c8/0x4c30 [ 215.395901][T12324] ? kasan_save_track+0x3f/0x80 [ 215.400730][T12324] ? kmem_cache_free+0x195/0x410 [ 215.405671][T12324] ? nlmon_xmit+0xaf/0x100 [ 215.410069][T12324] ? dev_hard_start_xmit+0x27a/0x7d0 [ 215.415339][T12324] ? __netlink_deliver_tap+0x56b/0x7f0 [ 215.420776][T12324] ? netlink_deliver_tap+0x19d/0x1b0 [ 215.426036][T12324] ? netlink_sendskb+0x68/0x140 [ 215.430888][T12324] ? netlink_unicast+0x7f6/0x990 [ 215.435806][T12324] ? ____sys_sendmsg+0x52a/0x7e0 [ 215.440720][T12324] ? do_syscall_64+0xf3/0x230 [ 215.445380][T12324] ? __pfx___schedule+0x10/0x10 [ 215.450215][T12324] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 215.456174][T12324] ? preempt_schedule+0xe1/0xf0 [ 215.461007][T12324] preempt_schedule_common+0x84/0xd0 [ 215.466271][T12324] preempt_schedule+0xe1/0xf0 [ 215.470927][T12324] ? __pfx_preempt_schedule+0x10/0x10 [ 215.476277][T12324] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 215.482236][T12324] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 215.488541][T12324] preempt_schedule_thunk+0x1a/0x30 [ 215.493761][T12324] __local_bh_enable_ip+0x179/0x200 [ 215.498940][T12324] ? dev_hard_start_xmit+0x768/0x7d0 [ 215.504200][T12324] ? __dev_queue_xmit+0x2f4/0x3f50 [ 215.509287][T12324] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 215.514990][T12324] ? __dev_queue_xmit+0x2f4/0x3f50 [ 215.520080][T12324] __dev_queue_xmit+0x1775/0x3f50 [ 215.525084][T12324] ? netlink_unicast+0x39d/0x990 [ 215.530004][T12324] ? __sys_sendmsg+0x269/0x350 [ 215.534746][T12324] ? __dev_queue_xmit+0x2f4/0x3f50 [ 215.539838][T12324] ? __pfx___dev_queue_xmit+0x10/0x10 [ 215.545193][T12324] ? __copy_skb_header+0x437/0x5b0 [ 215.550323][T12324] ? __asan_memcpy+0x40/0x70 [ 215.554916][T12324] ? __copy_skb_header+0x437/0x5b0 [ 215.560017][T12324] ? __skb_clone+0x454/0x6c0 [ 215.564587][T12324] ? skb_clone+0x240/0x390 [ 215.568981][T12324] __netlink_deliver_tap+0x56b/0x7f0 [ 215.574246][T12324] ? netlink_deliver_tap+0x2e/0x1b0 [ 215.579437][T12324] netlink_deliver_tap+0x19d/0x1b0 [ 215.584527][T12324] netlink_sendskb+0x68/0x140 [ 215.589184][T12324] netlink_unicast+0x39d/0x990 [ 215.593935][T12324] ? __pfx_netlink_unicast+0x10/0x10 [ 215.599219][T12324] ? __nla_parse+0x40/0x60 [ 215.603616][T12324] nfnetlink_rcv+0x26bd/0x2ab0 [ 215.608371][T12324] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 215.613469][T12324] ? netlink_deliver_tap+0x2e/0x1b0 [ 215.618641][T12324] ? skb_clone+0x240/0x390 [ 215.623035][T12324] ? __pfx_lock_release+0x10/0x10 [ 215.628041][T12324] ? netlink_deliver_tap+0x2e/0x1b0 [ 215.633214][T12324] netlink_unicast+0x7f6/0x990 [ 215.637959][T12324] ? __pfx_netlink_unicast+0x10/0x10 [ 215.643224][T12324] ? __virt_addr_valid+0x45f/0x530 [ 215.648326][T12324] ? __phys_addr_symbol+0x2f/0x70 [ 215.653351][T12324] ? __check_object_size+0x47a/0x730 [ 215.658627][T12324] netlink_sendmsg+0x8e4/0xcb0 [ 215.663373][T12324] ? __pfx_netlink_sendmsg+0x10/0x10 [ 215.668635][T12324] ? aa_sock_msg_perm+0x91/0x160 [ 215.673550][T12324] ? __pfx_netlink_sendmsg+0x10/0x10 [ 215.678814][T12324] __sock_sendmsg+0x221/0x270 [ 215.683474][T12324] ____sys_sendmsg+0x52a/0x7e0 [ 215.688220][T12324] ? __pfx_____sys_sendmsg+0x10/0x10 [ 215.693480][T12324] ? __fget_files+0x2a/0x410 [ 215.698050][T12324] ? __fget_files+0x2a/0x410 [ 215.702621][T12324] __sys_sendmsg+0x269/0x350 [ 215.707190][T12324] ? __pfx_lock_release+0x10/0x10 [ 215.712194][T12324] ? __pfx___sys_sendmsg+0x10/0x10 [ 215.717288][T12324] ? __pfx_vfs_write+0x10/0x10 [ 215.722088][T12324] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 215.728395][T12324] ? do_syscall_64+0x100/0x230 [ 215.733136][T12324] ? do_syscall_64+0xb6/0x230 [ 215.737792][T12324] do_syscall_64+0xf3/0x230 [ 215.742272][T12324] ? clear_bhb_loop+0x35/0x90 [ 215.746927][T12324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.752797][T12324] RIP: 0033:0x7f3f58b85d29 [ 215.757190][T12324] Code: Unable to access opcode bytes at 0x7f3f58b85cff. [ 215.764201][T12324] RSP: 002b:00007f3f59a8a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 215.772608][T12324] RAX: ffffffffffffffda RBX: 00007f3f58d75fa0 RCX: 00007f3f58b85d29 [ 215.780561][T12324] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000003 [ 215.788510][T12324] RBP: 00007f3f59a8a090 R08: 0000000000000000 R09: 0000000000000000 [ 215.796459][T12324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 215.804404][T12324] R13: 0000000000000000 R14: 00007f3f58d75fa0 R15: 00007fff0d179be8 [ 215.812360][T12324] [ 215.842327][T12321] gretap0: entered promiscuous mode [ 215.854412][T12315] lo speed is unknown, defaulting to 1000 [ 216.096626][T12315] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2026'.