last executing test programs: 4.850166379s ago: executing program 1 (id=2092): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0xe, 0xd, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000004851000000100000095000000000000001800000020646c2500000000002020207b1af8ff00000000bda100000000000007010000f8ffffffb702000008000000b703000000000000850000003400000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) r1 = accept4$llc(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x80000) bind$llc(r1, &(0x7f00000001c0)={0x1a, 0x313, 0x2, 0x1, 0x3, 0x7, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}}, 0x10) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @broadcast}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$tun(r3, &(0x7f0000000000)=ANY=[], 0x38) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x10012, r3, 0x0) write$cgroup_subtree(r3, &(0x7f0000000200)={[{0x2d, 'net'}]}, 0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) syz_emit_ethernet(0x82, &(0x7f0000000100)={@multicast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0xf5, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x61, 0x0, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x2f, 0x9, @dev={0xac, 0x14, 0x14, 0x22}, @remote, {[@timestamp_addr={0x44, 0x44, 0x0, 0x1, 0x0, [{@rand_addr=0x86dd}, {@broadcast}, {@dev={0xac, 0x14, 0x14, 0x32}}, {@local, 0x4f}, {@multicast2}, {@loopback}, {@local, 0x4}, {@multicast1}]}]}}}}}}}, 0x0) 4.544568732s ago: executing program 1 (id=2098): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f00000000c0)}, 0x20) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r3, 0x0, 0x0, 0x20004041, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x19}, 0x7}, 0x1c) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) ioctl$int_in(r3, 0x5452, &(0x7f0000000000)=0xf34) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0900000000000000000002000000140001800500020001"], 0x28}}, 0x0) r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) r7 = socket$igmp6(0xa, 0x3, 0x2) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r7, 0x890b, &(0x7f00000005c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @remote, @remote, 0x3, 0x2, 0x5, 0x400, 0xb7, 0xc20022, r9}) syz_emit_ethernet(0x82, &(0x7f00000007c0)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa008100000086dd60f53a0400483a00fe8000000000000000000000000000bbff0200897598e0e5e7a0760000000000000000000000000102009078000005006050835900000000fc010000000000000000000000000000fc0200000000000000000000000000003a0100000000000007080000000000008000000000000000c856509f3a903be0e2fe41ab0a0c734e3eed48cfd19af321fff17624e63068fedc1b00d751d67d54a191a841a8fb309d2107757636d90ffb5c71e640c3faee35670100eaf792c3a69e259a58b998688569f6bec02b9cd8cf2d84a7d5000a4954b160ab40"], 0x0) socket$inet6(0xa, 0x80803, 0x87) syz_emit_ethernet(0x5e, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd603000bb00282b00fc020000000000000000000000000000fe80000000000000000000"], 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000180)={0x0, r2}, 0x8) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x8, 0x8, 0xfff, 0x12b0, r2, 0x7, '\x00', 0x0, r6, 0x4, 0x1, 0x2, 0x3, @void, @value, @void, @value}, 0x50) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d40)=ANY=[@ANYBLOB="ec26000041000701fcfffffffddbdf25017c000004003680d42601"], 0x26ec}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) socket$isdn(0x22, 0x2, 0x10) close(0x3) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00'}) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1, 0x4, &(0x7f0000000500)=@raw=[@generic={0xfb, 0xb, 0x5, 0x2, 0xe}, @generic={0x88, 0xc, 0x1, 0x800, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0xb25, 0x0, 0x0, 0x0, 0x2}], &(0x7f0000000540)='GPL\x00', 0x8, 0xf7, &(0x7f00000008c0)=""/247, 0x14e5ba98c2750e75, 0x30, '\x00', r9, @fallback=0x12, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000580)={0x0, 0xe, 0x7fffffff, 0xfffffff9}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, &(0x7f0000000640)=[r10, 0xffffffffffffffff], &(0x7f0000000680)=[{0x2, 0x3, 0x0, 0xa}, {0x0, 0x1, 0x9, 0x4}], 0x10, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a80)={&(0x7f0000000340)='devlink_health_report\x00', r11, 0x0, 0x401}, 0x18) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000380)=""/188, 0xbc}, {&(0x7f0000000080)=""/239, 0xef}, {&(0x7f0000000440)=""/68, 0x44}, {&(0x7f0000001b00)=""/4096, 0x1000}, {&(0x7f00000006c0)=""/234, 0xea}, {&(0x7f0000000240)=""/67, 0x43}], 0x6}, 0x80000000}], 0x4, 0x10000, 0x0) 3.535211932s ago: executing program 2 (id=2111): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="8c0000001300010025bd70000000000007006800", @ANYRES32=r1, @ANYBLOB="000988a8102006006c001a8009000100766c616e000000005c000480580003800c0001"], 0x8c}, 0x1, 0x0, 0x0, 0x40004010}, 0x10) 3.428746073s ago: executing program 1 (id=2113): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x7, 0x4, 0x8, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r0}, 0x20) r1 = socket(0x2, 0x80805, 0x0) sendmsg$kcm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)="9fdb0d13b4f6984b7eb66da015b16a42321d335ccc666b877dcc328664fe78fb79d508fb57c410cbb6ad125e722987bce6f561778863d225c7893c9f8c07f89eafcae3f62b365d518cde6fb6656a146a9062ffed67d4976bca6d6dbdc267142f17bbb0f7ddb0b7c3d8c7a3edba67bd35dde0da74970a3a04881050fb3ea97c19b4836169a9c571fed3abf838fb7de62a02d49a84897d82c92db3ed3209d37f74b0fb8def98e39bbc289e0a3da142492832b0d5cb680dc1a0c075ecbe47cd4798939702d282c7603b2c7faacb146a634359bf5d8318", 0xd5}, {&(0x7f00000000c0)="cdd89c7b25ff15acba09", 0xa}, {&(0x7f0000000140)="48fab7510e3148a24ad95673196ee34574a0394621eea4cb74423c8871480d53ea24b59408738a07411a5c7efe6963cf2388", 0x32}, {&(0x7f00000002c0)="36412dbc9349707654a8ef8fafea30cff9fabb01e8e42258480f4e5d85299db1e00d8bb06dc5754c0a0343c92cd7c70b697c9b3149e81b59c584ad7b8d070d3c486a1fbcebf8f601470e0039b4bc185083a7778a93d86c415492ba94e3ff8f300a3ac697e231", 0x66}], 0x4}, 0x80) socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x28, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) openat$tun(0xffffffffffffff9c, 0x0, 0xc1842, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0) close(r6) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x21, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) recvmmsg(r9, &(0x7f0000004180)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000680)=""/4089, 0xff9}, {&(0x7f0000004280)=""/4094, 0xffe}, {&(0x7f0000002700)=""/4096, 0x1000}], 0x3}, 0x7}], 0x1, 0x10002, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000580)={0x34, r4, 0x5, 0x70bd2d, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HOLDING_TIMEOUT={0x6, 0x3, 0xcb}, @NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0xd1}]}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x9}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4c0c0}, 0x0) r10 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r10, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r10, 0x0) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) sendmmsg(r2, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x1}], 0x1}}], 0x1, 0x8090) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x6, 0xa0072, 0xffffffffffffffff, 0x0) 3.42852104s ago: executing program 2 (id=2114): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r2 = accept4(r1, &(0x7f00000000c0)=@hci, &(0x7f0000000140)=0x80, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r4, 0xf21, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x4000) sendmsg$NL80211_CMD_ABORT_SCAN(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="000400e07f78d8b6cb8039e86300", @ANYRES16=r4, @ANYBLOB="20002abd7000fcdbdf2572000000"], 0x14}, 0x1, 0x0, 0x0, 0x40844}, 0x1001) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r7, 0x5452, &(0x7f0000000000)=0xffffffffffffffff) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) read(r7, &(0x7f0000000040)=""/50, 0x32) close(0x4) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x2c, r8, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x6, 0x2}]}]}]}]}, 0x2c}}, 0x4000) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r2) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x6c, r10, 0x10, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0xd, 0x5c}}}}, [@NL80211_ATTR_KEY_DEFAULT_TYPES={0xc, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x8, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x6c}, 0x1, 0x0, 0x0, 0x50}, 0x80c0) write$tun(r0, &(0x7f0000000000)=ANY=[], 0x38) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@getneigh={0x14, 0x1e, 0x100, 0x70bd26, 0x25dfdbfe, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x890) 3.184793308s ago: executing program 0 (id=2117): socket$inet(0x2, 0x2, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, 0x0, 0x4040015) r1 = socket(0x2a, 0x2, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2e0, 0x118, 0x2b8, 0xb0000010, 0x118, 0x5c8f0200, 0x210, 0x3a8, 0x3a8, 0x210, 0x3a8, 0x3, 0x0, {[{{@ipv6={@local, @local, [0x0, 0x0, 0xff], [], 'vlan1\x00', 'veth0_to_team\x00'}, 0x0, 0xa8, 0x118, 0x700}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x200, 0x5, 0x3, 0x0, 0x0, "6402356d78433628ee058aac233c684ee27045e8b44ed323fd8eeb530b0fecf631a12d670436dba7ed9e555e57738a4f7e31adf5d200"}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x340) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x40b, 0x0, 0xf5ffffff, {0x2, 0x0, 0x5}, [@NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x2}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x5c}, 0x1, 0x0, 0x0, 0x850}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=@newqdisc={0x7c, 0x24, 0xf0b, 0x13, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x8}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x4c, 0x2, {{0x5, 0x5, 0x2, 0x7fffffff, 0x7a, 0x4}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x3, 0x7, 0x7634, 0x2, 0x5}}, @TCA_NETEM_LOSS={0x4}]}}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x8000) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20000011) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x4000800) r6 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r6, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x2400c000) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.446100737s ago: executing program 2 (id=2122): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) epoll_create1(0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) socket$tipc(0x1e, 0x4, 0x0) socket$tipc(0x1e, 0x5, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) socket(0x2c, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x400000000000004) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0) 1.548594017s ago: executing program 4 (id=2124): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000050000000c00020000000000000000000c00060000000000000000000400078008000100", @ANYRES32], 0x38}}, 0x0) 1.529122085s ago: executing program 0 (id=2125): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000f80)={{r0}, &(0x7f0000000f00), &(0x7f0000000f40)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000073113700000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) unshare(0x400) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r2}, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x3, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000180)='syzkaller\x00', 0x1, 0x8d, &(0x7f0000000240)=""/141, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x81, @void, @value}, 0x94) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x24, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r4, {0x10, 0x4}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c00000010004b0422000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c00028008000400000000000800150000000000050016"], 0x4c}, 0x1, 0x0, 0x0, 0x200400a0}, 0x0) 1.472814958s ago: executing program 1 (id=2126): bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x4, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@call={0x85, 0x0, 0x0, 0xf}], {0x95, 0x0, 0x4000}}, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 1.368799398s ago: executing program 2 (id=2127): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000005c0), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000077400062c00070073797374656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a7330000800020000000000080004000000000014000600626f6e64300000000000000000040000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0) 1.224757464s ago: executing program 4 (id=2128): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000d30000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) mmap(&(0x7f0000ce2000/0x4000)=nil, 0x4000, 0x2000006, 0x12, r0, 0x913e0000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r2, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x23000000) 1.157423681s ago: executing program 1 (id=2130): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000100)=0xfffffffb, 0x4) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0xa00}}, 0x1c) 1.004065019s ago: executing program 2 (id=2133): r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000001340)=@hci={0x1f, 0x5865, 0x31}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000900)="b8b28225ea772f0daee8c7c98100", 0x12}], 0x1}, 0x892f000000000000) 1.000255528s ago: executing program 4 (id=2134): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x1}]}}}, {0x14, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x90}, 0x1, 0x0, 0x0, 0x10}, 0x0) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000000000)={0x1ff}, 0x4) 820.830372ms ago: executing program 3 (id=2135): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'wlan1\x00', &(0x7f0000000f40)=@ethtool_stats}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0x7, &(0x7f00000009c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, [@map_idx_val={0x18, 0xb, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x3}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 820.535665ms ago: executing program 4 (id=2136): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="180000040004000000000000090000008500000011000000850000000800000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) 820.299073ms ago: executing program 2 (id=2137): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f00005d3000/0x4000)=nil, 0x4000, 0x300000f, 0x10, r0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000080100000000000000400000085000000c400000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mmap(&(0x7f00005da000/0x4000)=nil, 0x4000, 0x3, 0x11, r1, 0xffffd000) r2 = socket$packet(0x11, 0x3, 0x300) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x70, r3, 0x400, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x1, 0x5e}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x21}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x4e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x33}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2f}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x19}]}, 0x70}, 0x1, 0x0, 0x0, 0x80}, 0x24000000) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x0, 0x0, 0xfffffffe}, 0x1c) setsockopt$packet_int(r2, 0x107, 0xe, &(0x7f0000001400)=0x6c3a, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f000086a000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x2000) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2, 0x2000000000032, 0xffffffffffffffff, 0x0) 818.550481ms ago: executing program 0 (id=2138): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000000)={0x0, 0x3, 0x10, 0x1}) ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000400)={r1, "aa97502144b247df69ebf5656e11314b"}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000001480)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000001680)={&(0x7f0000001400)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001640)={&(0x7f00000014c0)={0x150, r3, 0x100, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x1, 