last executing test programs: 1.984231615s ago: executing program 0 (id=3357): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x13}}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x0, 0x4, 0x4, 0x0, 0x11, 0xffffffffffffffff, 0xffffffff}, 0x48) bpf$MAP_DELETE_ELEM(0x2, 0x0, 0x0) recvmsg$unix(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x40) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700) ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fb", @ANYRES32=r5, @ANYBLOB="fe000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r6, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0xff7c, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[], 0x94}}, 0x0) 1.87096902s ago: executing program 4 (id=3359): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$sock_proto_private(r0, 0x89ee, &(0x7f00000000c0)) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan3\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x25, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x90) r3 = socket$inet6(0xa, 0x802, 0x0) getsockopt$inet6_opts(r3, 0x29, 0x39, 0x0, &(0x7f0000000000)) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2f}}, 0x1c) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) syz_init_net_socket$netrom(0x6, 0x5, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000001c0)={'wpan0\x00'}) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f0000000140)={0x14, r5, 0x1, 0x70bd27, 0x25dfdbff, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x8044) sendmsg$NL802154_CMD_NEW_SEC_KEY(r4, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x36, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x456e, 0x0, 0x0, 0x41000, 0x54, '\x00', 0x0, 0xb, 0x0, 0x0, 0x0, 0xffffffffffffffee, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='blkio.bfq.io_queued\x00', 0x26e1, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000840)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c00000010001fff321c00002f348da2d2c9f88bd40000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010062726964676500000c0002800500180001000000"], 0x3c}}, 0x0) close(0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) writev(r1, &(0x7f0000000600)=[{&(0x7f0000000440)="fc3d214b5e3ae93b27dabbb591eea9dc193fd4cc8054237a09b894732322ab25bec75576d1185dde9805164696401febdeac2c23f2a5053e20b0595bc1d13e2ad7f354e968ed112f018a84cfe70446393d796f3d53e32c9671213e12d2c194d98eeb", 0x62}, {&(0x7f00000004c0)="01782313eb7d2ee8aae77d6f7371f990b75c6b3496f658442f269843b681fb0937c23231426c2a3531f3de01aebb9baf6601c390601a1a0ea68c4aabe31747185f12e16a43f7d5a34abe3cb7d10eb6a15c71822d90178f83b3f51e2397c892b0aec2ed673643a8ef24b858d83eba16bfb8899e44a8d7a5781ea0609d30dc423ceadecc7d8a9017e51948fbd3cf03f1753a6ad7802c16ea1db4adf3b85f1dece9839cde00a3ca8aa5b209863b8dfd", 0xae}, {&(0x7f0000000580)="81052ec8c33fbc717845df3307883fd8745daede423e780470b599a214cb526240c5d17b3e08455eaa708a6b7203d7a04fc3bc4833f09cd8057e57619abb33728de5a833f4157e3a4a2cc6efcc950d18f9ee60b8016c28a6abd5bafeaa4518413b0b6b544c3a", 0x66}], 0x3) connect$inet6(r6, &(0x7f0000000380)={0xa, 0x4000, 0x0, @private0, 0x800d}, 0x1c) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000200), 0xfffffd9d) socket$inet6(0xa, 0x806, 0x0) 1.690829912s ago: executing program 3 (id=3362): sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x10, 0x0, 0x0) socket(0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e817782db4cb904021d0800067c7c09e8fe0ba10a0007000200142603600e1208001e0003070401a8000600200e02400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4ebef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x2002c040) 1.689512956s ago: executing program 0 (id=3363): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x17, 0x1c, &(0x7f0000001840)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x69}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.469383708s ago: executing program 0 (id=3364): unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x10, 0xffffffffffffffff, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000180)={'raw\x00', 0x7003}, &(0x7f0000000000)=0x54) 1.469125645s ago: executing program 3 (id=3365): r0 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001740)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000300), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) sendto$inet6(r0, &(0x7f0000000080)="800037bbfa9ba1ce", 0xffd8, 0x0, 0x0, 0x0) 1.397889842s ago: executing program 3 (id=3367): socket$kcm(0x21, 0x2, 0x2) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) close(0x5) getsockname$packet(r0, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r1, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) 1.073520263s ago: executing program 3 (id=3370): r0 = socket$inet6(0xa, 0x3, 0x6) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100), 0x8) 1.002865972s ago: executing program 4 (id=3372): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r0}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r1}, 0x38) 943.431353ms ago: executing program 1 (id=3374): r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x40047438, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0103000000000000000001"], 0x34}}, 0x0) 942.68503ms ago: executing program 0 (id=3375): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES16=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, 0x0, &(0x7f00000002c0)}, 0x20) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000001c0)={0x1b, 0x0, 0x0, 0x1000000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x48) 873.02953ms ago: executing program 3 (id=3376): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0xd, &(0x7f0000000780)=@raw=[@printk={@llx}, @exit, @map_val, @cb_func={0x18, 0x0, 0x4, 0x0, 0xfffffffffffffffc}], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x90) 806.838244ms ago: executing program 2 (id=3377): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0xc, 0x9}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r2}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r1}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r3}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 781.533846ms ago: executing program 3 (id=3378): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r1, 0x84, 0x71, &(0x7f0000000000)="03020000008002ff", 0x8) 738.268476ms ago: executing program 1 (id=3379): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x53}, [@ldst={0x4}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48) socket(0x0, 0x0, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) recvmmsg(r0, &(0x7f0000000fc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) r2 = socket(0x0, 0x803, 0x0) syz_genetlink_get_family_id$devlink(0x0, r2) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001e00)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xb20, '\x00', 0x0, 0xffffffffffffffff, 0x3}, 0x48) socket$netlink(0x10, 0x3, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="180000000e1443eb0000000000001900080001"], 0x18}}, 0x0) setsockopt$inet_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000002060500000000000000000000000000120003006269746d61703a69702c6d616300000005000400000000000900020073797a30000000001c0007800c00028008000124ac7014bb0c000180080001400000000005000500020000000500010006"], 0x68}}, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000630277fbacfe1416e000000189040203fe80000000000000845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{}, {}, {0x7, 0x0, 0x8, 0xa}}}, &(0x7f0000000200)='syzkaller\x00', 0x8, 0x100b, &(0x7f0000001e40)=""/4107}, 0x90) 685.461832ms ago: executing program 4 (id=3380): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x60, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x33, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @random, 0x0, @void, @void, @val={0x3, 0x1}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x76, 0x6}}}], @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x60}}, 0x0) 627.467135ms ago: executing program 2 (id=3381): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r0, &(0x7f0000001740)={&(0x7f0000000040)=@hci, 0x80, 0x0}, 0x0) 547.481322ms ago: executing program 4 (id=3382): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002240)=@delchain={0x21c, 0x65, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_u32={{0x8}, {0x30, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_CLASSID={0x8}, @TCA_U32_FLAGS={0x8}]}}, @TCA_RATE={0x6}, @filter_kind_options=@f_route={{0xa}, {0x1ac, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_ACT={0x168, 0x6, [@m_connmark={0xdc, 0x0, 0x0, 0x0, {{0xd}, {0xac, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}, @m_vlan={0x88, 0x0, 0x0, 0x0, {{0x9}, {0x5c, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PARMS={0x1c}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6}, @TCA_VLAN_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}, @TCA_ROUTE4_TO={0x8}, @TCA_ROUTE4_ACT={0x30, 0x6, [@m_nat={0x2c, 0x0, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x21c}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), r0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 421.419457ms ago: executing program 2 (id=3383): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB="180200000000000000000000000000008500000053000000850000000800000095"], &(0x7f0000000080)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 417.941581ms ago: executing program 1 (id=3384): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0xfffffffd, 0x0, 0x54}, 0x9c) 350.443467ms ago: executing program 4 (id=3385): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_VLAN_TUNNEL={0x5}]}}}]}, 0x44}}, 0x0) 314.00078ms ago: executing program 2 (id=3386): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x27}]}, &(0x7f0000000000)='syzkaller\x00'}, 0x90) 253.743486ms ago: executing program 0 (id=3387): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x48}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x30, 0x16, 0xa, 0x201, 0x0, 0x0, {0x5}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x58}}, 0x0) 251.814462ms ago: executing program 1 (id=3388): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040), 0x76dc) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000b40)=0x20000000, 0x4) 177.301793ms ago: executing program 2 (id=3389): r0 = socket$kcm(0x10, 0x2, 0x10) r1 = socket(0x28, 0x3, 0x0) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x3, 0x4) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, 0x0) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r1, 0x0) getsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000000180)=0x38) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)}], 0x1}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) unshare(0x4000400) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000200)={'veth0_to_team\x00', &(0x7f0000000380)=@ethtool_drvinfo={0x3, "44376b529d238d789f3ea21f4ffbba928bc53db79975b651d47e67997c5af32a", "390b0bf7c498cde1d477a3c2594435e74a92bc19726ce2d1f6477716891d9426", "48267d3a291f6f2ddd85663a9dcf4a19198338136946dc945643c8669c9f3f6e", "d70cd0e392bc8ea55afe67006e5cb1e21ce2ce9e55da3a35fcca28a0049e6a2e", "673407927a5d2150baecab19cbc93a286b5343aa778a32eca93973319e289f76", "5bb5c43586c83461f8d78989", 0x9, 0x101, 0x5, 0x800, 0xffff4948}}) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f00000000c0), 0x12) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r6 = openat$cgroup_int(r5, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0) r7 = openat$cgroup_ro(r5, &(0x7f0000000140)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='mmap_lock_acquire_returned\x00', r8}, 0x10) sendfile(r6, r7, 0x0, 0x7ffff000) 176.617334ms ago: executing program 4 (id=3390): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='nv\x00', 0x3) sendmmsg$inet(r0, &(0x7f0000003400)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000002c0)="ce5b550b14dd04c2fa638125e6a08c8afc9544e026080580cd85c3eb2f86929b595b54111a0a8cbb8153b116dbc45fd564375e23c77253e437b511198d77aa69b31a693980b2c127a3436d9b55b08171de831554e27f6e7ce17c453bee12d9ad0b358e1f15586bca82f46501b3c5a531a7ab82770e354d8259f25dd23781314174a7cbdcc14506b95aaaa380d307c46ab27a1bc0b8f53339b2abf7600029e3886ccb38733b55d1", 0xa7}, {&(0x7f0000000380)="f7ef0c2e3fa8667b", 0x8}, {&(0x7f00000003c0)="c2a68dacc669ca0bfab693837620e09b1768f23f0456a00677a414", 0x1b}, {&(0x7f0000000e80)="06987728e729ecb494924da9913d596cb581d832ab199384137f164cc9d8f2eb0c2fade94b8aefad67a53c4c9156a4832a4e0e90e3e1e9dc0f2acc20598fd58f57a34db4b44479e52edbd8c946a0f25d9fa32717aafdad752136eba890ac1830cc7c6e57ceb18a738f3dcc19c2559e6c2a19dbdc2ba64e56c37b2449a96847d1c9c4c9995966aee50ac537a665c40773628b174417c5b56c8cc39a928cd97ce7f042b82551363cb60ec44905c3c1e435df90e4634ac4d641514343743aae1e3a8df492e31d5c8661e099965a778b3b8d637a6290f41f5e42118c36e5914f0ff8b20b0bc5e7b512485e5cd9711af4db73a97105ec8ff23f0e85bff5f5716d52ab1b2cb80123da2852c9575bc6b63430adebcfdb91a0a5e50d833a0e707d789e34cc04e708659c7a9ef8b225a4e41267c20361d28a89f9eb6182759cb83ff9b8531784bb01a1f30d252647c3da9bb2c56c5ab3735d70073868001e777da158143ad476588a3835b5d4bbb9e9ad82a19fc9a532b42081518722359b09a31176fb61fdf5d2e5e917b4ff968023f2a5fe735caece86c4fdda8b94859750343ba9a52d7c670ce5cadab0e5f21e5ff3eee1eb97f17cfd3a79024c177a6e9aad3c22e5aba833751b185bde64b9fcadf78ea3e89fec4f1b36278af8db12620b75de8cdf1e0cd2f6430d3a5b4c55eb3a421a1f6e25511dd58db94cb7c60e048e811c9c6beaa8f7f45fdfecc4778fb7016a9d3d4a14f021e512abc65afb5a8ec10e40d2f5e8a21f098e3d9805e53666c27b3bb5ecda8a9eac41125d8c86cd385b8c1f52c557dec60860365063b56d7d2b2f3bb51a99ee2eecae41a649ad2c9decd8392ecacc04d2dc5a875dbbccfb4ec709bbfbc5cabcaca804a4cbb9c954d205b385758cacf8531cffab70feeec771e79afab5f926b00b86b6c7d2f3c32a62a07c817a8ecb00fc823a0876c0ba6f5d6197d42e0744d1a37fb7e27750d11bdec7ef9f0712b71360d4cbeb0476dc5547885c03db8e10c5830fa1c267b1a1e0dd46565fd575b164b6e9749cd56f02a14a08703ae60042a924170d08c2a6e710ef7dc61c97075f67094326c4f502c58a5709514301d24a7b8d5a3e24b62e16bbd22b3b19bc77d8088305026f31283a95f0e939997c5f596305b0fdae9bda17726d4c54ca4bad9ee5956393f624a5eae3a6a97580fbc56fc9e4b39752765ee97562729c9d8e6035c5a63010896af913048763a30d69dbb69be0637cff6c6a3f0609be4582593091cea4b40ea01e6ab27b7976eac6ed37900ecbdda5f997d28064632a2694b20911aa6c0d28a9d5f81a0bee3c3c2f47e6e97f7359f34241dec0d8e6db03f0e969dbbb2a2eb7ec984c0b8a058b49913fd0b7eac781551d7226ac775eeb99d2ff3d8c069869f8b97667482204d0eb54d332237fea7be64f2869f599f17e441ae0137ca9b509e1e8b8a799056fe26ba8072ef9db6444bd29100d7d342505467429ad7a7df1a9739a021be71268cabadf015c642724b92d8d670d3a9ca066c7c6799a6c2b5948bd3809e72f02acaf67733970febcbb231cdfadebb4ee7127c512ece66e66bd44928417eeeda077cd10dae7a25157aab9dcd7e36653a1c696a47502527ed6a46ea0140552a1a6c984fafa6e33ba307be5c66b2da537ead605963c8b441557162b14f55d4d3ffe8f9366dcae4bf740971b4fcef38324b7f7c6766afa14ebbb5bcee150fe0dda0fa0f096feb5b32687642ed283a661a0dd90b911be1eebc90a06c72cc61b61ee1e5ff9e54fcc25ed978c4f31cbad3a92abc2815266e39f321f0225845c0fe2d952fa8852732125e520296cec59388ac377cd5f8172babe4259b03030c1a0ec62c5bc810821023972fe8d926bdb4ca4fbc458be299054b2c01b10995602fc69ae84a511a1adc6bb44904366517fdef0f81e7f73ccfe7b98d708ffe2e712e273760bf7c36bc7e43661fbc1fc6849b32ea9c0ccb3e6cd51bfaad45dad280eff1efb448a002f20d55bb58386a21c3cef1dc40ff21d4f46a80c1950930fdceb111788de934c869102fb0efa0aae7e8b5446c2a2702c30f43ce4109e70a8a4b9c70688ac1b9bd3e045b0afcb1fd7cd4dbb3d14e3cde5", 0x5db}], 0x4}}], 0x1, 0x0) 160.721524ms ago: executing program 1 (id=3391): sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56741, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) 88.013084ms ago: executing program 0 (id=3392): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000800)={{r0, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000002c0)="f7", 0x1}], 0x1}, 0x20004001) recvmsg$unix(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) sendmsg$unix(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="1c", 0x1}], 0x1, &(0x7f0000000500)=[@rights={{0x14, 0x1, 0x1, [r3]}}], 0x18}, 0x41) 1.399026ms ago: executing program 1 (id=3393): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000640)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160a764604001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bbb3bd83606761ab59b99821d6", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000001ec0)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000540)=""/66, 0x42}, {&(0x7f0000000980)=""/4079, 0xfef}, {&(0x7f0000000900)=""/43, 0x2b}, {&(0x7f0000000480)=""/51, 0x33}], 0x4}, 0x0) 0s ago: executing program 2 (id=3394): r0 = syz_open_procfs$namespace(0x0, &(0x7f00000002c0)='ns/pid\x00') ioctl$NS_GET_PARENT(r0, 0x8004b706, 0x0) kernel console output (not intermixed with test programs): ink: 'syz.1.2515': attribute type 3 has an invalid length. [ 278.029329][T12957] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.2515'. [ 278.095018][T12958] delete_channel: no stack [ 278.245488][T12970] bridge9: entered promiscuous mode [ 278.256482][T12970] bridge9: entered allmulticast mode [ 278.292774][T12975] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 278.323391][T12975] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 278.381063][T12975] netlink: 'syz.3.2518': attribute type 10 has an invalid length. [ 278.443407][T12975] team0: Cannot enslave team device to itself [ 278.605538][T12999] netlink: 'syz.0.2526': attribute type 21 has an