last executing test programs: 17.822364229s ago: executing program 1 (id=2538): socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0x0, 0x0, 0x0) setsockopt$packet_int(r2, 0x107, 0x13, &(0x7f0000000080), 0x4) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) r5 = socket(0x2, 0x3, 0x100000001) bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) write$binfmt_misc(r3, &(0x7f0000000040)=ANY=[], 0xfffffecc) r6 = socket$inet(0x2, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r4, 0x0, 0x8001, 0x0) 17.821271123s ago: executing program 0 (id=2539): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000440)={{r3}, &(0x7f00000005c0), &(0x7f0000000040)='%+9llu \x00'}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x4, &(0x7f00000001c0)=@framed={{}, [@ldst={0x3, 0x0, 0x6, 0x0, 0x1, 0x0, 0xfffffffffffffff0}]}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f0000000100)=""/147}, 0x90) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000980)={r3}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x18, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000080007b8af8ff00000000b7080000800000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r2, 0x80047210, &(0x7f0000000200)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) r5 = socket(0x1, 0x803, 0x0) pipe(&(0x7f0000000100)) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x58, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r6}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x58}}, 0x0) (fail_nth: 10) 17.041272264s ago: executing program 0 (id=2541): readv(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000001040)={'syz_tun\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000030000000c00018008000100", @ANYRES32=r3, @ANYBLOB="0500050007000000050003"], 0x30}}, 0x0) 16.859263903s ago: executing program 0 (id=2543): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000000)=@newtaction={0x8c, 0x30, 0x216822a75a8bdd29, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x74, 0x1, 0x0, 0x0, {{0x7}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CT_ZONE={0x6}, @TCA_CT_LABELS={0x14, 0x7, "e79f2b3a3b05fdc55f1c5522fb1d34ae"}, @TCA_CT_PARMS={0x18}, @TCA_CT_LABELS_MASK={0x14, 0x8, "08e5fc46588a12c744522700"}]}, {0x4}, {0x2e}, {0xc}}}]}]}, 0x8c}}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000000)={0x1, 0x8, 0x7, 0x5}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000632f77fbac141416ac1414160e089f034d2f87e5440c0cab845013f2325f1a39010702038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) 16.828516557s ago: executing program 1 (id=2545): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001b80)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a10900000008ee2780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000c00000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b27663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3800000000000000009c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb89283a16ff10feea20bdac0000000000000000ca06f256c85591019465f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a3dc4e97f7fda840bcdd3afaa0d7c3c229de4f0f4ac4d04f1a4e52efb0832bb990d86b1b7aae91d5ff852b0df8412a9ba1549fe416517938968f11cd9c9da57ba7773044cc935ab74f333119191e25822240d3e26f74f4263c3d0589c5d8896a7f5821135eb"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000632f77fbac141416ac1414160e089f034d2f87e5440c0cab845013f2325f1a39010702038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) (fail_nth: 1) 16.663013971s ago: executing program 0 (id=2547): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000002640)={0x0, 0x0, 0x0}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'vcan0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=@newneigh={0x30, 0x1c, 0x401, 0x70bd27, 0x0, {0x2, 0x0, 0x0, r3, 0xa00, 0x4}, [@NDA_DST_MAC={0xa, 0x1, @link_local}, @NDA_FLAGS_EXT={0x8, 0xf, 0x1}]}, 0x30}}, 0x0) 16.425880681s ago: executing program 1 (id=2550): socket$inet6_udplite(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, &(0x7f0000000080)=0x4000, 0x4) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x34}]}, &(0x7f0000002100)=0x10) getsockopt$IP6T_SO_GET_REVISION_MATCH(r1, 0x29, 0x44, &(0x7f00000001c0)={'ah\x00'}, &(0x7f0000000300)=0x1e) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x14, &(0x7f00000000c0), &(0x7f00000003c0)=0x8) mmap$xdp(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x14, r4, 0x715, 0x0, 0x0, {0xd}}, 0x14}}, 0x0) mmap$xdp(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x100000000) socket$inet6_tcp(0xa, 0x1, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r5}, 0x10) socket$nl_rdma(0x10, 0x3, 0x14) socket$kcm(0x10, 0x0, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r7}, 0x10) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) r9 = accept$alg(r8, 0x0, 0x0) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, 0x0, 0x0) sendmmsg$inet(r9, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000140)="a4", 0x1}, {&(0x7f0000000340)='l', 0x1}], 0x2}}], 0x7fffefff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) 16.175386614s ago: executing program 0 (id=2553): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000240)={'batadv0\x00', 0x0}) sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="e7ff00000000000000001c0000002000018008000100", @ANYRES32=r2, @ANYBLOB="1400020062617461647630"], 0x34}}, 0x0) 15.975507158s ago: executing program 0 (id=2555): socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0x0, 0x0, 0x0) setsockopt$packet_int(r2, 0x107, 0x13, &(0x7f0000000080), 0x4) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) r5 = socket(0x2, 0x3, 0x100000001) bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) write$binfmt_misc(r3, &(0x7f0000000040)=ANY=[], 0xfffffecc) r6 = socket$inet(0x2, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r4, 0x0, 0x8001, 0x0) 15.410990453s ago: executing program 1 (id=2560): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=@bridge_dellink={0x2c, 0x11, 0x5, 0x0, 0x5865, {0x7, 0x0, 0x0, r2}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4}}]}]}, 0x2c}}, 0x0) 15.260818016s ago: executing program 1 (id=2563): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x5, 0x21, &(0x7f0000000a40)=@ringbuf={{}, {}, {}, [@snprintf, @tail_call], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa}, 0x90) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x0, 0x4}, 0x48) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES8=r0, @ANYRES8, @ANYRES16=0x0, @ANYRES32=r2, @ANYBLOB="882378c12629826051a1419299348b24326993f6948471261edcc0e527a71c43f23421e542ff50b8d6566045ce6fdc9bc3a792d3f41af705bcfc5f940b7fc83bc095b3e41b63af97104020361c79ba251167e5d0878ca6a20b1184e1be8b7b5cca226dc69f7f3de64a7b6dd01d09c7370aaf2ff584b15e64d75ba7062900fddae01ae98eacfc2dd53f4fa72800f9db9b86167e99bc39e3f6e7193a788d616ee2b7a592e552b0f900112621c4a405ac4d3de338797cf86f21dbe5d6ee8fd3c45b353649da7684bf8f9e556bb52836dea247f86e66b0c6cc496544", @ANYRES64=r2], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a37", 0x1c) accept4(r3, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r4, 0xf, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x0}, 0x50) 15.035679832s ago: executing program 1 (id=2565): socket$kcm(0x10, 0x2, 0x0) sendmsg$rds(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=[@rdma_dest={0x18, 0x114, 0x2, {0x0, 0xfffffffa}}, @rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0, 0x60}}], 0x48}, 0x0) sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) socket(0x10, 0x3, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0xc}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0xd00, @remote}, 0x1c) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x0, &(0x7f0000000000)=0xfffffff6, 0x4) sendmsg$802154_raw(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) 7.471347911s ago: executing program 3 (id=2621): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="141b00001000170000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a320000000064010000060a010400800000000000000100000008000b40000000003c010480400001800d00010073796e70726f7879000000002c000280060001400000000008000340000000000800034000000000080003400000000a06000140000800000c000180080001006c6f67006400018009000100686173680000000054000280080002400000000a08000340000000bf08000440000001ff080001400000000108080740000000000800044080000001080001400000001208000240000000160800074000000000080004400000000620000180080001006e6174001400028008000340000000000800054000000002100001800900010068617368000000005800018007000100727400004c0002800800014000000003080001400000001608000240000000030800014000000017080001400000000a080001400000000c0800024000000004080001400000000d08000140000000010900010073797a30"], 0x1d8}}, 0x0) 7.445008364s ago: executing program 3 (id=2622): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$igmp(0x2, 0x3, 0x2) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0xda00) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f00000007c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x3a8, 0x1d8, 0x12, 0x60d, 0x0, 0x202, 0x2d8, 0x2e8, 0x2e8, 0x2d8, 0x2c0, 0x4, 0x0, {[{{@ipv6={@local, @remote, [], [], 'veth0_to_team\x00', 'macsec0\x00'}, 0x0, 0x190, 0x1d8, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "000000165a8c2e0617ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f672225d6147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac05a602061c96baebc989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b5", 0x2, 0x2}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x408) bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0xf, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r4, 0x0, 0x2}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_freezer_state(r2, &(0x7f00000000c0)='FREEZING\x00', 0x9) write$cgroup_freezer_state(r3, &(0x7f0000000040)='FROZEN\x00', 0x7) write$cgroup_type(r3, &(0x7f0000000000), 0x248800) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x7a05, 0x1700) syz_genetlink_get_family_id$tipc(&(0x7f00000002c0), r6) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100001000000000000e5ffffffffff0920000000000a05000000000000000000070000000900010073797a300000000014000000090a0104000000000000000007000000140000000c0a0101000000000000000007000000140000001000010000000000000000000084000a"], 0x70}}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000340)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)={0x40, r10, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14}, @NL80211_TXRATE_GI={0x5}]}]}]}, 0x40}}, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @broadcast}, {0x0, @link_local}, 0x4a, {}, 'tunl0\x00'}) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f00000002c0)={{0x2, 0x0, @broadcast}, {0x0, @dev}, 0x8, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'lo\x00'}) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x1e, 0xc, 0xbd6, 0x2, 0x408, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1}, 0x48) r13 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x98, 0x98, 0x6, [@const={0x5, 0x0, 0x0, 0xa, 0x5}, @func_proto={0x0, 0x7, 0x0, 0xd, 0x0, [{0xe, 0x5}, {0x0, 0x1}, {0x1, 0x5}, {0x7, 0x1}, {0x9, 0x5}, {0x8}, {0xe, 0x4}]}, @restrict={0x2}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0xf, 0x4}, {0xf, 0x1}, {0x6, 0x1}]}, @func={0x5, 0x0, 0x0, 0xc, 0x4}, @ptr={0x3, 0x0, 0x0, 0x2, 0x4}]}, {0x0, [0x0, 0x5f, 0x5f, 0x61]}}, &(0x7f0000000000)=""/35, 0xb6, 0x23, 0x1, 0x80000001}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x13, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r12}}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0xa, 0x0, 0x0, 0x0, 0x5}, @jmp={0x5, 0x1, 0x1, 0x7, 0x5, 0x2}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, 0x0, r13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 6.038999504s ago: executing program 3 (id=2627): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x500, 0x0, 0x0, 0xb6050000}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x38}}, 0x0) 5.821264733s ago: executing program 3 (id=2628): r0 = socket$inet6(0xa, 0x2, 0x3a) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000100)="8000102e7577d401", 0x8}], 0x1, &(0x7f00000001c0)=[@tclass={{0x14, 0x29, 0x43, 0x7fffffff}}], 0x18}}], 0x1, 0x0) unshare(0xa010100) r1 = socket$inet(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x2, 0x330, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000580], 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000002000000000000feffffff0100000019000000000000000000726f7365300000000000000000000000726f736530000000cc002000000000007465616d5f736c6176655f310000000064756d6d7930000000000000000000000180c2000000000000000000ffffffffffff0000000000000000d00000000801000038010000706b74747970650000000000000000000000000000000000000000000000000008000000000000000000000000000000706b747479706500000000000000000000000000000000000000000000000000080000000000000000000000000000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000630000000000000000ddffffff00000000726564697265637400000000396c27db39b2eedb0000000000000000000000000800000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff0000000000000000000000000000000002000000000000000000000000000000000000000000000001000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff0100000003000000000000008b357665746831000000000000000000000074756e6c30000000000000000000000074756e6c300000000005000000000000006c616e300000000000000000000000aaaaaaaaaabb000000000000aaaaaaaaaa0000000000000000000001b60000010000380100006367726f75700000000000000000000000000000000000000000000000000000080000000000000000000000000000006172700000000000000000000000000000000000000000000000000000000000380000000000000000000000000000000000000000000b00007f0000010000000072ce35f34121000000000000000000000000000000000000eaffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000fdffffff000000"]}, 0x3a8) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000500)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="2a003300d0d4fe00ffffffffffff080211000000505050505050"], 0x48}}, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5c00000011006b906fdfe1ef704ad931c605876c1d0000007ea60864160af365040012000a002e00000000009ee517d34460bc24eab556a705251e6182949a3651f60a", 0x43}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='4 '], 0x34}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000400)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00'}, 0x30) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.empty_time\x00', 0x275a, 0x0) write$cgroup_pid(r6, &(0x7f0000000040), 0x3fffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x6, &(0x7f0000000340)={0x0, @in={{0x2, 0x4e22, @private=0xa010100}}}, &(0x7f0000000240)=0x84) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f00000002c0)={r7, 0x6}, 0x8) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="74000000100003063cb7a60000000064f0000000", @ANYRES32=0x0, @ANYBLOB="00000000000000004800128044000100697036677265746170"], 0x74}}, 0x0) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000f00), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r10, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'}) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000000f40)=ANY=[@ANYBLOB, @ANYRES16=r9, @ANYBLOB="01000000000000000000180000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000000000038fa0b000000000006001600000000000500120000000000060011000000000008000b0000000000"], 0x64}}, 0x0) socket(0x40000000015, 0x5, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10) 4.411043183s ago: executing program 3 (id=2636): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000040095"], &(0x7f0000000440)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)=ANY=[@ANYBLOB="88000000", @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="6900330080000000ffffffffffff0802110000005050505050500000000000000000000000006a100006"], 0x88}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x1c, 0x1, 0x4, 0x5, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x4}]}, 0x1c}}, 0x0) 4.142942943s ago: executing program 3 (id=2638): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) getpid() r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="2400000018600900000000000000000002000000ff"], 0x24}}, 0x0) 3.28764897s ago: executing program 4 (id=2643): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000002c0), 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4000005, 0x10012, r0, 0x0) r1 = socket(0xa, 0x6, 0x0) getsockopt$inet6_mreq(r1, 0x10d, 0xd4, 0x0, &(0x7f0000000000)) 3.202853871s ago: executing program 4 (id=2644): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x6) syz_emit_ethernet(0x92, &(0x7f0000000040)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x5c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x17, 0xc2, 0xc00, 0x0, 0x0, {[@fastopen={0x22, 0x5, "03c0ab"}, @window={0x3, 0x3}, @mss={0xfe, 0x4}, @sack_perm={0x4, 0x2}, @generic={0x0, 0xa, "8bfbd54ae56dd076"}, @timestamp={0x8, 0xa}, @sack_perm={0x4, 0x2}, @md5sig={0x13, 0x12, "7232407c80067615774fdbb46eb86cc8"}, @generic={0x0, 0xa, "111fad2ea7434823"}, @exp_fastopen={0xfe, 0x5, 0xf989, "b4"}]}}}}}}}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(0xffffffffffffffff) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'bond0\x00', &(0x7f0000000000)=@ethtool_coalesce={0x4c, 0x0, 0x0, 0x4000000}}) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000500)={'filter\x00', 0x7, 0x4, 0x3a0, 0x1d0, 0x1d0, 0x1d0, 0x2b8, 0x2b8, 0x2b8, 0x4, &(0x7f0000000240), {[{{@uncond, 0xc0, 0xe8}, @unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x1000, 0x101}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0xffff}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x3f0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) socket$inet(0x2, 0x4000000805, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r3) sendmsg$NLBL_CIPSOV4_C_ADD(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={0x24, r4, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x24}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) 2.966887896s ago: executing program 4 (id=2646): r0 = socket(0x10, 0x80003, 0x0) write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES64=r2, @ANYRES32=r2, @ANYRES32=r2, @ANYBLOB="0c00990000000000000000000800a100ffff0000080026008d0300000800"], 0x40}, 0x1, 0x0, 0x0, 0x802}, 0x0) (async) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES64=r2, @ANYRES32=r2, @ANYRES32=r2, @ANYBLOB="0c00990000000000000000000800a100ffff0000080026008d0300000800"], 0x40}, 0x1, 0x0, 0x0, 0x802}, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'veth0_virt_wifi\x00'}) syz_genetlink_get_family_id$batadv(&(0x7f00000004c0), r0) (async) syz_genetlink_get_family_id$batadv(&(0x7f00000004c0), r0) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) (async) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f00000002c0)=ANY=[@ANYRES16=r4, @ANYRES32=r6, @ANYRES64=0x0], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f00000002c0)=ANY=[@ANYRES16=r4, @ANYRES32=r6, @ANYRES64=0x0], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$nl_route(r3, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3ef6a997fb2963b8909e7a8041f8c84afda621b1878024d8e22271af9f", @ANYRES32=r5, @ANYBLOB="0000000000000000140012800b0001006d61637365630000040002800c001a800800028004000180"], 