0x17}}}}, [@NL80211_ATTR_REKEY_DATA={0x80, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "ff5d2a581a96345d"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="9b8e4007573fbce6d4ce3e65d7ed40a38bd6720b8907676a046adff49304d480"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="675ed828f275cdf878f4e3255e0e7b25"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="8355f3305110b74b11be7223c478522db39eed2ad9505150"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="bf28ff2138c74d0f3c98fd1a9defc5a1421412f8bbf4385f"}]}, @NL80211_ATTR_REKEY_DATA={0x10, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "332952b7e6a49955"}]}, @NL80211_ATTR_REKEY_DATA={0x10, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "edf95c0c9e921ba9"}]}, @NL80211_ATTR_REKEY_DATA={0x88, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="83048fd68f36ffe90ce0f3b8e3d53ac97e86d28991a5f1f87c7d2803431fabbc"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "4168f6cd642a49bb"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "3b5de31e2565b699"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="307c43f670c37cb25dce6f01dc8d10b61989787c73a77525"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "27f2af294f58972f"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="b2f1959b01829582ceb9f2a0711cd120"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "f579ef0ae77e680d"}]}]}, 0x150}, 0x1, 0x0, 0x0, 0x44011}, 0x48841) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r5, &(0x7f0000001780)={&(0x7f00000016c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001740)={&(0x7f0000001700)={0x28, r3, 0x800, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0xd4a, 0x20}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x20008800) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_GATEWAYS(r6, &(0x7f0000001880)={&(0x7f00000017c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001840)={&(0x7f0000001800)={0x1c, 0x0, 0x601, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x1) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000018c0)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000001900)=0x1c) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r7, 0x84, 0xf, &(0x7f0000001940)={r8, @in6={{0xa, 0x4e21, 0x80000000, @local, 0x101}}, 0xfffffff8, 0x6, 0x5, 0x8, 0x8}, &(0x7f0000001a00)=0x98) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001ac0)={'ip_vti0\x00', &(0x7f0000001a40)={'syztnl2\x00', 0x0, 0x20, 0x1, 0xed4, 0xfffffffd, {{0x18, 0x4, 0x3, 0x9, 0x60, 0x64, 0x0, 0xc, 0x2f, 0x0, @broadcast, @rand_addr=0x64010100, {[@end, @ra={0x94, 0x4}, @ra={0x94, 0x4}, @generic={0x86, 0xb, "ff9ee8c789a7c21c78"}, @timestamp_addr={0x44, 0x24, 0x46, 0x1, 0x1, [{@local, 0x5}, {@remote}, {@empty, 0x8}, {@broadcast, 0x7f}]}, @generic={0x86, 0x6, "d086641a"}, @timestamp_prespec={0x44, 0xc, 0xf8, 0x3, 0x5, [{@multicast1, 0x8}]}]}}}}}) ioctl$sock_inet6_SIOCDELRT(r7, 0x890c, &(0x7f0000001b00)={@mcast2, @private2={0xfc, 0x2, '\x00', 0x1}, @loopback, 0x2, 0x1, 0x6, 0x400, 0x100, 0x5000010, r9}) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001bc0)={r2}) syz_genetlink_get_family_id$ipvs(&(0x7f0000001b80), r10) socket$inet6(0xa, 0x100006, 0x8) r11 = syz_genetlink_get_family_id$devlink(&(0x7f0000001c40), r2) sendmsg$DEVLINK_CMD_SB_GET(r10, &(0x7f0000001d80)={&(0x7f0000001c00)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000001d40)={&(0x7f0000001c80)={0x88, r11, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x523}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x4}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x479a}}]}, 0x88}, 0x1, 0x0, 0x0, 0x80801}, 0x41004) sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000002000)={&(0x7f0000001dc0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001fc0)={&(0x7f0000001e00)={0x1b4, 0x0, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0xbc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x3}, @ETHTOOL_A_BITSET_VALUE={0x73, 0x4, "010ae4493de53e778b047751b644c5b020ef221c22f52d627ffdfc3721e11064614e884ec89ddd6eb4c459aaa9190dc31665854da5cd011e7b725953e5b04a043aada40be7763d32a70667c65138d68916083e3172b9ec5cf5ca3ffcfd11ebc879647f57300116627407635bb89dbf"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x35, 0x5, "bc6a3c4a9e08206ca342cb89fb77adc2a0ceed7c1eb1fbac2aa43c9037b59c6f34f0cdf42bb5f84cb1bd7ae5b88567d2ec"}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x88, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x82, 0x5, "4379da8dc7f629a1effb34407ae64b6f6dcbdf0e15f00b7836857657d54fc4061ad1c84890ada537a2ed29a45a0d6cf4847d4b5fafc760e7bb0111fda22853abff0ef5451fef649b099c4172c9e0ead92bbcdf10aaedee930de9d26ef10001b647e0c75ee88f3d21178af22e72f5d9583025a63b3703cc502cc438ea51dd"}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x5c, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x56, 0x4, "50350cb2c0e0dc8e124989eff631832c4052b78c0b29f1c8212ed06cf8d2e1c4430ee9d7b38bdd499cce74fe1553475e8894c7b667f6011f0c32b73076f2d0c70d07213710b67ec8c7740f3647c89434c0fa"}]}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x48000}, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r5, 0x8982, &(0x7f0000002040)={0x0, 'bond_slave_1\x00', {}, 0x6}) r12 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002240)='blkio.bfq.io_service_time\x00', 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002200)={&(0x7f0000002080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x5, [@const={0xd, 0x0, 0x0, 0xa, 0x3}, @union={0xb, 0x3, 0x0, 0x5, 0x1, 0xd, [{0xe, 0x4, 0x200}, {0x4, 0x3, 0x80000001}, {0x10, 0x0, 0x9}]}]}, {0x0, [0x0, 0x61, 0x61]}}, &(0x7f0000002100)=""/248, 0x59, 0xf8, 0x0, 0x3, 0x10000, @value=r12}, 0x28) r13 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r13, &(0x7f0000002340)={&(0x7f0000002280)={0x10, 0x0, 0x0, 0x50400001}, 0xc, &(0x7f0000002300)={&(0x7f00000022c0)=@newtclass={0x3c, 0x28, 0x200, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, r9, {0xffff, 0xffe0}, {0x10, 0x1}, {0xffe0, 0xf}}, [@TCA_RATE={0x6, 0x5, {0x2, 0x1}}, @TCA_RATE={0x6, 0x5, {0xf9, 0xd}}, @TCA_RATE={0x6, 0x5, {0x6, 0x43}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4014004}, 0x20000000) r14 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MESH(r14, &(0x7f0000002500)={&(0x7f0000002380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000024c0)={&(0x7f0000002480)={0x40, 0x0, 0x100, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r9}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x400c0a4}, 0x80) 810.675615ms ago: executing program 3 (id=2139): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="020300030e000000000700000000000004000900a0000000e9255bb992464e73a02159d3720df19f7a1dfec30000000003000600000000000200200000000000000000000000000002000100000000fffffffb1600000000030005"], 0x70}, 0x1, 0x7}, 0x0) 718.10676ms ago: executing program 4 (id=2140): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f00000000c0)}, 0x20) r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) r4 = socket$igmp6(0xa, 0x3, 0x2) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f00000005c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @remote, @remote, 0x3, 0x2, 0x5, 0x400, 0xb7, 0xc20022, r6}) syz_emit_ethernet(0x82, &(0x7f0000000040)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x80}}]}]}}}}}}}, 0x0) socket$inet6(0xa, 0x80803, 0x87) syz_emit_ethernet(0x5e, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd603000bb00282b00fc020000000000000000000000000000fe80000000000000000000"], 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000180)={0x0, r2}, 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x8, 0x8, 0xfff, 0x12b0, r2, 0x7, '\x00', 0x0, r3, 0x4, 0x1, 0x2, 0x3, @void, @value, @void, @value}, 0x50) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d40)=ANY=[@ANYBLOB="ec26000041000701fcfffffffddbdf25017c000004003680d42601"], 0x26ec}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) (fail_nth: 23) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00'}) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000380)=""/188, 0xbc}, {&(0x7f0000000080)=""/239, 0xef}, {&(0x7f0000000440)=""/68, 0x44}, {&(0x7f0000001b00)=""/4096, 0x1000}, {&(0x7f00000006c0)=""/234, 0xea}, {&(0x7f0000000240)=""/67, 0x43}], 0x6}, 0x80000000}], 0x4, 0x10000, 0x0) 664.842709ms ago: executing program 3 (id=2141): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0c000280"], 0x24}}, 0x0) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001e008d2af6ffffff000000000a000000", @ANYRES32=0x0, @ANYBLOB="0000d7"], 0x24}}, 0x4044) 658.488161ms ago: executing program 3 (id=2142): r0 = socket(0x1000000000000010, 0x80802, 0x0) sendmsg(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="5500000018007fd500fe01b2a4a280930a06000000a843089100fe800c00080008000c00080000002d000f009b2c136ef75afb83de448daa72540d8102d2c55327c43ab82286ef1fdd20642383656d4d2449155037", 0x55}], 0x1, 0x0, 0x0, 0xffffffe0}, 0x0) 623.633269ms ago: executing program 0 (id=2143): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000f00)={{0x14, 0x10, 0x1, 0x22000000, 0x0, {0x7}}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x3}}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x5c}, 0x1, 0x0, 0x0, 0x10}, 0x20000824) 534.941267ms ago: executing program 3 (id=2144): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2a0, 0x160, 0x4c, 0x2500, 0x290, 0x73, 0x290, 0x258, 0x258, 0x290, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x73}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}, {{@ipv6={@local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'vxcan1\x00', 'team0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x300) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000040)="d80000001a0081044e81f782db4cb904021d08007b490d4f1e81f8d815001000ff05143a13600e12080005007a010401a80016002000034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f877501000100683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a9295cbcd8bee", 0xd8}], 0x1}, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) (async) syz_emit_ethernet(0x6f, &(0x7f0000003580)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd6000000000393afffe8000000000005e0000000000000000bbff021c000000000000000000000000018800907805000000fe80000000000000000000000000002a020321c1e05659ae3f48e9296b2beda7add700385601f8910201fef4b66989e6"], 0x0) (async, rerun: 64) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @rand_addr=0x64010101}, 0x10) (rerun: 64) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) (async) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000040)=0x6aba, 0x4) (async, rerun: 32) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, @void, @value}, 0x94) (rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='contention_end\x00', r2}, 0x18) (async) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0x7, &(0x7f0000000100)=0x4000200, 0x4) (async) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x20}}, 0x0) (async) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) (async) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0xf0b, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x100}]}, 0x2c}}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newtfilter={0x40, 0x2c, 0xd29, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r6, {0xa, 0xfff3}, {}, {0xc, 0xa}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x1, 0xffe0}}]}}]}, 0x40}}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0) sendmsg$NFC_CMD_GET_TARGET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x14, 0x0, 0x4, 0x70bd29}, 0x14}}, 0x40000) syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r4) (async) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r4) sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000480)={0x0, 0x11, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000eeff120000000a0004007778616e3300000008001500", @ANYRES32=0x0, @ANYBLOB="080001"], 0x30}}, 0x0) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000180)=0x40000000, 0x4) ppoll(&(0x7f0000000300)=[{r1, 0x8200}, {r1, 0x4}, {r7, 0x2186}, {r1, 0xd3a8}], 0x4, &(0x7f0000000340)={0x77359400}, &(0x7f00000004c0)={[0x7fff]}, 0x8) (async) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 168.851198ms ago: executing program 1 (id=2145): r0 = getpid() bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x10010000004e20}, 0x1c) syz_emit_ethernet(0x83, &(0x7f0000000500)=ANY=[@ANYRESDEC=r0], 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000b40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_STATION(r2, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f00000001c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010029bd7000fcdbdf251200000008000300", @ANYRES32=r4, @ANYBLOB="0a000600080211000001000014008100050002"], 0x3c}}, 0x0) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000440), r1) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000100)={0x0, 0x4100, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000250000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008b00", @ANYRES32=r0, @ANYBLOB="a13427155f69ff175a9ae37c1f23bd6657aa19cea4e055fd888214db75034b9379fd3cf34b2bc886242b9ff2315fae6346b5fb277275b89e4e073402658f3e54a541d924971c9347b30a5e1c7b1d7fa1e504d276481fa142c5c42e66eb81e7ae61b4de7e4b76116e0ae2d860089ded2bb4a759ccdc9fb87d35ed710c8c4f1d221d7c8c15f413a9cd891fd07c1b8c6c2c23aee9e3490423e96d9771269c0c6ddb809a676582cc6db8"], 0x3c}}, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000400)='cachefiles_ondemand_read\x00', r6}, 0x18) socket$packet(0x11, 0x3, 0x300) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r7, 0x107, 0x12, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000001c0)={'bond_slave_1\x00', 0x0}) sendto$packet(r7, &(0x7f0000000180)="10030600e0ff020004004788aa96a13bb1000011", 0x14, 0x0, &(0x7f0000000140)={0x11, 0x0, r8}, 0x14) mmap(&(0x7f00003b2000/0x1000)=nil, 0x1000, 0x0, 0x8031, r7, 0x959b8000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r9, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000002c0)={'veth1_to_hsr\x00', &(0x7f0000000580)=@ethtool_per_queue_op={0x4b, 0x1, [0x3, 0xed, 0x8, 0x6, 0x4, 0x7, 0x7f, 0x7, 0x3, 0x800, 0x7, 0x2, 0x7, 0x9, 0x3, 0x3ff, 0x8, 0x4fe, 0xd13, 0xffffffff, 0x5, 0xbc14, 0x80000000, 0xffffa0ff, 0xfffffff3, 0x2, 0x7, 0xb, 0x8, 0xfffffff7, 0x100, 0x456cf92d, 0x4, 0x4, 0x1, 0x9, 0x5, 0x8001, 0x10, 0x6, 0x1, 0x6, 0x7, 0xd, 0x80000000, 0x400, 0x4, 0x1, 0x9d, 0x7, 0x2, 0x9ae, 0x0, 0x5, 0x3, 0xee4, 0x5, 0x0, 0x1285, 0x3708f4fb, 0xf, 0x8, 0xb, 0xf, 0x0, 0x1, 0x93dd, 0x8, 0x5, 0x0, 0x5, 0x8, 0x9, 0xe, 0x6, 0x7f, 0x5, 0x3, 0x2, 0x3, 0x8004, 0x7f, 0x3, 0x7, 0x1000, 0x4, 0x8, 0xf5d5, 0x9, 0xb5a, 0x7f, 0x2, 0xffff, 0x5, 0xa, 0x2, 0x5, 0x1, 0xffffff7f, 0x6, 0x804, 0xfffffffd, 0xffffffff, 0x9, 0x20c, 0x8, 0x18e, 0xffffffff, 0x1, 0x9, 0x5, 0x96, 0x7, 0x100007, 0x5, 0x3, 0x21cfb5f9, 0x5, 0x6, 0xbb3, 0x6, 0x101, 0x9, 0x0, 0xcd68, 0x9, 0x81, 0x41]}}) r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), 0xffffffffffffffff) r11 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_GET(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000700)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="030700000000000000000800000068000480040007801300010062726f6164636173742d6c696e6b00001900078008000300000000000800020000000000080003000000000008000200000000000800030000000000040004"], 0x7c}}, 0x0) recvmmsg(r9, &(0x7f00000000c0), 0x491, 0x0, 0x0) r12 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r12, 0x1, 0x8, &(0x7f0000000200), 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYRESOCT=r0], 0x0, 0x53, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) 168.578556ms ago: executing program 3 (id=2146): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x22fe0}], 0x1}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x80800) sendmsg$nl_netfilter(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000005c0)=ANY=[], 0xffffff70}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) recvmmsg(r4, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000900), 