invalid length. [ 278.831230][T13012] delete_channel: no stack [ 278.927781][T13021] bridge10: entered promiscuous mode [ 278.933472][T13021] bridge10: entered allmulticast mode [ 279.226383][ T5101] Bluetooth: hci2: command 0x0406 tx timeout [ 279.410764][T13040] FAULT_INJECTION: forcing a failure. [ 279.410764][T13040] name failslab, interval 1, probability 0, space 0, times 0 [ 279.442651][T13040] CPU: 0 PID: 13040 Comm: syz.0.2541 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 279.452526][T13040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 279.462608][T13040] Call Trace: [ 279.465908][T13040] [ 279.468859][T13040] dump_stack_lvl+0x241/0x360 [ 279.473564][T13040] ? __pfx_dump_stack_lvl+0x10/0x10 [ 279.478786][T13040] ? __pfx__printk+0x10/0x10 [ 279.483404][T13040] ? netlink_insert+0x10b7/0x14b0 [ 279.488449][T13040] should_fail_ex+0x3b0/0x4e0 [ 279.493147][T13040] ? __alloc_skb+0x1c3/0x440 [ 279.497764][T13040] should_failslab+0x9/0x20 [ 279.502286][T13040] kmem_cache_alloc_node_noprof+0x71/0x320 [ 279.508117][T13040] __alloc_skb+0x1c3/0x440 [ 279.512557][T13040] ? __pfx___alloc_skb+0x10/0x10 [ 279.517518][T13040] ? netlink_autobind+0xd6/0x2f0 [ 279.522471][T13040] ? netlink_autobind+0x2b0/0x2f0 [ 279.527518][T13040] netlink_sendmsg+0x638/0xcb0 [ 279.532329][T13040] ? __pfx_netlink_sendmsg+0x10/0x10 [ 279.537633][T13040] ? __import_iovec+0x536/0x820 [ 279.542502][T13040] ? aa_sock_msg_perm+0x91/0x160 [ 279.547461][T13040] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 279.552763][T13040] ? security_socket_sendmsg+0x87/0xb0 [ 279.558249][T13040] ? __pfx_netlink_sendmsg+0x10/0x10 [ 279.563553][T13040] __sock_sendmsg+0x221/0x270 [ 279.568253][T13040] ____sys_sendmsg+0x525/0x7d0 [ 279.573054][T13040] ? __pfx_____sys_sendmsg+0x10/0x10 [ 279.578427][T13040] __sys_sendmsg+0x2b0/0x3a0 [ 279.583052][T13040] ? __pfx___sys_sendmsg+0x10/0x10 [ 279.588192][T13040] ? vfs_write+0x7c4/0xc90 [ 279.592688][T13040] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 279.599040][T13040] ? do_syscall_64+0x100/0x230 [ 279.603827][T13040] ? do_syscall_64+0xb6/0x230 [ 279.608524][T13040] do_syscall_64+0xf3/0x230 [ 279.613044][T13040] ? clear_bhb_loop+0x35/0x90 [ 279.617746][T13040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.623662][T13040] RIP: 0033:0x7f7e4c575b59 [ 279.628092][T13040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 279.647717][T13040] RSP: 002b:00007f7e4d2f2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 279.656159][T13040] RAX: ffffffffffffffda RBX: 00007f7e4c705f60 RCX: 00007f7e4c575b59 [ 279.664153][T13040] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000003 [ 279.672144][T13040] RBP: 00007f7e4d2f20a0 R08: 0000000000000000 R09: 0000000000000000 [ 279.680139][T13040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 279.688132][T13040] R13: 000000000000000b R14: 00007f7e4c705f60 R15: 00007ffed1813c98 [ 279.696155][T13040] [ 279.836016][T13060] bridge32: entered promiscuous mode [ 279.842077][T13060] bridge32: entered allmulticast mode [ 280.013461][T13065] pim6reg1: entered promiscuous mode [ 280.029146][T13065] pim6reg1: entered allmulticast mode [ 280.062822][T13069] syz_tun: entered allmulticast mode [ 280.148968][T13068] syz_tun: left allmulticast mode [ 280.543124][T13098] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 280.919498][T13111] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 281.110991][T13120] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.118904][T13120] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.610411][T13151] delete_channel: no stack [ 281.610423][T13152] delete_channel: no stack [ 281.805397][T13164] __nla_validate_parse: 21 callbacks suppressed [ 281.805413][T13164] netlink: 892 bytes leftover after parsing attributes in process `syz.0.2581'. [ 282.073376][T13178] validate_nla: 10 callbacks suppressed [ 282.073396][T13178] netlink: 'syz.0.2586': attribute type 21 has an invalid length. [ 282.127043][T13178] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2586'. [ 282.157146][T13182] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2586'. [ 282.227819][T13186] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2588'. [ 282.389093][T13203] FAULT_INJECTION: forcing a failure. [ 282.389093][T13203] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 282.419066][T13203] CPU: 1 PID: 13203 Comm: syz.0.2594 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 282.428940][T13203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 282.439022][T13203] Call Trace: [ 282.442314][T13203] [ 282.445263][T13203] dump_stack_lvl+0x241/0x360 [ 282.450138][T13203] ? __pfx_dump_stack_lvl+0x10/0x10 [ 282.455361][T13203] ? __pfx__printk+0x10/0x10 [ 282.460002][T13203] ? __pfx_lock_release+0x10/0x10 [ 282.465133][T13203] ? __lock_acquire+0x1346/0x1fd0 [ 282.470185][T13203] should_fail_ex+0x3b0/0x4e0 [ 282.474884][T13203] _copy_from_user+0x2f/0xe0 [ 282.479498][T13203] do_ipv6_setsockopt+0x2f1/0x3630 [ 282.484638][T13203] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 282.490218][T13203] ? __pfx___might_resched+0x10/0x10 [ 282.495524][T13203] ? __lock_acquire+0x1346/0x1fd0 [ 282.500579][T13203] ? aa_sk_perm+0x967/0xab0 [ 282.505112][T13203] ? __pfx_aa_sk_perm+0x10/0x10 [ 282.509990][T13203] ? __pfx_lock_acquire+0x10/0x10 [ 282.515036][T13203] ipv6_setsockopt+0x5c/0x1a0 [ 282.519736][T13203] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 282.525646][T13203] do_sock_setsockopt+0x3af/0x720 [ 282.530699][T13203] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 282.536264][T13203] ? __fget_files+0x29/0x470 [ 282.540874][T13203] ? __fget_files+0x3f6/0x470 [ 282.545581][T13203] __sys_setsockopt+0x1ae/0x250 [ 282.550463][T13203] __x64_sys_setsockopt+0xb5/0xd0 [ 282.555517][T13203] do_syscall_64+0xf3/0x230 [ 282.560037][T13203] ? clear_bhb_loop+0x35/0x90 [ 282.564738][T13203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.570651][T13203] RIP: 0033:0x7f7e4c575b59 [ 282.575080][T13203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.594707][T13203] RSP: 002b:00007f7e4d2f2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 282.603146][T13203] RAX: ffffffffffffffda RBX: 00007f7e4c705f60 RCX: 00007f7e4c575b59 [ 282.611144][T13203] RDX: 000000000000001b RSI: 0000000000000029 RDI: 0000000000000004 [ 282.619137][T13203] RBP: 00007f7e4d2f20a0 R08: 0000000000000014 R09: 0000000000000000 [ 282.627135][T13203] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 282.635127][T13203] R13: 000000000000000b R14: 00007f7e4c705f60 R15: 00007ffed1813c98 [ 282.643235][T13203] [ 282.703137][T13217] tipc: Started in network mode [ 282.716483][T13217] tipc: Node identity 8a467649b965, cluster identity 4711 [ 282.723875][T13217] tipc: Enabled bearer , priority 0 [ 282.773050][T13206] tipc: Disabling bearer [ 282.813523][T13219] netlink: 'syz.2.2600': attribute type 21 has an invalid length. [ 282.850824][T13219] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2600'. [ 282.905941][T13219] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2600'. [ 283.003143][T13228] netlink: 'syz.1.2603': attribute type 3 has an invalid length. [ 283.075765][T13234] netlink: 'syz.3.2604': attribute type 21 has an invalid length. [ 283.093940][T13234] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2604'. [ 283.114281][T13234] netlink: 'syz.3.2604': attribute type 4 has an invalid length. [ 283.131959][T13234] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2604'. [ 283.147831][T13240] delete_channel: no stack [ 283.150725][T13238] netlink: 6 bytes leftover after parsing attributes in process `syz.1.2607'. [ 283.172503][T13238] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 283.384435][T13250] netlink: 'syz.1.2611': attribute type 1 has an invalid length. [ 283.397941][T13250] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2611'. [ 283.695709][T13268] netlink: 'syz.0.2616': attribute type 21 has an invalid length. [ 283.710211][ T5101] Bluetooth: hci3: command 0x0406 tx timeout [ 284.308888][T13301] netlink: 'syz.4.2628': attribute type 21 has an invalid length. [ 284.597470][T13311] delete_channel: no stack [ 284.663670][T13313] FAULT_INJECTION: forcing a failure. [ 284.663670][T13313] name failslab, interval 1, probability 0, space 0, times 0 [ 284.701153][T13313] CPU: 0 PID: 13313 Comm: syz.4.2632 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 284.711013][T13313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 284.721098][T13313] Call Trace: [ 284.724387][T13313] [ 284.727328][T13313] dump_stack_lvl+0x241/0x360 [ 284.732032][T13313] ? __pfx_dump_stack_lvl+0x10/0x10 [ 284.737261][T13313] ? __pfx__printk+0x10/0x10 [ 284.741899][T13313] should_fail_ex+0x3b0/0x4e0 [ 284.746597][T13313] ? sctp_add_bind_addr+0x89/0x3a0 [ 284.751739][T13313] should_failslab+0x9/0x20 [ 284.756260][T13313] kmalloc_trace_noprof+0x6c/0x2c0 [ 284.761394][T13313] sctp_add_bind_addr+0x89/0x3a0 [ 284.766357][T13313] sctp_copy_local_addr_list+0x311/0x500 [ 284.772027][T13313] ? sctp_copy_local_addr_list+0xab/0x500 [ 284.777778][T13313] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 284.783971][T13313] ? sctp_v6_is_any+0x60/0x70 [ 284.788682][T13313] sctp_bind_addr_copy+0xad/0x3b0 [ 284.793735][T13313] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 284.800183][T13313] sctp_connect_new_asoc+0x2f3/0x6c0 [ 284.805496][T13313] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 284.811328][T13313] ? sctp_get_af_specific+0x2a/0x80 [ 284.816546][T13313] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 284.822365][T13313] __sctp_connect+0x66d/0xe30 [ 284.827060][T13313] ? __pfx___sctp_connect+0x10/0x10 [ 284.832260][T13313] ? __might_fault+0xc6/0x120 [ 284.836960][T13313] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 284.842503][T13313] ? security_sctp_bind_connect+0x90/0xb0 [ 284.848223][T13313] sctp_getsockopt_connectx3+0x46f/0x730 [ 284.853942][T13313] ? __local_bh_enable_ip+0x168/0x200 [ 284.859310][T13313] ? __pfx_sctp_getsockopt_connectx3+0x10/0x10 [ 284.865544][T13313] ? __local_bh_enable_ip+0x168/0x200 [ 284.870912][T13313] ? sctp_getsockopt+0x13a/0xbb0 [ 284.875845][T13313] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 284.881566][T13313] sctp_getsockopt+0x8de/0xbb0 [ 284.886329][T13313] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 284.892226][T13313] do_sock_getsockopt+0x373/0x850 [ 284.897255][T13313] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 284.902795][T13313] ? __fget_files+0x3f6/0x470 [ 284.907478][T13313] __sys_getsockopt+0x271/0x330 [ 284.912329][T13313] ? __pfx___sys_getsockopt+0x10/0x10 [ 284.917697][T13313] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 284.924017][T13313] ? do_syscall_64+0x100/0x230 [ 284.928778][T13313] __x64_sys_getsockopt+0xb5/0xd0 [ 284.933843][T13313] do_syscall_64+0xf3/0x230 [ 284.938339][T13313] ? clear_bhb_loop+0x35/0x90 [ 284.943015][T13313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.948901][T13313] RIP: 0033:0x7f7f43575b59 [ 284.953307][T13313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.972990][T13313] RSP: 002b:00007f7f4435f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 284.981402][T13313] RAX: ffffffffffffffda RBX: 00007f7f43705f60 RCX: 00007f7f43575b59 [ 284.989370][T13313] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000003 [ 284.997333][T13313] RBP: 00007f7f4435f0a0 R08: 0000000020000440 R09: 0000000000000000 [ 285.005468][T13313] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000002 [ 285.013431][T13313] R13: 000000000000000b R14: 00007f7f43705f60 R15: 00007ffe42ef0328 [ 285.021408][T13313] [ 285.270105][T13338] netlink: 'syz.2.2639': attribute type 21 has an invalid length. [ 285.800555][T13361] netlink: 'syz.0.2647': attribute type 11 has an invalid length. [ 285.828957][T13361] netlink: 'syz.0.2647': attribute type 11 has an invalid length. [ 285.856759][T13361] debugfs: Directory 'netdev:' with parent 'phy7' already present! [ 286.003846][T13368] netlink: 'syz.3.2652': attribute type 21 has an invalid length. [ 286.203664][T13381] delete_channel: no stack [ 286.558144][T13390] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.602988][T13397] bridge11: entered promiscuous mode [ 286.608918][T13397] bridge11: entered allmulticast mode [ 286.701480][T13390] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.813734][T13390] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.067867][T13390] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.156574][T13413] validate_nla: 3 callbacks suppressed [ 287.156593][T13413] netlink: 'syz.0.2663': attribute type 21 has an invalid length. [ 287.183472][T13413] __nla_validate_parse: 40 callbacks suppressed [ 287.183493][T13413] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2663'. [ 287.231204][T13413] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2663'. [ 287.368689][T13390] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.435505][T13390] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.460198][T13422] netlink: 'syz.2.2664': attribute type 2 has an invalid length. [ 287.476553][T13422] netlink: 'syz.2.2664': attribute type 8 has an invalid length. [ 287.484331][T13422] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2664'. [ 287.540845][T13390] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.595275][T13390] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.692274][T13438] bridge25: entered promiscuous mode [ 287.743618][T13438] bridge25: entered allmulticast mode [ 287.769252][T13442] tipc: Enabling of bearer rejected, failed to enable media [ 287.907542][T13438] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2671'. [ 288.075301][T13457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2674'. [ 288.109127][T13460] netlink: 'syz.2.2677': attribute type 21 has an invalid length. [ 288.121455][T13460] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2677'. [ 288.142608][T13460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2677'. [ 288.173401][T13465] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2676'. [ 288.184692][T13465] netlink: 'syz.3.2676': attribute type 1 has an invalid length. [ 288.226945][T13465] bond0: entered promiscuous mode [ 288.232108][T13465] bond_slave_0: entered promiscuous mode [ 288.245221][T13465] bond_slave_1: entered promiscuous mode [ 288.261441][T13465] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 288.285566][T13465] bond0: left promiscuous mode [ 288.290898][T13465] bond_slave_0: left promiscuous mode [ 288.300351][T13465] bond_slave_1: left promiscuous mode [ 288.742931][T13479] netlink: 'syz.2.2678': attribute type 7 has an invalid length. [ 288.768216][T13479] netlink: 'syz.2.2678': attribute type 39 has an invalid length. [ 288.821779][T13481] netlink: 'syz.4.2681': attribute type 2 has an invalid length. [ 288.851141][T13494] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 288.866563][T13481] netlink: 'syz.4.2681': attribute type 8 has an invalid length. [ 288.877960][T13481] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2681'. [ 288.897053][T13494] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 288.949129][T13491] netlink: 'syz.3.2684': attribute type 10 has an invalid length. [ 288.960087][T13491] team0: Cannot enslave team device to itself [ 289.163927][T13510] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2688'. [ 289.194086][T13512] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 290.006637][T13550] sock: sock_timestamping_bind_phc: sock not bind to device [ 290.084271][T13552] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 290.154702][T13562] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 290.184248][T13562] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 290.275194][T13558] team0: Cannot enslave team device to itself [ 290.633517][T13585] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 290.836609][T13594] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 290.911158][T13594] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 290.966705][T13594] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 291.604872][T13619] FAULT_INJECTION: forcing a failure. [ 291.604872][T13619] name failslab, interval 1, probability 0, space 0, times 0 [ 291.627686][T13619] CPU: 1 PID: 13619 Comm: syz.1.2726 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 291.637548][T13619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 291.647624][T13619] Call Trace: [ 291.650919][T13619] [ 291.653868][T13619] dump_stack_lvl+0x241/0x360 [ 291.658567][T13619] ? __pfx_dump_stack_lvl+0x10/0x10 [ 291.663786][T13619] ? __pfx__printk+0x10/0x10 [ 291.668397][T13619] ? __pfx___might_resched+0x10/0x10 [ 291.673708][T13619] should_fail_ex+0x3b0/0x4e0 [ 291.678407][T13619] should_failslab+0x9/0x20 [ 291.682925][T13619] kmalloc_node_trace_noprof+0x74/0x300 [ 291.688577][T13619] ? page_pool_create_percpu+0x77/0x7c0 [ 291.694155][T13619] page_pool_create_percpu+0x77/0x7c0 [ 291.699551][T13619] bpf_test_run_xdp_live+0x2cd/0x2110 [ 291.704947][T13619] ? arch_stack_walk+0x16d/0x1b0 [ 291.709923][T13619] ? __lock_acquire+0x1346/0x1fd0 [ 291.714984][T13619] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 291.720812][T13619] ? mark_lock+0x9a/0x350 [ 291.725212][T13619] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 291.731134][T13619] ? __might_fault+0xaa/0x120 [ 291.735805][T13619] ? __might_fault+0xc6/0x120 [ 291.740477][T13619] ? _copy_from_user+0xa6/0xe0 [ 291.745256][T13619] ? bpf_test_init+0x15a/0x180 [ 291.750008][T13619] ? xdp_convert_md_to_buff+0x5b/0x330 [ 291.755456][T13619] bpf_prog_test_run_xdp+0x80e/0x11b0 [ 291.760824][T13619] ? __pfx_lock_release+0x10/0x10 [ 291.765845][T13619] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 291.771648][T13619] ? __fget_files+0x29/0x470 [ 291.776253][T13619] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 291.782063][T13619] bpf_prog_test_run+0x33a/0x3b0 [ 291.787091][T13619] __sys_bpf+0x48d/0x810 [ 291.791336][T13619] ? __pfx___sys_bpf+0x10/0x10 [ 291.796102][T13619] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 291.802074][T13619] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 291.808395][T13619] ? do_syscall_64+0x100/0x230 [ 291.813152][T13619] __x64_sys_bpf+0x7c/0x90 [ 291.817569][T13619] do_syscall_64+0xf3/0x230 [ 291.822061][T13619] ? clear_bhb_loop+0x35/0x90 [ 291.826731][T13619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.832611][T13619] RIP: 0033:0x7fcf2ff75b59 [ 291.837024][T13619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.856641][T13619] RSP: 002b:00007fcf2f9ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 291.865049][T13619] RAX: ffffffffffffffda RBX: 00007fcf30105f60 RCX: 00007fcf2ff75b59 [ 291.873105][T13619] RDX: 0000000000000057 RSI: 0000000020000240 RDI: 000000000000000a [ 291.881167][T13619] RBP: 00007fcf2f9ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 291.889152][T13619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.897141][T13619] R13: 000000000000000b R14: 00007fcf30105f60 R15: 00007ffd607e4e98 [ 291.905120][T13619] [ 293.258876][T13613] __nla_validate_parse: 8 callbacks suppressed [ 293.258891][T13613] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2725'. [ 293.286850][T13623] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2728'. [ 293.404363][T13639] xt_l2tp: v2 doesn't support IP mode [ 293.436959][T13638] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 293.486597][T13645] validate_nla: 4 callbacks suppressed [ 293.486616][T13645] netlink: 'syz.2.2731': attribute type 23 has an invalid length. [ 293.739483][T13657] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2737'. [ 293.762357][T13651] sch_tbf: burst 0 is lower than device lo mtu (14) ! [ 293.818421][T13660] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 294.212648][T13680] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2743'. [ 294.312706][T13681] sock: sock_timestamping_bind_phc: sock not bind to device [ 294.327411][T13684] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2746'. [ 294.473711][T13689] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2744'. [ 294.529183][T13693] netlink: 'syz.1.2748': attribute type 5 has an invalid length. [ 294.668282][T13699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2752'. [ 294.769085][T13706] netlink: 'syz.0.2753': attribute type 3 has an invalid length. [ 294.783029][T13706] FAULT_INJECTION: forcing a failure. [ 294.783029][T13706] name failslab, interval 1, probability 0, space 0, times 0 [ 294.796798][T13706] CPU: 1 PID: 13706 Comm: syz.0.2753 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 294.806651][T13706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 294.816808][T13706] Call Trace: [ 294.820107][T13706] [ 294.823061][T13706] dump_stack_lvl+0x241/0x360 [ 294.827778][T13706] ? __pfx_dump_stack_lvl+0x10/0x10 [ 294.832998][T13706] ? __pfx__printk+0x10/0x10 [ 294.837613][T13706] ? __pfx___might_resched+0x10/0x10 [ 294.842922][T13706] ? radix_tree_node_alloc+0x8b/0x3c0 [ 294.848324][T13706] ? rcu_is_watching+0x15/0xb0 [ 294.853378][T13706] should_fail_ex+0x3b0/0x4e0 [ 294.858082][T13706] ? radix_tree_node_alloc+0x8b/0x3c0 [ 294.863517][T13706] should_failslab+0x9/0x20 [ 294.868048][T13706] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 294.873448][T13706] radix_tree_node_alloc+0x8b/0x3c0 [ 294.878687][T13706] idr_get_free+0x296/0xab0 [ 294.883232][T13706] idr_alloc_u32+0x195/0x330 [ 294.887858][T13706] ? __pfx_idr_alloc_u32+0x10/0x10 [ 294.892996][T13706] ? __pfx_lock_acquire+0x10/0x10 [ 294.898080][T13706] tcf_idr_check_alloc+0x703/0x940 [ 294.903224][T13706] ? tcf_idr_check_alloc+0xcc/0x940 [ 294.908533][T13706] ? __pfx_tcf_idr_check_alloc+0x10/0x10 [ 294.914191][T13706] ? __nla_parse+0x40/0x60 [ 294.918637][T13706] tcf_police_init+0x29b/0x17c0 [ 294.923512][T13706] ? __sock_sendmsg+0x221/0x270 [ 294.928385][T13706] ? ____sys_sendmsg+0x525/0x7d0 [ 294.933368][T13706] ? __pfx_tcf_police_init+0x10/0x10 [ 294.938734][T13706] ? nla_memcpy+0x5d/0xc0 [ 294.943085][T13706] ? __asan_memcpy+0x40/0x70 [ 294.947701][T13706] ? __pfx_tcf_police_init+0x10/0x10 [ 294.953010][T13706] tcf_action_init_1+0x5d7/0x890 [ 294.957977][T13706] ? nla_strscpy+0x100/0x180 [ 294.962598][T13706] ? __pfx_tcf_action_init_1+0x10/0x10 [ 294.968080][T13706] ? _raw_read_unlock+0x28/0x50 [ 294.972962][T13706] ? tc_action_load_ops+0x26d/0x590 [ 294.978215][T13706] ? __nla_parse+0x40/0x60 [ 294.982666][T13706] tcf_action_init+0x2e4/0x940 [ 294.987476][T13706] ? __pfx_tcf_action_init+0x10/0x10 [ 294.992939][T13706] ? apparmor_capable+0x138/0x1b0 [ 294.998004][T13706] tc_ctl_action+0x47d/0xcf0 [ 295.002630][T13706] ? __pfx_tc_ctl_action+0x10/0x10 [ 295.007788][T13706] ? trace_contention_end+0x3c/0x120 [ 295.013095][T13706] ? __mutex_lock+0x2ef/0xd70 [ 295.017812][T13706] ? __pfx___mutex_lock+0x10/0x10 [ 295.022867][T13706] ? __pfx_tc_ctl_action+0x10/0x10 [ 295.027997][T13706] rtnetlink_rcv_msg+0x73f/0xcf0 [ 295.032953][T13706] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 295.038076][T13706] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 295.043544][T13706] ? ref_tracker_free+0x643/0x7e0 [ 295.048574][T13706] netlink_rcv_skb+0x1e3/0x430 [ 295.053328][T13706] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 295.058879][T13706] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 295.064216][T13706] ? netlink_deliver_tap+0x2e/0x1b0 [ 295.069426][T13706] netlink_unicast+0x7f0/0x990 [ 295.074184][T13706] ? __pfx_netlink_unicast+0x10/0x10 [ 295.079458][T13706] ? __virt_addr_valid+0x183/0x530 [ 295.084561][T13706] ? __check_object_size+0x49c/0x900 [ 295.089842][T13706] ? bpf_lsm_netlink_send+0x9/0x10 [ 295.094962][T13706] netlink_sendmsg+0x8e4/0xcb0 [ 295.099724][T13706] ? __pfx_netlink_sendmsg+0x10/0x10 [ 295.105021][T13706] ? __import_iovec+0x536/0x820 [ 295.109897][T13706] ? aa_sock_msg_perm+0x91/0x160 [ 295.114943][T13706] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 295.120244][T13706] ? security_socket_sendmsg+0x87/0xb0 [ 295.125722][T13706] ? __pfx_netlink_sendmsg+0x10/0x10 [ 295.131011][T13706] __sock_sendmsg+0x221/0x270 [ 295.135690][T13706] ____sys_sendmsg+0x525/0x7d0 [ 295.140451][T13706] ? __pfx_____sys_sendmsg+0x10/0x10 [ 295.145738][T13706] __sys_sendmsg+0x2b0/0x3a0 [ 295.150325][T13706] ? __pfx___sys_sendmsg+0x10/0x10 [ 295.155424][T13706] ? vfs_write+0x7c4/0xc90 [ 295.159896][T13706] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 295.166244][T13706] ? do_syscall_64+0x100/0x230 [ 295.171019][T13706] ? do_syscall_64+0xb6/0x230 [ 295.175688][T13706] do_syscall_64+0xf3/0x230 [ 295.180202][T13706] ? clear_bhb_loop+0x35/0x90 [ 295.184868][T13706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.190755][T13706] RIP: 0033:0x7f7e4c575b59 [ 295.195161][T13706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.214773][T13706] RSP: 002b:00007f7e4d2f2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 295.223215][T13706] RAX: ffffffffffffffda RBX: 00007f7e4c705f60 RCX: 00007f7e4c575b59 [ 295.231202][T13706] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 295.239169][T13706] RBP: 00007f7e4d2f20a0 R08: 0000000000000000 R09: 0000000000000000 [ 295.247134][T13706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 295.255092][T13706] R13: 000000000000000b R14: 00007f7e4c705f60 R15: 00007ffed1813c98 [ 295.263083][T13706] [ 295.349367][T13718] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2756'. [ 295.409658][T13722] bridge33: entered promiscuous mode [ 295.415010][T13722] bridge33: entered allmulticast mode [ 295.518273][T13722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2757'. [ 295.531871][T13729] netlink: 'syz.2.2761': attribute type 1 has an invalid length. [ 295.554974][T13729] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.2761'. [ 295.583121][T13735] SET target dimension over the limit! [ 295.703516][T13736] netlink: 'syz.3.2758': attribute type 29 has an invalid length. [ 295.741299][T13744] netlink: 'syz.3.2758': attribute type 29 has an invalid length. [ 295.792146][T13736] netlink: 'syz.3.2758': attribute type 29 has an invalid length. [ 296.273699][T13776] bridge34: entered promiscuous mode [ 296.297392][T13776] bridge34: entered allmulticast mode [ 296.357689][T13779] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.404487][T13779] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.463762][T13779] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.529939][T13779] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.648767][T13779] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.710755][T13779] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.810627][T13779] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.882763][T13779] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.021225][T13810] delete_channel: no stack [ 297.167106][T13823] pim6reg: entered allmulticast mode [ 297.182927][T13822] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 297.203788][T13822] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 297.212461][ T6488] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 297.219261][T13804] pim6reg: left allmulticast mode [ 297.222837][T13822] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 297.290451][ T6488] wlan1: authenticated [ 297.297329][T13822] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 297.316563][ T3818] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 297.325456][T13822] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 297.326787][ T3818] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 297.345089][ T3818] wlan1: associated [ 297.541485][T13838] netlink: 'syz.1.2798': attribute type 1 has an invalid length. [ 297.770850][T13845] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.866141][T13845] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.969918][T13845] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.004032][T13847] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 298.014666][T13847] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 298.053970][T13845] batman_adv: batadv1: Interface deactivated: netdevsim0 [ 298.106140][T13852] FAULT_INJECTION: forcing a failure. [ 298.106140][T13852] name failslab, interval 1, probability 0, space 0, times 0 [ 298.129033][T13852] CPU: 0 PID: 13852 Comm: syz.4.2804 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 298.138883][T13852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 298.148939][T13852] Call Trace: [ 298.152211][T13852] [ 298.155144][T13852] dump_stack_lvl+0x241/0x360 [ 298.159822][T13852] ? __pfx_dump_stack_lvl+0x10/0x10 [ 298.165013][T13852] ? __pfx__printk+0x10/0x10 [ 298.169604][T13852] ? ref_tracker_alloc+0x332/0x490 [ 298.174715][T13852] should_fail_ex+0x3b0/0x4e0 [ 298.179392][T13852] ? skb_clone+0x20c/0x390 [ 298.183804][T13852] should_failslab+0x9/0x20 [ 298.188301][T13852] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 298.193671][T13852] skb_clone+0x20c/0x390 [ 298.197914][T13852] __netlink_deliver_tap+0x3cc/0x7c0 [ 298.203199][T13852] ? netlink_deliver_tap+0x2e/0x1b0 [ 298.208389][T13852] netlink_deliver_tap+0x19d/0x1b0 [ 298.213496][T13852] netlink_unicast+0x7be/0x990 [ 298.218257][T13852] ? __pfx_netlink_unicast+0x10/0x10 [ 298.223531][T13852] ? __virt_addr_valid+0x183/0x530 [ 298.228641][T13852] ? __check_object_size+0x49c/0x900 [ 298.233916][T13852] ? bpf_lsm_netlink_send+0x9/0x10 [ 298.239042][T13852] netlink_sendmsg+0x8e4/0xcb0 [ 298.243831][T13852] ? __pfx_netlink_sendmsg+0x10/0x10 [ 298.249118][T13852] ? __import_iovec+0x536/0x820 [ 298.253973][T13852] ? aa_sock_msg_perm+0x91/0x160 [ 298.258915][T13852] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 298.264202][T13852] ? security_socket_sendmsg+0x87/0xb0 [ 298.269667][T13852] ? __pfx_netlink_sendmsg+0x10/0x10 [ 298.274952][T13852] __sock_sendmsg+0x221/0x270 [ 298.279627][T13852] ____sys_sendmsg+0x525/0x7d0 [ 298.284395][T13852] ? __pfx_____sys_sendmsg+0x10/0x10 [ 298.289690][T13852] __sys_sendmsg+0x2b0/0x3a0 [ 298.294275][T13852] ? __pfx___sys_sendmsg+0x10/0x10 [ 298.299376][T13852] ? vfs_write+0x7c4/0xc90 [ 298.303819][T13852] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 298.310141][T13852] ? do_syscall_64+0x100/0x230 [ 298.314910][T13852] ? do_syscall_64+0xb6/0x230 [ 298.319584][T13852] do_syscall_64+0xf3/0x230 [ 298.324079][T13852] ? clear_bhb_loop+0x35/0x90 [ 298.328752][T13852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.334636][T13852] RIP: 0033:0x7f7f43575b59 [ 298.339049][T13852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 298.358644][T13852] RSP: 002b:00007f7f4435f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 298.367064][T13852] RAX: ffffffffffffffda RBX: 00007f7f43705f60 RCX: 00007f7f43575b59 [ 298.375043][T13852] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 298.383034][T13852] RBP: 00007f7f4435f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 298.391176][T13852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 298.399148][T13852] R13: 000000000000000b R14: 00007f7f43705f60 R15: 00007ffe42ef0328 [ 298.407139][T13852] [ 298.442265][T13845] batman_adv: batadv1: Removing interface: netdevsim0 [ 298.454899][T13845] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.502580][T13847] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 298.513349][T13847] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 298.619820][T13847] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 298.638745][T13847] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 298.661150][T13863] batadv_slave_1: entered promiscuous mode [ 298.674868][T13864] vlan1: entered promiscuous mode [ 298.701530][T13861] pim6reg: entered allmulticast mode [ 298.720709][T13864] vlan1: left promiscuous mode [ 298.736408][T13864] batadv_slave_1: left promiscuous mode [ 298.781444][T13847] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 298.792245][T13847] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 298.819908][T13856] pim6reg: left allmulticast mode [ 298.878016][T13873] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 298.887420][T13874] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 298.915152][T13874] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 298.931406][T13874] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 298.948172][T13845] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.973618][T13845] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.000653][T13845] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.041783][T13845] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.075106][T13847] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 299.093101][T13847] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 299.113305][T13880] delete_channel: no stack [ 299.119410][T13847] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 299.134324][T13847] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 299.174520][T13847] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 299.196660][T13847] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 299.241672][T13847] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 299.259285][T13847] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 299.282996][T13887] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 299.457143][T13899] __nla_validate_parse: 4 callbacks suppressed [ 299.457165][T13899] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2817'. [ 299.513911][T13899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 299.540823][T13899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 299.555878][T13901] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 299.582638][T13899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 299.824884][T13919] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.875420][T13921] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 299.913361][T13919] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.970262][T13924] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2831'. [ 299.982123][T13919] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.035566][T13919] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.142513][T13919] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.161941][T13919] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.183541][T13919] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.202251][T13919] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.361626][T13939] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 300.440662][T13944] netlink: 'syz.3.2836': attribute type 32 has an invalid length. [ 300.453566][T13944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2836'. [ 