0x40}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000006000000030000000200000c00000000000000615f00b99797bbaa11b4c2908f5ebd59a7edebc640a8b3c25d391c2a421c6c52fac9d02cc62c1d646f96d051db413ef06dec399c466591b3cf96a0f3ecb072102241e05ae5cfc1a0318cb29d0a293024f1bef519a197ddd5bcf24c6fe15fbbac8117290f2ee9853b25c567b0a336f512e8288f89bb7b2979a11655cf840ea718b673eba10ab845eae2adb125e381e9b9ef9f6a9f229b543f30f1b996b05605b5105e1d7c95282eb94c3fc3299b141d4888f7c7da825f7af43c9ce2d9c741076c5893ef30a3540dc0a74c206c35733d4f807b863f786bc70d410dfc818a6ab0f72c2766837d2e67fafe36a3a6a6ac8cc719ba6b981894ca350a0f5e4723a3541c8f"], 0x0, 0x2a}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x10, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007a000000850000000e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0xe0, &(0x7f00000000c0)=""/224}, 0x90) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$packet(0x11, 0x3, 0x300) (async) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'bond0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @random="df559fdab89a"}, 0x14) socket$nl_route(0x10, 0x3, 0x0) (async) r10 = socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) (async) r11 = socket(0x1, 0x803, 0x0) getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) r13 = socket(0x1, 0x803, 0x0) getsockname$packet(r13, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) (async) getsockname$packet(r13, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=ANY=[@ANYBLOB="940000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="444dc9fe000000006400128009000100766c616e000000005400028006000100000000000c000200020000000a000000040004801c0003800c00010068e30000030000000c0001007f000000070000001c0004800c0001000200000060d506000c000100000000000200000008000500", @ANYRES32=r12, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r14], 0x94}}, 0x0) (async) sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=ANY=[@ANYBLOB="940000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="444dc9fe000000006400128009000100766c616e000000005400028006000100000000000c000200020000000a000000040004801c0003800c00010068e30000030000000c0001007f000000070000001c0004800c0001000200000060d506000c000100000000000200000008000500", @ANYRES32=r12, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r14], 0x94}}, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000000002010400000000000000000a00000004000180180002801400018008000100ac14140008000200000000003c0002802c00018014000300fc02000000000000000000000000000014000400200100000000000000000000000000000c0002800500010000000000"], 0x6c}}, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) 2.328304101s ago: executing program 4 (id=2650): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000001600000000000000ae330018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket(0x28, 0x0, 0xce) bind$l2tp6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @private1, 0x0, 0x40000}, 0x20) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socket$can_raw(0x1d, 0x3, 0x1) socket$alg(0x26, 0x5, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, 0x0, 0xc) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080), 0xc, 0x0}, 0x14060801) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$MRT6_FLUSH(r4, 0x29, 0xd4, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r6, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newlink={0x60, 0x10, 0x437, 0x3, 0x0, {0x0, 0x0, 0x0, r7, 0x4048b}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @sit={{0x8}, {0x34, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x3}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @broadcast}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0xef}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0x14}, @IFLA_IPTUN_PMTUDISC={0x5}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0x3}]}}}]}, 0x60}}, 0x0) sendmmsg$inet(r4, &(0x7f00000017c0)=[{{&(0x7f0000000500)={0x2, 0x4e1c, @remote}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @empty, @rand_addr=0x64010102}}}], 0x20}}], 0x1, 0x20000040) recvmmsg(0xffffffffffffffff, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffea3, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000000)=""/154, 0x9a}], 0x1) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="14047d987b03e00000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007319797a320000000033b90270addbea276549dc21e8b3b53cd3ac5f76f4f0d1374414d4bf2ffb3aedbb7e5d3c66ff3df9dfb603d7aa8a356fea45b2087226012950a3660e47f4e0d6efe026092ccd47cc21c45037b460bb3fe5b37d6d6ca828e4503eeed7312c2aab83349ec3cf2910d5ebcb28bf6cfb7cb07e3ca0aeb9dc4a491bccc2c16d89e46466b3ec848b83f067d37b5f43ab52d3932f33825ff1c98ddce2c14ef1e498e36caa85026af2fac1f17dccc4c2f296834e48c6122c55b39451e903441f8717e5a248d7a5c68b17de231b110553f102d6caa468d2e193c1941aec129f6850e7b196460df30c87e5617984bd34e6f3f1137f8afe92e0ec"], 0x7c}}, 0x0) 1.294884975s ago: executing program 2 (id=2652): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_lsm={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="7baa000000000000791098000000000018090000", @ANYRES32, @ANYBLOB="000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) 1.23855014s ago: executing program 2 (id=2653): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="4400000a1000090400"/20, @ANYRES32=r2, @ANYBLOB="000000000000000024001280110001006272f0a58a78a0c17f5b0000ebffffff0c00058008002a"], 0x44}}, 0x0) 1.092948937s ago: executing program 2 (id=2654): syz_emit_ethernet(0x7c, &(0x7f0000000600)={@link_local, @dev, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "8b25e7", 0x46, 0x2f, 0x0, @private0, @local, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x0, [0xfff5]}, {}, {}, {}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x1}}}}}}}}}, 0x0) 963.641553ms ago: executing program 2 (id=2655): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r0) (async) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000000c0)={'wg2\x00', 0x0}) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r1, 0x20, 0x70bd2a, 0x25dfdbfe, {}, [@WGDEVICE_A_FWMARK={0x8, 0x7, 0x80000001}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004051}, 0x4000000) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'ipvlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c000000100001040200"/20, @ANYRES32=0x0, @ANYBLOB="0000000000180000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r4, @ANYBLOB], 0x3c}}, 0x0) 318.238901ms ago: executing program 4 (id=2656): ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) r0 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r1], 0x48}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000000400250800000000000000000a000000", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00O'], 0x28}}, 0x0) 247.569722ms ago: executing program 2 (id=2657): socket(0x10, 0x3, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@empty, @in6=@local, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0xe0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0xffff}, 0x0, 0x6e6bb5, 0x0, 0x1}, {{@in=@rand_addr=0x64010100}, 0x0, @in=@private=0xa010102}}, 0xe8) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x1f, 0x402, 0x3ff, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000400), 0x401, r0}, 0x38) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r0, &(0x7f0000000340)="a9", &(0x7f0000000200)=""/31}, 0x20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) r1 = socket(0x40000000015, 0x5, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2c, 0xa, 0x6, 0x5, 0xd000000, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}}, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r1, 0x541b, &(0x7f0000000080)) socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) bind$inet(r1, 0x0, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) getsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x12, 0x4, 0x0, 0xe0d965847b0000) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x0) 83.545254ms ago: executing program 2 (id=2658): r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000180)={0xffffffffffffffff}) r2 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x20) connect$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xffff8000}, 0x20) r3 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r3, &(0x7f00000024c0)={0xa, 0x7, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}, 0x8}, 0x20) syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000070000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, 0x0) epoll_create1(0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628) write$cgroup_devices(0xffffffffffffffff, 0x0, 0x10) ioctl$sock_proto_private(r1, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0xa, 0x0, 0x3a) sendmsg$kcm(r4, 0x0, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) 0s ago: executing program 4 (id=2659): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001e000100000000000000000002000000000000000000000008000f20"], 0x24}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) connect$x25(0xffffffffffffffff, &(0x7f00000000c0), 0x12) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@bridge_delneigh={0x34, 0x1c, 0xc07, 0x0, 0x0, {0x7, 0x0, 0x0, r4, 0x2}, [@NDA_LLADDR={0xa, 0x2, @remote}, @NDA_FDB_EXT_ATTRS={0xc, 0xe, 0x0, 0x1, [@NFEA_ACTIVITY_NOTIFY={0x5, 0x1, 0x5}]}]}, 0x34}}, 0x0) connect$llc(r2, &(0x7f00000001c0)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @dev}, 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="18020000feffffff00000000000000008500000041000000180100002020732500000000002020207b1ab8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) recvmmsg(r2, &(0x7f00000011c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00003f00}, 0x5}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000002cc0)=""/150, 0x96}, {&(0x7f0000000340)=""/211, 0xd3}], 0x2}}, {{0x0, 0x0, &(0x7f0000003200)=[{0x0}], 0x1}, 0xb174}, {{&(0x7f00000038c0)=@sco, 0x80, 0x0, 0x0, &(0x7f0000005200)=""/64, 0x40}, 0x9fffffd}, {{&(0x7f0000000580)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, 0x80, &(0x7f0000000b40)=[{&(0x7f0000001a80)=""/4096, 0x1000}, {&(0x7f0000000680)=""/67, 0x43}, {&(0x7f0000003940)=""/4096, 0x1000}, {&(0x7f0000000700)=""/112, 0x70}, {&(0x7f0000000780)=""/237, 0xed}, {&(0x7f0000000880)=""/96, 0x60}, {&(0x7f0000000900)=""/106, 0x6a}, {&(0x7f0000000980)=""/131, 0x83}, {&(0x7f0000005380)=""/4096, 0x1000}], 0x9, &(0x7f0000000a40)=""/113, 0x71}, 0x4}, {{&(0x7f0000000c00)=@in={0x2, 0x0, @remote}, 0x80, &(0x7f0000000f80)=[{&(0x7f0000001380)=""/137, 0x89}, {&(0x7f0000006380)=""/4096, 0x1000}, {&(0x7f0000000d00)=""/111, 0x6f}, {&(0x7f0000000d80)=""/226, 0xe2}, {&(0x7f0000000e80)=""/243, 0xf3}, {&(0x7f0000007380)=""/4096, 0x1000}], 0x6, &(0x7f0000001000)=""/197, 0xc5}, 0x101}, {{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000001100)=""/66, 0x42}, {&(0x7f0000008380)=""/4096, 0x1000}, {&(0x7f0000009380)=""/4090, 0xffa}], 0x3}, 0x9}], 0x7, 0x40002006, 0x0) sendfile(r2, r1, 0x0, 0xffefffff) socket$inet6_sctp(0xa, 0x5, 0x84) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r7, 0x84, 0x7f, &(0x7f0000000000)="02000000008002ff", 0x8) accept4(r2, &(0x7f0000001a00)=@tipc=@id, &(0x7f0000000480)=0x80, 0x0) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_icmp_ICMP_FILTER(r8, 0x3a, 0x1, 0x0, 0x52) kernel console output (not intermixed with test programs): ][ T7572] team0: left promiscuous mode [ 149.371532][ T7572] team_slave_0: left promiscuous mode [ 149.389726][ T7572] team_slave_1: left promiscuous mode [ 149.424751][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.457902][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.065508][ T7612] netlink: 20 bytes leftover after parsing attributes in process `syz.2.861'. [ 150.216466][ T7621] netlink: 24 bytes leftover after parsing attributes in process `syz.3.863'. [ 150.610166][ T7636] netlink: 20 bytes leftover after parsing attributes in process `syz.2.868'. [ 150.730355][ T7640] netlink: 12 bytes leftover after parsing attributes in process `syz.3.870'. [ 150.959402][ T7658] sctp: [Deprecated]: syz.2.875 (pid 7658) Use of int in max_burst socket option deprecated. [ 150.959402][ T7658] Use struct sctp_assoc_value instead [ 151.307933][ T7670] x_tables: duplicate underflow at hook 2 [ 151.410977][ T7675] netlink: 'syz.2.879': attribute type 10 has an invalid length. [ 151.453706][ T7675] team0: entered promiscuous mode [ 151.479011][ T7675] team_slave_0: entered promiscuous mode [ 151.536576][ T7675] team_slave_1: entered promiscuous mode [ 151.584220][ T7675] bridge0: port 2(team0) entered blocking state [ 151.613529][ T7675] bridge0: port 2(team0) entered disabled state [ 151.646476][ T7675] team0: entered allmulticast mode [ 151.654799][ T7675] team_slave_0: entered allmulticast mode [ 151.667665][ T7675] team_slave_1: entered allmulticast mode [ 151.731715][ T7675] bridge0: port 2(team0) entered blocking state [ 151.738366][ T7675] bridge0: port 2(team0) entered forwarding state [ 152.085116][ T7703] __nla_validate_parse: 4 callbacks suppressed [ 152.085137][ T7703] netlink: 24 bytes leftover after parsing attributes in process `syz.0.887'. [ 152.385388][ T7726] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0 [ 152.398878][ T7725] IPVS: stopping master sync thread 7726 ... [ 152.415583][ T7725] bridge0: entered promiscuous mode [ 152.428774][ T7725] macsec1: entered promiscuous mode [ 152.436667][ T7725] macsec1: entered allmulticast mode [ 152.496454][ T7725] bridge0: entered allmulticast mode [ 152.579397][ T7725] bridge0: left allmulticast mode [ 152.585084][ T7725] bridge0: left promiscuous mode [ 152.701192][ T7733] ip6_vti0: entered promiscuous mode [ 152.717470][ T7733] vlan2: entered promiscuous mode [ 152.763429][ T7733] ip6_vti0: left promiscuous mode [ 153.468566][ T7742] delete_channel: no stack [ 153.511454][ T7748] netlink: 24 bytes leftover after parsing attributes in process `syz.3.906'. [ 153.558045][ T7746] netlink: 4 bytes leftover after parsing attributes in process `syz.1.904'. [ 153.680065][ T7754] netlink: 88 bytes leftover after parsing attributes in process `syz.2.909'. [ 153.872181][ T7767] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 154.505565][ T7788] netlink: 24 bytes leftover after parsing attributes in process `syz.4.922'. [ 155.090105][ T7809] Bluetooth: MGMT ver 1.22 [ 155.144779][ T7816] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 155.180717][ T7816] batadv_slave_0: entered promiscuous mode [ 155.250909][ T7821] netlink: 120 bytes leftover after parsing attributes in process `syz.1.935'. [ 155.809535][ T7851] netlink: 'syz.4.945': attribute type 1 has an invalid length. [ 155.839047][ T7851] netlink: 112860 bytes leftover after parsing attributes in process `syz.4.945'. [ 155.869521][ T7851] netlink: 'syz.4.945': attribute type 1 has an invalid length. [ 156.312126][ T7874] netlink: 'syz.0.954': attribute type 13 has an invalid length. [ 156.393522][ T7874] veth0_macvtap: left promiscuous mode [ 156.460890][ T7874] macvtap0: entered allmulticast mode [ 156.506068][ T7874] macvtap0: refused to change device tx_queue_len [ 156.537650][ T7881] netlink: 'syz.2.957': attribute type 4 has an invalid length. [ 156.667946][ T7888] netlink: 'syz.3.959': attribute type 16 has an invalid length. [ 156.716714][ T7888] netlink: 48 bytes leftover after parsing attributes in process `syz.3.959'. [ 156.760267][ T7888] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.806185][ T7898] netlink: 8 bytes leftover after parsing attributes in process `syz.1.962'. [ 157.554135][ T7928] netlink: 256 bytes leftover after parsing attributes in process `syz.4.976'. [ 157.615857][ T7935] delete_channel: no stack [ 157.811776][ T7942] FAULT_INJECTION: forcing a failure. [ 157.811776][ T7942] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 157.839623][ T7942] CPU: 1 PID: 7942 Comm: syz.2.983 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 157.849670][ T7942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 157.859846][ T7942] Call Trace: [ 157.863158][ T7942] [ 157.866110][ T7942] dump_stack_lvl+0x241/0x360 [ 157.870844][ T7942] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.876089][ T7942] ? __pfx__printk+0x10/0x10 [ 157.880747][ T7942] ? snprintf+0xda/0x120 [ 157.885029][ T7942] should_fail_ex+0x3b0/0x4e0 [ 157.890015][ T7942] _copy_to_user+0x2f/0xb0 [ 157.894470][ T7942] simple_read_from_buffer+0xca/0x150 [ 157.899892][ T7942] proc_fail_nth_read+0x1e9/0x250 [ 157.905042][ T7942] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 157.910644][ T7942] ? rw_verify_area+0x514/0x6b0 [ 157.915539][ T7942] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 157.921131][ T7942] vfs_read+0x204/0xbd0 [ 157.925311][ T7942] ? __pfx_lock_release+0x10/0x10 [ 157.930367][ T7942] ? __pfx_vfs_read+0x10/0x10 [ 157.935063][ T7942] ? __fget_files+0x29/0x470 [ 157.939690][ T7942] ? __fget_files+0x3f6/0x470 [ 157.944390][ T7942] ksys_read+0x1a0/0x2c0 [ 157.948659][ T7942] ? __pfx_ksys_read+0x10/0x10 [ 157.953434][ T7942] ? do_syscall_64+0x100/0x230 [ 157.958217][ T7942] ? do_syscall_64+0xb6/0x230 [ 157.962927][ T7942] do_syscall_64+0xf3/0x230 [ 157.967462][ T7942] ? clear_bhb_loop+0x35/0x90 [ 157.972256][ T7942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.978178][ T7942] RIP: 0033:0x7f09153746bc [ 157.982609][ T7942] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 158.002231][ T7942] RSP: 002b:00007f09161c2040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 158.010656][ T7942] RAX: ffffffffffffffda RBX: 00007f0915503f60 RCX: 00007f09153746bc [ 158.018643][ T7942] RDX: 000000000000000f RSI: 00007f09161c20b0 RDI: 0000000000000004 [ 158.026617][ T7942] RBP: 00007f09161c20a0 R08: 0000000000000000 R09: 0000000000000000 [ 158.034679][ T7942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.042653][ T7942] R13: 000000000000000b R14: 00007f0915503f60 R15: 00007fffb1793e08 [ 158.050736][ T7942] [ 158.266918][ T7960] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 158.363712][ T7964] netlink: 'syz.0.991': attribute type 29 has an invalid length. [ 158.381488][ T7964] netlink: 8 bytes leftover after parsing attributes in process `syz.0.991'. [ 158.423179][ T7964] netlink: 'syz.0.991': attribute type 29 has an invalid length. [ 158.442057][ T7964] netlink: 8 bytes leftover after parsing attributes in process `syz.0.991'. [ 158.457064][ T7968] netlink: 'syz.0.991': attribute type 29 has an invalid length. [ 158.476481][ T7968] netlink: 8 bytes leftover after parsing attributes in process `syz.0.991'. [ 158.728358][ T7985] netlink: 228 bytes leftover after parsing attributes in process `syz.3.998'. [ 159.015208][ T7993] tun0: tun_chr_ioctl cmd 1074812118 [ 159.751357][ T8028] syzkaller1: entered promiscuous mode [ 159.761009][ T8028] syzkaller1: entered allmulticast mode [ 159.839430][ T8034] netlink: 'syz.0.1017': attribute type 21 has an invalid length. [ 159.854865][ T8034] netlink: 'syz.0.1017': attribute type 6 has an invalid length. [ 159.874176][ T8034] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1017'. [ 160.113284][ T8044] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1020'. [ 160.214264][ T8050] tipc: Started in network mode [ 160.228513][ T8050] tipc: Node identity fe8000000000000000000000000000aa, cluster identity 4711 [ 160.261754][ T8050] tipc: Enabled bearer , priority 10 [ 160.438960][ T8063] bridge0: entered allmulticast mode [ 160.470772][ T8063] bridge0: left allmulticast mode [ 161.039717][ T8091] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1037'. [ 161.060097][ T8088] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1037'. [ 161.284708][ T8100] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1041'. [ 161.380019][ T5149] tipc: Node number set to 4269801642 [ 161.444475][ T8112] netlink: 'syz.3.1043': attribute type 4 has an invalid length. [ 161.583648][ T8111] netlink: 'syz.3.1043': attribute type 4 has an invalid length. [ 161.914891][ T8137] FAULT_INJECTION: forcing a failure. [ 161.914891][ T8137] name failslab, interval 1, probability 0, space 0, times 0 [ 161.950719][ T8137] CPU: 0 PID: 8137 Comm: syz.4.1054 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 161.960892][ T8137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 161.971001][ T8137] Call Trace: [ 161.974318][ T8137] [ 161.977278][ T8137] dump_stack_lvl+0x241/0x360 [ 161.982014][ T8137] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.987274][ T8137] ? __pfx__printk+0x10/0x10 [ 161.991922][ T8137] ? netlink_insert+0x10b7/0x14b0 [ 161.996993][ T8137] should_fail_ex+0x3b0/0x4e0 [ 162.001820][ T8137] ? __alloc_skb+0x1c3/0x440 [ 162.006449][ T8137] should_failslab+0x9/0x20 [ 162.011082][ T8137] kmem_cache_alloc_node_noprof+0x71/0x320 [ 162.016929][ T8137] __alloc_skb+0x1c3/0x440 [ 162.021378][ T8137] ? __pfx___alloc_skb+0x10/0x10 [ 162.026347][ T8137] ? netlink_autobind+0xd6/0x2f0 [ 162.031321][ T8137] ? netlink_autobind+0x2b0/0x2f0 [ 162.036400][ T8137] netlink_sendmsg+0x631/0xcb0 [ 162.041231][ T8137] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.046572][ T8137] ? __import_iovec+0x536/0x820 [ 162.051484][ T8137] ? aa_sock_msg_perm+0x91/0x160 [ 162.056452][ T8137] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 162.061757][ T8137] ? security_socket_sendmsg+0x87/0xb0 [ 162.067244][ T8137] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.072568][ T8137] __sock_sendmsg+0x221/0x270 [ 162.077279][ T8137] ____sys_sendmsg+0x525/0x7d0 [ 162.082079][ T8137] ? __pfx_____sys_sendmsg+0x10/0x10 [ 162.087404][ T8137] __sys_sendmsg+0x2b0/0x3a0 [ 162.092024][ T8137] ? __pfx___sys_sendmsg+0x10/0x10 [ 162.097145][ T8137] ? vfs_write+0x7c4/0xc90 [ 162.101610][ T8137] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 162.107950][ T8137] ? do_syscall_64+0x100/0x230 [ 162.112737][ T8137] ? do_syscall_64+0xb6/0x230 [ 162.117439][ T8137] do_syscall_64+0xf3/0x230 [ 162.121973][ T8137] ? clear_bhb_loop+0x35/0x90 [ 162.126660][ T8137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.132580][ T8137] RIP: 0033:0x7f5141775bd9 [ 162.137002][ T8137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.156634][ T8137] RSP: 002b:00007f51424d8048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 162.165069][ T8137] RAX: ffffffffffffffda RBX: 00007f5141903f60 RCX: 00007f5141775bd9 [ 162.173065][ T8137] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000006 [ 162.181055][ T8137] RBP: 00007f51424d80a0 R08: 0000000000000000 R09: 0000000000000000 [ 162.189045][ T8137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.197026][ T8137] R13: 000000000000000b R14: 00007f5141903f60 R15: 00007fffdfa052d8 [ 162.205034][ T8137] [ 162.229690][ T8140] bridge0: entered promiscuous mode [ 162.514312][ T8146] delete_channel: no stack [ 162.581942][ T8151] __nla_validate_parse: 1 callbacks suppressed [ 162.581966][ T8151] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1059'. [ 163.126973][ T8175] netlink: 312 bytes leftover after parsing attributes in process `syz.1.1072'. [ 163.288216][ T8187] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1077'. [ 164.294108][ T8222] syzkaller0: entered promiscuous mode [ 164.325902][ T8222] syzkaller0: entered allmulticast mode [ 164.743637][ T8237] netlink: 209844 bytes leftover after parsing attributes in process `syz.4.1093'. [ 166.585446][ T8254] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1099'. [ 166.940727][ T8263] syz_tun (unregistering): left promiscuous mode [ 167.044050][ T8266] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1104'. [ 167.056188][ T8273] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1107'. [ 167.065838][ T8266] vlan2: entered promiscuous mode [ 167.065864][ T8266] bond0: entered promiscuous mode [ 167.065879][ T8266] bond_slave_0: entered promiscuous mode [ 167.066081][ T8266] bond_slave_1: entered promiscuous mode [ 167.086349][ T8273] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1107'. [ 167.100360][ T8266] bond0: left promiscuous mode [ 167.106260][ T8266] bond_slave_0: left promiscuous mode [ 167.114523][ T8266] bond_slave_1: left promiscuous mode [ 167.410882][ T8283] x_tables: ip_tables: osf match: only valid for protocol 6 [ 167.565902][ T8288] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1114'. [ 168.521810][ T8321] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1129'. [ 169.149774][ T8346] netlink: 'syz.2.1138': attribute type 10 has an invalid length. [ 169.175851][ T8346] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1138'. [ 169.221414][ T8346] bridge0: port 3(syz_tun) entered blocking state [ 169.250491][ T8346] bridge0: port 3(syz_tun) entered disabled state [ 169.272371][ T8346] syz_tun: entered allmulticast mode [ 169.298945][ T8346] syz_tun: entered promiscuous mode [ 169.326234][ T8346] bridge0: port 3(syz_tun) entered blocking state [ 169.333035][ T8346] bridge0: port 3(syz_tun) entered forwarding state [ 169.508451][ T8359] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1143'. [ 169.522515][ T8346] netlink: 'syz.2.1138': attribute type 4 has an invalid length. [ 169.555765][ T8357] xt_cgroup: invalid path, errno=-2 [ 169.731896][ T8367] mac80211_hwsim hwsim9 ÿÿ¬»: renamed from wlan1 [ 169.927174][ T8376] netlink: 'syz.1.1146': attribute type 1 has an invalid length. [ 170.296097][ T8394] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1153'. [ 170.450604][ T8401] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1157'. [ 170.481646][ T8403] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1155'. [ 171.524705][ T8436] mac80211_hwsim hwsim3 ÿÿ¬»: renamed from wlan1 (while UP) [ 171.711885][ T8442] netlink: 'syz.3.1170': attribute type 1 has an invalid length. [ 172.126666][ T8458] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1177'. [ 174.823612][ T8481] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1189'. [ 174.832863][ T8481] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1189'. [ 174.843455][ T8481] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1189'. [ 174.871828][ T8499] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1192'. [ 175.768615][ T8550] trusted_key: syz.3.1209 sent an empty control message without MSG_MORE. [ 176.024006][ T8557] x_tables: unsorted underflow at hook 3 [ 177.856128][ T8551] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1208'. [ 177.865977][ T8573] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1217'. [ 177.894270][ T8573] batadv0: entered promiscuous mode [ 180.687944][ T8647] netlink: 'syz.2.1243': attribute type 2 has an invalid length. [ 180.695742][ T8647] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1243'. [ 180.873268][ T8655] FAULT_INJECTION: forcing a failure. [ 180.873268][ T8655] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 180.957418][ T8655] CPU: 0 PID: 8655 Comm: syz.0.1247 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 180.967642][ T8655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 180.977738][ T8655] Call Trace: [ 180.981050][ T8655] [ 180.984012][ T8655] dump_stack_lvl+0x241/0x360 [ 180.988749][ T8655] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.994001][ T8655] ? __pfx__printk+0x10/0x10 [ 180.998652][ T8655] ? __pfx_lock_release+0x10/0x10 [ 181.003718][ T8655] ? rcu_is_watching+0x15/0xb0 [ 181.008531][ T8655] should_fail_ex+0x3b0/0x4e0 [ 181.013267][ T8655] _copy_from_iter+0x1f6/0x1960 [ 181.018173][ T8655] ? alloc_pages_mpol_noprof+0x417/0x680 [ 181.023855][ T8655] ? __pfx__copy_from_iter+0x10/0x10 [ 181.029198][ T8655] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 181.035235][ T8655] ? alloc_pages_noprof+0xef/0x170 [ 181.040398][ T8655] ? page_copy_sane+0x46/0x260 [ 181.045293][ T8655] copy_page_from_iter+0x7a/0x100 [ 181.050351][ T8655] tun_get_user+0x1f48/0x4560 [ 181.055090][ T8655] ? tun_get_user+0x84c/0x4560 [ 181.059919][ T8655] ? __pfx_tun_get_user+0x10/0x10 [ 181.064997][ T8655] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 181.070510][ T8655] ? tun_get+0x1e/0x2f0 [ 181.074741][ T8655] ? tun_get+0x1e/0x2f0 [ 181.078944][ T8655] ? tun_get+0x27d/0x2f0 [ 181.083231][ T8655] tun_chr_write_iter+0x113/0x1f0 [ 181.088300][ T8655] vfs_write+0xa72/0xc90 [ 181.092593][ T8655] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 181.098189][ T8655] ? __pfx_vfs_write+0x10/0x10 [ 181.103011][ T8655] ksys_write+0x1a0/0x2c0 [ 181.107384][ T8655] ? __pfx_ksys_write+0x10/0x10 [ 181.112369][ T8655] ? do_syscall_64+0x100/0x230 [ 181.117171][ T8655] ? do_syscall_64+0xb6/0x230 [ 181.121883][ T8655] do_syscall_64+0xf3/0x230 [ 181.126423][ T8655] ? clear_bhb_loop+0x35/0x90 [ 181.131122][ T8655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.137059][ T8655] RIP: 0033:0x7f2145f7475f [ 181.141500][ T8655] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 181.161232][ T8655] RSP: 002b:00007f2146cf6010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 181.169705][ T8655] RAX: ffffffffffffffda RBX: 00007f2146103f60 RCX: 00007f2145f7475f [ 181.177892][ T8655] RDX: 0000000000000036 RSI: 0000000020000140 RDI: 00000000000000c8 [ 181.185908][ T8655] RBP: 00007f2146cf60a0 R08: 0000000000000000 R09: 0000000000000000 [ 181.194191][ T8655] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000001 [ 181.202205][ T8655] R13: 000000000000000b R14: 00007f2146103f60 R15: 00007fff9967ae68 [ 181.210240][ T8655] [ 181.614761][ T8682] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1258'. [ 184.978008][ T8758] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1281'. [ 185.048378][ T8758] vlan2: entered promiscuous mode [ 185.260906][ T8773] sctp: [Deprecated]: syz.4.1286 (pid 8773) Use of struct sctp_assoc_value in delayed_ack socket option. [ 185.260906][ T8773] Use struct sctp_sack_info instead [ 188.423091][ T8842] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1305'. [ 188.557353][ T8837] netlink: 'syz.4.1306': attribute type 2 has an invalid length. [ 188.579103][ T8837] netlink: 'syz.4.1306': attribute type 8 has an invalid length. [ 188.605944][ T8837] netlink: 'syz.4.1306': attribute type 1 has an invalid length. [ 188.688525][ T8837] netlink: 'syz.4.1306': attribute type 1 has an invalid length. [ 188.708030][ T8837] netlink: 'syz.4.1306': attribute type 1 has an invalid length. [ 188.722407][ T8837] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1306'. [ 188.846822][ T8852] netlink: 'syz.3.1310': attribute type 29 has an invalid length. [ 188.878010][ T8852] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1310'. [ 189.028051][ T8852] netlink: 'syz.3.1310': attribute type 29 has an invalid length. [ 189.043194][ T8852] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1310'. [ 189.421710][ T8864] netlink: 9412 bytes leftover after parsing attributes in process `syz.0.1314'. [ 190.166914][ T8885] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1324'. [ 191.712796][ T8855] netlink: 'syz.3.1310': attribute type 29 has an invalid length. [ 191.721059][ T8855] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1310'. [ 191.737867][ T8860] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1313'. [ 191.746896][ T8860] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1313'. [ 191.757793][ T8860] bridge0: port 2(bridge_slave_1) entered listening state [ 192.005635][ T8899] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1330'. [ 192.716737][ T8932] tap0: tun_chr_ioctl cmd 1074025677 [ 192.722919][ T8932] tap0: linktype set to 24576 [ 194.683254][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.431555][ T8982] netlink: 'syz.2.1357': attribute type 1 has an invalid length. [ 195.440492][ T8982] __nla_validate_parse: 3 callbacks suppressed [ 195.440511][ T8982] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1357'. [ 195.602311][ T8990] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1359'. [ 195.733067][ T8994] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.1361'. [ 196.768061][ T53] Bluetooth: hci3: command 0x0406 tx timeout [ 196.768698][ T5098] Bluetooth: hci1: command 0x0406 tx timeout [ 198.003090][ T9026] FAULT_INJECTION: forcing a failure. [ 198.003090][ T9026] name failslab, interval 1, probability 0, space 0, times 0 [ 198.067583][ T9026] CPU: 0 PID: 9026 Comm: syz.3.1371 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 198.077727][ T9026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 198.087823][ T9026] Call Trace: [ 198.091135][ T9026] [ 198.094104][ T9026] dump_stack_lvl+0x241/0x360 [ 198.098838][ T9026] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.104095][ T9026] ? __pfx__printk+0x10/0x10 [ 198.108744][ T9026] ? ref_tracker_alloc+0x332/0x490 [ 198.114003][ T9026] should_fail_ex+0x3b0/0x4e0 [ 198.118735][ T9026] ? skb_clone+0x20c/0x390 [ 198.123197][ T9026] should_failslab+0x9/0x20 [ 198.127749][ T9026] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 198.133178][ T9026] skb_clone+0x20c/0x390 [ 198.137468][ T9026] __netlink_deliver_tap+0x3cc/0x7c0 [ 198.142814][ T9026] ? netlink_deliver_tap+0x2e/0x1b0 [ 198.148061][ T9026] netlink_deliver_tap+0x19d/0x1b0 [ 198.153220][ T9026] netlink_unicast+0x7b8/0x980 [ 198.158037][ T9026] ? __pfx_netlink_unicast+0x10/0x10 [ 198.163362][ T9026] ? __virt_addr_valid+0x183/0x520 [ 198.168554][ T9026] ? __check_object_size+0x49c/0x900 [ 198.173889][ T9026] ? bpf_lsm_netlink_send+0x9/0x10 [ 198.179051][ T9026] netlink_sendmsg+0x8db/0xcb0 [ 198.183878][ T9026] ? __pfx_netlink_sendmsg+0x10/0x10 [ 198.189219][ T9026] ? __import_iovec+0x536/0x820 [ 198.194118][ T9026] ? aa_sock_msg_perm+0x91/0x160 [ 198.199107][ T9026] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 198.204432][ T9026] ? security_socket_sendmsg+0x87/0xb0 [ 198.209934][ T9026] ? __pfx_netlink_sendmsg+0x10/0x10 [ 198.215266][ T9026] __sock_sendmsg+0x221/0x270 [ 198.220005][ T9026] ____sys_sendmsg+0x525/0x7d0 [ 198.224831][ T9026] ? __pfx_____sys_sendmsg+0x10/0x10 [ 198.230184][ T9026] __sys_sendmsg+0x2b0/0x3a0 [ 198.234823][ T9026] ? __pfx___sys_sendmsg+0x10/0x10 [ 198.239968][ T9026] ? vfs_write+0x7c4/0xc90 [ 198.244484][ T9026] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 198.250856][ T9026] ? do_syscall_64+0x100/0x230 [ 198.255672][ T9026] ? do_syscall_64+0xb6/0x230 [ 198.260406][ T9026] do_syscall_64+0xf3/0x230 [ 198.264964][ T9026] ? clear_bhb_loop+0x35/0x90 [ 198.269686][ T9026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.275630][ T9026] RIP: 0033:0x7fcfe2f75bd9 [ 198.280080][ T9026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.299730][ T9026] RSP: 002b:00007fcfe3dc3048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 198.308196][ T9026] RAX: ffffffffffffffda RBX: 00007fcfe3103f60 RCX: 00007fcfe2f75bd9 [ 198.316216][ T9026] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 198.324233][ T9026] RBP: 00007fcfe3dc30a0 R08: 0000000000000000 R09: 0000000000000000 [ 198.332249][ T9026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 198.340266][ T9026] R13: 000000000000000b R14: 00007fcfe3103f60 R15: 00007fff2578f968 [ 198.348302][ T9026] [ 198.552786][ T9026] ipvlan2: entered promiscuous mode [ 198.565902][ T9026] ipvlan2: entered allmulticast mode [ 198.579025][ T9026] syz_tun: entered allmulticast mode [ 198.791567][ T9054] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1382'. [ 199.012779][ T9065] FAULT_INJECTION: forcing a failure. [ 199.012779][ T9065] name failslab, interval 1, probability 0, space 0, times 0 [ 199.051953][ T9065] CPU: 0 PID: 9065 Comm: syz.3.1386 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 199.062201][ T9065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 199.072389][ T9065] Call Trace: [ 199.075715][ T9065] [ 199.078685][ T9065] dump_stack_lvl+0x241/0x360 [ 199.083429][ T9065] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.088691][ T9065] ? __pfx__printk+0x10/0x10 [ 199.093356][ T9065] should_fail_ex+0x3b0/0x4e0 [ 199.098093][ T9065] ? __alloc_skb+0x1c3/0x440 [ 199.102733][ T9065] should_failslab+0x9/0x20 [ 199.107376][ T9065] kmem_cache_alloc_node_noprof+0x71/0x320 [ 199.113220][ T9065] __alloc_skb+0x1c3/0x440 [ 199.118048][ T9065] ? __pfx___alloc_skb+0x10/0x10 [ 199.123041][ T9065] ? __pfx___alloc_skb+0x10/0x10 [ 199.128049][ T9065] create_monitor_ctrl_event+0x35/0x4d0 [ 199.133645][ T9065] ? mgmt_cmd_complete+0x1b5/0x580 [ 199.138938][ T9065] mgmt_cmd_complete+0x220/0x580 [ 199.143925][ T9065] get_device_flags+0x3ff/0x680 [ 199.148811][ T9065] ? __pfx_get_device_flags+0x10/0x10 [ 199.154231][ T9065] ? __pfx_mgmt_init_hdev+0x10/0x10 [ 199.159477][ T9065] ? mgmt_init_hdev+0x453/0x470 [ 199.164682][ T9065] hci_mgmt_cmd+0xc45/0x11d0 [ 199.169349][ T9065] hci_sock_sendmsg+0x7a5/0x11c0 [ 199.174344][ T9065] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 199.179851][ T9065] ? aa_sock_msg_perm+0x91/0x160 [ 199.184847][ T9065] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 199.190175][ T9065] ? security_socket_sendmsg+0x87/0xb0 [ 199.195698][ T9065] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 199.201112][ T9065] __sock_sendmsg+0x221/0x270 [ 199.205849][ T9065] sock_write_iter+0x2dd/0x400 [ 199.210695][ T9065] ? __pfx_sock_write_iter+0x10/0x10 [ 199.216054][ T9065] ? bpf_lsm_file_permission+0x9/0x10 [ 199.221470][ T9065] ? security_file_permission+0x7f/0xa0 [ 199.227084][ T9065] vfs_write+0xa72/0xc90 [ 199.231392][ T9065] ? __pfx_sock_write_iter+0x10/0x10 [ 199.236739][ T9065] ? __pfx_vfs_write+0x10/0x10 [ 199.241577][ T9065] ksys_write+0x1a0/0x2c0 [ 199.245963][ T9065] ? __pfx_ksys_write+0x10/0x10 [ 199.250864][ T9065] ? do_syscall_64+0x100/0x230 [ 199.255683][ T9065] ? do_syscall_64+0xb6/0x230 [ 199.260416][ T9065] do_syscall_64+0xf3/0x230 [ 199.264972][ T9065] ? clear_bhb_loop+0x35/0x90 [ 199.269701][ T9065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.275695][ T9065] RIP: 0033:0x7fcfe2f75bd9 [ 199.280154][ T9065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.299818][ T9065] RSP: 002b:00007fcfe3dc3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 199.308284][ T9065] RAX: ffffffffffffffda RBX: 00007fcfe3103f60 RCX: 00007fcfe2f75bd9 [ 199.316298][ T9065] RDX: 000000000000000d RSI: 0000000020000200 RDI: 0000000000000006 [ 199.324314][ T9065] RBP: 00007fcfe3dc30a0 R08: 0000000000000000 R09: 0000000000000000 [ 199.332322][ T9065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 199.340340][ T9065] R13: 000000000000000b R14: 00007fcfe3103f60 R15: 00007fff2578f968 [ 199.348382][ T9065] [ 199.464585][ T9075] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 199.553207][ T9075] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1391'. [ 199.664015][ T9081] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1394'. [ 199.729618][ T9085] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1395'. [ 199.785060][ T9085] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4 [ 199.933328][ T9091] ipvlan2: entered promiscuous mode [ 199.960173][ T9091] ipvlan2: entered allmulticast mode [ 199.990033][ T9091] syz_tun: entered allmulticast mode [ 200.883283][ T9130] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1412'. [ 202.960613][ T9162] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1421'. [ 203.149425][ T9173] xt_TCPMSS: Only works on TCP SYN packets [ 203.153474][ T9171] netlink: 6 bytes leftover after parsing attributes in process `syz.4.1427'. [ 203.245371][ T9171] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 203.365734][ T9184] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1432'. [ 203.420678][ T9184] bridge2: port 1(bridge_slave_1) entered blocking state [ 203.458613][ T9184] bridge2: port 1(bridge_slave_1) entered disabled state [ 203.465906][ T9184] bridge_slave_1: entered allmulticast mode [ 203.527043][ T9184] bridge_slave_1: entered promiscuous mode [ 203.801932][ T9207] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1439'. [ 204.455427][ T9241] syz_tun: entered promiscuous mode [ 204.472184][ T9241] macvtap1: entered promiscuous mode [ 204.484000][ T9241] macvtap1: entered allmulticast mode [ 204.493551][ T9241] syz_tun: entered allmulticast mode [ 204.568537][ T9241] syz_tun: left allmulticast mode [ 204.573973][ T9241] syz_tun: left promiscuous mode [ 204.618867][ T9251] netlink: 'syz.4.1455': attribute type 3 has an invalid length. [ 204.659515][ T9251] netlink: 130984 bytes leftover after parsing attributes in process `syz.4.1455'. [ 204.687073][ T9256] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1458'. [ 204.899959][ T9266] FAULT_INJECTION: forcing a failure. [ 204.899959][ T9266] name failslab, interval 1, probability 0, space 0, times 0 [ 204.963356][ T9266] CPU: 0 PID: 9266 Comm: syz.2.1462 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 204.973582][ T9266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 204.983763][ T9266] Call Trace: [ 204.987058][ T9266] [ 204.990001][ T9266] dump_stack_lvl+0x241/0x360 [ 204.994745][ T9266] ? __pfx_dump_stack_lvl+0x10/0x10 [ 204.999971][ T9266] ? __pfx__printk+0x10/0x10 [ 205.004583][ T9266] ? netlink_insert+0x10b7/0x14b0 [ 205.009635][ T9266] should_fail_ex+0x3b0/0x4e0 [ 205.014331][ T9266] ? __alloc_skb+0x1c3/0x440 [ 205.018938][ T9266] should_failslab+0x9/0x20 [ 205.023460][ T9266] kmem_cache_alloc_node_noprof+0x71/0x320 [ 205.029290][ T9266] __alloc_skb+0x1c3/0x440 [ 205.033721][ T9266] ? __pfx___alloc_skb+0x10/0x10 [ 205.038671][ T9266] ? netlink_autobind+0xd6/0x2f0 [ 205.043624][ T9266] ? netlink_autobind+0x2b0/0x2f0 [ 205.048667][ T9266] netlink_sendmsg+0x631/0xcb0 [ 205.053456][ T9266] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.058761][ T9266] ? __import_iovec+0x536/0x820 [ 205.063620][ T9266] ? aa_sock_msg_perm+0x91/0x160 [ 205.068579][ T9266] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 205.073871][ T9266] ? security_socket_sendmsg+0x87/0xb0 [ 205.079377][ T9266] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.084682][ T9266] __sock_sendmsg+0x221/0x270 [ 205.089473][ T9266] ____sys_sendmsg+0x525/0x7d0 [ 205.094260][ T9266] ? __pfx_____sys_sendmsg+0x10/0x10 [ 205.099574][ T9266] __sys_sendmsg+0x2b0/0x3a0 [ 205.104177][ T9266] ? __pfx___sys_sendmsg+0x10/0x10 [ 205.109300][ T9266] ? vfs_write+0x7c4/0xc90 [ 205.113939][ T9266] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 205.120282][ T9266] ? do_syscall_64+0x100/0x230 [ 205.125064][ T9266] ? do_syscall_64+0xb6/0x230 [ 205.129764][ T9266] do_syscall_64+0xf3/0x230 [ 205.134289][ T9266] ? clear_bhb_loop+0x35/0x90 [ 205.138977][ T9266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.144888][ T9266] RIP: 0033:0x7f0915375bd9 [ 205.149316][ T9266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.169131][ T9266] RSP: 002b:00007f09161c2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 205.177578][ T9266] RAX: ffffffffffffffda RBX: 00007f0915503f60 RCX: 00007f0915375bd9 [ 205.185568][ T9266] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 205.193726][ T9266] RBP: 00007f09161c20a0 R08: 0000000000000000 R09: 0000000000000000 [ 205.201712][ T9266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.209691][ T9266] R13: 000000000000000b R14: 00007f0915503f60 R15: 00007fffb1793e08 [ 205.217702][ T9266] [ 205.769915][ T9295] ax25_connect(): syz.4.1470 uses autobind, please contact jreuter@yaina.de [ 205.892371][ T9295] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1470'. [ 206.318320][ T9311] netlink: 'syz.2.1477': attribute type 1 has an invalid length. [ 206.384363][ T9311] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1477'. [ 206.569468][ T9324] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1482'. [ 207.193286][ T9340] ɶƣ0GC¦: entered promiscuous mode [ 207.692256][ T9361] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1496'. [ 208.391818][ T9387] delete_channel: no stack [ 208.546817][ T9395] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1512'. [ 208.989509][ T9411] netlink: 'syz.0.1516': attribute type 1 has an invalid length. [ 209.017966][ T9411] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1516'. [ 209.607667][ T9436] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1524'. [ 209.889954][ T9457] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1533'. [ 210.121480][ T9465] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1536'. [ 210.155749][ T9465] openvswitch: netlink: Multiple metadata blocks provided [ 210.316309][ T9470] netlink: 'syz.3.1538': attribute type 1 has an invalid length. [ 210.339626][ T9470] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1538'. [ 211.781466][ T9545] __nla_validate_parse: 1 callbacks suppressed [ 211.781488][ T9545] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1559'. [ 212.785900][ T9565] sctp: [Deprecated]: syz.2.1567 (pid 9565) Use of int in maxseg socket option. [ 212.785900][ T9565] Use struct sctp_assoc_value instead [ 214.620734][ T9606] bond_slave_0: entered promiscuous mode [ 214.627046][ T9606] bond_slave_1: entered promiscuous mode [ 214.639882][ T9606] vlan2: entered promiscuous mode [ 214.645248][ T9606] bond0: entered promiscuous mode [ 214.651172][ T9606] macvlan3: entered promiscuous mode [ 214.664245][ T9606] bond0: left promiscuous mode [ 214.669909][ T9606] macvlan3: left promiscuous mode [ 214.676003][ T9606] bond_slave_0: left promiscuous mode [ 214.682729][ T9606] bond_slave_1: left promiscuous mode [ 215.668698][ T9648] netlink: 120 bytes leftover after parsing attributes in process `syz.3.1599'. [ 216.047329][ T9667] syz.3.1606 (9667) used greatest stack depth: 16752 bytes left [ 216.197040][ T9679] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1610'. [ 216.723446][ T9686] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1612'. [ 217.428792][ T9713] xt_CT: No such helper "netbios-ns" [ 217.803805][ T9740] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 217.831848][ T9742] FAULT_INJECTION: forcing a failure. [ 217.831848][ T9742] name failslab, interval 1, probability 0, space 0, times 0 [ 217.873430][ T9742] CPU: 1 PID: 9742 Comm: syz.0.1628 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 217.883667][ T9742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 217.893761][ T9742] Call Trace: [ 217.897077][ T9742] [ 217.900052][ T9742] dump_stack_lvl+0x241/0x360 [ 217.904792][ T9742] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.910066][ T9742] ? __pfx__printk+0x10/0x10 [ 217.914720][ T9742] ? ref_tracker_alloc+0x332/0x490 [ 217.919901][ T9742] should_fail_ex+0x3b0/0x4e0 [ 217.924634][ T9742] ? skb_clone+0x20c/0x390 [ 217.929098][ T9742] should_failslab+0x9/0x20 [ 217.933649][ T9742] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 217.939078][ T9742] skb_clone+0x20c/0x390 [ 217.943418][ T9742] __netlink_deliver_tap+0x3cc/0x7c0 [ 217.948766][ T9742] ? netlink_deliver_tap+0x2e/0x1b0 [ 217.954017][ T9742] netlink_deliver_tap+0x19d/0x1b0 [ 217.959186][ T9742] netlink_unicast+0x7b8/0x980 [ 217.964012][ T9742] ? __pfx_netlink_unicast+0x10/0x10 [ 217.969353][ T9742] ? __virt_addr_valid+0x183/0x520 [ 217.974522][ T9742] ? __check_object_size+0x49c/0x900 [ 217.979857][ T9742] ? bpf_lsm_netlink_send+0x9/0x10 [ 217.984998][ T9742] netlink_sendmsg+0x8db/0xcb0 [ 217.989884][ T9742] ? __pfx_netlink_sendmsg+0x10/0x10 [ 217.995189][ T9742] ? __import_iovec+0x536/0x820 [ 218.000048][ T9742] ? aa_sock_msg_perm+0x91/0x160 [ 218.005004][ T9742] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 218.010311][ T9742] ? security_socket_sendmsg+0x87/0xb0 [ 218.015781][ T9742] ? __pfx_netlink_sendmsg+0x10/0x10 [ 218.021081][ T9742] __sock_sendmsg+0x221/0x270 [ 218.025839][ T9742] ____sys_sendmsg+0x525/0x7d0 [ 218.030646][ T9742] ? __pfx_____sys_sendmsg+0x10/0x10 [ 218.035977][ T9742] __sys_sendmsg+0x2b0/0x3a0 [ 218.040593][ T9742] ? __pfx___sys_sendmsg+0x10/0x10 [ 218.045721][ T9742] ? vfs_write+0x7c4/0xc90 [ 218.050216][ T9742] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 218.056575][ T9742] ? do_syscall_64+0x100/0x230 [ 218.061447][ T9742] ? do_syscall_64+0xb6/0x230 [ 218.066145][ T9742] do_syscall_64+0xf3/0x230 [ 218.070666][ T9742] ? clear_bhb_loop+0x35/0x90 [ 218.075353][ T9742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.081295][ T9742] RIP: 0033:0x7f2145f75bd9 [ 218.085725][ T9742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.105347][ T9742] RSP: 002b:00007f2146cf6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 218.113778][ T9742] RAX: ffffffffffffffda RBX: 00007f2146103f60 RCX: 00007f2145f75bd9 [ 218.121758][ T9742] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 218.129778][ T9742] RBP: 00007f2146cf60a0 R08: 0000000000000000 R09: 0000000000000000 [ 218.137817][ T9742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 218.145976][ T9742] R13: 000000000000000b R14: 00007f2146103f60 R15: 00007fff9967ae68 [ 218.154058][ T9742] [ 218.410275][ T9755] netlink: 'syz.0.1634': attribute type 9 has an invalid length. [ 218.588768][ T9766] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1637'. [ 218.930090][ T9784] pimreg: entered allmulticast mode [ 218.991254][ T9784] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1643'. [ 219.041832][ T9784] pimreg: left allmulticast mode [ 219.412241][ T9802] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1650'. [ 219.437593][ T9802] netlink: 'syz.3.1650': attribute type 11 has an invalid length. [ 219.841162][ T9823] dccp_invalid_packet: invalid packet type [ 220.219297][ T9847] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1666'. [ 220.842319][ T9861] FAULT_INJECTION: forcing a failure. [ 220.842319][ T9861] name failslab, interval 1, probability 0, space 0, times 0 [ 220.855064][ T9861] CPU: 0 PID: 9861 Comm: syz.3.1672 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 220.865266][ T9861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 220.875456][ T9861] Call Trace: [ 220.878771][ T9861] [ 220.881741][ T9861] dump_stack_lvl+0x241/0x360 [ 220.886479][ T9861] ? __pfx_dump_stack_lvl+0x10/0x10 [ 220.891813][ T9861] ? __pfx__printk+0x10/0x10 [ 220.896459][ T9861] ? __asan_memset+0x23/0x50 [ 220.901105][ T9861] should_fail_ex+0x3b0/0x4e0 [ 220.905930][ T9861] should_failslab+0x9/0x20 [ 220.910497][ T9861] kmalloc_node_track_caller_noprof+0xda/0x440 [ 220.916724][ T9861] ? nf_ct_ext_add+0x1a2/0x3e0 [ 220.921567][ T9861] krealloc_noprof+0x7d/0x120 [ 220.926299][ T9861] nf_ct_ext_add+0x1a2/0x3e0 [ 220.930947][ T9861] init_conntrack+0x8bf/0x1310 [ 220.935861][ T9861] ? __pfx_init_conntrack+0x10/0x10 [ 220.941123][ T9861] ? __pfx___nf_conntrack_find_get+0x10/0x10 [ 220.947158][ T9861] ? __local_bh_enable_ip+0x168/0x200 [ 220.952686][ T9861] nf_conntrack_in+0xd59/0x1880 [ 220.957626][ T9861] ? __pfx_nf_conntrack_in+0x10/0x10 [ 220.963174][ T9861] ? __pfx_ipv6_conntrack_in+0x10/0x10 [ 220.968683][ T9861] nf_hook_slow+0xc3/0x220 [ 220.973150][ T9861] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 220.978394][ T9861] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 220.983638][ T9861] NF_HOOK+0x29e/0x450 [ 220.987757][ T9861] ? skb_orphan+0x4b/0xd0 [ 220.992132][ T9861] ? NF_HOOK+0x9a/0x450 [ 220.996335][ T9861] ? __pfx_NF_HOOK+0x10/0x10 [ 221.000975][ T9861] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 221.006229][ T9861] ? __pfx_ipv6_rcv+0x10/0x10 [ 221.010953][ T9861] __netif_receive_skb+0x1ea/0x650 [ 221.016227][ T9861] ? __pfx_lock_acquire+0x10/0x10 [ 221.021296][ T9861] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 221.027684][ T9861] ? __pfx___netif_receive_skb+0x10/0x10 [ 221.033377][ T9861] ? __kasan_slab_alloc+0x66/0x80 [ 221.038455][ T9861] ? read_tsc+0x9/0x20 [ 221.042574][ T9861] ? timekeeping_get_ns+0x2c0/0x420 [ 221.047829][ T9861] ? netif_receive_skb+0x131/0x890 [ 221.052995][ T9861] ? netif_receive_skb+0x131/0x890 [ 221.058164][ T9861] netif_receive_skb+0x1e8/0x890 [ 221.063154][ T9861] ? tun_rx_batched+0x160/0x8f0 [ 221.068056][ T9861] ? __pfx_netif_receive_skb+0x10/0x10 [ 221.073578][ T9861] ? tun_rx_batched+0x160/0x8f0 [ 221.078493][ T9861] tun_rx_batched+0x1b7/0x8f0 [ 221.083223][ T9861] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 221.089606][ T9861] ? __pfx_lock_acquire+0x10/0x10 [ 221.094682][ T9861] ? __pfx_tun_rx_batched+0x10/0x10 [ 221.099967][ T9861] tun_get_user+0x2f35/0x4560 [ 221.104704][ T9861] ? tun_get_user+0x2a2f/0x4560 [ 221.109630][ T9861] ? __pfx_tun_get_user+0x10/0x10 [ 221.114721][ T9861] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 221.120233][ T9861] ? tun_get+0x1e/0x2f0 [ 221.124460][ T9861] ? tun_get+0x1e/0x2f0 [ 221.128664][ T9861] ? tun_get+0x27d/0x2f0 [ 221.132959][ T9861] tun_chr_write_iter+0x113/0x1f0 [ 221.138061][ T9861] vfs_write+0xa72/0xc90 [ 221.142360][ T9861] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 221.147955][ T9861] ? __pfx_vfs_write+0x10/0x10 [ 221.152790][ T9861] ksys_write+0x1a0/0x2c0 [ 221.157175][ T9861] ? __pfx_ksys_write+0x10/0x10 [ 221.162073][ T9861] ? do_syscall_64+0x100/0x230 [ 221.166899][ T9861] ? do_syscall_64+0xb6/0x230 [ 221.171734][ T9861] do_syscall_64+0xf3/0x230 [ 221.176299][ T9861] ? clear_bhb_loop+0x35/0x90 [ 221.181026][ T9861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.186977][ T9861] RIP: 0033:0x7fcfe2f7475f [ 221.191430][ T9861] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 221.211165][ T9861] RSP: 002b:00007fcfe3dc3010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 221.219659][ T9861] RAX: ffffffffffffffda RBX: 00007fcfe3103f60 RCX: 00007fcfe2f7475f [ 221.227696][ T9861] RDX: 0000000000000066 RSI: 0000000020000080 RDI: 00000000000000c8 [ 221.235722][ T9861] RBP: 00007fcfe3dc30a0 R08: 0000000000000000 R09: 0000000000000000 [ 221.243749][ T9861] R10: 0000000000000066 R11: 0000000000000293 R12: 0000000000000001 [ 221.251767][ T9861] R13: 000000000000000b R14: 00007fcfe3103f60 R15: 00007fff2578f968 [ 221.259807][ T9861] [ 221.302021][ T9873] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 221.551720][ T9879] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1679'. [ 221.599498][ T9884] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1678'. [ 221.628474][ T9884] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1678'. [ 221.653881][ T9884] Êü: entered promiscuous mode [ 221.899109][ T9893] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1683'. [ 222.294891][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 222.359990][ T5098] Bluetooth: hci4: command 0x0406 tx timeout [ 222.494410][ T9930] vcan0: entered promiscuous mode [ 222.501936][ T9930] vlan3: entered promiscuous mode [ 222.511428][ T9930] vcan0: left promiscuous mode [ 222.964677][ T9943] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1700'. [ 222.993578][ T9943] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1700'. [ 223.096146][ T9947] IPVS: Error connecting to the multicast addr [ 223.845639][ T9981] tipc: Enabling of bearer rejected, failed to enable media [ 224.021815][ T9990] __nla_validate_parse: 3 callbacks suppressed [ 224.021837][ T9990] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1716'. [ 224.408380][T10008] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1722'. [ 225.333723][T10056] FAULT_INJECTION: forcing a failure. [ 225.333723][T10056] name failslab, interval 1, probability 0, space 0, times 0 [ 225.380031][T10056] CPU: 1 PID: 10056 Comm: syz.3.1742 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 225.390268][T10056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 225.400454][T10056] Call Trace: [ 225.403777][T10056] [ 225.406738][T10056] dump_stack_lvl+0x241/0x360 [ 225.411477][T10056] ? __pfx_dump_stack_lvl+0x10/0x10 [ 225.416730][T10056] ? __pfx__printk+0x10/0x10 [ 225.421468][T10056] ? ref_tracker_alloc+0x332/0x490 [ 225.426642][T10056] should_fail_ex+0x3b0/0x4e0 [ 225.431378][T10056] ? skb_clone+0x20c/0x390 [ 225.435848][T10056] should_failslab+0x9/0x20 [ 225.440401][T10056] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 225.445834][T10056] skb_clone+0x20c/0x390 [ 225.450153][T10056] __netlink_deliver_tap+0x3cc/0x7c0 [ 225.455510][T10056] ? netlink_deliver_tap+0x2e/0x1b0 [ 225.460764][T10056] netlink_deliver_tap+0x19d/0x1b0 [ 225.465931][T10056] netlink_unicast+0x7b8/0x980 [ 225.470840][T10056] ? __pfx_netlink_unicast+0x10/0x10 [ 225.476167][T10056] ? __virt_addr_valid+0x183/0x520 [ 225.481342][T10056] ? __check_object_size+0x49c/0x900 [ 225.486678][T10056] ? bpf_lsm_netlink_send+0x9/0x10 [ 225.491845][T10056] netlink_sendmsg+0x8db/0xcb0 [ 225.496674][T10056] ? __pfx_netlink_sendmsg+0x10/0x10 [ 225.502010][T10056] ? __import_iovec+0x536/0x820 [ 225.506912][T10056] ? aa_sock_msg_perm+0x91/0x160 [ 225.511898][T10056] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 225.517218][T10056] ? security_socket_sendmsg+0x87/0xb0 [ 225.522722][T10056] ? __pfx_netlink_sendmsg+0x10/0x10 [ 225.528062][T10056] __sock_sendmsg+0x221/0x270 [ 225.533066][T10056] ____sys_sendmsg+0x525/0x7d0 [ 225.537891][T10056] ? __pfx_____sys_sendmsg+0x10/0x10 [ 225.543243][T10056] __sys_sendmsg+0x2b0/0x3a0 [ 225.547877][T10056] ? __pfx___sys_sendmsg+0x10/0x10 [ 225.553031][T10056] ? vfs_write+0x7c4/0xc90 [ 225.557557][T10056] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 225.563935][T10056] ? do_syscall_64+0x100/0x230 [ 225.568760][T10056] ? do_syscall_64+0xb6/0x230 [ 225.573506][T10056] do_syscall_64+0xf3/0x230 [ 225.578074][T10056] ? clear_bhb_loop+0x35/0x90 [ 225.582889][T10056] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.588833][T10056] RIP: 0033:0x7fcfe2f75bd9 [ 225.593285][T10056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.613197][T10056] RSP: 002b:00007fcfe3dc3048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 225.621709][T10056] RAX: ffffffffffffffda RBX: 00007fcfe3103f60 RCX: 00007fcfe2f75bd9 [ 225.629726][T10056] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000003 [ 225.637741][T10056] RBP: 00007fcfe3dc30a0 R08: 0000000000000000 R09: 0000000000000000 [ 225.645749][T10056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 225.653759][T10056] R13: 000000000000000b R14: 00007fcfe3103f60 R15: 00007fff2578f968 [ 225.661793][T10056] [ 225.898895][T10067] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1746'. [ 226.405757][T10097] netlink: 'syz.3.1757': attribute type 4 has an invalid length. [ 226.420259][T10097] netlink: 'syz.3.1757': attribute type 4 has an invalid length. [ 226.429650][T10097] netlink: 126008 bytes leftover after parsing attributes in process `syz.3.1757'. [ 226.631697][T10111] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1761'. [ 226.731088][T10119] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1762'. [ 226.766431][T10119] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1762'. [ 226.779435][T10120] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1762'. [ 226.793209][T10120] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1762'. [ 226.849982][T10124] tap0: tun_chr_ioctl cmd 1074025677 [ 226.855484][T10124] tap0: linktype set to 1 [ 227.326864][T10143] netlink: 'syz.4.1771': attribute type 1 has an invalid length. [ 227.345173][T10143] mac80211_hwsim hwsim16 wlan1: entered promiscuous mode [ 227.356767][T10143] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1771'. [ 227.484161][T10148] netlink: 'syz.0.1773': attribute type 4 has an invalid length. [ 227.494065][T10140] mac80211_hwsim hwsim16 wlan1: left promiscuous mode [ 227.507859][T10148] netlink: 'syz.0.1773': attribute type 4 has an invalid length. [ 227.769390][T10163] FAULT_INJECTION: forcing a failure. [ 227.769390][T10163] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 227.799725][T10163] CPU: 0 PID: 10163 Comm: syz.4.1776 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 227.810208][T10163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 227.820315][T10163] Call Trace: [ 227.823632][T10163] [ 227.826592][T10163] dump_stack_lvl+0x241/0x360 [ 227.831326][T10163] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.836578][T10163] ? __pfx__printk+0x10/0x10 [ 227.841218][T10163] ? __pfx_lock_release+0x10/0x10 [ 227.846287][T10163] should_fail_ex+0x3b0/0x4e0 [ 227.851012][T10163] _copy_from_user+0x2f/0xe0 [ 227.855643][T10163] copy_msghdr_from_user+0xae/0x680 [ 227.860902][T10163] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 227.866774][T10163] __sys_sendmsg+0x23d/0x3a0 [ 227.871407][T10163] ? __pfx___sys_sendmsg+0x10/0x10 [ 227.876550][T10163] ? vfs_write+0x7c4/0xc90 [ 227.881057][T10163] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 227.887439][T10163] ? do_syscall_64+0x100/0x230 [ 227.892257][T10163] ? do_syscall_64+0xb6/0x230 [ 227.896989][T10163] do_syscall_64+0xf3/0x230 [ 227.901543][T10163] ? clear_bhb_loop+0x35/0x90 [ 227.905356][T10169] netlink: 'syz.2.1778': attribute type 3 has an invalid length. [ 227.906362][T10163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.920057][T10163] RIP: 0033:0x7f5141775bd9 [ 227.924516][T10163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.944194][T10163] RSP: 002b:00007f51424b7048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 227.952660][T10163] RAX: ffffffffffffffda RBX: 00007f5141904038 RCX: 00007f5141775bd9 [ 227.960678][T10163] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000005 [ 227.968708][T10163] RBP: 00007f51424b70a0 R08: 0000000000000000 R09: 0000000000000000 [ 227.976732][T10163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 227.984750][T10163] R13: 000000000000006e R14: 00007f5141904038 R15: 00007fffdfa052d8 [ 227.992783][T10163] [ 229.043524][T10210] __nla_validate_parse: 6 callbacks suppressed [ 229.043549][T10210] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1794'. [ 229.395787][T10228] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1800'. [ 229.436109][T10228] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1800'. [ 229.478395][T10228] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 229.653172][T10242] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1804'. [ 229.874015][T10254] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1803'. [ 229.878653][T10253] netlink: 'syz.3.1808': attribute type 4 has an invalid length. [ 229.908585][T10253] netlink: 'syz.3.1808': attribute type 4 has an invalid length. [ 229.924073][T10253] netlink: 126008 bytes leftover after parsing attributes in process `syz.3.1808'. [ 229.942859][T10254] netlink: 'syz.0.1803': attribute type 10 has an invalid length. [ 229.964647][T10254] bridge0: port 3(team0) entered blocking state [ 229.973396][T10254] bridge0: port 3(team0) entered disabled state [ 229.984572][T10254] team0: entered allmulticast mode [ 229.996264][T10254] team_slave_0: entered allmulticast mode [ 230.007342][T10254] team_slave_1: entered allmulticast mode [ 230.040084][T10254] team0: entered promiscuous mode [ 230.053795][T10261] FAULT_INJECTION: forcing a failure. [ 230.053795][T10261] name failslab, interval 1, probability 0, space 0, times 0 [ 230.054434][T10254] team_slave_0: entered promiscuous mode [ 230.085960][T10261] CPU: 1 PID: 10261 Comm: syz.2.1810 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 230.093178][T10254] team_slave_1: entered promiscuous mode [ 230.096166][T10261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 230.104505][T10254] bridge0: port 3(team0) entered blocking state [ 230.111906][T10261] Call Trace: [ 230.111922][T10261] [ 230.111933][T10261] dump_stack_lvl+0x241/0x360 [ 230.111983][T10261] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.118451][T10254] bridge0: port 3(team0) entered forwarding state [ 230.121560][T10261] ? __pfx__printk+0x10/0x10 [ 230.145432][T10261] should_fail_ex+0x3b0/0x4e0 [ 230.150227][T10261] ? sctp_add_bind_addr+0x89/0x3a0 [ 230.155376][T10261] should_failslab+0x9/0x20 [ 230.159903][T10261] kmalloc_trace_noprof+0x6c/0x2c0 [ 230.165043][T10261] sctp_add_bind_addr+0x89/0x3a0 [ 230.170006][T10261] sctp_copy_local_addr_list+0x311/0x500 [ 230.175658][T10261] ? sctp_copy_local_addr_list+0xab/0x500 [ 230.181415][T10261] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 230.187590][T10261] ? sctp_v4_is_any+0x35/0x60 [ 230.192292][T10261] sctp_bind_addr_copy+0xad/0x3b0 [ 230.197413][T10261] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 230.203793][T10261] sctp_connect_new_asoc+0x2f3/0x6c0 [ 230.209128][T10261] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 230.214981][T10261] ? sctp_sendmsg+0xbb9/0x3520 [ 230.219776][T10261] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 230.225341][T10261] ? security_sctp_bind_connect+0x90/0xb0 [ 230.231091][T10261] sctp_sendmsg+0x219a/0x3520 [ 230.235893][T10261] ? __pfx_sctp_sendmsg+0x10/0x10 [ 230.240939][T10261] ? __pfx_aa_sk_perm+0x10/0x10 [ 230.245810][T10261] ? __pfx_lock_release+0x10/0x10 [ 230.250849][T10261] ? inet_sendmsg+0x330/0x390 [ 230.255542][T10261] __sock_sendmsg+0x1a6/0x270 [ 230.260244][T10261] ____sys_sendmsg+0x525/0x7d0 [ 230.265047][T10261] ? __pfx_____sys_sendmsg+0x10/0x10 [ 230.270363][T10261] __sys_sendmsg+0x2b0/0x3a0 [ 230.274979][T10261] ? __pfx___sys_sendmsg+0x10/0x10 [ 230.280101][T10261] ? vfs_write+0x7c4/0xc90 [ 230.284568][T10261] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 230.290926][T10261] ? do_syscall_64+0x100/0x230 [ 230.295710][T10261] ? do_syscall_64+0xb6/0x230 [ 230.300407][T10261] do_syscall_64+0xf3/0x230 [ 230.304931][T10261] ? clear_bhb_loop+0x35/0x90 [ 230.309620][T10261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.315538][T10261] RIP: 0033:0x7f0915375bd9 [ 230.319959][T10261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.339570][T10261] RSP: 002b:00007f09161c2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 230.348014][T10261] RAX: ffffffffffffffda RBX: 00007f0915503f60 RCX: 00007f0915375bd9 [ 230.355990][T10261] RDX: 0000000000000000 RSI: 0000000020000900 RDI: 0000000000000003 [ 230.363967][T10261] RBP: 00007f09161c20a0 R08: 0000000000000000 R09: 0000000000000000 [ 230.371945][T10261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 230.379922][T10261] R13: 000000000000000b R14: 00007f0915503f60 R15: 00007fffb1793e08 [ 230.387918][T10261] [ 230.714474][T10281] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1816'. [ 231.077646][ T5098] Bluetooth: hci2: command 0x0405 tx timeout [ 232.102766][T10359] netlink: 332 bytes leftover after parsing attributes in process `syz.4.1843'. [ 232.128419][T10359] netlink: 'syz.4.1843': attribute type 9 has an invalid length. [ 232.143018][T10359] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1843'. [ 232.164538][T10359] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1843'. [ 234.594002][T10441] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1876'. [ 235.558264][T10475] FAULT_INJECTION: forcing a failure. [ 235.558264][T10475] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 235.595237][T10475] CPU: 1 PID: 10475 Comm: syz.0.1887 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 235.605465][T10475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 235.615561][T10475] Call Trace: [ 235.618884][T10475] [ 235.621847][T10475] dump_stack_lvl+0x241/0x360 [ 235.626588][T10475] ? __pfx_dump_stack_lvl+0x10/0x10 [ 235.631847][T10475] ? __pfx__printk+0x10/0x10 [ 235.636493][T10475] ? __pfx_lock_release+0x10/0x10 [ 235.641569][T10475] should_fail_ex+0x3b0/0x4e0 [ 235.646307][T10475] _copy_from_user+0x2f/0xe0 [ 235.650958][T10475] copy_msghdr_from_user+0xae/0x680 [ 235.656217][T10475] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 235.662138][T10475] __sys_sendmsg+0x23d/0x3a0 [ 235.666866][T10475] ? __pfx___sys_sendmsg+0x10/0x10 [ 235.672019][T10475] ? vfs_write+0x7c4/0xc90 [ 235.676632][T10475] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 235.683000][T10475] ? do_syscall_64+0x100/0x230 [ 235.687819][T10475] ? do_syscall_64+0xb6/0x230 [ 235.692552][T10475] do_syscall_64+0xf3/0x230 [ 235.697108][T10475] ? clear_bhb_loop+0x35/0x90 [ 235.701825][T10475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.707784][T10475] RIP: 0033:0x7f2145f75bd9 [ 235.712230][T10475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.731855][T10475] RSP: 002b:00007f2146cf6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 235.740289][T10475] RAX: ffffffffffffffda RBX: 00007f2146103f60 RCX: 00007f2145f75bd9 [ 235.748277][T10475] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003 [ 235.756253][T10475] RBP: 00007f2146cf60a0 R08: 0000000000000000 R09: 0000000000000000 [ 235.764239][T10475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 235.772224][T10475] R13: 000000000000000b R14: 00007f2146103f60 R15: 00007fff9967ae68 [ 235.780228][T10475] [ 235.816585][T10482] netlink: 'syz.4.1891': attribute type 10 has an invalid length. [ 235.825648][T10482] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1891'. [ 235.836508][T10482] team0: entered promiscuous mode [ 235.846429][T10482] team_slave_0: entered promiscuous mode [ 235.860630][T10482] team_slave_1: entered promiscuous mode [ 235.870134][T10482] bridge0: port 3(team0) entered blocking state [ 235.876715][T10482] bridge0: port 3(team0) entered disabled state [ 235.884459][T10482] team0: entered allmulticast mode [ 235.914837][T10482] team_slave_0: entered allmulticast mode [ 235.968005][T10482] team_slave_1: entered allmulticast mode [ 235.990831][T10482] bridge0: port 3(team0) entered blocking state [ 235.997355][T10482] bridge0: port 3(team0) entered forwarding state [ 236.020827][T10471] tipc: Enabling of bearer rejected, failed to enable media [ 236.053865][T10492] netlink: 248 bytes leftover after parsing attributes in process `syz.3.1892'. [ 236.080432][T10487] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1892'. [ 236.092987][T10493] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1894'. [ 236.541003][T10523] IPVS: Error connecting to the multicast addr [ 237.416759][T10557] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1915'. [ 237.603977][T10566] xt_connbytes: Forcing CT accounting to be enabled [ 238.374372][T10605] netlink: 'syz.1.1931': attribute type 7 has an invalid length. [ 238.385606][T10605] netlink: 'syz.1.1931': attribute type 5 has an invalid length. [ 238.399506][T10605] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1931'. [ 238.497819][T10614] netlink: 9392 bytes leftover after parsing attributes in process `syz.0.1934'. [ 238.507367][T10614] netlink: 'syz.0.1934': attribute type 1 has an invalid length. [ 238.717085][T10621] netlink: 127504 bytes leftover after parsing attributes in process `syz.0.1936'. [ 238.842208][T10626] netlink: 209848 bytes leftover after parsing attributes in process `syz.0.1938'. [ 238.852471][T10626] openvswitch: netlink: Message has 2 unknown bytes. [ 239.208493][T10639] FAULT_INJECTION: forcing a failure. [ 239.208493][T10639] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 239.227722][T10639] CPU: 0 PID: 10639 Comm: syz.0.1943 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 239.237956][T10639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 239.248065][T10639] Call Trace: [ 239.251381][T10639] [ 239.254344][T10639] dump_stack_lvl+0x241/0x360 [ 239.259083][T10639] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.264328][T10639] ? __pfx__printk+0x10/0x10 [ 239.268942][T10639] ? __pfx_lock_release+0x10/0x10 [ 239.273985][T10639] should_fail_ex+0x3b0/0x4e0 [ 239.278695][T10639] _copy_from_user+0x2f/0xe0 [ 239.283304][T10639] copy_msghdr_from_user+0xae/0x680 [ 239.288544][T10639] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 239.294404][T10639] __sys_sendmsg+0x23d/0x3a0 [ 239.299030][T10639] ? __pfx___sys_sendmsg+0x10/0x10 [ 239.304156][T10639] ? vfs_write+0x7c4/0xc90 [ 239.308619][T10639] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 239.314958][T10639] ? do_syscall_64+0x100/0x230 [ 239.319752][T10639] ? do_syscall_64+0xb6/0x230 [ 239.324461][T10639] do_syscall_64+0xf3/0x230 [ 239.329070][T10639] ? clear_bhb_loop+0x35/0x90 [ 239.333762][T10639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.339683][T10639] RIP: 0033:0x7f2145f75bd9 [ 239.344115][T10639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.363740][T10639] RSP: 002b:00007f2146cf6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 239.372174][T10639] RAX: ffffffffffffffda RBX: 00007f2146103f60 RCX: 00007f2145f75bd9 [ 239.380165][T10639] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 239.388154][T10639] RBP: 00007f2146cf60a0 R08: 0000000000000000 R09: 0000000000000000 [ 239.396144][T10639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 239.404126][T10639] R13: 000000000000000b R14: 00007f2146103f60 R15: 00007fff9967ae68 [ 239.412234][T10639] [ 239.914053][T10672] netlink: 'syz.1.1951': attribute type 3 has an invalid length. [ 239.932643][T10672] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1951'. [ 240.135381][T10671] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1952'. [ 240.501784][T10690] netlink: 'syz.0.1956': attribute type 10 has an invalid length. [ 240.623055][T10690] team0: Device veth1_vlan failed to register rx_handler [ 240.655277][T10694] netlink: 'syz.1.1959': attribute type 11 has an invalid length. [ 240.747082][T10697] bond_slave_0: entered promiscuous mode [ 240.752957][T10697] bond_slave_1: entered promiscuous mode [ 240.769053][T10697] macvlan2: entered allmulticast mode [ 240.774706][T10697] bond0: entered allmulticast mode [ 240.785357][T10697] bond_slave_0: entered allmulticast mode [ 240.795525][T10697] bond_slave_1: entered allmulticast mode [ 240.813666][T10697] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 241.065355][T10716] netlink: 'syz.4.1964': attribute type 3 has an invalid length. [ 241.092898][T10716] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1964'. [ 241.790319][T10743] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1976'. [ 242.477946][T10773] netlink: 'syz.1.1989': attribute type 3 has an invalid length. [ 242.485744][T10773] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1989'. [ 242.739673][T10786] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1996'. [ 243.132969][T10816] netlink: 140 bytes leftover after parsing attributes in process `syz.0.2007'. [ 243.145568][T10810] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 244.492940][T10860] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2023'. [ 244.571124][T10868] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2024'. [ 244.653194][T10868] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 244.672558][T10868] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2024'. [ 244.714345][T10868] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 244.729406][T10868] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 244.767675][T10868] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 244.804961][T10868] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 244.822555][T10868] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 244.838691][T10868] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 244.841160][T10880] FAULT_INJECTION: forcing a failure. [ 244.841160][T10880] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.846990][T10868] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 244.893474][T10868] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 244.904312][T10880] CPU: 1 PID: 10880 Comm: syz.4.2028 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 244.905461][T10883] FAULT_INJECTION: forcing a failure. [ 244.905461][T10883] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.914502][T10880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 244.914520][T10880] Call Trace: [ 244.914530][T10880] [ 244.914540][T10880] dump_stack_lvl+0x241/0x360 [ 244.914588][T10880] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.914621][T10880] ? __pfx__printk+0x10/0x10 [ 244.914654][T10880] ? __pfx_lock_release+0x10/0x10 [ 244.914687][T10880] should_fail_ex+0x3b0/0x4e0 [ 244.914725][T10880] _copy_from_user+0x2f/0xe0 [ 244.914751][T10880] copy_msghdr_from_user+0xae/0x680 [ 244.914794][T10880] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 244.914846][T10880] __sys_sendmsg+0x23d/0x3a0 [ 244.914879][T10880] ? __pfx___sys_sendmsg+0x10/0x10 [ 244.914906][T10880] ? vfs_write+0x7c4/0xc90 [ 244.914980][T10880] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 244.915007][T10880] ? do_syscall_64+0x100/0x230 [ 244.915043][T10880] ? do_syscall_64+0xb6/0x230 [ 244.929823][T10868] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 244.938122][T10880] do_syscall_64+0xf3/0x230 [ 244.938167][T10880] ? clear_bhb_loop+0x35/0x90 [ 244.938191][T10880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.938224][T10880] RIP: 0033:0x7f5141775bd9 [ 244.960796][T10868] __nla_validate_parse: 18 callbacks suppressed [ 244.960818][T10868] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2024'. [ 244.963971][T10880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.963994][T10880] RSP: 002b:00007f51424d8048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 244.964020][T10880] RAX: ffffffffffffffda RBX: 00007f5141903f60 RCX: 00007f5141775bd9 [ 244.964037][T10880] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003 [ 244.964052][T10880] RBP: 00007f51424d80a0 R08: 0000000000000000 R09: 0000000000000000 [ 244.964068][T10880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 244.978550][T10868] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2024'. [ 244.984310][T10880] R13: 000000000000000b R14: 00007f5141903f60 R15: 00007fffdfa052d8 [ 244.984348][T10880] [ 245.038129][T10883] CPU: 1 PID: 10883 Comm: syz.1.2030 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 245.047827][T10868] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2024'. [ 245.049110][T10883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 245.049128][T10883] Call Trace: [ 245.049138][T10883] [ 245.049148][T10883] dump_stack_lvl+0x241/0x360 [ 245.059436][T10868] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2024'. [ 245.078192][T10883] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.078235][T10883] ? __pfx__printk+0x10/0x10 [ 245.078268][T10883] ? __pfx_lock_release+0x10/0x10 [ 245.078302][T10883] should_fail_ex+0x3b0/0x4e0 [ 245.087717][T10868] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2024'. [ 245.094712][T10883] _copy_from_user+0x2f/0xe0 [ 245.094747][T10883] copy_msghdr_from_user+0xae/0x680 [ 245.113480][T10868] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2024'. [ 245.118681][T10883] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 245.118742][T10883] __sys_sendmsg+0x23d/0x3a0 [ 245.129681][T10868] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2024'. [ 245.135990][T10883] ? __pfx___sys_sendmsg+0x10/0x10 [ 245.136024][T10883] ? vfs_write+0x7c4/0xc90 [ 245.140732][T10868] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2024'. [ 245.149229][T10883] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 245.149266][T10883] ? do_syscall_64+0x100/0x230 [ 245.149302][T10883] ? do_syscall_64+0xb6/0x230 [ 245.149337][T10883] do_syscall_64+0xf3/0x230 [ 245.149369][T10883] ? clear_bhb_loop+0x35/0x90 [ 245.149393][T10883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.149425][T10883] RIP: 0033:0x7fe866f75bd9 [ 245.149447][T10883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 245.149465][T10883] RSP: 002b:00007fe867e21048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 245.149491][T10883] RAX: ffffffffffffffda RBX: 00007fe867103f60 RCX: 00007fe866f75bd9 [ 245.149508][T10883] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003 [ 245.149522][T10883] RBP: 00007fe867e210a0 R08: 0000000000000000 R09: 0000000000000000 [ 245.149537][T10883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 245.149556][T10883] R13: 000000000000004d R14: 00007fe867103f60 R15: 00007ffc4e2c6888 [ 245.149591][T10883] [ 245.514466][T10891] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2031'. [ 245.553054][T10894] IPVS: set_ctl: invalid protocol: 22 255.255.255.255:20000 [ 245.697995][T10903] team0: Device team_slave_1 failed to change mtu [ 245.705454][T10904] macvlan4: entered allmulticast mode [ 245.718646][T10904] bond0: (slave macvlan4): Error -98 calling set_mac_address [ 245.750148][T10903] netlink: 'syz.3.2034': attribute type 64 has an invalid length. [ 245.994550][T10914] netlink: 'syz.0.2039': attribute type 21 has an invalid length. [ 246.005057][T10914] netlink: 'syz.0.2039': attribute type 4 has an invalid length. [ 246.300706][T10930] nbd: must specify an index to disconnect [ 246.329653][T10930] gretap0: entered promiscuous mode [ 246.352210][T10930] gretap0: left promiscuous mode [ 246.372946][T10932] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2045'. [ 246.779677][T10944] macvlan2: entered allmulticast mode [ 246.828757][T10944] geneve1: entered promiscuous mode [ 246.834047][T10944] geneve1: entered allmulticast mode [ 246.861038][T10944] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 247.227865][T10964] xt_CT: No such helper "snmp_trap" [ 247.705451][T10993] macvlan4: entered allmulticast mode [ 247.722377][T10993] bond0: (slave macvlan4): Error -98 calling set_mac_address [ 248.498677][T11027] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2 [ 249.022420][T11046] netlink: 'syz.0.2084': attribute type 29 has an invalid length. [ 249.046701][T11046] netlink: 'syz.0.2084': attribute type 29 has an invalid length. [ 249.072977][T11043] netlink: 'syz.0.2084': attribute type 29 has an invalid length. [ 249.095111][T11051] team0: Device team_slave_1 failed to change mtu [ 249.108394][T11043] netlink: 'syz.0.2084': attribute type 29 has an invalid length. [ 249.152989][T11051] netlink: 'syz.2.2087': attribute type 64 has an invalid length. [ 249.179662][T11043] netlink: 'syz.0.2084': attribute type 29 has an invalid length. [ 249.200305][T11043] unsupported nlmsg_type 40 [ 249.206755][T11043] xt_l2tp: missing protocol rule (udp|l2tpip) [ 249.222122][T11058] netlink: 'syz.1.2089': attribute type 1 has an invalid length. [ 251.299288][T11126] netlink: 'syz.3.2112': attribute type 4 has an invalid length. [ 251.399949][T11126] netlink: 'syz.3.2112': attribute type 4 has an invalid length. [ 251.474653][T11143] __nla_validate_parse: 6 callbacks suppressed [ 251.474675][T11143] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2116'. [ 251.812379][T11160] netlink: 'syz.2.2120': attribute type 29 has an invalid length. [ 251.834712][T11160] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2120'. [ 251.892308][T11160] netlink: 'syz.2.2120': attribute type 29 has an invalid length. [ 251.917639][T11160] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2120'. [ 252.007635][T11162] netlink: 'syz.2.2120': attribute type 29 has an invalid length. [ 252.039628][T11162] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2120'. [ 252.130492][T11165] af_packet: tpacket_rcv: packet too big, clamped from 64989 to 3952. macoff=96 [ 252.498968][T11191] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2131'. [ 252.519555][T11191] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2131'. [ 252.668773][T11196] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2133'. [ 252.724439][T11196] 8021q: adding VLAN 0 to HW filter on device ipvlan3 [ 252.929107][T11171] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2124'. [ 255.471511][T11220] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2140'. [ 255.793704][T11242] netlink: 'syz.2.2146': attribute type 11 has an invalid length. [ 256.210045][T11265] bridge2: port 1(bridge_slave_1) entered disabled state [ 256.476509][T11274] netlink: 'syz.3.2159': attribute type 6 has an invalid length. [ 256.753113][T11274] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2159'. [ 256.866493][T11289] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2162'. [ 257.311590][T11263] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2152'. [ 257.408203][T11309] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 4, id = 0 [ 257.766112][T11320] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2172'. [ 257.917561][T11323] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2175'. [ 258.059374][T11333] syz.2.2176 uses old SIOCAX25GETINFO [ 258.241950][T11339] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2179'. [ 258.434303][T11344] netlink: 'syz.3.2180': attribute type 3 has an invalid length. [ 258.439696][T11350] tipc: Can't bind to reserved service type 0 [ 258.461066][T11344] netlink: 666 bytes leftover after parsing attributes in process `syz.3.2180'. [ 259.053018][T11367] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2188'. [ 259.114415][T11367] netlink: 144316 bytes leftover after parsing attributes in process `syz.1.2188'. [ 259.256887][T11371] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 259.264233][T11371] IPv6: NLM_F_CREATE should be set when creating new route [ 259.271703][T11371] IPv6: NLM_F_CREATE should be set when creating new route [ 259.507011][T11379] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2193'. [ 260.692551][T11432] IPv6: NLM_F_REPLACE set, but no existing node found! [ 261.081642][T11459] sctp: [Deprecated]: syz.3.2225 (pid 11459) Use of int in max_burst socket option deprecated. [ 261.081642][T11459] Use struct sctp_assoc_value instead [ 261.483828][T11488] team_slave_0: entered promiscuous mode [ 261.490044][T11488] team_slave_1: entered promiscuous mode [ 261.495792][T11488] batadv1: entered promiscuous mode [ 261.505377][T11488] macvtap1: entered promiscuous mode [ 261.510894][T11488] team0: entered promiscuous mode [ 261.519337][T11488] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 261.928948][T11505] Unsupported ieee802154 address type: 0 [ 261.983912][T11505] netlink: 'syz.2.2241': attribute type 4 has an invalid length. [ 262.005485][T11505] netlink: 'syz.2.2241': attribute type 4 has an invalid length. [ 262.293353][T11526] netlink: 'syz.3.2245': attribute type 9 has an invalid length. [ 262.349386][T11526] netlink: 'syz.3.2245': attribute type 7 has an invalid length. [ 262.426255][T11526] netlink: 'syz.3.2245': attribute type 8 has an invalid length. [ 262.504986][T11538] tipc: Started in network mode [ 262.531090][T11538] tipc: Node identity aaaaaaaaaa32, cluster identity 4711 [ 262.578743][T11538] tipc: Enabled bearer , priority 10 [ 262.624401][T11538] __nla_validate_parse: 5 callbacks suppressed [ 262.624424][T11538] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2248'. [ 262.689287][T11547] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2253'. [ 262.714239][T11547] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2253'. [ 262.865081][T11553] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2255'. [ 263.338294][T11574] netlink: 'syz.1.2263': attribute type 30 has an invalid length. [ 263.451153][T11574] veth0_macvtap: left promiscuous mode [ 263.499775][T11581] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma? [ 263.597867][T11584] bond0: option miimon: invalid value (18446744073072082944) [ 263.605502][T11584] bond0: option miimon: allowed values 0 - 2147483647 [ 263.699077][ T5149] tipc: Node number set to 10005162 [ 263.738328][T11594] netlink: 'syz.2.2270': attribute type 1 has an invalid length. [ 263.779841][T11594] netlink: 9352 bytes leftover after parsing attributes in process `syz.2.2270'. [ 263.805650][T11594] netlink: 'syz.2.2270': attribute type 1 has an invalid length. [ 263.832374][T11594] netlink: 'syz.2.2270': attribute type 2 has an invalid length. [ 263.863385][T11594] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2270'. [ 264.394539][T11625] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2276'. [ 264.507102][T11622] netlink: 176 bytes leftover after parsing attributes in process `syz.1.2276'. [ 265.049033][T11642] netlink: 'syz.3.2283': attribute type 33 has an invalid length. [ 265.135460][T11622] infiniband A: set active [ 265.154154][T11622] infiniband A: added bridge_slave_0 [ 265.198020][T11622] A: rxe_create_cq: returned err = -12 [ 265.214717][T11622] infiniband A: Couldn't create ib_mad CQ [ 265.240606][T11622] infiniband A: Couldn't open port 1 [ 265.379074][T11654] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2288'. [ 265.413603][T11622] RDS/IB: A: added [ 265.428214][T11654] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2288'. [ 265.435859][T11622] smc: adding ib device A with port count 1 [ 265.454052][T11622] smc: ib device A port 1 has pnetid [ 267.120091][T11711] tipc: Started in network mode [ 267.125026][T11711] tipc: Node identity ffffffff, cluster identity 4711 [ 267.149024][T11711] tipc: Node number set to 4294967295 [ 267.190824][T11711] tipc: Enabled bearer , priority 0 [ 267.405777][T11721] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 267.599776][T11723] netdevsim netdevsim3: Direct firmware load for þÿÿÿ failed with error -2 [ 267.649861][T11723] netdevsim netdevsim3: Falling back to sysfs fallback for: þÿÿÿ [ 268.890489][T11772] net_ratelimit: 21 callbacks suppressed [ 268.890513][T11772] openvswitch: netlink: Flow actions attr not present in new flow. [ 269.104837][T11778] bpf_get_probe_write_proto: 6 callbacks suppressed [ 269.104860][T11778] syz.1.2336[11778] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 269.122682][T11778] syz.1.2336[11778] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 270.026370][T11811] __nla_validate_parse: 4 callbacks suppressed [ 270.026396][T11811] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.2348'. [ 270.182749][T11817] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2351'. [ 270.211344][T11821] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2353'. [ 270.238543][T11821] validate_nla: 4 callbacks suppressed [ 270.238561][T11821] netlink: 'syz.3.2353': attribute type 2 has an invalid length. [ 270.264550][T11821] netlink: 1 bytes leftover after parsing attributes in process `syz.3.2353'. [ 270.355779][T11825] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2353'. [ 270.640695][T11838] netlink: 'syz.1.2358': attribute type 3 has an invalid length. [ 270.976374][T11860] netlink: 'syz.2.2362': attribute type 29 has an invalid length. [ 271.007995][T11860] netlink: 'syz.2.2362': attribute type 29 has an invalid length. [ 271.059312][T11849] netlink: 'syz.2.2362': attribute type 29 has an invalid length. [ 271.149166][T11849] netlink: 'syz.2.2362': attribute type 29 has an invalid length. [ 271.198911][T11849] netlink: 'syz.2.2362': attribute type 29 has an invalid length. [ 271.242268][T11849] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2362'. [ 271.299710][T11849] xt_l2tp: missing protocol rule (udp|l2tpip) [ 271.662483][T11892] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2376'. [ 272.408431][T11946] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2391'. [ 272.579192][T11955] FAULT_INJECTION: forcing a failure. [ 272.579192][T11955] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 272.616278][T11955] CPU: 1 PID: 11955 Comm: syz.4.2394 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 272.626502][T11955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 272.636598][T11955] Call Trace: [ 272.639915][T11955] [ 272.642879][T11955] dump_stack_lvl+0x241/0x360 [ 272.647618][T11955] ? __pfx_dump_stack_lvl+0x10/0x10 [ 272.652870][T11955] ? __pfx__printk+0x10/0x10 [ 272.657508][T11955] ? __pfx_lock_release+0x10/0x10 [ 272.662571][T11955] ? vfs_write+0x7c4/0xc90 [ 272.667055][T11955] should_fail_ex+0x3b0/0x4e0 [ 272.671785][T11955] _copy_from_user+0x2f/0xe0 [ 272.676422][T11955] __sys_bpf+0x1a4/0x810 [ 272.680726][T11955] ? __pfx___sys_bpf+0x10/0x10 [ 272.685555][T11955] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 272.691580][T11955] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 272.698041][T11955] ? do_syscall_64+0x100/0x230 [ 272.702852][T11955] __x64_sys_bpf+0x7c/0x90 [ 272.707293][T11955] do_syscall_64+0xf3/0x230 [ 272.711875][T11955] ? clear_bhb_loop+0x35/0x90 [ 272.716560][T11955] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.722474][T11955] RIP: 0033:0x7f5141775bd9 [ 272.726897][T11955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.746509][T11955] RSP: 002b:00007f51424d8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 272.754934][T11955] RAX: ffffffffffffffda RBX: 00007f5141903f60 RCX: 00007f5141775bd9 [ 272.762916][T11955] RDX: 0000000000000050 RSI: 0000000020000080 RDI: 000000000000000a [ 272.770896][T11955] RBP: 00007f51424d80a0 R08: 0000000000000000 R09: 0000000000000000 [ 272.778878][T11955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 272.786955][T11955] R13: 000000000000000b R14: 00007f5141903f60 R15: 00007fffdfa052d8 [ 272.794947][T11955] [ 272.940218][T11965] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2399'. [ 272.956368][T11965] syz_tun: Device is already in use. [ 272.992356][T11969] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2401'. [ 273.135924][T11975] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 273.143290][T11975] IPv6: NLM_F_CREATE should be set when creating new route [ 273.374102][T11992] netlink: zone id is out of range [ 273.444874][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 273.880138][T12015] FAULT_INJECTION: forcing a failure. [ 273.880138][T12015] name failslab, interval 1, probability 0, space 0, times 0 [ 273.893332][T12015] CPU: 1 PID: 12015 Comm: syz.3.2411 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 273.903518][T12015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 273.913596][T12015] Call Trace: [ 273.916890][T12015] [ 273.919832][T12015] dump_stack_lvl+0x241/0x360 [ 273.924538][T12015] ? __pfx_dump_stack_lvl+0x10/0x10 [ 273.929757][T12015] ? __pfx__printk+0x10/0x10 [ 273.934370][T12015] should_fail_ex+0x3b0/0x4e0 [ 273.939067][T12015] ? skb_clone+0x20c/0x390 [ 273.943495][T12015] should_failslab+0x9/0x20 [ 273.948016][T12015] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 273.953410][T12015] skb_clone+0x20c/0x390 [ 273.957669][T12015] ? dev_queue_xmit_nit+0x220/0xc10 [ 273.962878][T12015] dev_queue_xmit_nit+0x419/0xc10 [ 273.967914][T12015] ? dev_queue_xmit_nit+0x2b/0xc10 [ 273.973048][T12015] ? validate_xmit_skb+0xa04/0x1120 [ 273.978263][T12015] dev_hard_start_xmit+0x15f/0x7e0 [ 273.983387][T12015] ? __pfx_validate_xmit_skb+0x10/0x10 [ 273.988869][T12015] __dev_queue_xmit+0x1b0e/0x3d30 [ 273.993926][T12015] ? __dev_queue_xmit+0x2d2/0x3d30 [ 273.999067][T12015] ? __pfx___dev_queue_xmit+0x10/0x10 [ 274.004544][T12015] ? __copy_skb_header+0x437/0x5b0 [ 274.009672][T12015] ? __asan_memcpy+0x40/0x70 [ 274.014276][T12015] ? __copy_skb_header+0x437/0x5b0 [ 274.019405][T12015] ? __skb_clone+0x454/0x6c0 [ 274.024015][T12015] ? skb_clone+0x240/0x390 [ 274.028446][T12015] __netlink_deliver_tap+0x54d/0x7c0 [ 274.033756][T12015] ? netlink_deliver_tap+0x2e/0x1b0 [ 274.038969][T12015] netlink_deliver_tap+0x19d/0x1b0 [ 274.044114][T12015] netlink_unicast+0x7b8/0x980 [ 274.048905][T12015] ? __pfx_netlink_unicast+0x10/0x10 [ 274.054205][T12015] ? __virt_addr_valid+0x183/0x520 [ 274.059334][T12015] ? __check_object_size+0x49c/0x900 [ 274.064637][T12015] ? bpf_lsm_netlink_send+0x9/0x10 [ 274.069768][T12015] netlink_sendmsg+0x8db/0xcb0 [ 274.074560][T12015] ? __pfx_netlink_sendmsg+0x10/0x10 [ 274.079873][T12015] ? __import_iovec+0x536/0x820 [ 274.084735][T12015] ? aa_sock_msg_perm+0x91/0x160 [ 274.089695][T12015] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 274.094989][T12015] ? security_socket_sendmsg+0x87/0xb0 [ 274.100470][T12015] ? __pfx_netlink_sendmsg+0x10/0x10 [ 274.105773][T12015] __sock_sendmsg+0x221/0x270 [ 274.110473][T12015] ____sys_sendmsg+0x525/0x7d0 [ 274.115260][T12015] ? __pfx_____sys_sendmsg+0x10/0x10 [ 274.120574][T12015] __sys_sendmsg+0x2b0/0x3a0 [ 274.125181][T12015] ? __pfx___sys_sendmsg+0x10/0x10 [ 274.130391][T12015] ? vfs_write+0x7c4/0xc90 [ 274.134860][T12015] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 274.141200][T12015] ? do_syscall_64+0x100/0x230 [ 274.145984][T12015] ? do_syscall_64+0xb6/0x230 [ 274.150682][T12015] do_syscall_64+0xf3/0x230 [ 274.155208][T12015] ? clear_bhb_loop+0x35/0x90 [ 274.159895][T12015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.165814][T12015] RIP: 0033:0x7fcfe2f75bd9 [ 274.170237][T12015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.189847][T12015] RSP: 002b:00007fcfe3dc3048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 