0x3}, 0x17ba}], 0x1e, 0x2000, 0x0) 124.941753ms ago: executing program 4 (id=2147): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x12, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000001bfff00000000000018000000000000000000000000000000950000000000000018010000202070250000000000202020db1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b502000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xc2, &(0x7f0000000280)=""/194, 0x0, 0x49, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xecc, @void, @value}, 0x94) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f00000000c0)=0x10) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000080)={r2, 0x5, 0x10}, 0xc) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'wp256\x00'}, 0x58) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r4, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x4101}, 0x10) r5 = socket$inet6(0xa, 0x3, 0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth0\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@ipv4_deladdr={0x34, 0x15, 0x1, 0xfffffffd, 0x0, {0x2, 0x18, 0x0, 0x0, r7}, [@IFA_LABEL={0x14, 0x3, 'veth0\x00'}, @IFA_ADDRESS={0x8, 0x1, @broadcast}]}, 0x34}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x4e24, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in6=@mcast2, 0xfffffffc, 0x32}, 0x0, @in6=@mcast1, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8) sendmmsg(r5, &(0x7f0000000480), 0x2e9, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r10, &(0x7f0000001b80)=[{{&(0x7f0000001c40)=@abs={0x1, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r9, @ANYBLOB="35eebd4882dac0cbeba3f8a6dcf83872f1b8c13d0189be2fbb004118f3005fb231b837587898f042fadd2728"], 0x18, 0x4000040}}], 0x1, 0x4003ec0) r11 = accept4(r3, 0x0, 0x0, 0x800) recvmmsg$unix(r11, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="00000100000000000000000000000000000000005667efbcdb42dd0b8b60142225c6987acc9a7bf408441c8fdcc6618888c90c8e4dea28b3b870d9ba5acb1f5f7e7561c6c5bd757343997c4c9db6d5c37f5b514ccde3920c86f9ad3258b44c6f215351a86fcf5c442edc0a726b72e1d1996bbaaacc882aeec024f64d236fe7bcf55f13944de04383a7ad5a3207e020eda636018c6ea71887cade6d", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x10, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r12, @ANYBLOB="0000000000000000b70500000800000062000000a500000095"], &(0x7f0000000300)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$SO_TIMESTAMPING(r11, 0x1, 0x25, &(0x7f0000000100)=0x20, 0x4) connect$pptp(r11, &(0x7f0000000080)={0x18, 0x2, {0x0, @multicast2}}, 0x1e) sendmsg$inet(r11, &(0x7f0000000540)={&(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000200)="1ed4d16313c7c792c7cfba0ee45c2ca8dc654e981b91673cabdc16095f8ce4a76eb9e324cfb84fde037af61617520f2ec328a57b0ba8a8dba19041a7874d4579ea9e81c08271d192207525d6e9901cfece50f2da15f5af8a94a200bccfa89eb13837f2236f10df0f2e90179dd29ab82b852211870a3be9", 0x77}, {&(0x7f0000000380)="df3530c68c32680091d45c990c88a2ded9412c26e3643e029e312f798287fa2f1aa4873d8f5ea3a9ad7d3c02fcfa43b31f19960e08c11a1fbcf10707bce5583c12f51fff68f577f922444e42816fc9cfe56d7592d00ba7d8badb7982ec75838aabef44b7855af705cff75854fbfb5dae47f12261df485956a50950fd40707d9a9d47f99f722499f9d0275615e15340d031625d45753a74c4609addefcd145b36c113287d0cd1bc9d2cc8e68afd36dbacc6417ac5dd6a2fdd", 0xb8}, {&(0x7f0000000440)="64ebebec9498ca6e85437b15a979d227763bcc0b3e9688656c9f7d26496a71e06089fdb16190868866137a144fd7be977c1542d091868477491321dca71beaa9c8d87e415bd966b20f3e6118b4af578d3d526f1e0ba96bf2de8efa6f81786b569666c2d76012ccfae53625d03bdd406ed3b726c9bdf3173c5da1302a59d0", 0x7e}], 0x3, &(0x7f0000000500)=[@ip_ttl={{0x14, 0x0, 0x2, 0x1}}], 0x18}, 0x40000) 64.892474ms ago: executing program 0 (id=2148): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000003c0007010000000000000000090000000400fc800c00018008000600ffff0000080002800400728008000900", @ANYRES32=r0], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x0) 0s ago: executing program 0 (id=2149): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000cc0)=@delchain={0x1d0, 0x65, 0x2, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x8}, {0x0, 0x9}, {0x6}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @filter_kind_options=@f_route={{0xa}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x6, 0x22}}, @filter_kind_options=@f_route={{0xa}, {0x17c, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x10c, 0x6, [@m_vlan={0x108, 0x13, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}]}, {0xd1, 0x6, "4536d5ba67cb41f3417191a0b4758169ba997e9dbec50e599419b7f290f4ee70efc0bdcb1d84cd2098b9c95fa81553821d25bbee1244fda18d438c3a5d696ee14197d17ea59071f0fd93760930ba453b3e23095f617d12282ec3f8190afeb1ac2e8d254fdac5b6ea11185f9256c3bab37a15cafe5f112d56723f0fb5c49b6449e58fc91a26d527012f701a9cfebef7787238f0d549914d85db8de6456cd08e0cd88f542f218759aebb2337e303783a52c6e45d646c6ef46ddb4aac282b8605eabf8141749876b4d391ca0a9d7a"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}]}, @TCA_ROUTE4_POLICE={0x54, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x7ff, 0xffffffffffffffff, 0x3, 0xa, 0x6, {0x7, 0x2, 0x1, 0x9, 0x0, 0x4}, {0x10, 0x2, 0x6, 0xfffe, 0x1, 0xeaa1}, 0x6, 0x200, 0x7}}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xb}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0xa71}]}]}}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x81}, 0x8000) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x3a1}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0xffffffffffffffa6, &(0x7f0000003700)={0x77359400}) kernel console output (not intermixed with test programs): ticast mode [ 162.412946][ T7151] batadv0: entered allmulticast mode [ 162.443351][ T7167] xt_CT: No such helper "pptp" [ 162.458986][ T7155] x_tables: duplicate underflow at hook 1 [ 162.492724][ T7151] batadv0: left allmulticast mode [ 162.536417][ T7174] netlink: 'syz.4.364': attribute type 21 has an invalid length. [ 162.680326][ T7178] dummy0: entered promiscuous mode [ 162.685683][ T7178] vlan2: entered promiscuous mode [ 162.730043][ T7180] xt_recent: hitcount (33554432) is larger than allowed maximum (65535) [ 162.904669][ T7189] xt_CT: No such helper "pptp" [ 163.442493][ T7211] xt_recent: hitcount (33554432) is larger than allowed maximum (65535) [ 163.569748][ T7019] udevd[7019]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 163.661429][ T7215] xt_CT: No such helper "pptp" [ 164.136114][ T7220] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744071562067969) [ 164.163434][ T7220] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647 [ 164.813338][ T7257] bridge_slave_0: left allmulticast mode [ 164.819144][ T7257] bridge_slave_0: left promiscuous mode [ 164.882572][ T7257] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.947056][ T7257] bridge_slave_1: left allmulticast mode [ 164.989807][ T7257] bridge_slave_1: left promiscuous mode [ 165.009751][ T7257] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.038800][ T7257] bond0: (slave bond_slave_0): Releasing backup interface [ 165.116369][ T7257] bond0: (slave bond_slave_1): Releasing backup interface [ 165.169855][ T7019] udevd[7019]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 165.252259][ T7257] team0: Port device team_slave_0 removed [ 165.309289][ T7257] team0: Port device team_slave_1 removed [ 165.317266][ T7257] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 165.330486][ T7282] IPv6: Can't replace route, no match found [ 165.358056][ T7257] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 165.430349][ T7285] __nla_validate_parse: 16 callbacks suppressed [ 165.430366][ T7285] netlink: 14 bytes leftover after parsing attributes in process `syz.0.391'. [ 165.563743][ T7261] vlan0: entered promiscuous mode [ 165.621050][ T7261] team0: Port device vlan0 added [ 165.678450][ T7279] dvmrp1: entered allmulticast mode [ 165.704272][ T7281] gretap0: entered promiscuous mode [ 165.710151][ T7281] macsec1: entered promiscuous mode [ 165.735169][ T7281] gretap0: left promiscuous mode [ 165.946626][ T7294] netlink: 248 bytes leftover after parsing attributes in process `syz.1.399'. [ 166.057167][ T7289] syz.4.398 (7289) used greatest stack depth: 19848 bytes left [ 166.339363][ T7305] netlink: 28 bytes leftover after parsing attributes in process `syz.4.401'. [ 166.348793][ T7305] netlink: 'syz.4.401': attribute type 7 has an invalid length. [ 166.361107][ T7305] netlink: 'syz.4.401': attribute type 8 has an invalid length. [ 166.368808][ T7305] netlink: 4 bytes leftover after parsing attributes in process `syz.4.401'. [ 166.384461][ T7305] team0: entered promiscuous mode [ 166.391721][ T7305] bond0: entered promiscuous mode [ 166.398049][ T7305] gretap0: entered promiscuous mode [ 166.404543][ T7305] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 166.412257][ T7305] Cannot create hsr debugfs directory [ 166.418000][ T7305] hsr1: Slave B (bond0) is not up; please bring it up to get a fully working HSR network [ 166.428648][ T7305] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 166.555138][ T7308] IPVS: set_ctl: invalid protocol: 135 10.1.1.2:20001 [ 167.115483][ T7331] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 167.186096][ T7333] xt_CT: No such helper "pptp" [ 167.209451][ T7323] veth0_to_bridge: entered promiscuous mode [ 167.228870][ T7323] macsec1: entered promiscuous mode [ 167.252989][ T7323] macsec1: entered allmulticast mode [ 167.258817][ T7323] veth0_to_bridge: entered allmulticast mode [ 167.295026][ T7337] netlink: 248 bytes leftover after parsing attributes in process `syz.4.412'. [ 167.311529][ T7323] veth0_to_bridge: left allmulticast mode [ 167.352171][ T7323] veth0_to_bridge: left promiscuous mode [ 167.666207][ T7352] netlink: 'syz.0.417': attribute type 4 has an invalid length. [ 167.746511][ T7351] nbd: device at index 0 is going down [ 167.767007][ T7347] netlink: 'syz.2.414': attribute type 13 has an invalid length. [ 167.782109][ T7347] gretap0: refused to change device tx_queue_len [ 167.809216][ T7347] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 167.855485][ T7359] openvswitch: netlink: Message has 8 unknown bytes. [ 168.051432][ T7368] netlink: 104 bytes leftover after parsing attributes in process `syz.1.423'. [ 168.567188][ T7384] netlink: 48 bytes leftover after parsing attributes in process `syz.2.429'. [ 168.579092][ T7388] bridge_slave_0: default FDB implementation only supports local addresses [ 168.606116][ T7389] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 168.644651][ T7391] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 168.678858][ T7395] netlink: 12 bytes leftover after parsing attributes in process `syz.4.433'. [ 169.041962][ T7413] netlink: 4 bytes leftover after parsing attributes in process `syz.4.439'. [ 169.222567][ T7424] netlink: 28 bytes leftover after parsing attributes in process `syz.3.443'. [ 169.503636][ T7441] syz.1.448 uses old SIOCAX25GETINFO [ 169.503743][ T7440] netlink: 'syz.4.449': attribute type 1 has an invalid length. [ 169.701612][ T7448] netlink: 'syz.0.450': attribute type 4 has an invalid length. [ 170.089009][ T7462] netlink: 'syz.2.456': attribute type 1 has an invalid length. [ 170.151166][ T7463] batadv1: entered promiscuous mode [ 170.156399][ T7463] batadv1: entered allmulticast mode [ 170.289347][ T7462] batadv1: entered promiscuous mode [ 170.299313][ T7462] batadv1: entered allmulticast mode [ 170.550037][ T7482] netlink: 'syz.1.462': attribute type 32 has an invalid length. [ 170.595316][ T7482] __nla_validate_parse: 9 callbacks suppressed [ 170.595333][ T7482] netlink: 60 bytes leftover after parsing attributes in process `syz.1.462'. [ 170.668646][ T7485] netlink: 4 bytes leftover after parsing attributes in process `syz.2.463'. [ 170.716620][ T7486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.463'. [ 170.730466][ T7485] hsr_slave_0: left promiscuous mode [ 170.742159][ T7485] hsr_slave_1: left promiscuous mode [ 170.947174][ T7482] netlink: 'syz.1.462': attribute type 15 has an invalid length. [ 170.968856][ T7490] Cannot find set identified by id 2 to match [ 171.096555][ T7494] netlink: 12 bytes leftover after parsing attributes in process `syz.2.466'. [ 171.530766][ T7512] FAULT_INJECTION: forcing a failure. [ 171.530766][ T7512] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 171.562465][ T7509] netlink: 20 bytes leftover after parsing attributes in process `syz.1.474'. [ 171.576384][ T7512] CPU: 0 UID: 0 PID: 7512 Comm: syz.4.472 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 171.576407][ T7512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 171.576416][ T7512] Call Trace: [ 171.576424][ T7512] [ 171.576432][ T7512] dump_stack_lvl+0x189/0x250 [ 171.576457][ T7512] ? __lock_acquire+0xaac/0xd20 [ 171.576481][ T7512] ? __pfx_dump_stack_lvl+0x10/0x10 [ 171.576501][ T7512] ? __pfx__printk+0x10/0x10 [ 171.576518][ T7512] ? __might_fault+0xb0/0x130 [ 171.576547][ T7512] should_fail_ex+0x414/0x560 [ 171.576569][ T7512] _copy_from_user+0x2d/0xb0 [ 171.576590][ T7512] kstrtouint_from_user+0xc4/0x170 [ 171.576610][ T7512] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 171.576644][ T7512] proc_fail_nth_write+0x88/0x240 [ 171.576665][ T7512] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 171.576690][ T7512] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 171.576711][ T7512] vfs_write+0x27b/0xa90 [ 171.576736][ T7512] ? __pfx_vfs_write+0x10/0x10 [ 171.576755][ T7512] ? __fget_files+0x2a/0x420 [ 171.576775][ T7512] ? __fget_files+0x3a0/0x420 [ 171.576791][ T7512] ? __fget_files+0x2a/0x420 [ 171.576818][ T7512] ksys_write+0x145/0x250 [ 171.576838][ T7512] ? rcu_is_watching+0x15/0xb0 [ 171.576860][ T7512] ? __pfx_ksys_write+0x10/0x10 [ 171.576880][ T7512] ? do_syscall_64+0xba/0x210 [ 171.576900][ T7512] do_syscall_64+0xf6/0x210 [ 171.576916][ T7512] ? clear_bhb_loop+0x45/0xa0 [ 171.576936][ T7512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.576951][ T7512] RIP: 0033:0x7fba8058d41f [ 171.576966][ T7512] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 171.576979][ T7512] RSP: 002b:00007fba7e3f6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 171.576996][ T7512] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fba8058d41f [ 171.577007][ T7512] RDX: 0000000000000001 RSI: 00007fba7e3f60a0 RDI: 0000000000000004 [ 171.577017][ T7512] RBP: 00007fba7e3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 171.577026][ T7512] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 171.577035][ T7512] R13: 0000000000000000 R14: 00007fba807b5fa0 R15: 00007ffce2aa2788 [ 171.577063][ T7512] [ 172.029931][ T7523] vlan2: entered promiscuous mode [ 172.790484][ T7557] netlink: 12 bytes leftover after parsing attributes in process `syz.4.491'. [ 172.798745][ T7554] netlink: 8 bytes leftover after parsing attributes in process `syz.2.490'. [ 172.826945][ T7559] netlink: 20 bytes leftover after parsing attributes in process `syz.3.492'. [ 173.157714][ T7569] vlan2: entered promiscuous mode [ 173.163090][ T7569] team0: entered promiscuous mode [ 173.205785][ T7576] netlink: 4 bytes leftover after parsing attributes in process `syz.3.500'. [ 173.447967][ T7586] netlink: 4 bytes leftover after parsing attributes in process `syz.4.506'. [ 173.480663][ T7592] netlink: 'syz.2.505': attribute type 4 has an invalid length. [ 173.578640][ T7590] xt_CT: No such helper "pptp" [ 173.791824][ T7603] xt_hashlimit: max too large, truncated to 1048576 [ 173.828954][ T7603] xt_hashlimit: Unknown mode mask 2000, kernel too old? [ 174.426862][ T7616] netlink: 'syz.4.514': attribute type 4 has an invalid length. [ 174.544072][ T7019] udevd[7019]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 174.682046][ T7292] udevd[7292]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 174.927182][ T7649] hsr0: entered promiscuous mode [ 174.935302][ T7649] A link change request failed with some changes committed already. Interface