300.464302][T13944] (unnamed net_device) (uninitialized): option coupled_control: invalid value (116) [ 300.469379][T13940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2836'. [ 300.604042][T13953] delete_channel: no stack [ 300.774618][T13962] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2843'. [ 300.923578][T13968] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2845'. [ 301.049105][T13972] netlink: 'syz.2.2846': attribute type 1 has an invalid length. [ 301.073742][T13972] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 301.235462][T13974] netlink: 'syz.2.2848': attribute type 21 has an invalid length. [ 301.253587][T13974] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2848'. [ 301.275934][T13974] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2848'. [ 301.362229][T13980] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 301.421097][T13981] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 301.493510][T13985] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2852'. [ 301.597348][T13990] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2854'. [ 301.875857][T13992] netlink: 'syz.3.2853': attribute type 5 has an invalid length. [ 301.915099][T14010] netlink: 'syz.4.2860': attribute type 21 has an invalid length. [ 302.055032][T14015] delete_channel: no stack [ 302.082292][T14017] skbuff: bad partial csum: csum=65506/2 headroom=144 headlen=65526 [ 302.160069][T14020] netlink: 'syz.4.2864': attribute type 9 has an invalid length. [ 302.234834][T14023] FAULT_INJECTION: forcing a failure. [ 302.234834][T14023] name failslab, interval 1, probability 0, space 0, times 0 [ 302.248449][T14023] CPU: 1 PID: 14023 Comm: syz.4.2865 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 302.258289][T14023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 302.268383][T14023] Call Trace: [ 302.271683][T14023] [ 302.274629][T14023] dump_stack_lvl+0x241/0x360 [ 302.279333][T14023] ? __pfx_dump_stack_lvl+0x10/0x10 [ 302.284550][T14023] ? __pfx__printk+0x10/0x10 [ 302.289154][T14023] ? ref_tracker_alloc+0x332/0x490 [ 302.294260][T14023] should_fail_ex+0x3b0/0x4e0 [ 302.298930][T14023] ? skb_clone+0x20c/0x390 [ 302.303335][T14023] should_failslab+0x9/0x20 [ 302.307843][T14023] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 302.313240][T14023] skb_clone+0x20c/0x390 [ 302.317499][T14023] __netlink_deliver_tap+0x3cc/0x7c0 [ 302.322785][T14023] ? netlink_deliver_tap+0x2e/0x1b0 [ 302.327972][T14023] netlink_deliver_tap+0x19d/0x1b0 [ 302.333092][T14023] netlink_unicast+0x7be/0x990 [ 302.337861][T14023] ? __pfx_netlink_unicast+0x10/0x10 [ 302.343137][T14023] ? __virt_addr_valid+0x183/0x530 [ 302.348249][T14023] ? __check_object_size+0x49c/0x900 [ 302.353526][T14023] ? bpf_lsm_netlink_send+0x9/0x10 [ 302.358645][T14023] netlink_sendmsg+0x8e4/0xcb0 [ 302.363444][T14023] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.369264][T14023] ? __import_iovec+0x536/0x820 [ 302.374106][T14023] ? aa_sock_msg_perm+0x91/0x160 [ 302.379038][T14023] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 302.384321][T14023] ? security_socket_sendmsg+0x87/0xb0 [ 302.389792][T14023] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.395080][T14023] __sock_sendmsg+0x221/0x270 [ 302.399757][T14023] ____sys_sendmsg+0x525/0x7d0 [ 302.404529][T14023] ? __pfx_____sys_sendmsg+0x10/0x10 [ 302.409837][T14023] __sys_sendmsg+0x2b0/0x3a0 [ 302.414454][T14023] ? __pfx___sys_sendmsg+0x10/0x10 [ 302.419574][T14023] ? vfs_write+0x7c4/0xc90 [ 302.424009][T14023] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 302.430327][T14023] ? do_syscall_64+0x100/0x230 [ 302.435092][T14023] ? do_syscall_64+0xb6/0x230 [ 302.439767][T14023] do_syscall_64+0xf3/0x230 [ 302.444260][T14023] ? clear_bhb_loop+0x35/0x90 [ 302.449015][T14023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.454906][T14023] RIP: 0033:0x7f7f43575b59 [ 302.459327][T14023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.478948][T14023] RSP: 002b:00007f7f4435f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 302.487356][T14023] RAX: ffffffffffffffda RBX: 00007f7f43705f60 RCX: 00007f7f43575b59 [ 302.495320][T14023] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 302.503281][T14023] RBP: 00007f7f4435f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 302.511256][T14023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 302.519236][T14023] R13: 000000000000000b R14: 00007f7f43705f60 R15: 00007ffe42ef0328 [ 302.527228][T14023] [ 302.533491][T14023] netlink: 'syz.4.2865': attribute type 3 has an invalid length. [ 302.543314][T14023] netlink: 'syz.4.2865': attribute type 3 has an invalid length. [ 302.653472][T14025] netlink: 'syz.4.2866': attribute type 1 has an invalid length. [ 302.991920][T14048] xt_connbytes: Forcing CT accounting to be enabled [ 303.373818][T14064] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 303.600512][T14073] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 303.629342][T14073] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 303.648602][T14073] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 303.845832][T14082] netlink: 'syz.3.2884': attribute type 10 has an invalid length. [ 303.917734][T14082] team0: Port device team_slave_0 removed [ 304.383292][T14103] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 304.507219][T14112] __nla_validate_parse: 10 callbacks suppressed [ 304.507241][T14112] netlink: 9412 bytes leftover after parsing attributes in process `syz.4.2893'. [ 304.862088][T14124] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2899'. [ 305.036528][T14134] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2902'. [ 305.082779][T14134] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 305.139131][T14134] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 305.160559][T14137] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2903'. [ 305.176704][T14134] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 305.397884][T14148] tipc: Started in network mode [ 305.412372][T14148] tipc: Node identity 42f16675518a, cluster identity 4711 [ 305.425946][T14148] tipc: Enabled bearer , priority 0 [ 305.444372][T14146] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2907'. [ 305.469773][T14144] tipc: Disabling bearer [ 305.513503][T14156] FAULT_INJECTION: forcing a failure. [ 305.513503][T14156] name failslab, interval 1, probability 0, space 0, times 0 [ 305.528666][T14156] CPU: 0 PID: 14156 Comm: syz.1.2908 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 305.538498][T14156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 305.548569][T14156] Call Trace: [ 305.551860][T14156] [ 305.554800][T14156] dump_stack_lvl+0x241/0x360 [ 305.559492][T14156] ? __pfx_dump_stack_lvl+0x10/0x10 [ 305.564683][T14156] ? __pfx__printk+0x10/0x10 [ 305.569290][T14156] should_fail_ex+0x3b0/0x4e0 [ 305.573987][T14156] ? __alloc_skb+0x1c3/0x440 [ 305.578585][T14156] should_failslab+0x9/0x20 [ 305.583078][T14156] kmem_cache_alloc_node_noprof+0x71/0x320 [ 305.588895][T14156] __alloc_skb+0x1c3/0x440 [ 305.593339][T14156] ? __pfx___alloc_skb+0x10/0x10 [ 305.598296][T14156] ? netlink_ack_tlv_len+0x6e/0x200 [ 305.603498][T14156] netlink_ack+0x13f/0xa30 [ 305.607936][T14156] ? __pfx_lock_acquire+0x10/0x10 [ 305.612981][T14156] ? __pfx_nl802154_set_max_frame_retries+0x10/0x10 [ 305.619588][T14156] ? __pfx_nl802154_post_doit+0x10/0x10 [ 305.625164][T14156] netlink_rcv_skb+0x262/0x430 [ 305.629953][T14156] ? __pfx_genl_rcv_msg+0x10/0x10 [ 305.634993][T14156] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 305.640293][T14156] genl_rcv+0x28/0x40 [ 305.644289][T14156] netlink_unicast+0x7f0/0x990 [ 305.649083][T14156] ? __pfx_netlink_unicast+0x10/0x10 [ 305.654389][T14156] ? __virt_addr_valid+0x183/0x530 [ 305.659508][T14156] ? __check_object_size+0x49c/0x900 [ 305.664790][T14156] ? bpf_lsm_netlink_send+0x9/0x10 [ 305.669908][T14156] netlink_sendmsg+0x8e4/0xcb0 [ 305.674708][T14156] ? __pfx_netlink_sendmsg+0x10/0x10 [ 305.680005][T14156] ? __import_iovec+0x536/0x820 [ 305.684851][T14156] ? aa_sock_msg_perm+0x91/0x160 [ 305.689808][T14156] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 305.695113][T14156] ? security_socket_sendmsg+0x87/0xb0 [ 305.700595][T14156] ? __pfx_netlink_sendmsg+0x10/0x10 [ 305.705885][T14156] __sock_sendmsg+0x221/0x270 [ 305.710573][T14156] ____sys_sendmsg+0x525/0x7d0 [ 305.715370][T14156] ? __pfx_____sys_sendmsg+0x10/0x10 [ 305.720678][T14156] __sys_sendmsg+0x2b0/0x3a0 [ 305.725265][T14156] ? __pfx___sys_sendmsg+0x10/0x10 [ 305.730383][T14156] ? vfs_write+0x7c4/0xc90 [ 305.734838][T14156] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 305.741168][T14156] ? do_syscall_64+0x100/0x230 [ 305.745953][T14156] ? do_syscall_64+0xb6/0x230 [ 305.750653][T14156] do_syscall_64+0xf3/0x230 [ 305.755177][T14156] ? clear_bhb_loop+0x35/0x90 [ 305.759877][T14156] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.765792][T14156] RIP: 0033:0x7fcf2ff75b59 [ 305.770224][T14156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.789853][T14156] RSP: 002b:00007fcf2f9ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 305.798311][T14156] RAX: ffffffffffffffda RBX: 00007fcf30105f60 RCX: 00007fcf2ff75b59 [ 305.806303][T14156] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000005 [ 305.814294][T14156] RBP: 00007fcf2f9ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 305.822334][T14156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.830330][T14156] R13: 000000000000000b R14: 00007fcf30105f60 R15: 00007ffd607e4e98 [ 305.838348][T14156] [ 305.865424][T14158] netlink: 'syz.0.2909': attribute type 11 has an invalid length. [ 305.878069][T14158] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2909'. [ 305.899674][T14158] netlink: 'syz.0.2909': attribute type 11 has an invalid length. [ 305.914119][T14158] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2909'. [ 306.240454][T14178] nbd: must specify at least one socket [ 306.250320][T14179] FAULT_INJECTION: forcing a failure. [ 306.250320][T14179] name failslab, interval 1, probability 0, space 0, times 0 [ 306.256027][T14172] vlan2: entered promiscuous mode [ 306.270518][T14179] CPU: 0 PID: 14179 Comm: syz.1.2917 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 306.280453][T14179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 306.282465][T14172] bond0: entered promiscuous mode [ 306.290506][T14179] Call Trace: [ 306.290519][T14179] [ 306.290529][T14179] dump_stack_lvl+0x241/0x360 [ 306.290557][T14179] ? __pfx_dump_stack_lvl+0x10/0x10 [ 306.290576][T14179] ? __pfx__printk+0x10/0x10 [ 306.290601][T14179] ? netlink_insert+0x10b7/0x14b0 [ 306.290641][T14179] should_fail_ex+0x3b0/0x4e0 [ 306.290663][T14179] ? __alloc_skb+0x1c3/0x440 [ 306.290687][T14179] should_failslab+0x9/0x20 [ 306.290708][T14179] kmem_cache_alloc_node_noprof+0x71/0x320 [ 306.290735][T14179] __alloc_skb+0x1c3/0x440 [ 306.290764][T14179] ? __pfx___alloc_skb+0x10/0x10 [ 306.290789][T14179] ? netlink_autobind+0xd6/0x2f0 [ 306.290810][T14179] ? netlink_autobind+0x2b0/0x2f0 [ 306.290835][T14179] netlink_sendmsg+0x638/0xcb0 [ 306.290869][T14179] ? __pfx_netlink_sendmsg+0x10/0x10 [ 306.290890][T14179] ? aa_sock_msg_perm+0x91/0x160 [ 306.290913][T14179] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 306.290931][T14179] ? security_socket_sendmsg+0x87/0xb0 [ 306.290960][T14179] ? __pfx_netlink_sendmsg+0x10/0x10 [ 306.290977][T14179] __sock_sendmsg+0x221/0x270 [ 306.291003][T14179] sock_write_iter+0x2dd/0x400 [ 306.291022][T14179] ? __pfx_sock_write_iter+0x10/0x10 [ 306.291050][T14179] ? bpf_lsm_file_permission+0x9/0x10 [ 306.291072][T14179] ? security_file_permission+0x7f/0xa0 [ 306.291102][T14179] vfs_write+0xa72/0xc90 [ 306.291132][T14179] ? __pfx_sock_write_iter+0x10/0x10 [ 306.291154][T14179] ? __pfx_vfs_write+0x10/0x10 [ 306.291199][T14179] ksys_write+0x1a0/0x2c0 [ 306.291228][T14179] ? __pfx_ksys_write+0x10/0x10 [ 306.291251][T14179] ? do_syscall_64+0x100/0x230 [ 306.309180][T14172] bond_slave_0: entered promiscuous mode [ 306.312320][T14179] ? do_syscall_64+0xb6/0x230 [ 306.325432][T14172] bond_slave_1: entered promiscuous mode [ 306.326557][T14179] do_syscall_64+0xf3/0x230 [ 306.326585][T14179] ? clear_bhb_loop+0x35/0x90 [ 306.326609][T14179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.326629][T14179] RIP: 0033:0x7fcf2ff75b59 [ 306.326648][T14179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 306.326666][T14179] RSP: 002b:00007fcf2f9ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 306.326688][T14179] RAX: ffffffffffffffda RBX: 00007fcf30105f60 RCX: 00007fcf2ff75b59 [ 306.326704][T14179] RDX: 0000000000000029 RSI: 00000000200002c0 RDI: 0000000000000004 [ 306.326718][T14179] RBP: 00007fcf2f9ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 306.326733][T14179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 306.326744][T14179] R13: 000000000000000b R14: 00007fcf30105f60 R15: 00007ffd607e4e98 [ 306.326773][T14179] [ 306.564686][T14172] bond0: left promiscuous mode [ 306.574717][T14172] bond_slave_0: left promiscuous mode [ 306.590491][T14172] bond_slave_1: left promiscuous mode [ 306.644813][T14193] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2920'. [ 306.746025][T14195] tipc: Enabling of bearer rejected, failed to enable media [ 306.767136][T14202] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2922'. [ 306.874645][T14209] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2925'. [ 307.007211][T14226] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 307.020635][T14226] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 307.037346][T14226] validate_nla: 2 callbacks suppressed [ 307.037374][T14226] netlink: 'syz.3.2930': attribute type 10 has an invalid length. [ 307.051466][T14226] team0: Cannot enslave team device to itself [ 307.074529][T14227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 307.118874][T14227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 307.169088][T14227] netlink: 'syz.0.2929': attribute type 10 has an invalid length. [ 307.181145][T14227] team0: Cannot enslave team device to itself [ 307.863781][T14246] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 308.177376][T14269] bond0: (slave macsec1): Error -34 calling dev_set_mtu [ 308.213615][T14270] bond0: (slave macsec1): Error -34 calling dev_set_mtu [ 308.240202][T14267] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 308.254904][T14272] netlink: 'syz.2.2943': attribute type 2 has an invalid length. [ 308.262903][T14272] netlink: 'syz.2.2943': attribute type 8 has an invalid length. [ 308.275303][T14275] netlink: 'syz.4.2944': attribute type 21 has an invalid length. [ 308.387229][T14282] netlink: 'syz.4.2947': attribute type 1 has an invalid length. [ 308.666667][T14303] vcan0: entered allmulticast mode [ 308.836946][T14311] netlink: 'syz.1.2955': attribute type 2 has an invalid length. [ 308.849772][T14311] netlink: 'syz.1.2955': attribute type 8 has an invalid length. [ 308.862903][T14314] netlink: 'syz.4.2957': attribute type 21 has an invalid length. [ 308.980170][T14323] sch_tbf: burst 0 is lower than device lo mtu (81) ! [ 309.306643][ T5101] Bluetooth: hci0: command 0x0406 tx timeout [ 309.524217][T14347] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 309.620932][T14351] netlink: 'syz.0.2969': attribute type 2 has an invalid length. [ 309.635822][T14355] __nla_validate_parse: 14 callbacks suppressed [ 309.635842][T14355] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2972'. [ 309.644637][T14351] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2969'. [ 309.664164][T14357] FAULT_INJECTION: forcing a failure. [ 309.664164][T14357] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 309.678199][T14357] CPU: 0 PID: 14357 Comm: syz.2.2974 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 309.688044][T14357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 309.698133][T14357] Call Trace: [ 309.701427][T14357] [ 309.704465][T14357] dump_stack_lvl+0x241/0x360 [ 309.709173][T14357] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.714396][T14357] ? __pfx__printk+0x10/0x10 [ 309.719015][T14357] ? snprintf+0xda/0x120 [ 309.723270][T14357] should_fail_ex+0x3b0/0x4e0 [ 309.727958][T14357] _copy_to_user+0x2f/0xb0 [ 309.732387][T14357] simple_read_from_buffer+0xca/0x150 [ 309.737767][T14357] proc_fail_nth_read+0x1e9/0x250 [ 309.742831][T14357] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 309.748399][T14357] ? rw_verify_area+0x520/0x6b0 [ 309.753256][T14357] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 309.758807][T14357] vfs_read+0x204/0xbc0 [ 309.762978][T14357] ? __pfx_lock_release+0x10/0x10 [ 309.768006][T14357] ? do_sock_setsockopt+0x3e2/0x720 [ 309.773212][T14357] ? __pfx_vfs_read+0x10/0x10 [ 309.777895][T14357] ? __fget_files+0x29/0x470 [ 309.782494][T14357] ? __fget_files+0x3f6/0x470 [ 309.787185][T14357] ksys_read+0x1a0/0x2c0 [ 309.791640][T14357] ? __pfx_ksys_read+0x10/0x10 [ 309.796428][T14357] ? do_syscall_64+0x100/0x230 [ 309.801206][T14357] ? do_syscall_64+0xb6/0x230 [ 309.805881][T14357] do_syscall_64+0xf3/0x230 [ 309.810393][T14357] ? clear_bhb_loop+0x35/0x90 [ 309.815080][T14357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.820963][T14357] RIP: 0033:0x7ff84c37463c [ 309.825366][T14357] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 309.845070][T14357] RSP: 