274.198278][T12015] RAX: ffffffffffffffda RBX: 00007fcfe3103f60 RCX: 00007fcfe2f75bd9 [ 274.206260][T12015] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 274.214234][T12015] RBP: 00007fcfe3dc30a0 R08: 0000000000000000 R09: 0000000000000000 [ 274.222213][T12015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 274.230224][T12015] R13: 000000000000000b R14: 00007fcfe3103f60 R15: 00007fff2578f968 [ 274.238249][T12015] [ 274.267934][T12015] ipvlan2: entered promiscuous mode [ 274.287590][T12015] ipvlan2: entered allmulticast mode [ 274.511865][T12024] SET target dimension over the limit! [ 274.540917][T12025] pim6reg1: entered promiscuous mode [ 274.556693][T12025] pim6reg1: entered allmulticast mode [ 274.585132][T12029] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 275.340071][T12072] ebt_among: dst integrity fail: 200 [ 275.981344][T12098] FAULT_INJECTION: forcing a failure. [ 275.981344][T12098] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 275.995474][T12098] CPU: 0 PID: 12098 Comm: syz.1.2437 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 276.005674][T12098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 276.015775][T12098] Call Trace: [ 276.019090][T12098] [ 276.022049][T12098] dump_stack_lvl+0x241/0x360 [ 276.026779][T12098] ? __pfx_dump_stack_lvl+0x10/0x10 [ 276.032026][T12098] ? __pfx__printk+0x10/0x10 [ 276.036671][T12098] ? snprintf+0xda/0x120 [ 276.040959][T12098] should_fail_ex+0x3b0/0x4e0 [ 276.045698][T12098] _copy_to_user+0x2f/0xb0 [ 276.050156][T12098] simple_read_from_buffer+0xca/0x150 [ 276.055576][T12098] proc_fail_nth_read+0x1e9/0x250 [ 276.060653][T12098] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 276.066252][T12098] ? rw_verify_area+0x514/0x6b0 [ 276.071142][T12098] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 276.076732][T12098] vfs_read+0x204/0xbd0 [ 276.080929][T12098] ? __pfx_lock_release+0x10/0x10 [ 276.086001][T12098] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 276.091604][T12098] ? __pfx_vfs_read+0x10/0x10 [ 276.096328][T12098] ? __fget_files+0x29/0x470 [ 276.100986][T12098] ? __fget_files+0x3f6/0x470 [ 276.105724][T12098] ksys_read+0x1a0/0x2c0 [ 276.110017][T12098] ? __pfx_ksys_read+0x10/0x10 [ 276.114825][T12098] ? do_syscall_64+0x100/0x230 [ 276.119649][T12098] ? do_syscall_64+0xb6/0x230 [ 276.124376][T12098] do_syscall_64+0xf3/0x230 [ 276.128929][T12098] ? clear_bhb_loop+0x35/0x90 [ 276.133642][T12098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.139585][T12098] RIP: 0033:0x7fe866f746bc [ 276.144044][T12098] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 276.163695][T12098] RSP: 002b:00007fe867e21040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 276.172162][T12098] RAX: ffffffffffffffda RBX: 00007fe867103f60 RCX: 00007fe866f746bc [ 276.180179][T12098] RDX: 000000000000000f RSI: 00007fe867e210b0 RDI: 0000000000000006 [ 276.188185][T12098] RBP: 00007fe867e210a0 R08: 0000000000000000 R09: 0000000000000000 [ 276.196180][T12098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 276.204171][T12098] R13: 000000000000004d R14: 00007fe867103f60 R15: 00007ffc4e2c6888 [ 276.212204][T12098] [ 276.400418][T12103] __nla_validate_parse: 4 callbacks suppressed [ 276.400442][T12103] netlink: 332 bytes leftover after parsing attributes in process `syz.0.2438'. [ 276.431620][T12103] netlink: 'syz.0.2438': attribute type 9 has an invalid length. [ 276.444433][T12103] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2438'. [ 276.456939][T12103] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2438'. [ 276.497905][T12103] nbd: must specify at least one socket [ 276.889123][T12113] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2442'. [ 278.543543][T12122] netlink: 'syz.1.2444': attribute type 11 has an invalid length. [ 278.552120][T12122] netlink: 211132 bytes leftover after parsing attributes in process `syz.1.2444'. [ 279.021029][T12139] netlink: 494 bytes leftover after parsing attributes in process `syz.4.2448'. [ 279.135494][T12155] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2455'. [ 279.527965][T12171] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 279.859201][T12183] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2464'. [ 279.934398][T12193] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2466'. [ 280.079024][T12198] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2470'. [ 280.916912][T12235] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 280.938949][T12235] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 281.238949][T12246] FAULT_INJECTION: forcing a failure. [ 281.238949][T12246] name failslab, interval 1, probability 0, space 0, times 0 [ 281.282981][T12246] CPU: 0 PID: 12246 Comm: syz.1.2486 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 281.293208][T12246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 281.303304][T12246] Call Trace: [ 281.306620][T12246] [ 281.309590][T12246] dump_stack_lvl+0x241/0x360 [ 281.314329][T12246] ? __pfx_dump_stack_lvl+0x10/0x10 [ 281.319584][T12246] ? __pfx__printk+0x10/0x10 [ 281.324220][T12246] ? __pfx___might_resched+0x10/0x10 [ 281.329692][T12246] should_fail_ex+0x3b0/0x4e0 [ 281.334422][T12246] ? sctp_transport_new+0x7e/0x5d0 [ 281.339579][T12246] should_failslab+0x9/0x20 [ 281.344146][T12246] kmalloc_trace_noprof+0x6c/0x2c0 [ 281.349317][T12246] ? sctp_copy_one_addr+0x341/0x680 [ 281.354569][T12246] sctp_transport_new+0x7e/0x5d0 [ 281.359555][T12246] sctp_assoc_add_peer+0x228/0x15c0 [ 281.364793][T12246] ? sctp_bind_addr_copy+0x36c/0x3b0 [ 281.370127][T12246] sctp_connect_new_asoc+0x31d/0x6c0 [ 281.375455][T12246] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 281.381307][T12246] ? sctp_sendmsg+0xbb9/0x3520 [ 281.386116][T12246] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 281.391697][T12246] ? security_sctp_bind_connect+0x90/0xb0 [ 281.397642][T12246] sctp_sendmsg+0x219a/0x3520 [ 281.402467][T12246] ? __pfx_sctp_sendmsg+0x10/0x10 [ 281.407624][T12246] ? __pfx_aa_sk_perm+0x10/0x10 [ 281.412622][T12246] ? inet_sendmsg+0x330/0x390 [ 281.417341][T12246] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 281.422665][T12246] ? security_socket_sendmsg+0x87/0xb0 [ 281.428262][T12246] __sock_sendmsg+0x1a6/0x270 [ 281.432998][T12246] __sys_sendto+0x3a4/0x4f0 [ 281.437558][T12246] ? __pfx___sys_sendto+0x10/0x10 [ 281.442662][T12246] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 281.448683][T12246] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 281.455063][T12246] __x64_sys_sendto+0xde/0x100 [ 281.459870][T12246] do_syscall_64+0xf3/0x230 [ 281.464511][T12246] ? clear_bhb_loop+0x35/0x90 [ 281.469223][T12246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.475159][T12246] RIP: 0033:0x7fe866f75bd9 [ 281.479612][T12246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.499255][T12246] RSP: 002b:00007fe867e21048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 281.507764][T12246] RAX: ffffffffffffffda RBX: 00007fe867103f60 RCX: 00007fe866f75bd9 [ 281.515767][T12246] RDX: 0000000000000001 RSI: 0000000020000300 RDI: 0000000000000005 [ 281.523757][T12246] RBP: 00007fe867e210a0 R08: 0000000020000380 R09: 0000000000000010 [ 281.531740][T12246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 281.539894][T12246] R13: 000000000000004d R14: 00007fe867103f60 R15: 00007ffc4e2c6888 [ 281.547908][T12246] [ 282.713722][T12292] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 283.039079][T12259] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2490'. [ 283.434805][T12313] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2508'. [ 283.498299][T12317] netlink: 'syz.1.2510': attribute type 2 has an invalid length. [ 283.536477][T12317] netlink: 38 bytes leftover after parsing attributes in process `syz.1.2510'. [ 283.536769][T12315] can: request_module (can-proto-0) failed. [ 283.742113][T12315] C: renamed from lo (while UP) [ 283.772956][T12329] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2514'. [ 283.773643][T12315] netlink: 6 bytes leftover after parsing attributes in process `syz.1.2510'. [ 283.811879][T12315] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 283.849107][T12329] netlink: 6 bytes leftover after parsing attributes in process `syz.3.2514'. [ 283.876735][T12331] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2513'. [ 283.935695][T12329] IPVS: Unknown mcast interface: vcan0 [ 284.201704][T12342] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2517'. [ 284.246707][T12342] openvswitch: netlink: Multiple metadata blocks provided [ 284.670530][T12361] xt_CT: You must specify a L4 protocol and not use inversions on it [ 284.728031][T12364] FAULT_INJECTION: forcing a failure. [ 284.728031][T12364] name failslab, interval 1, probability 0, space 0, times 0 [ 284.785485][T12364] CPU: 0 PID: 12364 Comm: syz.3.2524 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 284.795799][T12364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 284.805899][T12364] Call Trace: [ 284.809224][T12364] [ 284.812193][T12364] dump_stack_lvl+0x241/0x360 [ 284.816931][T12364] ? __pfx_dump_stack_lvl+0x10/0x10 [ 284.822190][T12364] ? __pfx__printk+0x10/0x10 [ 284.826847][T12364] should_fail_ex+0x3b0/0x4e0 [ 284.831572][T12364] ? sctp_add_bind_addr+0x89/0x3a0 [ 284.836712][T12364] should_failslab+0x9/0x20 [ 284.841242][T12364] kmalloc_trace_noprof+0x6c/0x2c0 [ 284.846393][T12364] sctp_add_bind_addr+0x89/0x3a0 [ 284.851357][T12364] sctp_copy_local_addr_list+0x311/0x500 [ 284.857013][T12364] ? sctp_copy_local_addr_list+0xab/0x500 [ 284.862754][T12364] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 284.868927][T12364] ? sctp_v4_is_any+0x35/0x60 [ 284.873635][T12364] sctp_bind_addr_copy+0xad/0x3b0 [ 284.878680][T12364] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 284.885065][T12364] sctp_connect_new_asoc+0x2f3/0x6c0 [ 284.890366][T12364] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 284.896184][T12364] ? sctp_sendmsg+0xbb9/0x3520 [ 284.900963][T12364] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 284.906524][T12364] ? security_sctp_bind_connect+0x90/0xb0 [ 284.912261][T12364] sctp_sendmsg+0x219a/0x3520 [ 284.916971][T12364] ? __pfx_sctp_sendmsg+0x10/0x10 [ 284.922014][T12364] ? __pfx_aa_sk_perm+0x10/0x10 [ 284.926882][T12364] ? __pfx_lock_release+0x10/0x10 [ 284.931924][T12364] ? inet_sendmsg+0x330/0x390 [ 284.936620][T12364] __sock_sendmsg+0x1a6/0x270 [ 284.941321][T12364] ____sys_sendmsg+0x525/0x7d0 [ 284.946109][T12364] ? __pfx_____sys_sendmsg+0x10/0x10 [ 284.951434][T12364] __sys_sendmsg+0x2b0/0x3a0 [ 284.956043][T12364] ? __pfx___sys_sendmsg+0x10/0x10 [ 284.961168][T12364] ? vfs_write+0x7c4/0xc90 [ 284.965635][T12364] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 284.971976][T12364] ? do_syscall_64+0x100/0x230 [ 284.976761][T12364] ? do_syscall_64+0xb6/0x230 [ 284.981458][T12364] do_syscall_64+0xf3/0x230 [ 284.985984][T12364] ? clear_bhb_loop+0x35/0x90 [ 284.990673][T12364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.996588][T12364] RIP: 0033:0x7fcfe2f75bd9 [ 285.001012][T12364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.020635][T12364] RSP: 002b:00007fcfe3dc3048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 285.029067][T12364] RAX: ffffffffffffffda RBX: 00007fcfe3103f60 RCX: 00007fcfe2f75bd9 [ 285.037048][T12364] RDX: 0000000000000000 RSI: 0000000020000900 RDI: 0000000000000003 [ 285.045029][T12364] RBP: 00007fcfe3dc30a0 R08: 0000000000000000 R09: 0000000000000000 [ 285.053013][T12364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 285.060998][T12364] R13: 000000000000000b R14: 00007fcfe3103f60 R15: 00007fff2578f968 [ 285.069001][T12364] [ 285.822873][T12398] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2532'. [ 286.036429][T12409] FAULT_INJECTION: forcing a failure. [ 286.036429][T12409] name failslab, interval 1, probability 0, space 0, times 0 [ 286.060143][T12409] CPU: 1 PID: 12409 Comm: syz.0.2539 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 286.070362][T12409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 286.080541][T12409] Call Trace: [ 286.083862][T12409] [ 286.086830][T12409] dump_stack_lvl+0x241/0x360 [ 286.091559][T12409] ? __pfx_dump_stack_lvl+0x10/0x10 [ 286.096801][T12409] ? __pfx__printk+0x10/0x10 [ 286.101437][T12409] ? __pfx___might_resched+0x10/0x10 [ 286.106768][T12409] should_fail_ex+0x3b0/0x4e0 [ 286.111487][T12409] should_failslab+0x9/0x20 [ 286.116029][T12409] __kmalloc_node_noprof+0xdf/0x440 [ 286.121273][T12409] ? kvmalloc_node_noprof+0x72/0x190 [ 286.126598][T12409] kvmalloc_node_noprof+0x72/0x190 [ 286.131742][T12409] alloc_netdev_mqs+0x87e/0xf80 [ 286.136616][T12409] rtnl_create_link+0x2f9/0xc20 [ 286.141491][T12409] rtnl_newlink+0x1421/0x20a0 [ 286.146180][T12409] ? rtnl_newlink+0xaf1/0x20a0 [ 286.150990][T12409] ? __pfx_rtnl_newlink+0x10/0x10 [ 286.156029][T12409] ? __pfx___mutex_trylock_common+0x10/0x10 [ 286.162042][T12409] ? rcu_is_watching+0x15/0xb0 [ 286.166817][T12409] ? trace_contention_end+0x3c/0x120 [ 286.172120][T12409] ? __mutex_lock+0x2ef/0xd70 [ 286.176821][T12409] ? __pfx_lock_release+0x10/0x10 [ 286.181879][T12409] ? __pfx_rtnl_newlink+0x10/0x10 [ 286.186919][T12409] rtnetlink_rcv_msg+0x89b/0x1180 [ 286.191966][T12409] ? rtnetlink_rcv_msg+0x208/0x1180 [ 286.197230][T12409] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 286.202745][T12409] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 286.208836][T12409] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 286.215218][T12409] ? __local_bh_enable_ip+0x168/0x200 [ 286.220632][T12409] ? lockdep_hardirqs_on+0x99/0x150 [ 286.225851][T12409] ? __local_bh_enable_ip+0x168/0x200 [ 286.231241][T12409] ? dev_hard_start_xmit+0x773/0x7e0 [ 286.236541][T12409] ? __dev_queue_xmit+0x2d2/0x3d30 [ 286.241682][T12409] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 286.247415][T12409] ? __dev_queue_xmit+0x2d2/0x3d30 [ 286.252546][T12409] ? __dev_queue_xmit+0x16c9/0x3d30 [ 286.257774][T12409] ? __dev_queue_xmit+0x2d2/0x3d30 [ 286.262909][T12409] ? ref_tracker_free+0x643/0x7e0 [ 286.267955][T12409] netlink_rcv_skb+0x1e3/0x430 [ 286.272735][T12409] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 286.278215][T12409] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 286.283538][T12409] ? netlink_deliver_tap+0x2e/0x1b0 [ 286.288760][T12409] netlink_unicast+0x7ea/0x980 [ 286.293551][T12409] ? __pfx_netlink_unicast+0x10/0x10 [ 286.298845][T12409] ? __virt_addr_valid+0x183/0x520 [ 286.303978][T12409] ? __check_object_size+0x49c/0x900 [ 286.309281][T12409] ? bpf_lsm_netlink_send+0x9/0x10 [ 286.314415][T12409] netlink_sendmsg+0x8db/0xcb0 [ 286.319211][T12409] ? __pfx_netlink_sendmsg+0x10/0x10 [ 286.324518][T12409] ? __import_iovec+0x536/0x820 [ 286.329375][T12409] ? aa_sock_msg_perm+0x91/0x160 [ 286.334330][T12409] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 286.339643][T12409] ? security_socket_sendmsg+0x87/0xb0 [ 286.345118][T12409] ? __pfx_netlink_sendmsg+0x10/0x10 [ 286.350415][T12409] __sock_sendmsg+0x221/0x270 [ 286.355115][T12409] ____sys_sendmsg+0x525/0x7d0 [ 286.359897][T12409] ? __pfx_____sys_sendmsg+0x10/0x10 [ 286.365225][T12409] __sys_sendmsg+0x2b0/0x3a0 [ 286.369831][T12409] ? __pfx___sys_sendmsg+0x10/0x10 [ 286.374953][T12409] ? vfs_write+0x7c4/0xc90 [ 286.379414][T12409] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 286.385771][T12409] ? do_syscall_64+0x100/0x230 [ 286.390617][T12409] ? do_syscall_64+0xb6/0x230 [ 286.395323][T12409] do_syscall_64+0xf3/0x230 [ 286.399882][T12409] ? clear_bhb_loop+0x35/0x90 [ 286.404579][T12409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.410500][T12409] RIP: 0033:0x7f2145f75bd9 [ 286.414929][T12409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.434544][T12409] RSP: 002b:00007f2146cf6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 286.442973][T12409] RAX: ffffffffffffffda RBX: 00007f2146103f60 RCX: 00007f2145f75bd9 [ 286.450955][T12409] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 000000000000000c [ 286.458932][T12409] RBP: 00007f2146cf60a0 R08: 0000000000000000 R09: 0000000000000000 [ 286.466907][T12409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 286.474905][T12409] R13: 000000000000000b R14: 00007f2146103f60 R15: 00007fff9967ae68 [ 286.482899][T12409] [ 287.005750][T12431] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2543'. [ 287.032110][T12435] FAULT_INJECTION: forcing a failure. [ 287.032110][T12435] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 287.086106][T12435] CPU: 0 PID: 12435 Comm: syz.1.2545 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 287.096331][T12435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 287.106430][T12435] Call Trace: [ 287.109747][T12435] [ 287.112731][T12435] dump_stack_lvl+0x241/0x360 [ 287.117463][T12435] ? __pfx_dump_stack_lvl+0x10/0x10 [ 287.122716][T12435] ? __pfx__printk+0x10/0x10 [ 287.127355][T12435] ? __pfx_lock_release+0x10/0x10 [ 287.132421][T12435] ? vfs_write+0x7c4/0xc90 [ 287.136884][T12435] should_fail_ex+0x3b0/0x4e0 [ 287.141617][T12435] _copy_from_user+0x2f/0xe0 [ 287.146339][T12435] __sys_bpf+0x1a4/0x810 [ 287.150638][T12435] ? __pfx___sys_bpf+0x10/0x10 [ 287.155469][T12435] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 287.161542][T12435] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 287.167916][T12435] ? do_syscall_64+0x100/0x230 [ 287.172742][T12435] __x64_sys_bpf+0x7c/0x90 [ 287.177227][T12435] do_syscall_64+0xf3/0x230 [ 287.181784][T12435] ? clear_bhb_loop+0x35/0x90 [ 287.186507][T12435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.192484][T12435] RIP: 0033:0x7fe866f75bd9 [ 287.196933][T12435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 287.216588][T12435] RSP: 002b:00007fe867e21048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 287.225042][T12435] RAX: ffffffffffffffda RBX: 00007fe867103f60 RCX: 00007fe866f75bd9 [ 287.233057][T12435] RDX: 000000000000002c RSI: 0000000020000080 RDI: 000000000000000a [ 287.241149][T12435] RBP: 00007fe867e210a0 R08: 0000000000000000 R09: 0000000000000000 [ 287.249223][T12435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 287.257217][T12435] R13: 000000000000004d R14: 00007fe867103f60 R15: 00007ffc4e2c6888 [ 287.265246][T12435] [ 288.519838][T12483] __nla_validate_parse: 1 callbacks suppressed [ 288.519860][T12483] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2562'. [ 289.748168][ T5098] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 289.776597][ T5098] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 289.812330][ T5098] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 289.825866][ T5098] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 289.842022][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 289.858743][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 289.887888][ T53] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 289.910005][ T53] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 289.921633][ T53] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 289.933057][ T53] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 289.948047][ T53] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 289.955780][ T53] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 290.007910][T12528] sctp: [Deprecated]: syz.3.2574 (pid 12528) Use of struct sctp_assoc_value in delayed_ack socket option. [ 290.007910][T12528] Use struct sctp_sack_info instead [ 290.087918][ T2477] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 290.106330][T12531] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2576'. [ 290.119051][ T2477] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.399942][ T2477] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 290.424428][ T2477] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.625666][ T2477] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 290.661469][ T2477] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.715197][T12546] vlan3: entered promiscuous mode [ 290.720906][T12546] vlan3: entered allmulticast mode [ 290.726372][T12546] team0: entered allmulticast mode [ 290.735962][T12546] team_slave_0: entered allmulticast mode [ 290.746188][T12546] team_slave_1: entered allmulticast mode [ 290.757804][T12546] batadv1: entered allmulticast mode [ 290.769206][T12549] ip_vti0: Master is either lo or non-ether device [ 290.956548][ T2477] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 290.991784][ T2477] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.385807][T12561] vlan2: entered promiscuous mode [ 291.407500][T12561] team0: Device vlan2 is already an upper device of the team interface [ 291.813962][ T2477] team0: left allmulticast mode [ 291.835742][ T2477] team_slave_0: left allmulticast mode [ 291.868175][ T2477] team_slave_1: left allmulticast mode [ 291.906720][ T2477] team0: left promiscuous mode [ 291.937861][ T2477] team_slave_0: left promiscuous mode [ 291.943669][ T2477] team_slave_1: left promiscuous mode [ 291.961749][ T53] Bluetooth: hci0: command tx timeout [ 291.978429][ T2477] bridge0: port 3(team0) entered disabled state [ 292.024734][ T2477] bridge_slave_1: left allmulticast mode [ 292.038751][ T53] Bluetooth: hci4: command tx timeout [ 292.045757][ T2477] bridge_slave_1: left promiscuous mode [ 292.060181][ T2477] bridge0: port 2(bridge_slave_1) entered disabled state [ 292.105308][ T2477] bridge_slave_0: left allmulticast mode [ 292.122634][ T2477] bridge_slave_0: left promiscuous mode [ 292.146026][ T2477] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.295557][ T2477] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 293.306882][ T2477] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 293.319047][ T2477] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 293.331191][ T2477] bond0 (unregistering): Released all slaves [ 293.360799][T12519] chnl_net:caif_netlink_parms(): no params data found [ 293.379734][T12588] syz_tun: entered promiscuous mode [ 293.385361][T12588] vlan4: entered promiscuous mode [ 293.391390][T12588] vlan4: entered allmulticast mode [ 293.534052][ T2477] tipc: Left network mode [ 293.600914][T12611] netlink: 'syz.2.2600': attribute type 1 has an invalid length. [ 293.638621][T12611] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2600'. [ 293.687416][T12611] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2600'. [ 293.874070][T12611] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2600'. [ 293.989311][T12618] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2600'. [ 294.038554][ T53] Bluetooth: hci0: command tx timeout [ 294.107728][T12519] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.118645][ T53] Bluetooth: hci4: command tx timeout [ 294.131067][T12519] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.153548][T12519] bridge_slave_0: entered allmulticast mode [ 294.175392][T12519] bridge_slave_0: entered promiscuous mode [ 294.194195][T12629] netlink: 'syz.4.2602': attribute type 13 has an invalid length. [ 294.208799][T12629] netlink: 24859 bytes leftover after parsing attributes in process `syz.4.2602'. [ 294.237986][T12623] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2600'. [ 294.262057][T12632] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2602'. [ 294.308944][T12632] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2602'. [ 294.335161][T12519] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.377608][T12519] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.397537][T12519] bridge_slave_1: entered allmulticast mode [ 294.419426][T12519] bridge_slave_1: entered promiscuous mode [ 294.496744][T12644] bridge0: entered allmulticast mode [ 294.528964][T12650] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2607'. [ 294.643969][T12519] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 294.700713][T12519] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 294.768652][T12661] pimreg: entered allmulticast mode [ 294.799585][T12661] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2609'. [ 294.822112][T12521] chnl_net:caif_netlink_parms(): no params data found [ 294.888498][T12674] netlink: 'syz.4.2612': attribute type 1 has an invalid length. [ 294.941833][T12661] pimreg: left allmulticast mode [ 295.022937][T12519] team0: Port device team_slave_0 added [ 295.070047][T12519] team0: Port device team_slave_1 added [ 295.423523][T12681] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 295.424528][T12699] rdma_rxe: rxe_newlink: failed to add bridge_slave_0 [ 295.433264][T12681] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 295.449963][T12681] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 295.459421][T12681] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 295.477547][T12681] vxlan0: entered promiscuous mode [ 295.483424][T12681] vxlan0: entered allmulticast mode [ 295.508554][T12681] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 295.517664][T12681] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 295.526573][T12681] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 295.535655][T12681] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 295.574140][T12684] netlink: 'syz.4.2613': attribute type 12 has an invalid length. [ 295.594058][T12684] netlink: 'syz.4.2613': attribute type 29 has an invalid length. [ 295.617899][T12684] netlink: 'syz.4.2613': attribute type 2 has an invalid length. [ 295.643250][T12684] netlink: 'syz.4.2613': attribute type 2 has an invalid length. [ 295.657894][T12684] netlink: 'syz.4.2613': attribute type 1 has an invalid length. [ 295.676030][T12684] netlink: 'syz.4.2613': attribute type 37 has an invalid length. [ 295.696254][T12684] netlink: 'syz.4.2613': attribute type 2 has an invalid length. [ 295.724129][T12684] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.749771][T12519] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 295.765376][T12519] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.827402][T12519] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 296.058182][T12519] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 296.065185][T12519] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 296.126988][ T53] Bluetooth: hci0: command tx timeout [ 296.132234][T12519] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 296.197966][ T53] Bluetooth: hci4: command tx timeout [ 296.236394][T12712] xt_TPROXY: Can be used only with -p tcp or -p udp [ 296.290794][T12718] bridge0: entered allmulticast mode [ 296.396756][ T2477] hsr_slave_0: left promiscuous mode [ 296.407449][ T2477] hsr_slave_1: left promiscuous mode [ 296.421214][ T2477] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 296.430119][ T2477] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 296.438886][ T2477] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 296.466847][ T2477] veth1_macvtap: left promiscuous mode [ 296.475210][ T2477] veth0_vlan: left promiscuous mode [ 297.091522][ T2477] team0 (unregistering): Port device team_slave_1 removed [ 297.134864][ T2477] team0 (unregistering): Port device team_slave_0 removed [ 297.503974][T12521] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.513276][T12521] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.525127][T12521] bridge_slave_0: entered allmulticast mode [ 297.534963][T12521] bridge_slave_0: entered promiscuous mode [ 297.684038][T12519] hsr_slave_0: entered promiscuous mode [ 297.737456][T12519] hsr_slave_1: entered promiscuous mode [ 297.754435][T12519] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 297.769530][T12519] Cannot create hsr debugfs directory [ 297.775817][T12521] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.784845][T12521] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.794742][T12521] bridge_slave_1: entered allmulticast mode [ 297.810668][T12521] bridge_slave_1: entered promiscuous mode [ 298.002912][T12521] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 298.152301][T12521] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 298.197975][ T53] Bluetooth: hci0: command tx timeout [ 298.277847][ T53] Bluetooth: hci4: command tx timeout [ 298.280716][T12753] xt_TPROXY: Can be used only with -p tcp or -p udp [ 298.421321][T12521] team0: Port device team_slave_0 added [ 298.521245][T12755] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 298.534259][T12521] team0: Port device team_slave_1 added [ 298.558259][T12755] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 298.713687][T12521] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 298.731401][T12521] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.772219][T12521] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 298.785997][T12521] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 298.804303][T12521] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.830805][T12521] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 298.856715][T12772] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.960934][T12749] __nla_validate_parse: 4 callbacks suppressed [ 298.960955][T12749] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2628'. [ 299.145605][T12521] hsr_slave_0: entered promiscuous mode [ 299.166318][T12521] hsr_slave_1: entered promiscuous mode [ 299.180719][T12521] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 299.197961][T12521] Cannot create hsr debugfs directory [ 299.382626][T12783] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2635'. [ 299.393211][T12783] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2635'. [ 299.461615][ T2477] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.642665][T12789] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2637'. [ 299.703263][ T2477] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.831099][ T2477] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.091597][ T2477] netdevsim netdevsim1 netdevsim0 (unregistering): left promiscuous mode [ 300.138219][ T2477] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.307328][T12809] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2642'. [ 300.349323][T12805] pimreg: entered allmulticast mode [ 300.461115][T12804] pimreg: left allmulticast mode [ 300.976486][T12827] vlan2: entered promiscuous mode [ 301.000258][T12827] bond0: entered promiscuous mode [ 301.018746][T12827] bond_slave_0: entered promiscuous mode [ 301.038552][T12827] bond_slave_1: entered promiscuous mode [ 301.066325][T12827] bond0: left promiscuous mode [ 301.077553][T12827] bond_slave_0: left promiscuous mode [ 301.092528][T12827] bond_slave_1: left promiscuous mode [ 301.199449][T12828] vlan2: entered promiscuous mode [ 301.205756][T12828] bond0: entered promiscuous mode [ 301.223340][T12828] bond_slave_0: entered promiscuous mode [ 301.230897][T12828] bond_slave_1: entered promiscuous mode [ 301.252383][T12828] bond0: left promiscuous mode [ 301.268153][T12828] bond_slave_0: left promiscuous mode [ 301.276859][T12828] bond_slave_1: left promiscuous mode [ 301.491125][ T2477] team0: left allmulticast mode [ 301.507303][ T2477] team_slave_0: left allmulticast mode [ 301.523136][ T2477] team_slave_1: left allmulticast mode [ 301.529364][ T2477] batadv1: left allmulticast mode [ 301.553172][ T2477] bridge0: port 3(team0) entered disabled state [ 301.612155][ T2477] bridge_slave_1: left allmulticast mode [ 301.666892][ T2477] bridge_slave_1: left promiscuous mode [ 301.673865][ T2477] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.731307][ T2477] bridge_slave_0: left allmulticast mode [ 301.738562][ T2477] bridge_slave_0: left promiscuous mode [ 301.750870][ T2477] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.894957][ T2477] bond_slave_0: left promiscuous mode [ 301.915063][ T2477] bond_slave_1: left promiscuous mode [ 302.510840][ T2477] dvmrp1 (unregistering): left allmulticast mode [ 302.590100][ T2477] geneve1 (unregistering): left allmulticast mode [ 302.612248][ T2477] bond0 (unregistering): (slave macvlan3): Releasing backup interface [ 303.205393][ T2477] bond0 (unregistering): left allmulticast mode [ 303.216565][ T2477] bond_slave_0: left allmulticast mode [ 303.239172][ T2477] bond_slave_1: left allmulticast mode [ 303.288129][ T2477] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 303.313381][ T2477] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 303.335933][ T2477] bond0 (unregistering): Released all slaves [ 303.384766][T12848] IPv6: sit1: Disabled Multicast RS [ 303.399511][T12879] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2655'. [ 303.520796][ T2477] tipc: Disabling bearer [ 303.545229][ T2477] tipc: Left network mode [ 303.555040][T12901] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2656'. [ 303.649971][T12901] 8021q: adding VLAN 0 to HW filter on device team1 [ 304.016562][T12918] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 304.029209][T12918] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 304.037740][T12918] CPU: 0 PID: 12918 Comm: syz.4.2659 Not tainted 6.10.0-rc5-syzkaller-00197-g8eb301bd7b0f #0 [ 304.047931][T12918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 304.058031][T12918] RIP: 0010:dev_map_enqueue+0x31/0x3e0 [ 304.063581][T12918] Code: 41 56 41 55 41 54 53 48 83 ec 18 49 89 d4 49 89 f5 48 89 fd 49 be 00 00 00 00 00 fc ff df e8 f6 a0 d7 ff 48 89 e8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 ef e8 50 56 3d 00 4c 8b 7d 00 48 83 c5 [ 304.083226][T12918] RSP: 0018:ffffc9000427f678 EFLAGS: 00010246 [ 304.089335][T12918] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000040000 [ 304.092687][T12521] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 304.097318][T12918] RDX: ffffc90014529000 RSI: 0000000000000d0e RDI: 0000000000000d0f [ 304.097338][T12918] RBP: 0000000000000000 R08: ffffffff8961aa26 R09: ffffffff8961a9e3 [ 304.097355][T12918] R10: 0000000000000004 R11: ffff88807bdf0000 R12: ffff88802e08c000 [ 304.097370][T12918] R13: ffff88802e20d070 R14: dffffc0000000000 R15: 0000000000000000 [ 304.097387][T12918] FS: 00007f51424b76c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 304.097407][T12918] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 304.097423][T12918] CR2: 000000110c35ac05 CR3: 0000000065306000 CR4: 00000000003506f0 [ 304.097442][T12918] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 304.097456][T12918] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 304.097471][T12918] Call Trace: [ 304.097479][T12918] [ 304.097488][T12918] ? __die_body+0x88/0xe0 [ 304.097525][T12918] ? die_addr+0x108/0x140 [ 304.097559][T12918] ? exc_general_protection+0x3dd/0x5d0 [ 304.097600][T12918] ? asm_exc_general_protection+0x26/0x30 [ 304.097637][T12918] ? xdp_do_redirect_frame+0x243/0x660 [ 304.097670][T12918] ? xdp_do_redirect_frame+0x286/0x660 [ 304.097705][T12918] ? dev_map_enqueue+0x31/0x3e0 [ 304.097733][T12918] ? dev_map_enqueue+0x2a/0x3e0 [ 304.097761][T12918] ? bpf_xdp_adjust_tail+0x1a7/0x200 [ 304.097795][T12918] xdp_do_redirect_frame+0x2a6/0x660 [ 304.097835][T12918] bpf_test_run_xdp_live+0xe60/0x1e60 [ 304.097886][T12918] ? bpf_test_run_xdp_live+0x724/0x1e60 [ 304.097916][T12918] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 304.097969][T12918] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 304.255673][T12918] ? __might_fault+0xaa/0x120 [ 304.260399][T12918] ? __might_fault+0xc6/0x120 [ 304.265117][T12918] ? _copy_from_user+0xa6/0xe0 [ 304.269907][T12918] ? bpf_test_init+0x15a/0x180 [ 304.274693][T12918] ? xdp_convert_md_to_buff+0x5b/0x330 [ 304.280185][T12918] bpf_prog_test_run_xdp+0x80e/0x11b0 [ 304.285578][T12918] ? __pfx_lock_release+0x10/0x10 [ 304.290618][T12918] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 304.296439][T12918] ? __fget_files+0x29/0x470 [ 304.301053][T12918] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 304.306902][T12918] bpf_prog_test_run+0x33a/0x3b0 [ 304.311853][T12918] __sys_bpf+0x48d/0x810 [ 304.316115][T12918] ? __pfx___sys_bpf+0x10/0x10 [ 304.320901][T12918] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 304.326890][T12918] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 304.333223][T12918] ? do_syscall_64+0x100/0x230 [ 304.338025][T12918] __x64_sys_bpf+0x7c/0x90 [ 304.342455][T12918] do_syscall_64+0xf3/0x230 [ 304.346984][T12918] ? clear_bhb_loop+0x35/0x90 [ 304.351667][T12918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.357609][T12918] RIP: 0033:0x7f5141775bd9 [ 304.362029][T12918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.381815][T12918] RSP: 002b:00007f51424b7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 304.390239][T12918] RAX: ffffffffffffffda RBX: 00007f5141904038 RCX: 00007f5141775bd9 [ 304.398227][T12918] RDX: 0000000000000050 RSI: 0000000020000600 RDI: 000000000000000a [ 304.406205][T12918] RBP: 00007f51417e4a98 R08: 0000000000000000 R09: 0000000000000000 [ 304.414186][T12918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 304.422161][T12918] R13: 000000000000006e R14: 00007f5141904038 R15: 00007fffdfa052d8 [ 304.430156][T12918] [ 304.433200][T12918] Modules linked in: [ 304.437246][T12918] ---[ end trace 0000000000000000 ]--- [ 304.442750][T12918] RIP: 0010:dev_map_enqueue+0x31/0x3e0 [ 304.448323][T12918] Code: 41 56 41 55 41 54 53 48 83 ec 18 49 89 d4 49 89 f5 48 89 fd 49 be 00 00 00 00 00 fc ff df e8 f6 a0 d7 ff 48 89 e8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 ef e8 50 56 3d 00 4c 8b 7d 00 48 83 c5 [ 304.468013][T12918] RSP: 0018:ffffc9000427f678 EFLAGS: 00010246 [ 304.474343][T12918] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000040000 [ 304.482391][T12918] RDX: ffffc90014529000 RSI: 0000000000000d0e RDI: 0000000000000d0f [ 304.490435][T12918] RBP: 0000000000000000 R08: ffffffff8961aa26 R09: ffffffff8961a9e3 [ 304.498488][T12918] R10: 0000000000000004 R11: ffff88807bdf0000 R12: ffff88802e08c000 [ 304.506510][T12918] R13: ffff88802e20d070 R14: dffffc0000000000 R15: 0000000000000000 [ 304.514565][T12918] FS: 00007f51424b76c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 304.523580][T12918] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 304.530231][T12918] CR2: 000000110c35ac05 CR3: 0000000065306000 CR4: 00000000003506f0 [ 304.538445][T12918] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 304.546457][T12918] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 304.554519][T12918] Kernel panic - not syncing: Fatal exception in interrupt [ 304.561866][T12918] Kernel Offset: disabled [ 304.566224][T12918] Rebooting in 86400 seconds..