hsr0 may have been left with an inconsistent configuration, please check. [ 175.020434][ T7651] netlink: 'syz.1.527': attribute type 7 has an invalid length. [ 175.029832][ T7651] netlink: 'syz.1.527': attribute type 8 has an invalid length. [ 175.050557][ T7651] bond0: entered promiscuous mode [ 175.057822][ T7651] gretap0: entered promiscuous mode [ 175.066013][ T7651] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 175.074915][ T7651] Cannot create hsr debugfs directory [ 175.081991][ T7651] hsr1: Slave A (team0) is not up; please bring it up to get a fully working HSR network [ 175.097211][ T7651] hsr1: Slave B (bond0) is not up; please bring it up to get a fully working HSR network [ 175.108235][ T7651] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 175.536448][ T7664] netlink: 'syz.2.532': attribute type 1 has an invalid length. [ 176.099064][ T7693] __nla_validate_parse: 14 callbacks suppressed [ 176.099080][ T7693] netlink: 28 bytes leftover after parsing attributes in process `syz.4.542'. [ 176.347411][ T7702] netlink: 'syz.3.546': attribute type 30 has an invalid length. [ 176.539884][ T7708] netlink: 12 bytes leftover after parsing attributes in process `syz.2.548'. [ 177.447227][ T7722] netlink: 584 bytes leftover after parsing attributes in process `syz.2.555'. [ 177.646504][ T7729] netlink: 104 bytes leftover after parsing attributes in process `syz.1.556'. [ 177.758115][ T7733] netlink: 28 bytes leftover after parsing attributes in process `syz.0.560'. [ 177.834131][ T7740] netlink: 4 bytes leftover after parsing attributes in process `syz.1.564'. [ 177.840910][ T7737] netlink: 4 bytes leftover after parsing attributes in process `syz.3.562'. [ 177.938936][ T7737] batadv0: entered promiscuous mode [ 177.959804][ T7737] macsec1: entered allmulticast mode [ 177.965228][ T7737] batadv0: entered allmulticast mode [ 177.990245][ T7737] batadv0: left allmulticast mode [ 177.995372][ T7737] batadv0: left promiscuous mode [ 178.191037][ T5879] IPVS: starting estimator thread 0... [ 178.279982][ T7756] IPVS: using max 29 ests per chain, 69600 per kthread [ 178.776921][ T7768] vlan2: entered promiscuous mode [ 178.795926][ T7769] netlink: 12 bytes leftover after parsing attributes in process `syz.2.573'. [ 178.868611][ T7769] netlink: 'syz.2.573': attribute type 1 has an invalid length. [ 179.153765][ T7779] netlink: 28 bytes leftover after parsing attributes in process `syz.4.577'. [ 179.932482][ T7792] xt_CT: No such helper "pptp" [ 180.058373][ T7814] netlink: 28 bytes leftover after parsing attributes in process `syz.2.590'. [ 180.059001][ T7816] pim6reg1: entered promiscuous mode [ 180.078202][ T7816] pim6reg1: entered allmulticast mode [ 180.203213][ T7821] tipc: Started in network mode [ 180.208659][ T7821] tipc: Node identity -, cluster identity 4711 [ 180.215052][ T7821] tipc: Enabling of bearer rejected, failed to enable media [ 180.235114][ T7822] vlan0: entered promiscuous mode [ 180.366045][ T7824] 8021q: adding VLAN 0 to HW filter on device bond1 [ 180.376070][ T7824] bond1: entered promiscuous mode [ 180.398578][ T7824] team0: Port device bond1 added [ 181.043550][ T7858] xt_CT: No such helper "pptp" [ 181.185461][ T7852] bond0 (unregistering): left promiscuous mode [ 181.193164][ T7852] bond0 (unregistering): Released all slaves [ 181.519825][ T7887] x_tables: duplicate underflow at hook 3 [ 181.926428][ T7906] __nla_validate_parse: 8 callbacks suppressed [ 181.926446][ T7906] netlink: 60 bytes leftover after parsing attributes in process `syz.1.624'. [ 181.987698][ T7906] netlink: 60 bytes leftover after parsing attributes in process `syz.1.624'. [ 181.990008][ T7910] netlink: 'syz.3.626': attribute type 1 has an invalid length. [ 182.023649][ T7910] netlink: 24 bytes leftover after parsing attributes in process `syz.3.626'. [ 182.113356][ T7912] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 182.580495][ T7938] netlink: 'syz.0.640': attribute type 1 has an invalid length. [ 182.747492][ T7946] ieee802154 phy0 wpan0: encryption failed: -22 [ 182.834290][ T7920] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 182.837802][ T7952] sctp: [Deprecated]: syz.4.646 (pid 7952) Use of int in maxseg socket option. [ 182.837802][ T7952] Use struct sctp_assoc_value instead [ 182.901799][ T7948] netlink: 4 bytes leftover after parsing attributes in process `syz.3.645'. [ 182.911955][ T7957] FAULT_INJECTION: forcing a failure. [ 182.911955][ T7957] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 182.945474][ T7957] CPU: 1 UID: 0 PID: 7957 Comm: syz.0.648 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 182.945499][ T7957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 182.945509][ T7957] Call Trace: [ 182.945516][ T7957] [ 182.945523][ T7957] dump_stack_lvl+0x189/0x250 [ 182.945548][ T7957] ? __lock_acquire+0xaac/0xd20 [ 182.945572][ T7957] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.945592][ T7957] ? __pfx__printk+0x10/0x10 [ 182.945609][ T7957] ? __might_fault+0xb0/0x130 [ 182.945639][ T7957] should_fail_ex+0x414/0x560 [ 182.945661][ T7957] _copy_from_user+0x2d/0xb0 [ 182.945682][ T7957] nr_setsockopt+0x15b/0x3d0 [ 182.945707][ T7957] ? __pfx_nr_setsockopt+0x10/0x10 [ 182.945728][ T7957] ? aa_sock_opt_perm+0x74/0x110 [ 182.945748][ T7957] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 182.945765][ T7957] ? __pfx_nr_setsockopt+0x10/0x10 [ 182.945788][ T7957] do_sock_setsockopt+0x257/0x3e0 [ 182.945812][ T7957] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 182.945838][ T7957] ? ksys_write+0x1e1/0x250 [ 182.945869][ T7957] __x64_sys_setsockopt+0x18b/0x220 [ 182.945895][ T7957] do_syscall_64+0xf6/0x210 [ 182.945914][ T7957] ? clear_bhb_loop+0x45/0xa0 [ 182.945934][ T7957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.945949][ T7957] RIP: 0033:0x7f723d78e969 [ 182.945964][ T7957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.945977][ T7957] RSP: 002b:00007f723e5ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 182.945995][ T7957] RAX: ffffffffffffffda RBX: 00007f723d9b5fa0 RCX: 00007f723d78e969 [ 182.946006][ T7957] RDX: 0000000000000003 RSI: 0000000000000103 RDI: 0000000000000004 [ 182.946016][ T7957] RBP: 00007f723e5ef090 R08: 0000000000000004 R09: 0000000000000000 [ 182.946026][ T7957] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 182.946035][ T7957] R13: 0000000000000000 R14: 00007f723d9b5fa0 R15: 00007ffce59327d8 [ 182.946062][ T7957] [ 183.305465][ T7965] netlink: 'syz.0.650': attribute type 4 has an invalid length. [ 183.333911][ T7965] netlink: 8 bytes leftover after parsing attributes in process `syz.0.650'. [ 183.567064][ T7973] netlink: 28 bytes leftover after parsing attributes in process `syz.3.654'. [ 183.654572][ T7972] syzkaller0: entered promiscuous mode [ 183.661294][ T7972] syzkaller0: entered allmulticast mode [ 183.824194][ T7982] xt_CT: No such helper "pptp" [ 184.305512][ T5837] Bluetooth: hci0: command 0x0401 tx timeout [ 185.714767][ T7980] netlink: 8 bytes leftover after parsing attributes in process `syz.0.657'. [ 185.724194][ T7980] netlink: 8 bytes leftover after parsing attributes in process `syz.0.657'. [ 185.858965][ T8003] netlink: 240 bytes leftover after parsing attributes in process `syz.3.662'. [ 186.012421][ T8024] netlink: 60 bytes leftover after parsing attributes in process `syz.2.669'. [ 186.125745][ T8032] openvswitch: netlink: nsh attribute has 65520 unknown bytes. [ 186.146442][ T8031] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 186.155769][ T8032] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 186.330585][ T8042] netlink: 'syz.0.675': attribute type 7 has an invalid length. [ 186.372836][ T8040] netlink: 'syz.2.674': attribute type 1 has an invalid length. [ 186.935625][ T8076] __nla_validate_parse: 6 callbacks suppressed [ 186.935642][ T8076] netlink: 20 bytes leftover after parsing attributes in process `syz.1.688'. [ 187.032316][ T8085] netlink: 28 bytes leftover after parsing attributes in process `syz.2.690'. [ 187.298071][ T7292] udevd[7292]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 187.364298][ T7292] udevd[7292]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 187.436816][ T8101] netlink: 4 bytes leftover after parsing attributes in process `syz.2.697'. [ 187.644828][ T8116] netlink: 8 bytes leftover after parsing attributes in process `syz.0.703'. [ 187.719572][ T8123] netlink: 28 bytes leftover after parsing attributes in process `syz.2.705'. [ 187.841125][ T8133] raw_sendmsg: syz.0.708 forgot to set AF_INET. Fix it! [ 187.897518][ T8124] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.905390][ T8124] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.142130][ T8124] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 188.166710][ T8124] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 188.182855][ T8147] netlink: 20 bytes leftover after parsing attributes in process `syz.1.711'. [ 188.257804][ T8148] netlink: 16 bytes leftover after parsing attributes in process `syz.1.711'. [ 188.306852][ T8124] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.329740][ T8124] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.339267][ T8124] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.354767][ T8124] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.466582][ T8146] netlink: 32 bytes leftover after parsing attributes in process `syz.1.711'. [ 188.711546][ T8157] netlink: 8 bytes leftover after parsing attributes in process `syz.3.717'. [ 188.953250][ T8169] bond0: entered promiscuous mode [ 188.963128][ T8161] xt_CT: No such helper "pptp" [ 189.105444][ T8175] netlink: 28 bytes leftover after parsing attributes in process `syz.4.722'. [ 189.420569][ T8195] netlink: 'syz.1.728': attribute type 5 has an invalid length. [ 189.428508][ T7292] udevd[7292]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 189.510880][ T7292] udevd[7292]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 189.595153][ T8206] netlink: 'syz.1.733': attribute type 7 has an invalid length. [ 189.656601][ T8206] netlink: 'syz.1.733': attribute type 8 has an invalid length. [ 189.917365][ T8219] : entered promiscuous mode [ 190.276012][ T8242] batadv0: entered promiscuous mode [ 190.288161][ T8242] vlan3: entered promiscuous mode [ 190.524902][ T8253] netlink: 'syz.0.747': attribute type 1 has an invalid length. [ 191.089851][ T8289] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 191.602942][ T8302] can: request_module (can-proto-3) failed. [ 191.933654][ T8319] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) ! [ 192.105915][ T8325] netlink: 'syz.3.769': attribute type 3 has an invalid length. [ 192.117528][ T8325] __nla_validate_parse: 8 callbacks suppressed [ 192.117542][ T8325] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.769'. [ 192.270758][ T8328] bpq0: entered promiscuous mode [ 192.301922][ T8328] bpq0: entered allmulticast mode [ 192.455124][ T8340] netlink: 8 bytes leftover after parsing attributes in process `syz.0.773'. [ 192.646219][ T8348] vlan5: entered promiscuous mode [ 192.686394][ T8348] dummy0: entered promiscuous mode [ 192.932857][ T8366] netlink: 4 bytes leftover after parsing attributes in process `syz.1.784'. [ 192.954083][ T8366] netlink: 'syz.1.784': attribute type 1 has an invalid length. [ 192.961976][ T8366] netlink: 224 bytes leftover after parsing attributes in process `syz.1.784'. [ 193.070709][ T8376] netlink: 12 bytes leftover after parsing attributes in process `syz.2.787'. [ 193.421653][ T5833] Bluetooth: hci4: command 0x0405 tx timeout [ 193.448643][ T8390] FAULT_INJECTION: forcing a failure. [ 193.448643][ T8390] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 193.470899][ T8390] CPU: 1 UID: 0 PID: 8390 Comm: syz.2.793 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 193.470915][ T8390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 193.470921][ T8390] Call Trace: [ 193.470925][ T8390] [ 193.470930][ T8390] dump_stack_lvl+0x189/0x250 [ 193.470948][ T8390] ? __lock_acquire+0xaac/0xd20 [ 193.470963][ T8390] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.470976][ T8390] ? __pfx__printk+0x10/0x10 [ 193.470985][ T8390] ? __might_fault+0xb0/0x130 [ 193.471003][ T8390] should_fail_ex+0x414/0x560 [ 193.471015][ T8390] _copy_from_user+0x2d/0xb0 [ 193.471029][ T8390] __sys_bpf+0x1ed/0x860 [ 193.471042][ T8390] ? __pfx___sys_bpf+0x10/0x10 [ 193.471059][ T8390] ? ksys_write+0x1f0/0x250 [ 193.471069][ T8390] ? rcu_is_watching+0x15/0xb0 [ 193.471089][ T8390] __x64_sys_bpf+0x7c/0x90 [ 193.471099][ T8390] do_syscall_64+0xf6/0x210 [ 193.471110][ T8390] ? clear_bhb_loop+0x45/0xa0 [ 193.471121][ T8390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.471130][ T8390] RIP: 0033:0x7fdf2118e969 [ 193.471140][ T8390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.471148][ T8390] RSP: 002b:00007fdf22073038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 193.471160][ T8390] RAX: ffffffffffffffda RBX: 00007fdf213b5fa0 RCX: 00007fdf2118e969 [ 193.471167][ T8390] RDX: 0000000000000094 RSI: 0000200000000c80 RDI: 0000000000000005 [ 193.471172][ T8390] RBP: 00007fdf22073090 R08: 0000000000000000 R09: 0000000000000000 [ 193.471178][ T8390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.471186][ T8390] R13: 0000000000000001 R14: 00007fdf213b5fa0 R15: 00007fffad5daf28 [ 193.471211][ T8390] [ 193.827028][ T8396] netlink: 'syz.1.795': attribute type 2 has an invalid length. [ 193.849788][ T8396] netlink: 128 bytes leftover after parsing attributes in process `syz.1.795'. [ 193.883972][ T8399] ip6gretap1: entered promiscuous mode [ 193.891955][ T8401] netlink: 48 bytes leftover after parsing attributes in process `syz.4.797'. [ 193.922150][ T8399] bond0: (slave ip6gretap1): Enslaving as an active interface with an up link [ 193.942507][ T8404] netlink: 248 bytes leftover after parsing attributes in process `syz.3.798'. [ 194.062699][ T8410] netlink: 'syz.3.798': attribute type 4 has an invalid length. [ 194.137348][ T8414] netlink: 4 bytes leftover after parsing attributes in process `syz.4.801'. [ 194.146694][ T8404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.798'. [ 194.250197][ T8422] netlink: 'syz.4.801': attribute type 1 has an invalid length. [ 194.307258][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.315595][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.883130][ T8459] vlan3: entered promiscuous mode [ 195.319352][ T8479] netlink: 'syz.3.818': attribute type 1 has an invalid length. [ 195.463900][ T8486] netlink: 'syz.2.819': attribute type 1 has an invalid length. [ 195.499942][ T8430] Bluetooth: hci4: command 0x0405 tx timeout [ 195.966887][ T8494] xt_CT: No such helper "snmp" [ 196.382939][ T5837] Bluetooth: hci0: command 0x0401 tx timeout [ 196.389049][ T5837] Bluetooth: hci2: command 0x0406 tx timeout [ 196.397545][ T8430] Bluetooth: hci1: command 0x0406 tx timeout [ 196.397998][ T8429] Bluetooth: hci3: command 0x0406 tx timeout [ 196.503322][ T8520] workqueue: name exceeds WQ_NAME_LEN. Truncating to: žÀ^–>º>ùMv^µâ侦¸ÑKc'A¥»– [ 196.574405][ T8525] x_tables: duplicate underflow at hook 3 [ 197.354805][ T8558] __nla_validate_parse: 12 callbacks suppressed [ 197.354823][ T8558] netlink: 4 bytes leftover after parsing attributes in process `syz.1.848'. [ 198.568871][ T8606] netlink: 24 bytes leftover after parsing attributes in process `syz.3.866'. [ 198.583984][ T8607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.868'. [ 199.296162][ T8636] netlink: 8 bytes leftover after parsing attributes in process `syz.4.877'. [ 199.349231][ T8638] netlink: 20 bytes leftover after parsing attributes in process `syz.2.878'. [ 199.417090][ T8642] netlink: 'syz.1.880': attribute type 8 has an invalid length. [ 199.500556][ T8643] netlink: 12 bytes leftover after parsing attributes in process `syz.4.879'. [ 199.754742][ T8651] netlink: 1041 bytes leftover after parsing attributes in process `syz.3.881'. [ 200.509895][ T8674] netlink: 'syz.1.889': attribute type 15 has an invalid length. [ 200.730832][ T8682] netlink: 24 bytes leftover after parsing attributes in process `syz.0.892'. [ 200.745432][ T8686] netlink: 4 bytes leftover after parsing attributes in process `syz.1.894'. [ 200.837290][ T8691] netlink: 'syz.1.894': attribute type 1 has an invalid length. [ 200.861331][ T8691] netlink: 224 bytes leftover after parsing attributes in process `syz.1.894'. [ 200.938385][ T8697] netlink: 'syz.3.893': attribute type 10 has an invalid length. [ 201.010874][ T8697] bridge0: port 3(dummy0) entered blocking state [ 201.017353][ T8697] bridge0: port 3(dummy0) entered disabled state [ 201.081716][ T8697] dummy0: entered allmulticast mode [ 201.088681][ T8697] dummy0: entered promiscuous mode [ 201.760268][ T8738] netlink: 'syz.2.910': attribute type 1 has an invalid length. [ 202.345869][ T8766] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode active-backup(1) [ 202.411833][ T8770] Cannot find set identified by id 2 to match [ 202.533390][ T8780] netlink: 'syz.0.923': attribute type 1 has an invalid length. [ 202.626430][ T8765] bond0 (unregistering): left promiscuous mode [ 202.633096][ T8765] bond_slave_0: left promiscuous mode [ 202.638875][ T8765] bond_slave_1: left promiscuous mode [ 202.645978][ T8765] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 202.656591][ T8765] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 202.668013][ T8765] bond0 (unregistering): Released all slaves [ 202.893784][ T8790] __nla_validate_parse: 13 callbacks suppressed [ 202.893801][ T8790] netlink: 84 bytes leftover after parsing attributes in process `syz.4.928'. [ 202.896732][ T8786] netlink: 64 bytes leftover after parsing attributes in process `syz.3.926'. [ 203.106269][ T8802] netlink: 12 bytes leftover after parsing attributes in process `syz.1.932'. [ 203.143615][ T8806] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 203.288123][ T8805] team0: Port device vlan0 removed [ 203.396428][ T8812] xt_CT: No such helper "pptp" [ 203.483471][ T8820] vxcan3: entered allmulticast mode [ 203.491407][ T8818] netlink: 'syz.2.934': attribute type 2 has an invalid length. [ 203.712516][ T8832] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 203.928790][ T8840] IPVS: set_ctl: invalid protocol: 0 172.20.20.170:20004 [ 204.043595][ T8846] netlink: 16 bytes leftover after parsing attributes in process `syz.4.942'. [ 204.074338][ T8846] netlink: 16 bytes leftover after parsing attributes in process `syz.4.942'. [ 204.172974][ T62] tipc: Subscription rejected, illegal request [ 204.184197][ T8855] lo speed is unknown, defaulting to 1000 [ 204.190853][ T8855] lo speed is unknown, defaulting to 1000 [ 204.214330][ T8855] lo speed is unknown, defaulting to 1000 [ 204.252261][ T8855] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 204.279247][ T8855] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 204.379520][ T8855] lo speed is unknown, defaulting to 1000 [ 204.403416][ T8855] lo speed is unknown, defaulting to 1000 [ 204.420502][ T8855] lo speed is unknown, defaulting to 1000 [ 204.420522][ T8865] netlink: 20 bytes leftover after parsing attributes in process `syz.2.949'. [ 204.428083][ T8855] lo speed is unknown, defaulting to 1000 [ 204.450207][ T8855] lo speed is unknown, defaulting to 1000 [ 204.753614][ T7019] udevd[7019]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 204.798999][ T7292] udevd[7292]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 205.222004][ T8895] netlink: 4 bytes leftover after parsing attributes in process `syz.0.958'. [ 205.455873][ T8900] lo speed is unknown, defaulting to 1000 [ 205.481649][ T8907] netlink: 20 bytes leftover after parsing attributes in process `syz.1.962'. [ 205.806629][ T7292] udevd[7292]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 205.908474][ T7292] udevd[7292]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 206.017962][ T8933] netlink: 12 bytes leftover after parsing attributes in process `syz.3.965'. [ 206.216651][ T8939] netlink: 248 bytes leftover after parsing attributes in process `syz.4.971'. [ 206.480404][ T8939] netlink: 'syz.4.971': attribute type 4 has an invalid length. [ 206.948533][ T8962] netlink: 'syz.4.978': attribute type 4 has an invalid length. [ 207.144478][ T7292] udevd[7292]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 207.292816][ T8973] dummy0: entered promiscuous mode [ 207.302805][ T8973] dummy0: left promiscuous mode [ 208.524696][ T7292] udevd[7292]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 208.675935][ T9031] __nla_validate_parse: 7 callbacks suppressed [ 208.675954][ T9031] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1002'. [ 208.735505][ T9032] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1002'. [ 208.918960][ T9041] netlink: 3168 bytes leftover after parsing attributes in process `syz.1.1006'. [ 208.943183][ T9034] lo speed is unknown, defaulting to 1000 [ 209.670442][ T1213] IPVS: starting estimator thread 0... [ 209.703129][ T9089] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 209.725160][ T9089] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1024'. [ 209.739793][ T9091] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1023'. [ 209.758630][ T9092] ieee802154 phy0 wpan0: encryption failed: -22 [ 209.769761][ T9086] IPVS: using max 44 ests per chain, 105600 per kthread [ 210.109052][ T9102] bond0: (slave ip6gretap1): Releasing backup interface [ 210.130426][ T9102] ip6gretap1: left promiscuous mode [ 210.166382][ T9102] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1029'. [ 210.531720][ T9123] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1036'. [ 210.865627][ T9143] netlink: 'syz.0.1042': attribute type 7 has an invalid length. [ 210.897916][ T9145] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 210.922545][ T9146] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 211.073956][ T9150] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1045'. [ 211.403738][ T9167] netlink: 870 bytes leftover after parsing attributes in process `syz.3.1052'. [ 211.648995][ T7292] udevd[7292]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 211.937204][ T9184] vlan2: entered promiscuous mode [ 211.977568][ T9188] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1060'. [ 212.379803][ T9204] netlink: 'syz.2.1065': attribute type 4 has an invalid length. [ 212.907441][ T9224] lo speed is unknown, defaulting to 1000 [ 213.222415][ T9234] 8021q: adding VLAN 0 to HW filter on device team1 [ 214.044728][ T9265] __nla_validate_parse: 7 callbacks suppressed [ 214.044747][ T9265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1088'. [ 214.132195][ T9265] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1088'. [ 214.527709][ T9280] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1093'. [ 214.561678][ T9276] netlink: 'syz.4.1093': attribute type 1 has an invalid length. [ 214.569514][ T9276] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1093'. [ 214.786740][ T9291] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1098'. [ 214.816985][ T9286] lo speed is unknown, defaulting to 1000 [ 214.964884][ T9293] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1099'. [ 214.990483][ T9293] netlink: 'syz.2.1099': attribute type 1 has an invalid length. [ 215.028203][ T9293] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1099'. [ 215.227189][ T9304] lo speed is unknown, defaulting to 1000 [ 215.507020][ T9316] lo speed is unknown, defaulting to 1000 [ 216.064001][ T9331] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1110'. [ 216.461560][ T9344] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1116'. [ 216.478941][ T9345] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1115'. [ 216.587374][ T9338] lo speed is unknown, defaulting to 1000 [ 217.124294][ T9364] vlan0: entered promiscuous mode [ 217.247880][ T9370] set match dimension is over the limit! [ 217.248591][ T9362] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 217.556984][ T9360] lo speed is unknown, defaulting to 1000 [ 218.146836][ T9396] lo speed is unknown, defaulting to 1000 [ 218.417609][ T9414] vlan3: entered promiscuous mode [ 218.492548][ T9409] lo speed is unknown, defaulting to 1000 [ 218.703614][ T9423] vlan2: entered promiscuous mode [ 218.708938][ T9423] batadv0: entered promiscuous mode [ 218.871410][ T9435] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 218.969276][ T9434] netlink: 'syz.4.1148': attribute type 4 has an invalid length. [ 218.994379][ T9428] syzkaller1: entered promiscuous mode [ 219.012812][ T9428] syzkaller1: entered allmulticast mode [ 219.107640][ T9442] __nla_validate_parse: 5 callbacks suppressed [ 219.107657][ T9442] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1152'. [ 219.614797][ T7292] udevd[7292]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 219.733763][ T9468] vlan3: entered promiscuous mode [ 219.785691][ T9457] lo speed is unknown, defaulting to 1000 [ 219.922737][ T9481] batadv_slave_0: entered promiscuous mode [ 219.939819][ T9481] batadv_slave_0: entered allmulticast mode [ 219.948692][ T9484] netlink: 'syz.3.1168': attribute type 29 has an invalid length. [ 219.976893][ T9481] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 220.238754][ T9500] netlink: 180 bytes leftover after parsing attributes in process `syz.2.1172'. [ 220.269115][ T9500] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1172'. [ 220.305839][ T9500] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1172'. [ 220.327577][ T9500] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1172'. [ 220.371281][ T9504] sctp: [Deprecated]: syz.4.1176 (pid 9504) Use of int in maxseg socket option. [ 220.371281][ T9504] Use struct sctp_assoc_value instead [ 220.455971][ T9508] netlink: 368 bytes leftover after parsing attributes in process `syz.3.1178'. [ 220.468365][ T9508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1178'. [ 220.597595][ T9506] syz.4.1176 (9506) used greatest stack depth: 19272 bytes left [ 220.727084][ T9522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1180'. [ 220.826382][ T9524] IPVS: length: 98 != 24 [ 221.035384][ T9536] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1185'. [ 221.070124][ T9536] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1185'. [ 221.111890][ T9539] batman_adv: batadv0: Adding interface: wlan0 [ 221.118509][ T9539] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.164379][ T9539] batman_adv: batadv0: Interface activated: wlan0 [ 221.189513][ T9531] lo speed is unknown, defaulting to 1000 [ 221.291955][ T9541] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.357301][ T9545] FAULT_INJECTION: forcing a failure. [ 221.357301][ T9545] name failslab, interval 1, probability 0, space 0, times 0 [ 221.375868][ T9545] CPU: 1 UID: 0 PID: 9545 Comm: syz.3.1189 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 221.375893][ T9545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 221.375902][ T9545] Call Trace: [ 221.375909][ T9545] [ 221.375916][ T9545] dump_stack_lvl+0x189/0x250 [ 221.375943][ T9545] ? __pfx_dump_stack_lvl+0x10/0x10 [ 221.375963][ T9545] ? __pfx__printk+0x10/0x10 [ 221.375983][ T9545] ? __pfx___might_resched+0x10/0x10 [ 221.376003][ T9545] should_fail_ex+0x414/0x560 [ 221.376025][ T9545] should_failslab+0xa8/0x100 [ 221.376046][ T9545] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 221.376065][ T9545] ? __alloc_skb+0x112/0x2d0 [ 221.376085][ T9545] __alloc_skb+0x112/0x2d0 [ 221.376106][ T9545] netlink_sendmsg+0x5c6/0xb30 [ 221.376132][ T9545] ? __pfx_netlink_sendmsg+0x10/0x10 [ 221.376154][ T9545] ? aa_sock_msg_perm+0x94/0x160 [ 221.376173][ T9545] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 221.376190][ T9545] ? __pfx_netlink_sendmsg+0x10/0x10 [ 221.376210][ T9545] __sock_sendmsg+0x219/0x270 [ 221.376230][ T9545] ____sys_sendmsg+0x505/0x830 [ 221.376256][ T9545] ? __pfx_____sys_sendmsg+0x10/0x10 [ 221.376283][ T9545] ? import_iovec+0x74/0xa0 [ 221.376306][ T9545] ___sys_sendmsg+0x21f/0x2a0 [ 221.376336][ T9545] ? __pfx____sys_sendmsg+0x10/0x10 [ 221.376386][ T9545] ? __fget_files+0x2a/0x420 [ 221.376403][ T9545] ? __fget_files+0x3a0/0x420 [ 221.376428][ T9545] __x64_sys_sendmsg+0x19b/0x260 [ 221.376449][ T9545] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 221.376483][ T9545] ? do_syscall_64+0xba/0x210 [ 221.376501][ T9545] do_syscall_64+0xf6/0x210 [ 221.376516][ T9545] ? clear_bhb_loop+0x45/0xa0 [ 221.376534][ T9545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.376548][ T9545] RIP: 0033:0x7fc90a58e969 [ 221.376562][ T9545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 221.376574][ T9545] RSP: 002b:00007fc90b441038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 221.376591][ T9545] RAX: ffffffffffffffda RBX: 00007fc90a7b5fa0 RCX: 00007fc90a58e969 [ 221.376603][ T9545] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 221.376613][ T9545] RBP: 00007fc90b441090 R08: 0000000000000000 R09: 0000000000000000 [ 221.376623][ T9545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 221.376633][ T9545] R13: 0000000000000000 R14: 00007fc90a7b5fa0 R15: 00007ffc89747ff8 [ 221.376658][ T9545] [ 221.709330][ T9547] Bluetooth: hci3: Opcode 0x0401 failed: -4 [ 221.760759][ T9552] lo speed is unknown, defaulting to 1000 [ 221.972667][ T9564] netlink: 'syz.0.1197': attribute type 1 has an invalid length. [ 222.567963][ T9579] lo speed is unknown, defaulting to 1000 [ 222.667675][ T9590] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 2314 - 0 [ 222.677358][ T9590] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 2314 - 0 [ 222.688092][ T9590] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 2314 - 0 [ 222.697446][ T9590] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 2314 - 0 [ 222.716275][ T9590] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 2314 - 0 [ 222.725338][ T9590] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 2314 - 0 [ 222.734456][ T9590] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 2314 - 0 [ 222.743430][ T9590] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 2314 - 0 [ 223.322358][ T9621] Cannot find del_set index 2 as target [ 223.403814][ T9622] bridge3: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 223.849090][ T9649] netlink: 'syz.3.1223': attribute type 2 has an invalid length. [ 223.901977][ T5141] Bluetooth: hci3: command 0x0406 tx timeout [ 224.284044][ T9679] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 224.447802][ T9686] Cannot find set identified by id 2 to match [ 224.550391][ T9683] lo speed is unknown, defaulting to 1000 [ 225.038675][ T9698] bond1: left promiscuous mode [ 225.072755][ T9698] team0: Port device bond1 removed [ 225.120630][ T9698] __nla_validate_parse: 6 callbacks suppressed [ 225.120647][ T9698] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1241'. [ 225.150529][ T9701] bond1: entered promiscuous mode [ 225.155737][ T9701] bond1: entered allmulticast mode [ 225.166221][ T9701] 8021q: adding VLAN 0 to HW filter on device bond1 [ 225.202368][ T9703] vlan0: entered promiscuous mode [ 225.246208][ T9703] team0: Port device vlan0 added [ 225.583162][ T9724] ip6gretap1: entered promiscuous mode [ 225.594588][ T9724] bond0: (slave ip6gretap1): Enslaving as an active interface with an up link [ 225.670176][ T9729] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1252'. [ 225.817282][ T9738] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 225.851761][ T9739] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1254'. [ 226.001553][ T9739] vlan6: entered promiscuous mode [ 226.006851][ T9739] batadv0: entered promiscuous mode [ 226.048495][ T9731] lo speed is unknown, defaulting to 1000 [ 226.133237][ T9741] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1256'. [ 226.173066][ T9741] netlink: 'syz.4.1256': attribute type 1 has an invalid