002b:00007ff84d199040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 309.853515][T14357] RAX: ffffffffffffffda RBX: 00007ff84c505f60 RCX: 00007ff84c37463c [ 309.861518][T14357] RDX: 000000000000000f RSI: 00007ff84d1990b0 RDI: 0000000000000004 [ 309.869523][T14357] RBP: 00007ff84d1990a0 R08: 0000000000000000 R09: 0000000000000000 [ 309.877520][T14357] R10: 0000000020000300 R11: 0000000000000246 R12: 0000000000000001 [ 309.885508][T14357] R13: 000000000000000b R14: 00007ff84c505f60 R15: 00007ffe2f1f7008 [ 309.893493][T14357] [ 310.192138][T14372] FAULT_INJECTION: forcing a failure. [ 310.192138][T14372] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 310.215703][T14372] CPU: 0 PID: 14372 Comm: syz.1.2980 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 310.225585][T14372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 310.235654][T14372] Call Trace: [ 310.238934][T14372] [ 310.241860][T14372] dump_stack_lvl+0x241/0x360 [ 310.246625][T14372] ? __pfx_dump_stack_lvl+0x10/0x10 [ 310.251818][T14372] ? __pfx__printk+0x10/0x10 [ 310.256406][T14372] ? snprintf+0xda/0x120 [ 310.260647][T14372] should_fail_ex+0x3b0/0x4e0 [ 310.265322][T14372] _copy_to_user+0x2f/0xb0 [ 310.269739][T14372] simple_read_from_buffer+0xca/0x150 [ 310.275118][T14372] proc_fail_nth_read+0x1e9/0x250 [ 310.280140][T14372] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 310.285685][T14372] ? rw_verify_area+0x520/0x6b0 [ 310.290540][T14372] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 310.296170][T14372] vfs_read+0x204/0xbc0 [ 310.300503][T14372] ? __pfx_lock_release+0x10/0x10 [ 310.305520][T14372] ? do_sock_setsockopt+0x3e2/0x720 [ 310.310726][T14372] ? __pfx_vfs_read+0x10/0x10 [ 310.315403][T14372] ? __fget_files+0x29/0x470 [ 310.319988][T14372] ? __fget_files+0x3f6/0x470 [ 310.324670][T14372] ksys_read+0x1a0/0x2c0 [ 310.328918][T14372] ? __pfx_ksys_read+0x10/0x10 [ 310.333701][T14372] ? do_syscall_64+0x100/0x230 [ 310.338479][T14372] ? do_syscall_64+0xb6/0x230 [ 310.343170][T14372] do_syscall_64+0xf3/0x230 [ 310.347676][T14372] ? clear_bhb_loop+0x35/0x90 [ 310.352357][T14372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.358246][T14372] RIP: 0033:0x7fcf2ff7463c [ 310.362681][T14372] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 310.382286][T14372] RSP: 002b:00007fcf2f9ff040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 310.390698][T14372] RAX: ffffffffffffffda RBX: 00007fcf30105f60 RCX: 00007fcf2ff7463c [ 310.398664][T14372] RDX: 000000000000000f RSI: 00007fcf2f9ff0b0 RDI: 0000000000000004 [ 310.406629][T14372] RBP: 00007fcf2f9ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 310.414610][T14372] R10: 0000000020000300 R11: 0000000000000246 R12: 0000000000000001 [ 310.422571][T14372] R13: 000000000000000b R14: 00007fcf30105f60 R15: 00007ffd607e4e98 [ 310.430554][T14372] [ 310.565022][T14382] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2984'. [ 310.678023][T14388] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2986'. [ 310.754839][T14393] FAULT_INJECTION: forcing a failure. [ 310.754839][T14393] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 310.776427][T14393] CPU: 0 PID: 14393 Comm: syz.3.2988 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 310.786281][T14393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 310.796352][T14393] Call Trace: [ 310.799648][T14393] [ 310.802590][T14393] dump_stack_lvl+0x241/0x360 [ 310.807291][T14393] ? __pfx_dump_stack_lvl+0x10/0x10 [ 310.812512][T14393] ? __pfx__printk+0x10/0x10 [ 310.817214][T14393] ? snprintf+0xda/0x120 [ 310.821485][T14393] should_fail_ex+0x3b0/0x4e0 [ 310.826189][T14393] _copy_to_user+0x2f/0xb0 [ 310.830631][T14393] simple_read_from_buffer+0xca/0x150 [ 310.834869][T14396] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 310.836011][T14393] proc_fail_nth_read+0x1e9/0x250 [ 310.849547][T14393] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 310.855119][T14393] ? rw_verify_area+0x520/0x6b0 [ 310.859993][T14393] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 310.865566][T14393] vfs_read+0x204/0xbc0 [ 310.869749][T14393] ? __pfx_lock_release+0x10/0x10 [ 310.874890][T14393] ? __pfx_vfs_read+0x10/0x10 [ 310.879599][T14393] ? __fget_files+0x29/0x470 [ 310.884207][T14393] ? __fget_files+0x3f6/0x470 [ 310.888929][T14393] ksys_read+0x1a0/0x2c0 [ 310.893200][T14393] ? __pfx_ksys_read+0x10/0x10 [ 310.898074][T14393] ? do_syscall_64+0x100/0x230 [ 310.902860][T14393] ? do_syscall_64+0xb6/0x230 [ 310.907562][T14393] do_syscall_64+0xf3/0x230 [ 310.912087][T14393] ? clear_bhb_loop+0x35/0x90 [ 310.916790][T14393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.922704][T14393] RIP: 0033:0x7fa6d897463c [ 310.927138][T14393] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 310.946767][T14393] RSP: 002b:00007fa6d9821040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 310.955209][T14393] RAX: ffffffffffffffda RBX: 00007fa6d8b05f60 RCX: 00007fa6d897463c [ 310.963202][T14393] RDX: 000000000000000f RSI: 00007fa6d98210b0 RDI: 0000000000000003 [ 310.971192][T14393] RBP: 00007fa6d98210a0 R08: 0000000000000000 R09: 0000000000000000 [ 310.979184][T14393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 310.987169][T14393] R13: 000000000000000b R14: 00007fa6d8b05f60 R15: 00007ffe305d5d38 [ 310.995180][T14393] [ 311.063742][T14404] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2991'. [ 311.097592][T14404] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2991'. [ 311.257147][T14417] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2997'. [ 311.308100][T14417] FAULT_INJECTION: forcing a failure. [ 311.308100][T14417] name failslab, interval 1, probability 0, space 0, times 0 [ 311.342782][T14417] CPU: 1 PID: 14417 Comm: syz.2.2997 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 311.352646][T14417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 311.362723][T14417] Call Trace: [ 311.366018][T14417] [ 311.368968][T14417] dump_stack_lvl+0x241/0x360 [ 311.373674][T14417] ? __pfx_dump_stack_lvl+0x10/0x10 [ 311.378895][T14417] ? __pfx__printk+0x10/0x10 [ 311.383514][T14417] ? __pfx___might_resched+0x10/0x10 [ 311.388845][T14417] should_fail_ex+0x3b0/0x4e0 [ 311.393556][T14417] ? __kernfs_new_node+0xd8/0x870 [ 311.398609][T14417] should_failslab+0x9/0x20 [ 311.403127][T14417] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 311.408561][T14417] __kernfs_new_node+0xd8/0x870 [ 311.413436][T14417] ? mark_lock+0x9a/0x350 [ 311.417795][T14417] ? __lock_acquire+0x1346/0x1fd0 [ 311.422858][T14417] ? __pfx___kernfs_new_node+0x10/0x10 [ 311.428354][T14417] kernfs_new_node+0x137/0x240 [ 311.433137][T14417] kernfs_create_dir_ns+0x43/0x120 [ 311.438252][T14417] sysfs_create_dir_ns+0x189/0x3a0 [ 311.443360][T14417] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 311.448999][T14417] kobject_add_internal+0x435/0x8d0 [ 311.454204][T14417] kobject_add+0x152/0x220 [ 311.458615][T14417] ? device_add+0x3e7/0xbf0 [ 311.463114][T14417] ? __pfx_kobject_add+0x10/0x10 [ 311.468051][T14417] ? get_device_parent+0x25d/0x410 [ 311.473162][T14417] device_add+0x4e5/0xbf0 [ 311.477489][T14417] ? __asan_memset+0x23/0x50 [ 311.482075][T14417] wpan_phy_register+0x2e/0x110 [ 311.486928][T14417] ieee802154_register_hw+0x605/0x8d0 [ 311.492297][T14417] ? __pfx_ieee802154_register_hw+0x10/0x10 [ 311.498185][T14417] ? __kasan_kmalloc+0x98/0xb0 [ 311.502947][T14417] ? hwsim_add_one+0x34c/0x11d0 [ 311.507796][T14417] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 311.513172][T14417] hwsim_add_one+0x489/0x11d0 [ 311.517856][T14417] genl_rcv_msg+0xb14/0xec0 [ 311.522354][T14417] ? mark_lock+0x9a/0x350 [ 311.526686][T14417] ? __pfx_genl_rcv_msg+0x10/0x10 [ 311.531729][T14417] ? __pfx_lock_acquire+0x10/0x10 [ 311.536744][T14417] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 311.542285][T14417] ? __pfx___might_resched+0x10/0x10 [ 311.547577][T14417] netlink_rcv_skb+0x1e3/0x430 [ 311.552343][T14417] ? __pfx_genl_rcv_msg+0x10/0x10 [ 311.557365][T14417] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 311.562668][T14417] genl_rcv+0x28/0x40 [ 311.566657][T14417] netlink_unicast+0x7f0/0x990 [ 311.571421][T14417] ? __pfx_netlink_unicast+0x10/0x10 [ 311.576696][T14417] ? __virt_addr_valid+0x183/0x530 [ 311.581811][T14417] ? __check_object_size+0x49c/0x900 [ 311.587089][T14417] ? bpf_lsm_netlink_send+0x9/0x10 [ 311.592196][T14417] netlink_sendmsg+0x8e4/0xcb0 [ 311.596966][T14417] ? __pfx_netlink_sendmsg+0x10/0x10 [ 311.602247][T14417] ? __import_iovec+0x536/0x820 [ 311.607093][T14417] ? aa_sock_msg_perm+0x91/0x160 [ 311.612029][T14417] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 311.617307][T14417] ? security_socket_sendmsg+0x87/0xb0 [ 311.622766][T14417] ? __pfx_netlink_sendmsg+0x10/0x10 [ 311.628048][T14417] __sock_sendmsg+0x221/0x270 [ 311.632721][T14417] ____sys_sendmsg+0x525/0x7d0 [ 311.637485][T14417] ? __pfx_____sys_sendmsg+0x10/0x10 [ 311.642777][T14417] __sys_sendmsg+0x2b0/0x3a0 [ 311.647369][T14417] ? __pfx___sys_sendmsg+0x10/0x10 [ 311.652478][T14417] ? vfs_write+0x7c4/0xc90 [ 311.656927][T14417] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 311.663249][T14417] ? do_syscall_64+0x100/0x230 [ 311.668012][T14417] ? do_syscall_64+0xb6/0x230 [ 311.672682][T14417] do_syscall_64+0xf3/0x230 [ 311.677176][T14417] ? clear_bhb_loop+0x35/0x90 [ 311.681848][T14417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.687736][T14417] RIP: 0033:0x7ff84c375b59 [ 311.692144][T14417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.711744][T14417] RSP: 002b:00007ff84d199048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 311.720155][T14417] RAX: ffffffffffffffda RBX: 00007ff84c505f60 RCX: 00007ff84c375b59 [ 311.728123][T14417] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 311.736081][T14417] RBP: 00007ff84d1990a0 R08: 0000000000000000 R09: 0000000000000000 [ 311.744042][T14417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 311.752006][T14417] R13: 000000000000000b R14: 00007ff84c505f60 R15: 00007ffe2f1f7008 [ 311.759991][T14417] [ 311.777869][T14417] kobject: kobject_add_internal failed for phy12 (error: -12 parent: ieee802154) [ 311.810586][T14402] pim6reg: entered allmulticast mode [ 311.883410][T14401] pim6reg: left allmulticast mode [ 312.109389][T14442] syz.3.3004[14442] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 312.109545][T14442] syz.3.3004[14442] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 312.149117][T14442] syz.3.3004[14442] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 312.205118][T14442] syz.3.3004[14442] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 312.289499][T14449] validate_nla: 4 callbacks suppressed [ 312.289520][T14449] netlink: 'syz.1.3007': attribute type 3 has an invalid length. [ 312.358074][T14456] FAULT_INJECTION: forcing a failure. [ 312.358074][T14456] name failslab, interval 1, probability 0, space 0, times 0 [ 312.388054][T14456] CPU: 1 PID: 14456 Comm: syz.4.3009 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 312.397912][T14456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 312.407967][T14456] Call Trace: [ 312.411238][T14456] [ 312.414165][T14456] dump_stack_lvl+0x241/0x360 [ 312.418844][T14456] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.424036][T14456] ? __pfx__printk+0x10/0x10 [ 312.428622][T14456] ? __pfx___might_resched+0x10/0x10 [ 312.433910][T14456] should_fail_ex+0x3b0/0x4e0 [ 312.438588][T14456] ? radix_tree_node_alloc+0x8b/0x3c0 [ 312.443959][T14456] should_failslab+0x9/0x20 [ 312.448460][T14456] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 312.453833][T14456] radix_tree_node_alloc+0x8b/0x3c0 [ 312.459042][T14456] idr_get_free+0x296/0xab0 [ 312.463556][T14456] idr_alloc_u32+0x195/0x330 [ 312.468153][T14456] ? __pfx_idr_alloc_u32+0x10/0x10 [ 312.473269][T14456] ? __pfx_lock_acquire+0x10/0x10 [ 312.478298][T14456] tcf_idr_check_alloc+0x703/0x940 [ 312.483409][T14456] ? tcf_idr_check_alloc+0xcc/0x940 [ 312.488615][T14456] ? __pfx_tcf_idr_check_alloc+0x10/0x10 [ 312.494246][T14456] ? __nla_parse+0x40/0x60 [ 312.498666][T14456] tcf_police_init+0x29b/0x17c0 [ 312.503513][T14456] ? __sock_sendmsg+0x221/0x270 [ 312.508359][T14456] ? ____sys_sendmsg+0x525/0x7d0 [ 312.513303][T14456] ? __pfx_tcf_police_init+0x10/0x10 [ 312.518603][T14456] ? nla_memcpy+0x5d/0xc0 [ 312.522931][T14456] ? __asan_memcpy+0x40/0x70 [ 312.527522][T14456] ? __pfx_tcf_police_init+0x10/0x10 [ 312.532802][T14456] tcf_action_init_1+0x5d7/0x890 [ 312.537739][T14456] ? nla_strscpy+0x100/0x180 [ 312.542360][T14456] ? __pfx_tcf_action_init_1+0x10/0x10 [ 312.547819][T14456] ? _raw_read_unlock+0x28/0x50 [ 312.552665][T14456] ? tc_action_load_ops+0x26d/0x590 [ 312.557883][T14456] ? __nla_parse+0x40/0x60 [ 312.562299][T14456] tcf_action_init+0x2e4/0x940 [ 312.567079][T14456] ? __pfx_tcf_action_init+0x10/0x10 [ 312.572420][T14456] ? apparmor_capable+0x138/0x1b0 [ 312.577457][T14456] tc_ctl_action+0x47d/0xcf0 [ 312.582081][T14456] ? __pfx_tc_ctl_action+0x10/0x10 [ 312.587211][T14456] ? trace_contention_end+0x3c/0x120 [ 312.592504][T14456] ? __mutex_lock+0x2ef/0xd70 [ 312.597192][T14456] ? __pfx___mutex_lock+0x10/0x10 [ 312.602233][T14456] ? __pfx_tc_ctl_action+0x10/0x10 [ 312.607343][T14456] rtnetlink_rcv_msg+0x73f/0xcf0 [ 312.612275][T14456] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 312.617395][T14456] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 312.622945][T14456] ? ref_tracker_free+0x643/0x7e0 [ 312.627972][T14456] netlink_rcv_skb+0x1e3/0x430 [ 312.632733][T14456] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 312.638186][T14456] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 312.643482][T14456] ? netlink_deliver_tap+0x2e/0x1b0 [ 312.648679][T14456] netlink_unicast+0x7f0/0x990 [ 312.653445][T14456] ? __pfx_netlink_unicast+0x10/0x10 [ 312.658725][T14456] ? __virt_addr_valid+0x183/0x530 [ 312.663837][T14456] ? __check_object_size+0x49c/0x900 [ 312.669117][T14456] ? bpf_lsm_netlink_send+0x9/0x10 [ 312.674224][T14456] netlink_sendmsg+0x8e4/0xcb0 [ 312.678993][T14456] ? __pfx_netlink_sendmsg+0x10/0x10 [ 312.684274][T14456] ? __import_iovec+0x536/0x820 [ 312.689120][T14456] ? aa_sock_msg_perm+0x91/0x160 [ 312.694056][T14456] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 312.699336][T14456] ? security_socket_sendmsg+0x87/0xb0 [ 312.704798][T14456] ? __pfx_netlink_sendmsg+0x10/0x10 [ 312.710080][T14456] __sock_sendmsg+0x221/0x270 [ 312.714756][T14456] ____sys_sendmsg+0x525/0x7d0 [ 312.719528][T14456] ? __pfx_____sys_sendmsg+0x10/0x10 [ 312.724824][T14456] __sys_sendmsg+0x2b0/0x3a0 [ 312.729447][T14456] ? __pfx___sys_sendmsg+0x10/0x10 [ 312.734554][T14456] ? vfs_write+0x7c4/0xc90 [ 312.739002][T14456] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 312.745331][T14456] ? do_syscall_64+0x100/0x230 [ 312.750096][T14456] ? do_syscall_64+0xb6/0x230 [ 312.754771][T14456] do_syscall_64+0xf3/0x230 [ 312.759271][T14456] ? clear_bhb_loop+0x35/0x90 [ 312.763943][T14456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.769840][T14456] RIP: 0033:0x7f7f43575b59 [ 312.774251][T14456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.793853][T14456] RSP: 002b:00007f7f4435f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 312.802266][T14456] RAX: ffffffffffffffda RBX: 00007f7f43705f60 RCX: 00007f7f43575b59 [ 312.810237][T14456] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 312.818200][T14456] RBP: 00007f7f4435f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 312.826162][T14456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 312.834123][T14456] R13: 000000000000000b R14: 00007f7f43705f60 R15: 00007ffe42ef0328 [ 312.842101][T14456] [ 312.859323][T14460] FAULT_INJECTION: forcing a failure. [ 312.859323][T14460] name failslab, interval 1, probability 0, space 0, times 0 [ 312.872518][T14460] CPU: 0 PID: 14460 Comm: syz.3.3011 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 312.882438][T14460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 312.892519][T14460] Call Trace: [ 312.895813][T14460] [ 312.898775][T14460] dump_stack_lvl+0x241/0x360 [ 312.903484][T14460] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.908702][T14460] ? __pfx__printk+0x10/0x10 [ 312.913299][T14460] ? __mutex_trylock_common+0x183/0x2e0 [ 312.918849][T14460] should_fail_ex+0x3b0/0x4e0 [ 312.923522][T14460] ? __alloc_skb+0x1c3/0x440 [ 312.928110][T14460] should_failslab+0x9/0x20 [ 312.932607][T14460] kmem_cache_alloc_node_noprof+0x71/0x320 [ 312.938498][T14460] ? trace_contention_end+0x3c/0x120 [ 312.943784][T14460] __alloc_skb+0x1c3/0x440 [ 312.948200][T14460] ? __pfx___alloc_skb+0x10/0x10 [ 312.953131][T14460] ? mutex_trylock+0xe0/0x130 [ 312.957811][T14460] mgmt_cmd_complete+0x47/0x580 [ 312.962666][T14460] stop_discovery+0x155/0x2b0 [ 312.967339][T14460] ? mgmt_init_hdev+0x453/0x470 [ 312.972190][T14460] hci_mgmt_cmd+0xc47/0x11d0 [ 312.976788][T14460] hci_sock_sendmsg+0x7b8/0x11c0 [ 312.981726][T14460] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 312.987092][T14460] ? aa_sock_msg_perm+0x91/0x160 [ 312.992028][T14460] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 312.997306][T14460] ? security_socket_sendmsg+0x87/0xb0 [ 313.002767][T14460] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 313.008128][T14460] __sock_sendmsg+0x221/0x270 [ 313.012803][T14460] sock_write_iter+0x2dd/0x400 [ 313.017564][T14460] ? __pfx_sock_write_iter+0x10/0x10 [ 313.022861][T14460] ? bpf_lsm_file_permission+0x9/0x10 [ 313.028238][T14460] ? security_file_permission+0x7f/0xa0 [ 313.033783][T14460] vfs_write+0xa72/0xc90 [ 313.038026][T14460] ? __pfx_sock_write_iter+0x10/0x10 [ 313.043305][T14460] ? __pfx_vfs_write+0x10/0x10 [ 313.048087][T14460] ksys_write+0x1a0/0x2c0 [ 313.052421][T14460] ? __pfx_ksys_write+0x10/0x10 [ 313.057269][T14460] ? do_syscall_64+0x100/0x230 [ 313.062031][T14460] ? do_syscall_64+0xb6/0x230 [ 313.066706][T14460] do_syscall_64+0xf3/0x230 [ 313.071203][T14460] ? clear_bhb_loop+0x35/0x90 [ 313.075877][T14460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.082197][T14460] RIP: 0033:0x7fa6d8975b59 [ 313.086620][T14460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.106239][T14460] RSP: 002b:00007fa6d9821048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 313.114654][T14460] RAX: ffffffffffffffda RBX: 00007fa6d8b05f60 RCX: 00007fa6d8975b59 [ 313.122619][T14460] RDX: 0000000000000007 RSI: 0000000020000340 RDI: 0000000000000004 [ 313.130585][T14460] RBP: 00007fa6d98210a0 R08: 0000000000000000 R09: 0000000000000000 [ 313.138547][T14460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 313.146525][T14460] R13: 000000000000000b R14: 00007fa6d8b05f60 R15: 00007ffe305d5d38 [ 313.154528][T14460] [ 313.325962][T14466] netlink: 468 bytes leftover after parsing attributes in process `syz.2.3012'. [ 313.358835][T14466] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3012'. [ 313.483623][T14482] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3015'. [ 313.567918][T14487] FAULT_INJECTION: forcing a failure. [ 313.567918][T14487] name failslab, interval 1, probability 0, space 0, times 0 [ 313.602728][T14487] CPU: 1 PID: 14487 Comm: syz.0.3016 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 313.612590][T14487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 313.622670][T14487] Call Trace: [ 313.625972][T14487] [ 313.628918][T14487] dump_stack_lvl+0x241/0x360 [ 313.633712][T14487] ? __pfx_dump_stack_lvl+0x10/0x10 [ 313.638934][T14487] ? __pfx__printk+0x10/0x10 [ 313.643560][T14487] should_fail_ex+0x3b0/0x4e0 [ 313.648265][T14487] ? sctp_add_bind_addr+0x89/0x3a0 [ 313.653404][T14487] should_failslab+0x9/0x20 [ 313.657923][T14487] kmalloc_trace_noprof+0x6c/0x2c0 [ 313.663061][T14487] sctp_add_bind_addr+0x89/0x3a0 [ 313.668025][T14487] sctp_copy_local_addr_list+0x311/0x500 [ 313.673684][T14487] ? sctp_copy_local_addr_list+0xab/0x500 [ 313.679432][T14487] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 313.685604][T14487] ? sctp_v6_is_any+0x60/0x70 [ 313.690292][T14487] sctp_bind_addr_copy+0xad/0x3b0 [ 313.695311][T14487] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 313.701633][T14487] sctp_connect_new_asoc+0x2f3/0x6c0 [ 313.707106][T14487] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 313.712918][T14487] ? sctp_sendmsg+0xbb9/0x3520 [ 313.717682][T14487] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 313.723220][T14487] ? security_sctp_bind_connect+0x90/0xb0 [ 313.728938][T14487] sctp_sendmsg+0x219a/0x3520 [ 313.733624][T14487] ? __pfx_sctp_sendmsg+0x10/0x10 [ 313.738649][T14487] ? __pfx_aa_sk_perm+0x10/0x10 [ 313.743494][T14487] ? inet_sendmsg+0x330/0x390 [ 313.748162][T14487] __sock_sendmsg+0x1a6/0x270 [ 313.752831][T14487] __sys_sendto+0x3a4/0x4f0 [ 313.757347][T14487] ? __pfx___sys_sendto+0x10/0x10 [ 313.762402][T14487] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 313.768371][T14487] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 313.774697][T14487] __x64_sys_sendto+0xde/0x100 [ 313.779453][T14487] do_syscall_64+0xf3/0x230 [ 313.783945][T14487] ? clear_bhb_loop+0x35/0x90 [ 313.788614][T14487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.794586][T14487] RIP: 0033:0x7f7e4c575b59 [ 313.799090][T14487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.818690][T14487] RSP: 002b:00007f7e4d2f2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 313.827102][T14487] RAX: ffffffffffffffda RBX: 00007f7e4c705f60 RCX: 00007f7e4c575b59 [ 313.835082][T14487] RDX: 0000000000000001 RSI: 0000000020004b40 RDI: 0000000000000003 [ 313.843140][T14487] RBP: 00007f7e4d2f20a0 R08: 00000000200000c0 R09: 000000000000001c [ 313.851104][T14487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 313.859078][T14487] R13: 000000000000000b R14: 00007f7e4c705f60 R15: 00007ffed1813c98 [ 313.867073][T14487] [ 313.977618][T14503] warn_alloc: 1 callbacks suppressed [ 313.977638][T14503] syz.0.3022: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 314.016203][T14503] CPU: 0 PID: 14503 Comm: syz.0.3022 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 314.026072][T14503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 314.036155][T14503] Call Trace: [ 314.039454][T14503] [ 314.042394][T14503] dump_stack_lvl+0x241/0x360 [ 314.047101][T14503] ? __pfx_dump_stack_lvl+0x10/0x10 [ 314.052324][T14503] ? __pfx__printk+0x10/0x10 [ 314.056941][T14503] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 314.063385][T14503] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 314.069923][T14503] warn_alloc+0x278/0x410 [ 314.074270][T14503] ? stack_depot_save_flags+0x29/0x830 [ 314.079743][T14503] ? __vmalloc_node_range_noprof+0x10b/0x1460 [ 314.085833][T14503] ? __pfx_warn_alloc+0x10/0x10 [ 314.090702][T14503] ? kasan_save_track+0x3f/0x80 [ 314.095571][T14503] ? __kasan_kmalloc+0x98/0xb0 [ 314.100707][T14503] ? xsk_setsockopt+0x4ea/0x950 [ 314.105665][T14503] ? do_sock_setsockopt+0x3af/0x720 [ 314.110888][T14503] ? __sys_setsockopt+0x1ae/0x250 [ 314.115943][T14503] ? __x64_sys_setsockopt+0xb5/0xd0 [ 314.121175][T14503] ? do_syscall_64+0xf3/0x230 [ 314.125882][T14503] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.131976][T14503] __vmalloc_node_range_noprof+0x130/0x1460 [ 314.137928][T14503] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 314.144290][T14503] ? __kasan_kmalloc+0x98/0xb0 [ 314.149076][T14503] ? xskq_create+0x54/0x170 [ 314.153600][T14503] vmalloc_user_noprof+0x74/0x80 [ 314.158556][T14503] ? xskq_create+0xb6/0x170 [ 314.163075][T14503] xskq_create+0xb6/0x170 [ 314.167424][T14503] xsk_init_queue+0xa1/0x100 [ 314.172050][T14503] xsk_setsockopt+0x4ea/0x950 [ 314.176785][T14503] ? __pfx_xsk_setsockopt+0x10/0x10 [ 314.182015][T14503] ? __pfx_lock_acquire+0x10/0x10 [ 314.187061][T14503] ? aa_sock_opt_perm+0x79/0x120 [ 314.192028][T14503] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 314.197596][T14503] ? security_socket_setsockopt+0x87/0xb0 [ 314.203339][T14503] ? __pfx_xsk_setsockopt+0x10/0x10 [ 314.208565][T14503] do_sock_setsockopt+0x3af/0x720 [ 314.213629][T14503] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 314.219197][T14503] ? __fget_files+0x29/0x470 [ 314.223806][T14503] ? __fget_files+0x3f6/0x470 [ 314.228599][T14503] __sys_setsockopt+0x1ae/0x250 [ 314.233467][T14503] __x64_sys_setsockopt+0xb5/0xd0 [ 314.238530][T14503] do_syscall_64+0xf3/0x230 [ 314.243063][T14503] ? clear_bhb_loop+0x35/0x90 [ 314.247767][T14503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.253684][T14503] RIP: 0033:0x7f7e4c575b59 [ 314.258120][T14503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.277752][T14503] RSP: 002b:00007f7e4d2f2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 314.286199][T14503] RAX: ffffffffffffffda RBX: 00007f7e4c705f60 RCX: 00007f7e4c575b59 [ 314.294189][T14503] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 314.302183][T14503] RBP: 00007f7e4c5e4e5d R08: 0000000000009400 R09: 0000000000000000 [ 314.310176][T14503] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000000 [ 314.318166][T14503] R13: 000000000000000b R14: 00007f7e4c705f60 R15: 00007ffed1813c98 [ 314.326179][T14503] [ 314.345729][T14503] Mem-Info: [ 314.350452][T14503] active_anon:6142 inactive_anon:0 isolated_anon:0 [ 314.350452][T14503] active_file:1788 inactive_file:38292 isolated_file:0 [ 314.350452][T14503] unevictable:768 dirty:319 writeback:0 [ 314.350452][T14503] slab_reclaimable:10259 slab_unreclaimable:103717 [ 314.350452][T14503] mapped:13557 shmem:1246 pagetables:685 [ 314.350452][T14503] sec_pagetables:0 bounce:0 [ 314.350452][T14503] kernel_misc_reclaimable:0 [ 314.350452][T14503] free:1391466 free_pcp:1379 free_cma:0 [ 314.451064][T14503] Node 0 active_anon:24468kB inactive_anon:0kB active_file:7152kB inactive_file:153100kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:54228kB dirty:1272kB writeback:0kB shmem:3448kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11968kB pagetables:2740kB sec_pagetables:0kB all_unreclaimable? no [ 314.486699][T14503] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 314.523701][T14503] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 314.561926][T14503] lowmem_reserve[]: 0 2571 2571 0 0 [ 314.572463][T14503] Node 0 DMA32 free:1601652kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:24428kB inactive_anon:0kB active_file:7152kB inactive_file:152780kB unevictable:1536kB writepending:1272kB present:3129332kB managed:2659840kB mlocked:0kB bounce:0kB free_pcp:2260kB local_pcp:976kB free_cma:0kB [ 314.586414][T14516] netlink: 'syz.2.3026': attribute type 3 has an invalid length. [ 314.657356][T14503] lowmem_reserve[]: 0 0 0 0 0 [ 314.674152][T14503] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:320kB unevictable:0kB writepending:0kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 314.704960][T14503] lowmem_reserve[]: 0 0 0 0 0 [ 314.710078][T14503] Node 1 Normal free:3948828kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB writepending:4kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:3508kB local_pcp:244kB free_cma:0kB [ 314.774355][T14503] lowmem_reserve[]: 0 0 0 0 0 [ 314.793752][T14503] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 314.846429][T14503] Node 0 DMA32: 150*4kB (ME) 219*8kB (ME) 118*16kB (UME) 211*32kB (UME) 439*64kB (UME) 209*128kB (UME) 137*256kB (UME) 119*512kB (UM) 73*1024kB (UME) 23*2048kB (UME) 322*4096kB (UM) = 1602608kB [ 314.875588][T14503] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 314.923743][T14503] Node 1 Normal: 3*4kB (UM) 2*8kB (UM) 2*16kB (UM) 11*32kB (UM) 8*64kB (U) 5*128kB (U) 5*256kB (UM) 5*512kB (UM) 1*1024kB (U) 3*2048kB (UM) 961*4096kB (UM) = 3948828kB [ 314.965839][T14503] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 314.975702][T14503] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 314.985317][T14534] __nla_validate_parse: 1 callbacks suppressed [ 314.985333][T14534] netlink: 9356 bytes leftover after parsing attributes in process `syz.1.3033'. [ 315.007866][T14534] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3033'. [ 315.017959][T14534] netlink: 5 bytes leftover after parsing attributes in process `syz.1.3033'. [ 315.030806][T14503] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 315.060882][T14503] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 315.077507][T14503] 41326 total pagecache pages [ 315.086739][T14542] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 315.097220][T14503] 0 pages in swap cache [ 315.104321][ T5143] IPVS: starting estimator thread 0... [ 315.110394][T14503] Free swap = 124728kB [ 315.124303][T14503] Total swap = 124996kB [ 315.134069][T14503] 2097051 pages RAM [ 315.140624][T14503] 0 pages HighMem/MovableOnly [ 315.145727][T14503] 400881 pages reserved [ 315.162170][T14503] 0 pages cma reserved [ 315.167963][T14541] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 315.196593][T14543] IPVS: using max 19 ests per chain, 45600 per kthread [ 315.250285][T14541] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 315.276878][T14555] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 315.289071][T14541] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 315.495913][T14566] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3044'. [ 315.551127][ T6488] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 316.420411][T14608] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3062'. [ 316.528254][T14612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 316.624900][T14622] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 316.636142][T14623] FAULT_INJECTION: forcing a failure. [ 316.636142][T14623] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 316.648757][T14612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 316.658705][T14623] CPU: 0 PID: 14623 Comm: syz.0.3068 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 316.668708][T14623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 316.678786][T14623] Call Trace: [ 316.682083][T14623] [ 316.685044][T14623] dump_stack_lvl+0x241/0x360 [ 316.689751][T14623] ? __pfx_dump_stack_lvl+0x10/0x10 [ 316.694975][T14623] ? __pfx__printk+0x10/0x10 [ 316.699601][T14623] ? snprintf+0xda/0x120 [ 316.703868][T14623] should_fail_ex+0x3b0/0x4e0 [ 316.708574][T14623] _copy_to_user+0x2f/0xb0 [ 316.713016][T14623] simple_read_from_buffer+0xca/0x150 [ 316.718411][T14623] proc_fail_nth_read+0x1e9/0x250 [ 316.723451][T14623] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 316.729008][T14623] ? rw_verify_area+0x520/0x6b0 [ 316.733869][T14623] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 316.739422][T14623] vfs_read+0x204/0xbc0 [ 316.743602][T14623] ? __pfx_lock_release+0x10/0x10 [ 316.748651][T14623] ? __pfx_vfs_read+0x10/0x10 [ 316.753337][T14623] ? __fget_files+0x29/0x470 [ 316.757921][T14623] ? __fget_files+0x3f6/0x470 [ 316.762595][T14623] ksys_read+0x1a0/0x2c0 [ 316.766853][T14623] ? __pfx_ksys_read+0x10/0x10 [ 316.771631][T14623] ? do_syscall_64+0x100/0x230 [ 316.776404][T14623] ? do_syscall_64+0xb6/0x230 [ 316.781098][T14623] do_syscall_64+0xf3/0x230 [ 316.785686][T14623] ? clear_bhb_loop+0x35/0x90 [ 316.790366][T14623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.796265][T14623] RIP: 0033:0x7f7e4c57463c [ 316.800689][T14623] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 316.820307][T14623] RSP: 002b:00007f7e4d2f2040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 316.828753][T14623] RAX: ffffffffffffffda RBX: 00007f7e4c705f60 RCX: 00007f7e4c57463c [ 316.836913][T14623] RDX: 000000000000000f RSI: 00007f7e4d2f20b0 RDI: 0000000000000008 [ 316.844882][T14623] RBP: 00007f7e4d2f20a0 R08: 0000000000000000 R09: 0000000000000000 [ 316.852866][T14623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 316.860833][T14623] R13: 000000000000000b R14: 00007f7e4c705f60 R15: 00007ffed1813c98 [ 316.868827][T14623] [ 316.883535][T14629] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3069'. [ 316.916819][T14626] bridge14: entered promiscuous mode [ 316.950272][T14626] bridge14: entered allmulticast mode [ 317.199389][T14646] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3072'. [ 317.246394][T14646] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3072'. [ 317.270899][T14643] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3074'. [ 317.323960][T14650] netlink: 'syz.3.3076': attribute type 21 has an invalid length. [ 317.336550][T14650] netlink: 128 bytes leftover after parsing attributes in process `syz.3.3076'. [ 317.356708][T14650] netlink: 'syz.3.3076': attribute type 4 has an invalid length. [ 317.473180][ T1245] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.755430][T14677] delete_channel: no stack [ 318.640148][T14705] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 319.182816][T14737] vcan0: left allmulticast mode [ 319.466593][T14752] FAULT_INJECTION: forcing a failure. [ 319.466593][T14752] name failslab, interval 1, probability 0, space 0, times 0 [ 319.504364][T14752] CPU: 1 PID: 14752 Comm: syz.2.3109 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 319.514239][T14752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 319.524319][T14752] Call Trace: [ 319.527619][T14752] [ 319.530562][T14752] dump_stack_lvl+0x241/0x360 [ 319.535264][T14752] ? __pfx_dump_stack_lvl+0x10/0x10 [ 319.540487][T14752] ? __pfx__printk+0x10/0x10 [ 319.545103][T14752] ? __pfx___might_resched+0x10/0x10 [ 319.550427][T14752] should_fail_ex+0x3b0/0x4e0 [ 319.555141][T14752] ? device_add+0xc1/0xbf0 [ 319.559581][T14752] should_failslab+0x9/0x20 [ 319.564106][T14752] kmalloc_trace_noprof+0x6c/0x2c0 [ 319.569251][T14752] device_add+0xc1/0xbf0 [ 319.573528][T14752] ? device_initialize+0x266/0x460 [ 319.578673][T14752] netdev_register_kobject+0x17e/0x320 [ 319.584167][T14752] register_netdevice+0x12c5/0x1b00 [ 319.589393][T14752] ? __pfx_register_netdevice+0x10/0x10 [ 319.594944][T14752] ? gtp_newlink+0x221/0xf30 [ 319.599528][T14752] ? rcu_is_watching+0x15/0xb0 [ 319.604290][T14752] ? gtp_newlink+0x221/0xf30 [ 319.608880][T14752] ? trace_kmalloc+0x1f/0xd0 [ 319.613470][T14752] gtp_newlink+0x9fe/0xf30 [ 319.617882][T14752] ? __pfx_gtp_newlink+0x10/0x10 [ 319.622813][T14752] rtnl_newlink+0x1591/0x20a0 [ 319.627511][T14752] ? __pfx_rtnl_newlink+0x10/0x10 [ 319.632531][T14752] ? __pfx___mutex_trylock_common+0x10/0x10 [ 319.638426][T14752] ? rcu_is_watching+0x15/0xb0 [ 319.643183][T14752] ? trace_contention_end+0x3c/0x120 [ 319.648463][T14752] ? __mutex_lock+0x2ef/0xd70 [ 319.653144][T14752] ? __pfx_lock_release+0x10/0x10 [ 319.658174][T14752] ? __pfx_rtnl_newlink+0x10/0x10 [ 319.663195][T14752] rtnetlink_rcv_msg+0x73f/0xcf0 [ 319.668130][T14752] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 319.673238][T14752] ? rcu_preempt_deferred_qs_irqrestore+0x87b/0xc70 [ 319.679912][T14752] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 319.685377][T14752] netlink_rcv_skb+0x1e3/0x430 [ 319.690146][T14752] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 319.695600][T14752] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 319.700897][T14752] ? __rcu_read_unlock+0xa1/0x110 [ 319.705914][T14752] netlink_unicast+0x7f0/0x990 [ 319.710680][T14752] ? __pfx_netlink_unicast+0x10/0x10 [ 319.715960][T14752] ? __virt_addr_valid+0x183/0x530 [ 319.721076][T14752] ? __check_object_size+0x49c/0x900 [ 319.726367][T14752] ? bpf_lsm_netlink_send+0x9/0x10 [ 319.731476][T14752] netlink_sendmsg+0x8e4/0xcb0 [ 319.736249][T14752] ? __pfx_netlink_sendmsg+0x10/0x10 [ 319.741529][T14752] ? __import_iovec+0x536/0x820 [ 319.746374][T14752] ? aa_sock_msg_perm+0x91/0x160 [ 319.751318][T14752] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 319.756600][T14752] ? security_socket_sendmsg+0x87/0xb0 [ 319.762068][T14752] ? __pfx_netlink_sendmsg+0x10/0x10 [ 319.767345][T14752] __sock_sendmsg+0x221/0x270 [ 319.772019][T14752] ____sys_sendmsg+0x525/0x7d0 [ 319.776792][T14752] ? __pfx_____sys_sendmsg+0x10/0x10 [ 319.782089][T14752] __sys_sendmsg+0x2b0/0x3a0 [ 319.786677][T14752] ? __pfx___sys_sendmsg+0x10/0x10 [ 319.791779][T14752] ? __schedule+0x1808/0x4a60 [ 319.796581][T14752] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 319.802908][T14752] ? do_syscall_64+0x100/0x230 [ 319.807672][T14752] ? do_syscall_64+0xb6/0x230 [ 319.812341][T14752] do_syscall_64+0xf3/0x230 [ 319.816845][T14752] ? clear_bhb_loop+0x35/0x90 [ 319.821516][T14752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.827401][T14752] RIP: 0033:0x7ff84c375b59 [ 319.831809][T14752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.851408][T14752] RSP: 002b:00007ff84d199048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 319.859813][T14752] RAX: ffffffffffffffda RBX: 00007ff84c505f60 RCX: 00007ff84c375b59 [ 319.867791][T14752] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 319.875851][T14752] RBP: 00007ff84d1990a0 R08: 0000000000000000 R09: 0000000000000000 [ 319.883825][T14752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 319.891787][T14752] R13: 000000000000000b R14: 00007ff84c505f60 R15: 00007ffe2f1f7008 [ 319.900203][T14752] [ 320.048257][T14766] delete_channel: no stack [ 320.158965][T14774] __nla_validate_parse: 8 callbacks suppressed [ 320.158985][T14774] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3117'. [ 320.166125][T14776] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3118'. [ 320.363273][T14789] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3119'. [ 320.452762][T14792] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 320.578130][T14795] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3119'. [ 320.592757][T14789] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3119'. [ 320.858275][T14810] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 320.896538][T14810] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 320.902028][T14800] pim6reg: entered allmulticast mode [ 320.946418][T14816] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 320.979658][T14797] pim6reg: left allmulticast mode [ 321.055227][T14816] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 321.061033][ T62] wlan1: authenticated [ 321.071561][T14822] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 321.087416][ T62] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 321.087554][T14824] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3128'. [ 321.095653][ T62] wlan1: associate with 08:02:11:00:00:00 (try 2/3) [ 321.110657][ T62] wlan1: associate with 08:02:11:00:00:00 (try 3/3) [ 321.120022][ T62] wlan1: association with 08:02:11:00:00:00 timed out [ 321.131666][T14810] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 321.172560][T14822] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 321.215489][T14822] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 321.311958][ T6485] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 321.445084][T14836] delete_channel: no stack [ 321.516043][T14837] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3132'. [ 321.608379][T14846] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3134'. [ 321.680861][T14848] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 321.973987][T14860] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 322.377812][T14880] netlink: 'syz.4.3145': attribute type 5 has an invalid length. [ 322.443434][T14882] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 322.480807][T14890] pim6reg: entered allmulticast mode [ 322.549810][T14882] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 322.600941][T14882] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 322.623037][T14869] pim6reg: left allmulticast mode [ 322.998496][ T5101] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 323.021431][ T5101] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 323.031077][ T5101] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 323.046797][ T5101] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 323.056180][ T5101] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 323.065021][ T5101] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 323.292359][T14912] SET target dimension over the limit! [ 323.460639][T14917] xt_CT: No such helper "snmp" [ 323.480340][ T6485] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.533183][T14923] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 323.608073][ T6485] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.649835][T14904] chnl_net:caif_netlink_parms(): no params data found [ 323.689357][ T6485] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.822047][ T6485] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.852391][T14931] netlink: 'syz.0.3157': attribute type 10 has an invalid length. [ 323.887512][T14943] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3161'. [ 323.895985][T14936] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 323.955801][T14943] netlink: 'syz.2.3161': attribute type 10 has an invalid length. [ 324.013346][T14949] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3160'. [ 324.172401][T14904] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.177013][T14959] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 324.189861][T14904] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.204637][T14904] bridge_slave_0: entered allmulticast mode [ 324.212804][T14904] bridge_slave_0: entered promiscuous mode [ 324.223869][T14904] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.231260][T14904] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.238951][T14904] bridge_slave_1: entered allmulticast mode [ 324.246519][T14904] bridge_slave_1: entered promiscuous mode [ 324.256504][T14959] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 324.279071][T14959] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 324.356206][T14904] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 324.384480][T14904] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 324.432952][ T6485] bridge_slave_1: left allmulticast mode [ 324.439200][ T6485] bridge_slave_1: left promiscuous mode [ 324.445156][ T6485] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.461326][ T6485] bridge_slave_0: left allmulticast mode [ 324.470939][ T6485] bridge_slave_0: left promiscuous mode [ 324.476937][ T6485] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.098720][T14987] netlink: 'syz.3.3176': attribute type 10 has an invalid length. [ 325.147028][ T4493] Bluetooth: hci1: command tx timeout [ 325.782488][ T6485] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 325.801988][ T6485] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 325.818068][ T6485] bond0 (unregistering): Released all slaves [ 325.842134][ T6485] bond1 (unregistering): Released all slaves [ 325.927202][T14904] team0: Port device team_slave_0 added [ 325.960541][T14904] team0: Port device team_slave_1 added [ 326.065925][ T6485] tipc: Left network mode [ 326.071592][T14997] __nla_validate_parse: 3 callbacks suppressed [ 326.071607][T14997] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3179'. [ 326.170394][T14904] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 326.186912][T14904] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 326.230996][T14904] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 326.402164][T14904] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 326.409475][T14904] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 326.469932][T14904] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 326.492767][T15013] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3185'. [ 326.502409][T15013] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3185'. [ 326.675127][T15024] tipc: Enabled bearer , priority 10 [ 326.784928][T15029] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 326.855920][T15036] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3185'. [ 326.948080][T15038] netlink: 84 bytes leftover after parsing attributes in process `syz.0.3185'. [ 326.976539][ T6485] hsr_slave_0: left promiscuous mode [ 327.007209][ T6485] hsr_slave_1: left promiscuous mode [ 327.027370][ T6485] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 327.047977][ T6485] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 327.064192][ T6485] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 327.073927][ T3818] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 327.088100][ T6485] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 327.099528][T15041] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3189'. [ 327.177060][ T6485] veth1_macvtap: left promiscuous mode [ 327.188641][ T6485] veth0_macvtap: left promiscuous mode [ 327.201067][ T6485] veth1_vlan: left promiscuous mode [ 327.212902][ T6485] veth0_vlan: left promiscuous mode [ 327.227434][ T4493] Bluetooth: hci1: command tx timeout [ 327.798730][ T5143] tipc: Node number set to 326854261 [ 327.980491][ T6485] team0 (unregistering): Port device team_slave_1 removed [ 328.021257][ T6485] team0 (unregistering): Port device team_slave_0 removed [ 328.375884][T14904] hsr_slave_0: entered promiscuous mode [ 328.406847][T14904] hsr_slave_1: entered promiscuous mode [ 328.422554][T14904] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 328.440406][T14904] Cannot create hsr debugfs directory [ 328.550156][T15047] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3192'. [ 328.584204][T15051] netlink: 'syz.0.3194': attribute type 1 has an invalid length. [ 328.605095][T15051] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3194'. [ 328.611436][T15053] bridge16: entered promiscuous mode [ 328.625577][T15053] bridge16: entered allmulticast mode [ 328.731767][T15053] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3195'. [ 328.880753][T15059] netlink: 'syz.0.3197': attribute type 2 has an invalid length. [ 328.909456][T15059] netlink: 'syz.0.3197': attribute type 8 has an invalid length. [ 328.920435][T15059] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3197'. [ 328.933257][T15064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 329.025121][T15068] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 329.039605][T15069] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 329.075568][T15064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 329.090396][T15068] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 329.201627][T15068] netlink: 'syz.3.3201': attribute type 10 has an invalid length. [ 329.229539][T15068] team0: Cannot enslave team device to itself [ 329.306663][ T4493] Bluetooth: hci1: command tx timeout [ 329.371378][T14904] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 329.402179][T14904] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 329.434265][T14904] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 329.458369][T14904] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 329.605238][T14904] 8021q: adding VLAN 0 to HW filter on device bond0 [ 329.654752][T14904] 8021q: adding VLAN 0 to HW filter on device team0 [ 329.685185][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.692417][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 329.738097][ T5142] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.739042][T15075] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 329.745233][ T5142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 329.884638][T15075] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 329.938992][T15081] netlink: 'syz.3.3204': attribute type 21 has an invalid length. [ 329.947359][T15083] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 330.192070][T14904] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 330.289713][T15091] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 330.389832][T14904] veth0_vlan: entered promiscuous mode [ 330.413564][T14904] veth1_vlan: entered promiscuous mode [ 330.500098][T14904] veth0_macvtap: entered promiscuous mode [ 330.536100][T14904] veth1_macvtap: entered promiscuous mode [ 330.553543][T15105] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 330.556140][T15107] netlink: 'syz.4.3211': attribute type 2 has an invalid length. [ 330.572854][T15107] netlink: 'syz.4.3211': attribute type 8 has an invalid length. [ 330.600129][T14904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 330.617738][T15105] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 330.630132][T15105] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 330.636426][T14904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.677662][T14904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 330.699809][T14904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.715295][T14904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 330.726489][T14904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.736509][T14904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 330.750438][T14904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.762534][T14904] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 330.834485][T14904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.851133][T14904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.862272][T14904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.873411][T14904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.884048][T14904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.895029][T14904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.908559][T14904] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.921304][T14904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.933279][T14904] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 330.947945][T14904] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.957090][T14904] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.965892][T14904] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.976395][T14904] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.147162][ T6485] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.171021][ T6485] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.236031][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.264629][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.386694][ T4493] Bluetooth: hci1: command tx timeout [ 331.441161][T15131] __nla_validate_parse: 6 callbacks suppressed [ 331.441180][T15131] netlink: 696 bytes leftover after parsing attributes in process `syz.1.3149'. [ 331.477784][T15127] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3220'. [ 331.497284][T15127] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3220'. [ 331.519649][T15133] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 331.622890][T15137] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 331.670058][T15133] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 331.707829][T15140] team0: entered promiscuous mode [ 331.736696][T15140] team_slave_0: entered promiscuous mode [ 331.744063][T15140] team_slave_1: entered promiscuous mode [ 331.795884][T15140] team0: left promiscuous mode [ 331.808207][T15140] team_slave_0: left promiscuous mode [ 331.820726][T15140] team_slave_1: left promiscuous mode [ 331.870407][T15144] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3226'. [ 331.922193][T15147] bridge31: entered promiscuous mode [ 331.947864][T15147] bridge31: entered allmulticast mode [ 332.033820][T15147] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3227'. [ 332.077025][T15152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 332.100001][T15153] netlink: 'syz.1.3229': attribute type 2 has an invalid length. [ 332.135305][T15153] netlink: 'syz.1.3229': attribute type 8 has an invalid length. [ 332.157250][T15153] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3229'. [ 332.181239][T15152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 332.197015][T15156] netlink: 'syz.2.3231': attribute type 2 has an invalid length. [ 332.211136][T15152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 332.215512][T15156] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3231'. [ 332.381037][T15163] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 332.429904][T15165] SET target dimension over the limit! [ 332.640440][T15180] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3240'. [ 