length. [ 226.182615][ T9741] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1256'. [ 226.222112][ T9748] x_tables: duplicate underflow at hook 3 [ 226.257904][ T9750] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1259'. [ 226.356583][ T9753] xt_recent: hitcount (33554432) is larger than allowed maximum (65535) [ 226.493124][ T9759] xt_CT: No such helper "pptp" [ 226.669559][ T9758] bond0 (unregistering): Released all slaves [ 226.924430][ T9778] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1266'. [ 227.076885][ T9785] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1269'. [ 227.201397][ T9788] netlink: 248 bytes leftover after parsing attributes in process `syz.3.1271'. [ 227.325692][ T9800] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1273'. [ 227.365748][ T9796] netlink: 'syz.4.1273': attribute type 1 has an invalid length. [ 227.661742][ T9817] netlink: 'syz.0.1280': attribute type 21 has an invalid length. [ 227.685231][ T9819] netlink: 'syz.4.1281': attribute type 4 has an invalid length. [ 227.986010][ T9835] vlan0: entered promiscuous mode [ 228.024216][ T9838] netlink: 'syz.4.1290': attribute type 7 has an invalid length. [ 228.034073][ T9838] netlink: 'syz.4.1290': attribute type 8 has an invalid length. [ 228.253074][ T9842] netlink: 'syz.0.1292': attribute type 1 has an invalid length. [ 228.343862][ T9846] lo speed is unknown, defaulting to 1000 [ 228.520767][ T9855] netlink: 'syz.2.1296': attribute type 4 has an invalid length. [ 228.633042][ T9858] lo speed is unknown, defaulting to 1000 [ 229.230154][ T9880] vlan3: entered promiscuous mode [ 229.372509][ T9876] macsec0: entered allmulticast mode [ 229.398054][ T9886] veth1_macvtap: entered allmulticast mode [ 229.413237][ T9886] macsec0: left allmulticast mode [ 229.431974][ T9886] veth1_macvtap: left allmulticast mode [ 229.578136][ T9895] dummy0: left allmulticast mode [ 229.594672][ T9895] dummy0: left promiscuous mode [ 229.620324][ T9895] bridge0: port 3(dummy0) entered disabled state [ 229.691024][ T9895] bridge_slave_0: left allmulticast mode [ 229.696757][ T9895] bridge_slave_0: left promiscuous mode [ 229.830405][ T9895] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.871746][ T9895] bridge_slave_1: left allmulticast mode [ 229.891667][ T9895] bridge_slave_1: left promiscuous mode [ 229.909121][ T9895] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.955083][ T9895] team_slave_0: left promiscuous mode [ 229.989261][ T9895] team0: Port device team_slave_0 removed [ 230.012043][ T9895] team_slave_1: left promiscuous mode [ 230.041569][ T9895] team0: Port device team_slave_1 removed [ 230.053200][ T9895] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 230.067608][ T9895] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 230.096158][ T9900] macsec1: entered allmulticast mode [ 230.107009][ T9900] batadv0: entered allmulticast mode [ 230.133095][ T9900] batadv0: left allmulticast mode [ 230.203299][ T9905] __nla_validate_parse: 15 callbacks suppressed [ 230.203317][ T9905] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1315'. [ 230.265434][ T9907] FAULT_INJECTION: forcing a failure. [ 230.265434][ T9907] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 230.281429][ T9907] CPU: 1 UID: 0 PID: 9907 Comm: syz.3.1317 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 230.281452][ T9907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 230.281462][ T9907] Call Trace: [ 230.281469][ T9907] [ 230.281477][ T9907] dump_stack_lvl+0x189/0x250 [ 230.281501][ T9907] ? __lock_acquire+0xaac/0xd20 [ 230.281526][ T9907] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.281548][ T9907] ? __pfx__printk+0x10/0x10 [ 230.281565][ T9907] ? __might_fault+0xb0/0x130 [ 230.281597][ T9907] should_fail_ex+0x414/0x560 [ 230.281620][ T9907] _copy_from_user+0x2d/0xb0 [ 230.281641][ T9907] nr_setsockopt+0x15b/0x3d0 [ 230.281667][ T9907] ? __pfx_nr_setsockopt+0x10/0x10 [ 230.281689][ T9907] ? aa_sock_opt_perm+0x74/0x110 [ 230.281709][ T9907] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 230.281732][ T9907] ? __pfx_nr_setsockopt+0x10/0x10 [ 230.281755][ T9907] do_sock_setsockopt+0x257/0x3e0 [ 230.281779][ T9907] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 230.281805][ T9907] ? ksys_write+0x1e1/0x250 [ 230.281831][ T9907] __x64_sys_setsockopt+0x18b/0x220 [ 230.281858][ T9907] do_syscall_64+0xf6/0x210 [ 230.281876][ T9907] ? clear_bhb_loop+0x45/0xa0 [ 230.281896][ T9907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.281912][ T9907] RIP: 0033:0x7fc90a58e969 [ 230.281927][ T9907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.281940][ T9907] RSP: 002b:00007fc90b441038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 230.281957][ T9907] RAX: ffffffffffffffda RBX: 00007fc90a7b5fa0 RCX: 00007fc90a58e969 [ 230.281969][ T9907] RDX: 0000000000000003 RSI: 0000000000000103 RDI: 0000000000000004 [ 230.281979][ T9907] RBP: 00007fc90b441090 R08: 0000000000000004 R09: 0000000000000000 [ 230.281989][ T9907] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 230.281999][ T9907] R13: 0000000000000000 R14: 00007fc90a7b5fa0 R15: 00007ffc89747ff8 [ 230.282027][ T9907] [ 230.716596][ T9926] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 230.723379][ T9926] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 230.806289][ T9914] lo speed is unknown, defaulting to 1000 [ 230.919837][ T9933] netlink: 'syz.0.1326': attribute type 15 has an invalid length. [ 231.290069][ T9949] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1331'. [ 231.418800][ T9955] netlink: 'syz.0.1333': attribute type 1 has an invalid length. [ 231.708036][ T9959] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1334'. [ 231.906610][ T9971] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1337'. [ 231.948271][ T9966] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 232.440113][ T9986] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1344'. [ 232.555889][ T9990] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1345'. [ 232.635818][ T9993] syzkaller1: entered promiscuous mode [ 232.660475][ T9993] syzkaller1: entered allmulticast mode [ 232.794075][T10004] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1351'. [ 232.904575][T10004] lo speed is unknown, defaulting to 1000 [ 233.223286][T10022] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1353'. [ 233.341757][T10018] netlink: 'syz.4.1353': attribute type 1 has an invalid length. [ 233.399931][T10018] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1353'. [ 233.428761][T10029] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1357'. [ 233.947575][T10041] 8021q: VLANs not supported on ip6_vti0 [ 234.252015][T10048] tipc: Enabled bearer , priority 10 [ 234.462388][T10055] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 234.801719][T10061] ieee802154 phy0 wpan0: encryption failed: -22 [ 234.842626][T10063] netlink: 'syz.2.1368': attribute type 7 has an invalid length. [ 234.961831][T10067] netlink: 'syz.0.1367': attribute type 1 has an invalid length. [ 235.135989][T10073] netlink: 'syz.1.1370': attribute type 1 has an invalid length. [ 235.371687][ T5879] tipc: Node number set to 1452371858 [ 235.643993][T10103] __nla_validate_parse: 6 callbacks suppressed [ 235.644010][T10103] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1379'. [ 235.928917][T10108] xt_CT: No such helper "pptp" [ 236.054704][T10116] FAULT_INJECTION: forcing a failure. [ 236.054704][T10116] name failslab, interval 1, probability 0, space 0, times 0 [ 236.124179][T10116] CPU: 0 UID: 0 PID: 10116 Comm: syz.0.1385 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 236.124227][T10116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 236.124249][T10116] Call Trace: [ 236.124264][T10116] [ 236.124294][T10116] dump_stack_lvl+0x189/0x250 [ 236.124325][T10116] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.124354][T10116] ? __pfx__printk+0x10/0x10 [ 236.124376][T10116] ? __pfx___might_resched+0x10/0x10 [ 236.124391][T10116] ? fs_reclaim_acquire+0x7d/0x100 [ 236.124417][T10116] should_fail_ex+0x414/0x560 [ 236.124439][T10116] should_failslab+0xa8/0x100 [ 236.124461][T10116] __kmalloc_cache_node_noprof+0x73/0x3d0 [ 236.124481][T10116] ? __get_vm_area_node+0x131/0x2d0 [ 236.124506][T10116] __get_vm_area_node+0x131/0x2d0 [ 236.124530][T10116] __vmalloc_node_range_noprof+0x2f1/0x12c0 [ 236.124551][T10116] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 236.124594][T10116] ? aa_get_newest_label+0xf7/0x5d0 [ 236.124614][T10116] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 236.124635][T10116] ? _parse_integer_limit+0x1ae/0x1f0 [ 236.124655][T10116] ? rcu_is_watching+0x15/0xb0 [ 236.124679][T10116] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 236.124698][T10116] __vmalloc_noprof+0x7a/0x90 [ 236.124718][T10116] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 236.124738][T10116] bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 236.124763][T10116] bpf_prog_alloc+0x3c/0x1a0 [ 236.124785][T10116] bpf_prog_load+0x735/0x1930 [ 236.124813][T10116] ? __lock_acquire+0xaac/0xd20 [ 236.124835][T10116] ? __pfx_bpf_prog_load+0x10/0x10 [ 236.124877][T10116] ? bpf_lsm_bpf+0x9/0x20 [ 236.124895][T10116] ? security_bpf+0x7e/0x300 [ 236.124914][T10116] __sys_bpf+0x5f1/0x860 [ 236.124935][T10116] ? __pfx___sys_bpf+0x10/0x10 [ 236.124968][T10116] ? ksys_write+0x1f0/0x250 [ 236.124998][T10116] __x64_sys_bpf+0x7c/0x90 [ 236.125017][T10116] do_syscall_64+0xf6/0x210 [ 236.125036][T10116] ? clear_bhb_loop+0x45/0xa0 [ 236.125057][T10116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.125073][T10116] RIP: 0033:0x7f723d78e969 [ 236.125088][T10116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.125101][T10116] RSP: 002b:00007f723e5ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 236.125120][T10116] RAX: ffffffffffffffda RBX: 00007f723d9b5fa0 RCX: 00007f723d78e969 [ 236.125132][T10116] RDX: 0000000000000094 RSI: 0000200000000340 RDI: 0000000000000005 [ 236.125142][T10116] RBP: 00007f723e5ef090 R08: 0000000000000000 R09: 0000000000000000 [ 236.125153][T10116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 236.125163][T10116] R13: 0000000000000001 R14: 00007f723d9b5fa0 R15: 00007ffce59327d8 [ 236.125192][T10116] [ 236.125393][T10116] syz.0.1385: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 236.508727][T10128] FAULT_INJECTION: forcing a failure. [ 236.508727][T10128] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 236.534289][T10116] CPU: 0 UID: 0 PID: 10116 Comm: syz.0.1385 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 236.534323][T10116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 236.534334][T10116] Call Trace: [ 236.534341][T10116] [ 236.534349][T10116] dump_stack_lvl+0x189/0x250 [ 236.534379][T10116] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.534400][T10116] ? __pfx__printk+0x10/0x10 [ 236.534417][T10116] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 236.534434][T10116] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 236.534452][T10116] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 236.534471][T10116] warn_alloc+0x214/0x310 [ 236.534500][T10116] ? __pfx_warn_alloc+0x10/0x10 [ 236.534531][T10116] ? __get_vm_area_node+0x27f/0x2d0 [ 236.534557][T10116] __vmalloc_node_range_noprof+0x316/0x12c0 [ 236.534601][T10116] ? aa_get_newest_label+0xf7/0x5d0 [ 236.534621][T10116] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 236.534642][T10116] ? _parse_integer_limit+0x1ae/0x1f0 [ 236.534663][T10116] ? rcu_is_watching+0x15/0xb0 [ 236.534687][T10116] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 236.534706][T10116] __vmalloc_noprof+0x7a/0x90 [ 236.534726][T10116] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 236.534745][T10116] bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 236.534768][T10116] bpf_prog_alloc+0x3c/0x1a0 [ 236.534790][T10116] bpf_prog_load+0x735/0x1930 [ 236.534815][T10116] ? __lock_acquire+0xaac/0xd20 [ 236.534835][T10116] ? __pfx_bpf_prog_load+0x10/0x10 [ 236.534873][T10116] ? bpf_lsm_bpf+0x9/0x20 [ 236.534889][T10116] ? security_bpf+0x7e/0x300 [ 236.534907][T10116] __sys_bpf+0x5f1/0x860 [ 236.534925][T10116] ? __pfx___sys_bpf+0x10/0x10 [ 236.534953][T10116] ? ksys_write+0x1f0/0x250 [ 236.534982][T10116] __x64_sys_bpf+0x7c/0x90 [ 236.535001][T10116] do_syscall_64+0xf6/0x210 [ 236.535017][T10116] ? clear_bhb_loop+0x45/0xa0 [ 236.535036][T10116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.535051][T10116] RIP: 0033:0x7f723d78e969 [ 236.535065][T10116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.535079][T10116] RSP: 002b:00007f723e5ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 236.535096][T10116] RAX: ffffffffffffffda RBX: 00007f723d9b5fa0 RCX: 00007f723d78e969 [ 236.535107][T10116] RDX: 0000000000000094 RSI: 0000200000000340 RDI: 0000000000000005 [ 236.535118][T10116] RBP: 00007f723e5ef090 R08: 0000000000000000 R09: 0000000000000000 [ 236.535126][T10116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 236.535135][T10116] R13: 0000000000000001 R14: 00007f723d9b5fa0 R15: 00007ffce59327d8 [ 236.535162][T10116] [ 236.535178][T10116] Mem-Info: [ 236.608734][T10128] CPU: 1 UID: 0 PID: 10128 Comm: syz.4.1390 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 236.608758][T10128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 236.608768][T10128] Call Trace: [ 236.608775][T10128] [ 236.608782][T10128] dump_stack_lvl+0x189/0x250 [ 236.608806][T10128] ? __lock_acquire+0xaac/0xd20 [ 236.608829][T10128] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.608850][T10128] ? __pfx__printk+0x10/0x10 [ 236.608866][T10128] ? __might_fault+0xb0/0x130 [ 236.608897][T10128] should_fail_ex+0x414/0x560 [ 236.608917][T10128] _copy_from_iter+0x1db/0x15a0 [ 236.608943][T10128] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 236.608961][T10128] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 236.608982][T10128] ? __pfx__copy_from_iter+0x10/0x10 [ 236.609001][T10128] ? __build_skb_around+0x257/0x3e0 [ 236.609023][T10128] ? netlink_sendmsg+0x642/0xb30 [ 236.609041][T10128] ? skb_put+0x11b/0x210 [ 236.609064][T10128] netlink_sendmsg+0x6b2/0xb30 [ 236.609091][T10128] ? __pfx_netlink_sendmsg+0x10/0x10 [ 236.609113][T10128] ? aa_sock_msg_perm+0x94/0x160 [ 236.609132][T10128] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 236.609149][T10128] ? __pfx_netlink_sendmsg+0x10/0x10 [ 236.609169][T10128] __sock_sendmsg+0x219/0x270 [ 236.609188][T10128] ____sys_sendmsg+0x505/0x830 [ 236.609213][T10128] ? __pfx_____sys_sendmsg+0x10/0x10 [ 236.609242][T10128] ? import_iovec+0x74/0xa0 [ 236.609266][T10128] ___sys_sendmsg+0x21f/0x2a0 [ 236.609288][T10128] ? __pfx____sys_sendmsg+0x10/0x10 [ 236.609339][T10128] ? __fget_files+0x2a/0x420 [ 236.609358][T10128] ? __fget_files+0x3a0/0x420 [ 236.609386][T10128] __x64_sys_sendmsg+0x19b/0x260 [ 236.609409][T10128] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 236.609445][T10128] ? do_syscall_64+0xba/0x210 [ 236.609465][T10128] do_syscall_64+0xf6/0x210 [ 236.609482][T10128] ? clear_bhb_loop+0x45/0xa0 [ 236.609501][T10128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.609516][T10128] RIP: 0033:0x7fba8058e969 [ 236.609530][T10128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.609544][T10128] RSP: 002b:00007fba7e3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 236.609567][T10128] RAX: ffffffffffffffda RBX: 00007fba807b5fa0 RCX: 00007fba8058e969 [ 236.609578][T10128] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 236.609588][T10128] RBP: 00007fba7e3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 236.609601][T10128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 236.609610][T10128] R13: 0000000000000000 R14: 00007fba807b5fa0 R15: 00007ffce2aa2788 [ 236.609637][T10128] [ 236.699134][T10134] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1393'. [ 236.729745][T10116] active_anon:12217 inactive_anon:0 isolated_anon:0 [ 236.729745][T10116] active_file:1486 inactive_file:39889 isolated_file:0 [ 236.729745][T10116] unevictable:768 dirty:326 writeback:0 [ 236.729745][T10116] slab_reclaimable:11444 slab_unreclaimable:107752 [ 236.729745][T10116] mapped:34565 shmem:1412 pagetables:855 [ 236.729745][T10116] sec_pagetables:0 bounce:0 [ 236.729745][T10116] kernel_misc_reclaimable:0 [ 236.729745][T10116] free:1321423 free_pcp:439 free_cma:0 [ 237.022637][T10140] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1395'. [ 237.165862][T10116] Node 0 active_anon:50216kB inactive_anon:0kB active_file:5944kB inactive_file:159356kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:138256kB dirty:1304kB writeback:0kB shmem:4112kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12600kB pagetables:3400kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 237.219881][T10116] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 237.262062][T10142] netlink: 'syz.1.1396': attribute type 1 has an invalid length. [ 237.276782][T10116] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 237.282655][T10140] 8021q: adding VLAN 0 to HW filter on device team1 [ 237.315836][T10116] lowmem_reserve[]: 0 2503 2504 2504 2504 [ 237.323287][T10116] Node 0 DMA32 free:1357488kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB active_anon:50708kB inactive_anon:0kB active_file:5944kB inactive_file:159264kB unevictable:1536kB writepending:1304kB present:3129332kB managed:2564048kB mlocked:0kB bounce:0kB free_pcp:2084kB local_pcp:664kB free_cma:0kB [ 237.387711][T10116] lowmem_reserve[]: 0 0 0 0 0 [ 237.406505][T10116] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:92kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 237.422432][T10142] bond3: entered promiscuous mode [ 237.438604][T10142] 8021q: adding VLAN 0 to HW filter on device bond3 [ 237.446849][T10116] lowmem_reserve[]: 0 0 0 0 0 [ 237.451672][T10116] Node 1 Normal free:3910560kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 237.480980][T10116] lowmem_reserve[]: 0 0 0 0 0 [ 237.485738][T10116] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 237.501077][T10116] Node 0 DMA32: 412*4kB (UME) 208*8kB (UM) 304*16kB (UME) 81*32kB (UME) 655*64kB (UME) 168*128kB (UM) 71*256kB (UME) 14*512kB (UM) 32*1024kB (UM) 16*2048kB (UME) 293*4096kB (UM) = 1365200kB [ 237.520165][T10116] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 237.531889][T10116] Node 1 Normal: 228*4kB (UME) 40*8kB (UME) 45*16kB (UME) 210*32kB (UME) 85*64kB (UME) 33*128kB (UME) 14*256kB (UME) 9*512kB (UM) 5*1024kB (UME) 4*2048kB (UE) 945*4096kB (M) = 3910560kB [ 237.550662][T10116] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 237.560315][T10116] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 237.569677][T10116] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 237.575668][T10144] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 237.579230][T10116] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 237.579251][T10116] 42784 total pagecache pages [ 237.579271][T10116] 0 pages in swap cache [ 237.579279][T10116] Free swap = 124996kB [ 237.607971][T10144] bond3: (slave batadv2): making interface the new active one [ 237.625963][T10144] batadv2: entered promiscuous mode [ 237.634655][T10144] bond3: (slave batadv2): Enslaving as an active interface with an up link [ 237.643826][T10116] Total swap = 124996kB [ 237.648298][T10116] 2097051 pages RAM [ 237.653638][T10116] 0 pages HighMem/MovableOnly [ 237.658484][T10116] 424381 pages reserved [ 237.665796][T10116] 0 pages cma reserved [ 238.615105][T10199] !: renamed from dummy0 [ 238.721773][T10205] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 238.805077][T10205] lo speed is unknown, defaulting to 1000 [ 238.825025][T10211] Cannot find set identified by id 2 to match [ 239.010630][T10218] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1422'. [ 239.038847][T10218] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1422'. [ 239.391766][T10224] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1423'. [ 239.451253][T10224] netlink: 'syz.1.1423': attribute type 1 has an invalid length. [ 239.459136][T10224] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1423'. [ 239.672318][T10236] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 239.775436][T10231] lo speed is unknown, defaulting to 1000 [ 239.779896][T10240] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1424'. [ 239.906133][T10205] lo speed is unknown, defaulting to 1000 [ 240.265490][T10262] sctp: [Deprecated]: syz.3.1428 (pid 10262) Use of struct sctp_assoc_value in delayed_ack socket option. [ 240.265490][T10262] Use struct sctp_sack_info instead [ 240.435206][T10265] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1431'. [ 240.970766][T10285] Bluetooth: MGMT ver 1.23 [ 241.151920][ T30] audit: type=1107 audit(1747162408.136:2): pid=10276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='1' [ 241.180649][T10277] hsr0 speed is unknown, defaulting to 1000 [ 241.188633][T10277] hsr0 speed is unknown, defaulting to 1000 [ 241.214553][T10277] hsr0 speed is unknown, defaulting to 1000 [ 241.270261][T10277] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 241.309960][T10277] hsr0 speed is unknown, defaulting to 1000 [ 241.317919][T10277] hsr0 speed is unknown, defaulting to 1000 [ 241.325771][T10277] hsr0 speed is unknown, defaulting to 1000 [ 241.325925][T10303] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1442'. [ 241.336877][T10277] hsr0 speed is unknown, defaulting to 1000 [ 241.375377][T10277] hsr0 speed is unknown, defaulting to 1000 [ 241.401627][T10277] hsr0 speed is unknown, defaulting to 1000 [ 241.468585][T10277] hsr0 speed is unknown, defaulting to 1000 [ 241.544891][T10310] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1444'. [ 241.710200][T10313] lo speed is unknown, defaulting to 1000 [ 241.734512][T10317] ip6tnl2: entered promiscuous mode [ 241.789794][T10317] ip6tnl2: entered allmulticast mode [ 241.839514][T10313] hsr0 speed is unknown, defaulting to 1000 [ 241.966273][T10315] lo speed is unknown, defaulting to 1000 [ 242.011770][T10334] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 242.134604][T10315] hsr0 speed is unknown, defaulting to 1000 [ 242.352823][T10344] bond0 (unregistering): left promiscuous mode [ 242.367950][T10344] ip6gretap1: left promiscuous mode [ 242.403001][T10344] bond0 (unregistering): (slave ip6gretap1): Releasing backup interface [ 242.448943][T10344] bond0 (unregistering): Released all slaves [ 242.801731][T10356] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1460'. [ 242.871540][ T30] audit: type=1107 audit(1747162409.876:3): pid=10358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 243.245832][T10377] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1468'. [ 243.419444][T10386] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1473'. [ 243.506512][T10391] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1474'. [ 243.518006][T10386] netlink: 'syz.1.1473': attribute type 1 has an invalid length. [ 243.525877][T10386] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1473'. [ 243.614946][T10394] vlan0: entered promiscuous mode [ 243.671954][T10389] lo speed is unknown, defaulting to 1000 [ 243.689447][T10396] netlink: 'syz.3.1475': attribute type 23 has an invalid length. [ 243.799248][T10401] 8021q: adding VLAN 0 to HW filter on device team0 [ 243.821714][T10401] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 243.848453][T10389] hsr0 speed is unknown, defaulting to 1000 [ 244.104989][T10418] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1483'. [ 244.610177][T10439] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1491'. [ 244.622426][T10445] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1490'. [ 245.043557][T10460] lo speed is unknown, defaulting to 1000 [ 245.051646][T10460] hsr0 speed is unknown, defaulting to 1000 [ 246.367779][T10520] __nla_validate_parse: 2 callbacks suppressed [ 246.367798][T10520] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1523'. [ 246.402090][T10522] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1522'. [ 246.433387][T10520] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1523'. [ 246.505969][T10525] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1524'. [ 246.578023][T10525] netlink: 'syz.2.1524': attribute type 1 has an invalid length. [ 246.589853][T10525] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1524'. [ 246.696695][T10542] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1528'. [ 246.749409][T10542] ip6gretap0: entered promiscuous mode [ 246.766506][T10542] macvtap2: entered promiscuous mode [ 246.803361][T10542] macvtap2: entered allmulticast mode [ 246.814888][T10542] ip6gretap0: entered allmulticast mode [ 246.862731][T10547] ip6gretap0: left allmulticast mode [ 246.887592][T10547] ip6gretap0: left promiscuous mode [ 246.911750][T10555] xt_recent: hitcount (33554432) is larger than allowed maximum (65535) [ 246.954294][T10556] veth0_to_bridge: entered promiscuous mode [ 246.964011][T10556] macsec1: entered promiscuous mode [ 246.974494][T10556] macsec1: entered allmulticast mode [ 246.980982][T10561] xt_recent: hitcount (33554432) is larger than allowed maximum (65535) [ 246.986607][T10556] veth0_to_bridge: entered allmulticast mode [ 247.078024][T10562] xt_CT: No such helper "pptp" [ 247.165141][T10567] xt_CT: No such helper "pptp" [ 247.172099][T10556] veth0_to_bridge: left allmulticast mode [ 247.185057][T10556] veth0_to_bridge: left promiscuous mode [ 247.316875][T10552] lo speed is unknown, defaulting to 1000 [ 247.338834][T10552] hsr0 speed is unknown, defaulting to 1000 [ 247.502916][T10575] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1537'. [ 247.570949][T10580] netlink: 'syz.1.1538': attribute type 2 has an invalid length. [ 247.578736][T10580] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1538'. [ 247.855434][T10592] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1543'. [ 247.919026][T10595] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1544'. [ 247.936881][T10595] netlink: 'syz.4.1544': attribute type 1 has an invalid length. [ 248.716330][T10622] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.806989][T10636] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 248.863658][T10622] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.988875][T10622] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.161236][T10622] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.430942][T10622] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.442607][T10661] FAULT_INJECTION: forcing a failure. [ 249.442607][T10661] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 249.470759][T10622] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.500138][T10661] CPU: 1 UID: 0 PID: 10661 Comm: syz.2.1569 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 249.500162][T10661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 249.500187][T10661] Call Trace: [ 249.500193][T10661] [ 249.500199][T10661] dump_stack_lvl+0x189/0x250 [ 249.500223][T10661] ? __lock_acquire+0xaac/0xd20 [ 249.500244][T10661] ? __pfx_dump_stack_lvl+0x10/0x10 [ 249.500262][T10661] ? __pfx__printk+0x10/0x10 [ 249.500277][T10661] ? __might_fault+0xb0/0x130 [ 249.500304][T10661] should_fail_ex+0x414/0x560 [ 249.500324][T10661] _copy_from_user+0x2d/0xb0 [ 249.500346][T10661] __sys_bpf+0x1ed/0x860 [ 249.500366][T10661] ? __pfx___sys_bpf+0x10/0x10 [ 249.500392][T10661] ? ksys_write+0x1f0/0x250 [ 249.500408][T10661] ? rcu_is_watching+0x15/0xb0 [ 249.500438][T10661] __x64_sys_bpf+0x7c/0x90 [ 249.500454][T10661] do_syscall_64+0xf6/0x210 [ 249.500471][T10661] ? clear_bhb_loop+0x45/0xa0 [ 249.500489][T10661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.500503][T10661] RIP: 0033:0x7fdf2118e969 [ 249.500519][T10661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.500532][T10661] RSP: 002b:00007fdf22073038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 249.500550][T10661] RAX: ffffffffffffffda RBX: 00007fdf213b5fa0 RCX: 00007fdf2118e969 [ 249.500562][T10661] RDX: 0000000000000020 RSI: 0000200000001380 RDI: 0000000000000003 [ 249.500573][T10661] RBP: 00007fdf22073090 R08: 0000000000000000 R09: 0000000000000000 [ 249.500583][T10661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 249.500593][T10661] R13: 0000000000000000 R14: 00007fdf213b5fa0 R15: 00007fffad5daf28 [ 249.500622][T10661] [ 249.509212][T10665] vlan3: entered promiscuous mode [ 249.728984][T10622] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.740056][T10668] 8021q: VLANs not supported on vcan0 [ 249.786903][T10622] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.172400][T10677] xt_CT: No such helper "pptp" [ 250.629546][T10702] lo speed is unknown, defaulting to 1000 [ 250.661945][T10702] hsr0 speed is unknown, defaulting to 1000 [ 250.841354][T10710] netlink: 'syz.1.1586': attribute type 3 has an invalid length. [ 251.676586][T10726] __nla_validate_parse: 7 callbacks suppressed [ 251.676606][T10726] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1590'. [ 251.821462][T10732] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1593'. [ 251.966898][T10738] lo speed is unknown, defaulting to 1000 [ 252.025318][T10738] hsr0 speed is unknown, defaulting to 1000 [ 252.037627][T10744] netlink: 'syz.0.1598': attribute type 2 has an invalid length. [ 252.077912][T10744] netlink: 'syz.0.1598': attribute type 2 has an invalid length. [ 252.132772][T10746] sctp: [Deprecated]: syz.3.1599 (pid 10746) Use of int in max_burst socket option. [ 252.132772][T10746] Use struct sctp_assoc_value instead [ 252.609996][T10764] netlink: 248 bytes leftover after parsing attributes in process `syz.4.1605'. [ 252.658285][T10766] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1608'. [ 252.779010][T10769] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1607'. [ 252.819722][T10764] netlink: 'syz.4.1605': attribute type 4 has an invalid length. [ 252.860789][T10772] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1609'. [ 252.956659][T10772] netlink: 'syz.0.1609': attribute type 1 has an invalid length. [ 252.992654][T10772] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1609'. [ 253.829901][T10819] sctp: [Deprecated]: syz.0.1628 (pid 10819) Use of int in max_burst socket option. [ 253.829901][T10819] Use struct sctp_assoc_value instead [ 253.896058][T10829] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 253.902560][T10829] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 254.401401][T10863] Cannot find set identified by id 2 to match [ 254.452694][T10849] lo speed is unknown, defaulting to 1000 [ 254.578965][T10849] hsr0 speed is unknown, defaulting to 1000 [ 254.599145][T10872] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 255.033066][T10885] netlink: 'syz.1.1654': attribute type 16 has an invalid length. [ 255.055087][T10885] netlink: 'syz.1.1654': attribute type 17 has an invalid length. [ 255.192793][T10891] netlink: 'syz.1.1654': attribute type 9 has an invalid length. [ 255.211487][T10891] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1654'. [ 255.493018][T10900] xt_recent: hitcount (33554432) is larger than allowed maximum (65535) [ 255.697169][T10904] xt_CT: No such helper "pptp" [ 255.745410][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.752336][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.799404][T10885] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.819746][T10885] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.828681][T10885] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.868440][T10885] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.028306][T10891] macvlan2: entered promiscuous mode [ 256.044307][T10891] hsr0: entered promiscuous mode [ 256.060392][T10891] macvlan2: entered allmulticast mode [ 256.065826][T10891] hsr0: entered allmulticast mode [ 