332.666053][T15181] batman_adv: batadv0: Adding interface: ipvlan2 [ 332.681247][T15181] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 332.708249][T15181] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active [ 332.827717][ T62] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 332.995590][T15196] bridge1: entered promiscuous mode [ 333.019508][T15196] bridge1: entered allmulticast mode [ 333.176606][T15196] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3248'. [ 333.186948][T15202] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 333.270302][T15206] bridge17: entered promiscuous mode [ 333.275656][T15206] bridge17: entered allmulticast mode [ 333.286911][T15208] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3252'. [ 333.437162][T15214] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 333.537289][T15220] batman_adv: batadv0: Adding interface: ipvlan3 [ 333.554713][T15220] batman_adv: batadv0: The MTU of interface ipvlan3 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 333.588909][T15220] batman_adv: batadv0: Not using interface ipvlan3 (retrying later): interface not active [ 333.614277][T15226] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 333.627868][T15227] validate_nla: 1 callbacks suppressed [ 333.627887][T15227] netlink: 'syz.4.3258': attribute type 2 has an invalid length. [ 333.641427][T15227] netlink: 'syz.4.3258': attribute type 8 has an invalid length. [ 333.647032][T15230] netlink: 'syz.2.3260': attribute type 1 has an invalid length. [ 333.659902][ T5142] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 333.663676][T15216] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 333.671032][ T5142] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 333.701109][ T6485] wlan1: authenticated [ 333.706901][ T62] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 333.726670][T15230] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 333.750628][ T62] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 333.750815][T15216] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 333.761941][ T62] wlan1: associated [ 333.982500][T15240] bridge32: entered promiscuous mode [ 333.994604][T15240] bridge32: entered allmulticast mode [ 334.173047][T15244] tipc: Enabling of bearer rejected, already enabled [ 334.276186][T15248] bridge33: entered promiscuous mode [ 334.284740][T15248] bridge33: entered allmulticast mode [ 334.297968][T15250] netlink: 'syz.0.3268': attribute type 2 has an invalid length. [ 334.307336][T15250] netlink: 'syz.0.3268': attribute type 8 has an invalid length. [ 334.468963][T15255] FAULT_INJECTION: forcing a failure. [ 334.468963][T15255] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 334.508814][T15255] CPU: 1 PID: 15255 Comm: syz.4.3270 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 334.518670][T15255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 334.528755][T15255] Call Trace: [ 334.532065][T15255] [ 334.535025][T15255] dump_stack_lvl+0x241/0x360 [ 334.539746][T15255] ? __pfx_dump_stack_lvl+0x10/0x10 [ 334.545000][T15255] ? __pfx__printk+0x10/0x10 [ 334.549620][T15255] ? __pfx_lock_release+0x10/0x10 [ 334.554683][T15255] should_fail_ex+0x3b0/0x4e0 [ 334.559390][T15255] _copy_to_user+0x2f/0xb0 [ 334.563840][T15255] bpf_test_finish+0x22c/0x8b0 [ 334.568638][T15255] ? __pfx_bpf_test_finish+0x10/0x10 [ 334.574052][T15255] ? _copy_from_user+0xa6/0xe0 [ 334.578853][T15255] ? bpf_test_init+0x15a/0x180 [ 334.583646][T15255] bpf_prog_test_run_xdp+0x905/0x11b0 [ 334.589058][T15255] ? __pfx_lock_release+0x10/0x10 [ 334.594121][T15255] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 334.599953][T15255] ? __fget_files+0x29/0x470 [ 334.604582][T15255] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 334.610426][T15255] bpf_prog_test_run+0x33a/0x3b0 [ 334.615398][T15255] __sys_bpf+0x48d/0x810 [ 334.619672][T15255] ? __pfx___sys_bpf+0x10/0x10 [ 334.624471][T15255] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 334.630504][T15255] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 334.636871][T15255] ? do_syscall_64+0x100/0x230 [ 334.641678][T15255] __x64_sys_bpf+0x7c/0x90 [ 334.646123][T15255] do_syscall_64+0xf3/0x230 [ 334.650651][T15255] ? clear_bhb_loop+0x35/0x90 [ 334.655361][T15255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.661281][T15255] RIP: 0033:0x7f7f43575b59 [ 334.665715][T15255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.685432][T15255] RSP: 002b:00007f7f4435f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 334.688885][T15265] netlink: 'syz.1.3275': attribute type 1 has an invalid length. [ 334.693857][T15255] RAX: ffffffffffffffda RBX: 00007f7f43705f60 RCX: 00007f7f43575b59 [ 334.709563][T15255] RDX: 0000000000000050 RSI: 0000000020000340 RDI: 000000000000000a [ 334.717560][T15255] RBP: 00007f7f4435f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 334.725552][T15255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 334.733541][T15255] R13: 000000000000000b R14: 00007f7f43705f60 R15: 00007ffe42ef0328 [ 334.741548][T15255] [ 334.771414][T15263] netlink: 'syz.0.3274': attribute type 1 has an invalid length. [ 334.794823][T15265] bond0: entered promiscuous mode [ 334.804823][T15265] bond_slave_0: entered promiscuous mode [ 334.814532][T15265] bond_slave_1: entered promiscuous mode [ 334.821711][T15265] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 334.837398][T15255] sctp: [Deprecated]: syz.4.3270 (pid 15255) Use of int in maxseg socket option. [ 334.837398][T15255] Use struct sctp_assoc_value instead [ 334.855763][T15265] bond0: left promiscuous mode [ 334.861400][T15265] bond_slave_0: left promiscuous mode [ 334.869473][T15265] bond_slave_1: left promiscuous mode [ 335.179478][T15278] netlink: 'syz.0.3279': attribute type 2 has an invalid length. [ 335.198579][T15285] ebt_limit: overflow, try lower: 0/0 [ 335.217417][T15278] netlink: 'syz.0.3279': attribute type 8 has an invalid length. [ 335.239110][T15285] batadv0: entered promiscuous mode [ 335.278046][T15286] IPVS: set_ctl: invalid protocol: 58 172.20.20.170:20000 [ 335.340891][T15291] bridge40: entered promiscuous mode [ 335.346883][T15291] bridge40: entered allmulticast mode [ 335.606452][T15301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 335.709088][T15301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 335.739754][T15301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 335.848896][T15311] netlink: 'syz.4.3290': attribute type 1 has an invalid length. [ 335.902238][T15311] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 335.972250][T15313] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.041309][T15313] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.118293][T15313] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.120262][T15319] ebt_limit: overflow, try lower: 0/0 [ 336.155154][T15319] batadv0: entered promiscuous mode [ 336.190706][T15319] IPVS: set_ctl: invalid protocol: 58 172.20.20.170:20000 [ 336.216083][T15313] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.387273][T15313] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.404221][T15313] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.425140][T15313] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.471047][T15313] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 337.375236][T15387] __nla_validate_parse: 11 callbacks suppressed [ 337.375257][T15387] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3318'. [ 337.435800][T15392] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3321'. [ 337.468881][T15392] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 337.478879][T15392] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 337.487510][T15392] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 337.888421][T15412] bond4: entered promiscuous mode [ 337.987853][T15419] bond0: (slave bond_slave_0): Releasing backup interface [ 338.009866][T15423] nbd: socks must be embedded in a SOCK_ITEM attr [ 338.018577][T15419] bond_slave_0: left promiscuous mode [ 338.088530][T15419] bond4: (slave bond_slave_0): making interface the new active one [ 338.107658][T15419] bond_slave_0: entered promiscuous mode [ 338.134474][T15419] bond4: (slave bond_slave_0): Enslaving as an active interface with an up link [ 338.392735][ T5143] IPVS: starting estimator thread 0... [ 338.439359][T15450] sctp: [Deprecated]: syz.2.3344 (pid 15450) Use of struct sctp_assoc_value in delayed_ack socket option. [ 338.439359][T15450] Use struct sctp_sack_info instead [ 338.486361][T15447] IPVS: using max 20 ests per chain, 48000 per kthread [ 338.588102][ T6488] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 338.657171][T15457] bond0: (slave bond_slave_0): Releasing backup interface [ 338.795238][T15467] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 338.911007][T15473] validate_nla: 8 callbacks suppressed [ 338.911026][T15473] netlink: 'syz.0.3355': attribute type 29 has an invalid length. [ 338.929196][T15473] netlink: 'syz.0.3355': attribute type 29 has an invalid length. [ 338.938970][T15473] netlink: 'syz.0.3355': attribute type 29 has an invalid length. [ 339.118521][T15483] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3359'. [ 339.363039][T15495] netlink: 'syz.3.3362': attribute type 7 has an invalid length. [ 339.396507][T15495] netlink: 'syz.3.3362': attribute type 6 has an invalid length. [ 339.648176][T15503] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3367'. [ 339.679450][T15503] erspan0: entered promiscuous mode [ 339.694770][T15503] macvtap1: entered promiscuous mode [ 339.703596][T15503] macvtap1: entered allmulticast mode [ 339.723081][T15503] erspan0: entered allmulticast mode [ 340.969510][T15564] netlink: 'syz.1.3393': attribute type 29 has an invalid length. [ 340.985426][T15566] [ 340.985500][T15564] netlink: 'syz.1.3393': attribute type 29 has an invalid length. [ 340.987768][T15566] ================================================ [ 340.987778][T15566] WARNING: lock held when returning to user space! [ 340.987786][T15566] 6.10.0-syzkaller-04472-g51835949dda3 #0 Not tainted [ 340.987797][T15566] ------------------------------------------------ [ 340.987803][T15566] syz.2.3394/15566 is leaving the kernel with locks still held! [ 340.987814][T15566] 1 lock held by syz.2.3394/15566: [ 340.997781][T15564] netlink: 'syz.1.3393': attribute type 29 has an invalid length. [ 341.002077][T15566] #0: ffffffff8e335fe0 (rcu_read_lock){....}-{1:2}, at: ns_ioctl+0x3e0/0x740 [ 341.052435][T15566] ------------[ cut here ]------------ [ 341.057911][T15566] Voluntary context switch within RCU read-side critical section! [ 341.057983][T15566] WARNING: CPU: 1 PID: 15566 at kernel/rcu/tree_plugin.h:330 rcu_note_context_switch+0xcf4/0xff0 [ 341.076272][T15566] Modules linked in: [ 341.080161][T15566] CPU: 1 PID: 15566 Comm: syz.2.3394 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 341.089950][T15566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 341.099996][T15566] RIP: 0010:rcu_note_context_switch+0xcf4/0xff0 [ 341.106244][T15566] Code: 00 ba 02 00 00 00 e8 cb 02 fe ff 4c 8b b4 24 80 00 00 00 eb 91 c6 05 98 3f 1b 0e 01 90 48 c7 c7 40 21 cc 8b e8 8d 26 db ff 90 <0f> 0b 90 90 e9 3b f4 ff ff 90 0f 0b 90 45 84 ed 0f 84 00 f4 ff ff [ 341.125849][T15566] RSP: 0000:ffffc9000ce5fba0 EFLAGS: 00010046 [ 341.131956][T15566] RAX: 782c1cc174b34800 RBX: ffff8880226b2244 RCX: 0000000000040000 [ 341.139927][T15566] RDX: ffffc9000deae000 RSI: 000000000003ffff RDI: 0000000000040000 [ 341.147895][T15566] RBP: ffffc9000ce5fcf0 R08: ffffffff815878a2 R09: fffffbfff1c39d94 [ 341.155855][T15566] R10: dffffc0000000000 R11: fffffbfff1c39d94 R12: ffff8880226b1e00 [ 341.163821][T15566] R13: 0000000000000000 R14: 1ffff920019cbf8c R15: dffffc0000000000 [ 341.171790][T15566] FS: 00007ff84d1996c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 341.180714][T15566] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 341.187294][T15566] CR2: 00007ff84c506030 CR3: 000000005fdda000 CR4: 00000000003506f0 [ 341.195257][T15566] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 341.203214][T15566] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 341.211175][T15566] Call Trace: [ 341.214441][T15566] [ 341.217362][T15566] ? __warn+0x163/0x4e0 [ 341.221515][T15566] ? rcu_note_context_switch+0xcf4/0xff0 [ 341.227146][T15566] ? report_bug+0x2b3/0x500 [ 341.231640][T15566] ? rcu_note_context_switch+0xcf4/0xff0 [ 341.237270][T15566] ? handle_bug+0x3e/0x70 [ 341.241595][T15566] ? exc_invalid_op+0x1a/0x50 [ 341.246263][T15566] ? asm_exc_invalid_op+0x1a/0x20 [ 341.251282][T15566] ? __warn_printk+0x292/0x360 [ 341.256037][T15566] ? rcu_note_context_switch+0xcf4/0xff0 [ 341.261668][T15566] ? __schedule+0x1808/0x4a60 [ 341.266361][T15566] ? __pfx_rcu_note_context_switch+0x10/0x10 [ 341.272354][T15566] ? rcu_is_watching+0x15/0xb0 [ 341.277115][T15566] __schedule+0x348/0x4a60 [ 341.281546][T15566] ? trace_irq_disable+0x3b/0x120 [ 341.286569][T15566] ? preempt_schedule_irq+0x144/0x1c0 [ 341.291935][T15566] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 341.297647][T15566] ? __pfx___schedule+0x10/0x10 [ 341.302492][T15566] ? trace_irq_disable+0x2c/0x120 [ 341.307509][T15566] ? rcu_is_watching+0x15/0xb0 [ 341.312269][T15566] schedule+0x14b/0x320 [ 341.316418][T15566] irqentry_exit_to_user_mode+0xe7/0x280 [ 341.322044][T15566] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 341.327517][T15566] RIP: 0033:0x7ff84c375b59 [ 341.331920][T15566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.351517][T15566] RSP: 002b:00007ff84d199048 EFLAGS: 00000246 [ 341.357574][T15566] RAX: fffffffffffffffd RBX: 00007ff84c505f60 RCX: 00007ff84c375b59 [ 341.365549][T15566] RDX: 0000000000000000 RSI: 000000008004b706 RDI: 0000000000000003 [ 341.373508][T15566] RBP: 00007ff84c3e4e5d R08: 0000000000000000 R09: 0000000000000000 [ 341.381467][T15566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 341.389425][T15566] R13: 000000000000000b R14: 00007ff84c505f60 R15: 00007ffe2f1f7008 [ 341.397392][T15566] [ 341.400400][T15566] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 341.407666][T15566] CPU: 1 PID: 15566 Comm: syz.2.3394 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 341.417455][T15566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 341.427498][T15566] Call Trace: [ 341.430764][T15566] [ 341.433684][T15566] dump_stack_lvl+0x241/0x360 [ 341.438355][T15566] ? __pfx_dump_stack_lvl+0x10/0x10 [ 341.443629][T15566] ? __pfx__printk+0x10/0x10 [ 341.448209][T15566] ? vscnprintf+0x5d/0x90 [ 341.452529][T15566] panic+0x349/0x860 [ 341.456413][T15566] ? __warn+0x172/0x4e0 [ 341.460560][T15566] ? __pfx_panic+0x10/0x10 [ 341.464976][T15566] __warn+0x346/0x4e0 [ 341.468950][T15566] ? rcu_note_context_switch+0xcf4/0xff0 [ 341.474587][T15566] report_bug+0x2b3/0x500 [ 341.478914][T15566] ? rcu_note_context_switch+0xcf4/0xff0 [ 341.484548][T15566] handle_bug+0x3e/0x70 [ 341.488695][T15566] exc_invalid_op+0x1a/0x50 [ 341.493187][T15566] asm_exc_invalid_op+0x1a/0x20 [ 341.498029][T15566] RIP: 0010:rcu_note_context_switch+0xcf4/0xff0 [ 341.504265][T15566] Code: 00 ba 02 00 00 00 e8 cb 02 fe ff 4c 8b b4 24 80 00 00 00 eb 91 c6 05 98 3f 1b 0e 01 90 48 c7 c7 40 21 cc 8b e8 8d 26 db ff 90 <0f> 0b 90 90 e9 3b f4 ff ff 90 0f 0b 90 45 84 ed 0f 84 00 f4 ff ff [ 341.523962][T15566] RSP: 0000:ffffc9000ce5fba0 EFLAGS: 00010046 [ 341.530021][T15566] RAX: 782c1cc174b34800 RBX: ffff8880226b2244 RCX: 0000000000040000 [ 341.537983][T15566] RDX: ffffc9000deae000 RSI: 000000000003ffff RDI: 0000000000040000 [ 341.545943][T15566] RBP: ffffc9000ce5fcf0 R08: ffffffff815878a2 R09: fffffbfff1c39d94 [ 341.553905][T15566] R10: dffffc0000000000 R11: fffffbfff1c39d94 R12: ffff8880226b1e00 [ 341.561874][T15566] R13: 0000000000000000 R14: 1ffff920019cbf8c R15: dffffc0000000000 [ 341.569839][T15566] ? __warn_printk+0x292/0x360 [ 341.574601][T15566] ? __schedule+0x1808/0x4a60 [ 341.579277][T15566] ? __pfx_rcu_note_context_switch+0x10/0x10 [ 341.585258][T15566] ? rcu_is_watching+0x15/0xb0 [ 341.590015][T15566] __schedule+0x348/0x4a60 [ 341.594426][T15566] ? trace_irq_disable+0x3b/0x120 [ 341.599437][T15566] ? preempt_schedule_irq+0x144/0x1c0 [ 341.604802][T15566] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 341.610513][T15566] ? __pfx___schedule+0x10/0x10 [ 341.615450][T15566] ? trace_irq_disable+0x2c/0x120 [ 341.620463][T15566] ? rcu_is_watching+0x15/0xb0 [ 341.625221][T15566] schedule+0x14b/0x320 [ 341.629368][T15566] irqentry_exit_to_user_mode+0xe7/0x280 [ 341.634989][T15566] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 341.640440][T15566] RIP: 0033:0x7ff84c375b59 [ 341.644842][T15566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.664467][T15566] RSP: 002b:00007ff84d199048 EFLAGS: 00000246 [ 341.670527][T15566] RAX: fffffffffffffffd RBX: 00007ff84c505f60 RCX: 00007ff84c375b59 [ 341.678485][T15566] RDX: 0000000000000000 RSI: 000000008004b706 RDI: 0000000000000003 [ 341.686446][T15566] RBP: 00007ff84c3e4e5d R08: 0000000000000000 R09: 0000000000000000 [ 341.694408][T15566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 341.702373][T15566] R13: 000000000000000b R14: 00007ff84c505f60 R15: 00007ffe2f1f7008 [ 341.710347][T15566] [ 341.713573][T15566] Kernel Offset: disabled [ 341.717887][T15566] Rebooting in 86400 seconds..