256.081090][T10891] hsr_slave_0: entered allmulticast mode [ 256.089299][T10891] hsr_slave_1: entered allmulticast mode [ 256.400360][T10923] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1665'. [ 256.409999][T10926] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1664'. [ 256.527382][T10924] xt_CT: No such helper "snmp" [ 256.995302][T10962] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1678'. [ 257.080907][T10967] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1680'. [ 257.273910][T10976] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 257.323713][T10976] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1684'. [ 257.328219][T10980] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 257.358964][T10979] vlan3: entered promiscuous mode [ 257.742940][T10997] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1693'. [ 257.828781][T11003] FAULT_INJECTION: forcing a failure. [ 257.828781][T11003] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 257.875012][T11003] CPU: 0 UID: 0 PID: 11003 Comm: syz.2.1694 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 257.875036][T11003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 257.875045][T11003] Call Trace: [ 257.875052][T11003] [ 257.875060][T11003] dump_stack_lvl+0x189/0x250 [ 257.875090][T11003] ? __pfx_dump_stack_lvl+0x10/0x10 [ 257.875120][T11003] ? __pfx__printk+0x10/0x10 [ 257.875147][T11003] should_fail_ex+0x414/0x560 [ 257.875170][T11003] _copy_to_user+0x31/0xb0 [ 257.875193][T11003] simple_read_from_buffer+0xe1/0x170 [ 257.875217][T11003] proc_fail_nth_read+0x1df/0x250 [ 257.875241][T11003] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 257.875266][T11003] ? rw_verify_area+0x258/0x650 [ 257.875283][T11003] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 257.875305][T11003] vfs_read+0x1fd/0x980 [ 257.875328][T11003] ? __pfx___mutex_lock+0x10/0x10 [ 257.875345][T11003] ? __pfx_vfs_read+0x10/0x10 [ 257.875364][T11003] ? __fget_files+0x2a/0x420 [ 257.875388][T11003] ? __fget_files+0x3a0/0x420 [ 257.875405][T11003] ? __fget_files+0x2a/0x420 [ 257.875433][T11003] ksys_read+0x145/0x250 [ 257.875448][T11003] ? rcu_is_watching+0x15/0xb0 [ 257.875469][T11003] ? __pfx_ksys_read+0x10/0x10 [ 257.875489][T11003] ? do_syscall_64+0xba/0x210 [ 257.875509][T11003] do_syscall_64+0xf6/0x210 [ 257.875525][T11003] ? clear_bhb_loop+0x45/0xa0 [ 257.875544][T11003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.875558][T11003] RIP: 0033:0x7fdf2118d37c [ 257.875572][T11003] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 257.875586][T11003] RSP: 002b:00007fdf22073030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 257.875603][T11003] RAX: ffffffffffffffda RBX: 00007fdf213b5fa0 RCX: 00007fdf2118d37c [ 257.875615][T11003] RDX: 000000000000000f RSI: 00007fdf220730a0 RDI: 0000000000000003 [ 257.875625][T11003] RBP: 00007fdf22073090 R08: 0000000000000000 R09: 0000000000000000 [ 257.875636][T11003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 257.875645][T11003] R13: 0000000000000000 R14: 00007fdf213b5fa0 R15: 00007fffad5daf28 [ 257.875673][T11003] [ 258.202024][T11018] xt_hashlimit: size too large, truncated to 1048576 [ 258.202076][T11016] netlink: 'syz.0.1697': attribute type 1 has an invalid length. [ 258.236175][T11019] netlink: 'syz.3.1701': attribute type 5 has an invalid length. [ 258.244435][T11019] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1701'. [ 258.279030][T11016] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1697'. [ 258.289530][T11021] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1702'. [ 258.599472][T11032] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1707'. [ 258.658639][T11033] xt_CT: No such helper "pptp" [ 258.755198][T11037] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20002 - 0 [ 258.783488][T11037] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20002 - 0 [ 258.795153][T11037] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20002 - 0 [ 258.804074][T11037] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20002 - 0 [ 258.813846][T11037] geneve2: entered promiscuous mode [ 258.855665][T11045] netlink: 9286 bytes leftover after parsing attributes in process `syz.4.1710'. [ 259.226922][T11070] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1720'. [ 259.691537][T11082] netlink: 'syz.0.1724': attribute type 1 has an invalid length. [ 259.699422][T11082] netlink: 'syz.0.1724': attribute type 11 has an invalid length. [ 259.778045][T11096] openvswitch: netlink: Duplicate or invalid key (type 0). [ 259.828669][T11096] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 260.180832][T11123] batman_adv: batadv0: Interface deactivated: wlan0 [ 260.187508][T11123] batman_adv: batadv0: Removing interface: wlan0 [ 260.214714][ T6645] lo speed is unknown, defaulting to 1000 [ 260.406660][T11134] netlink: 'syz.1.1741': attribute type 1 has an invalid length. [ 260.489924][T11136] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 260.625571][T11149] delete_channel: no stack [ 260.703038][T11144] xt_CT: No such helper "pptp" [ 260.787985][T11148] lo speed is unknown, defaulting to 1000 [ 260.848795][T11148] hsr0 speed is unknown, defaulting to 1000 [ 261.370606][T11185] FAULT_INJECTION: forcing a failure. [ 261.370606][T11185] name failslab, interval 1, probability 0, space 0, times 0 [ 261.479202][T11191] FAULT_INJECTION: forcing a failure. [ 261.479202][T11191] name failslab, interval 1, probability 0, space 0, times 0 [ 261.499851][T11185] CPU: 1 UID: 0 PID: 11185 Comm: syz.3.1758 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 261.499875][T11185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 261.499886][T11185] Call Trace: [ 261.499892][T11185] [ 261.499899][T11185] dump_stack_lvl+0x189/0x250 [ 261.499928][T11185] ? __pfx_dump_stack_lvl+0x10/0x10 [ 261.499947][T11185] ? __pfx__printk+0x10/0x10 [ 261.499964][T11185] ? __pfx___might_resched+0x10/0x10 [ 261.499976][T11185] ? fs_reclaim_acquire+0x7d/0x100 [ 261.499997][T11185] should_fail_ex+0x414/0x560 [ 261.500015][T11185] should_failslab+0xa8/0x100 [ 261.500033][T11185] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 261.500049][T11185] ? __alloc_skb+0x112/0x2d0 [ 261.500067][T11185] __alloc_skb+0x112/0x2d0 [ 261.500086][T11185] netlink_ack+0x146/0xa50 [ 261.500100][T11185] ? __up_read+0x280/0x680 [ 261.500116][T11185] ? __pfx___up_read+0x10/0x10 [ 261.500136][T11185] rdma_nl_rcv+0x3dc/0x9a0 [ 261.500163][T11185] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 261.500202][T11185] ? netlink_deliver_tap+0x2e/0x1b0 [ 261.500216][T11185] ? netlink_deliver_tap+0x2e/0x1b0 [ 261.500235][T11185] netlink_unicast+0x758/0x8d0 [ 261.500257][T11185] netlink_sendmsg+0x805/0xb30 [ 261.500280][T11185] ? __pfx_netlink_sendmsg+0x10/0x10 [ 261.500297][T11185] ? aa_sock_msg_perm+0x94/0x160 [ 261.500312][T11185] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 261.500327][T11185] ? __pfx_netlink_sendmsg+0x10/0x10 [ 261.500342][T11185] __sock_sendmsg+0x219/0x270 [ 261.500358][T11185] ____sys_sendmsg+0x505/0x830 [ 261.500379][T11185] ? __pfx_____sys_sendmsg+0x10/0x10 [ 261.500402][T11185] ? import_iovec+0x74/0xa0 [ 261.500421][T11185] ___sys_sendmsg+0x21f/0x2a0 [ 261.500439][T11185] ? __pfx____sys_sendmsg+0x10/0x10 [ 261.500483][T11185] ? __fget_files+0x2a/0x420 [ 261.500497][T11185] ? __fget_files+0x3a0/0x420 [ 261.500521][T11185] __x64_sys_sendmsg+0x19b/0x260 [ 261.500543][T11185] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 261.500572][T11185] ? do_syscall_64+0xba/0x210 [ 261.500588][T11185] do_syscall_64+0xf6/0x210 [ 261.500601][T11185] ? clear_bhb_loop+0x45/0xa0 [ 261.500617][T11185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.500629][T11185] RIP: 0033:0x7fc90a58e969 [ 261.500641][T11185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.500653][T11185] RSP: 002b:00007fc90b441038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 261.500672][T11185] RAX: ffffffffffffffda RBX: 00007fc90a7b5fa0 RCX: 00007fc90a58e969 [ 261.500682][T11185] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 261.500690][T11185] RBP: 00007fc90b441090 R08: 0000000000000000 R09: 0000000000000000 [ 261.500698][T11185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 261.500706][T11185] R13: 0000000000000000 R14: 00007fc90a7b5fa0 R15: 00007ffc89747ff8 [ 261.500727][T11185] [ 261.786866][T11191] CPU: 0 UID: 0 PID: 11191 Comm: syz.4.1759 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 261.786890][T11191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 261.786900][T11191] Call Trace: [ 261.786906][T11191] [ 261.786912][T11191] dump_stack_lvl+0x189/0x250 [ 261.786950][T11191] ? __pfx_dump_stack_lvl+0x10/0x10 [ 261.786971][T11191] ? __pfx__printk+0x10/0x10 [ 261.786992][T11191] ? __pfx___might_resched+0x10/0x10 [ 261.787007][T11191] ? fs_reclaim_acquire+0x7d/0x100 [ 261.787034][T11191] should_fail_ex+0x414/0x560 [ 261.787056][T11191] should_failslab+0xa8/0x100 [ 261.787078][T11191] __kmalloc_noprof+0xcb/0x4f0 [ 261.787097][T11191] ? fib6_get_table+0x251/0x270 [ 261.787113][T11191] ? fib6_info_alloc+0x30/0xf0 [ 261.787132][T11191] fib6_info_alloc+0x30/0xf0 [ 261.787150][T11191] ip6_route_info_create+0x147/0xa70 [ 261.787174][T11191] ip6_route_add+0x29/0x2f0 [ 261.787191][T11191] ? ipv6_route_ioctl+0x36f/0x4b0 [ 261.787213][T11191] ipv6_route_ioctl+0x38d/0x4b0 [ 261.787239][T11191] ? __pfx_ipv6_route_ioctl+0x10/0x10 [ 261.787292][T11191] inet6_ioctl+0x219/0x280 [ 261.787310][T11191] ? __pfx_inet6_ioctl+0x10/0x10 [ 261.787337][T11191] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 261.787361][T11191] sock_do_ioctl+0xd9/0x300 [ 261.787382][T11191] ? __pfx_sock_do_ioctl+0x10/0x10 [ 261.787399][T11191] ? __lock_acquire+0xaac/0xd20 [ 261.787433][T11191] sock_ioctl+0x576/0x790 [ 261.787451][T11191] ? __pfx_sock_ioctl+0x10/0x10 [ 261.787470][T11191] ? __fget_files+0x3a0/0x420 [ 261.787488][T11191] ? __fget_files+0x2a/0x420 [ 261.787511][T11191] ? bpf_lsm_file_ioctl+0x9/0x20 [ 261.787531][T11191] ? __pfx_sock_ioctl+0x10/0x10 [ 261.787546][T11191] __se_sys_ioctl+0xf9/0x170 [ 261.787566][T11191] do_syscall_64+0xf6/0x210 [ 261.787584][T11191] ? clear_bhb_loop+0x45/0xa0 [ 261.787604][T11191] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.787620][T11191] RIP: 0033:0x7fba8058e969 [ 261.787635][T11191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.787650][T11191] RSP: 002b:00007fba7e3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 261.787667][T11191] RAX: ffffffffffffffda RBX: 00007fba807b5fa0 RCX: 00007fba8058e969 [ 261.787680][T11191] RDX: 0000200000000580 RSI: 000000000000890b RDI: 0000000000000003 [ 261.787689][T11191] RBP: 00007fba7e3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 261.787700][T11191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 261.787710][T11191] R13: 0000000000000000 R14: 00007fba807b5fa0 R15: 00007ffce2aa2788 [ 261.787738][T11191] [ 262.055599][T11193] __nla_validate_parse: 12 callbacks suppressed [ 262.055617][T11193] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1760'. [ 262.193540][T11201] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1764'. [ 262.281611][T11204] xt_recent: hitcount (33554432) is larger than allowed maximum (65535) [ 262.356070][T11206] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1765'. [ 262.531856][T11221] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1770'. [ 262.563913][T11217] xt_CT: No such helper "pptp" [ 262.669825][T11226] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1772'. [ 263.018773][T11239] vlan3: entered promiscuous mode [ 263.085141][T11249] sctp: [Deprecated]: syz.1.1775 (pid 11249) Use of int in maxseg socket option. [ 263.085141][T11249] Use struct sctp_assoc_value instead [ 263.217200][T11253] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1781'. [ 263.245088][T11255] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1780'. [ 263.261536][T11258] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1780'. [ 263.276029][T11258] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1780'. [ 263.312017][T11255] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1780'. [ 263.894807][T11289] xt_CT: No such helper "pptp" [ 264.147480][T11305] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 265.028358][T11356] vlan0: entered promiscuous mode [ 265.105636][T11366] FAULT_INJECTION: forcing a failure. [ 265.105636][T11366] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 265.119441][T11366] CPU: 1 UID: 0 PID: 11366 Comm: syz.4.1825 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 265.119465][T11366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 265.119476][T11366] Call Trace: [ 265.119482][T11366] [ 265.119490][T11366] dump_stack_lvl+0x189/0x250 [ 265.119514][T11366] ? __lock_acquire+0xaac/0xd20 [ 265.119538][T11366] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.119559][T11366] ? __pfx__printk+0x10/0x10 [ 265.119576][T11366] ? __might_fault+0xb0/0x130 [ 265.119608][T11366] should_fail_ex+0x414/0x560 [ 265.119629][T11366] _copy_from_user+0x2d/0xb0 [ 265.119650][T11366] ___sys_sendmsg+0x158/0x2a0 [ 265.119673][T11366] ? __pfx____sys_sendmsg+0x10/0x10 [ 265.119734][T11366] ? __fget_files+0x2a/0x420 [ 265.119753][T11366] ? __fget_files+0x3a0/0x420 [ 265.119782][T11366] __x64_sys_sendmsg+0x19b/0x260 [ 265.119805][T11366] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 265.119840][T11366] ? do_syscall_64+0xba/0x210 [ 265.119860][T11366] do_syscall_64+0xf6/0x210 [ 265.119877][T11366] ? clear_bhb_loop+0x45/0xa0 [ 265.119897][T11366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.119912][T11366] RIP: 0033:0x7fba8058e969 [ 265.119927][T11366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.119941][T11366] RSP: 002b:00007fba7e3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 265.119959][T11366] RAX: ffffffffffffffda RBX: 00007fba807b5fa0 RCX: 00007fba8058e969 [ 265.119971][T11366] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 265.119982][T11366] RBP: 00007fba7e3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 265.119992][T11366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 265.120002][T11366] R13: 0000000000000000 R14: 00007fba807b5fa0 R15: 00007ffce2aa2788 [ 265.120030][T11366] [ 265.332159][T11369] FAULT_INJECTION: forcing a failure. [ 265.332159][T11369] name failslab, interval 1, probability 0, space 0, times 0 [ 265.344968][T11369] CPU: 1 UID: 0 PID: 11369 Comm: syz.2.1827 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 265.344988][T11369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 265.344997][T11369] Call Trace: [ 265.345003][T11369] [ 265.345010][T11369] dump_stack_lvl+0x189/0x250 [ 265.345038][T11369] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.345056][T11369] ? __pfx__printk+0x10/0x10 [ 265.345079][T11369] ? __pfx___might_resched+0x10/0x10 [ 265.345094][T11369] ? fs_reclaim_acquire+0x7d/0x100 [ 265.345121][T11369] should_fail_ex+0x414/0x560 [ 265.345143][T11369] should_failslab+0xa8/0x100 [ 265.345165][T11369] __kmalloc_noprof+0xcb/0x4f0 [ 265.345183][T11369] ? nf_tables_newrule+0x1506/0x2890 [ 265.345203][T11369] ? nla_strcmp+0x106/0x140 [ 265.345224][T11369] nf_tables_newrule+0x1506/0x2890 [ 265.345260][T11369] ? __pfx_nf_tables_newrule+0x10/0x10 [ 265.345282][T11369] ? nfnl_pernet+0x23/0x240 [ 265.345308][T11369] ? __nla_parse+0x40/0x60 [ 265.345331][T11369] nfnetlink_rcv+0x113f/0x2530 [ 265.345380][T11369] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 265.345394][T11369] ? stack_depot_save_flags+0x40/0x910 [ 265.345479][T11369] ? netlink_deliver_tap+0x2e/0x1b0 [ 265.345498][T11369] ? netlink_deliver_tap+0x2e/0x1b0 [ 265.345523][T11369] netlink_unicast+0x758/0x8d0 [ 265.345553][T11369] netlink_sendmsg+0x805/0xb30 [ 265.345581][T11369] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.345604][T11369] ? aa_sock_msg_perm+0x94/0x160 [ 265.345624][T11369] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 265.345642][T11369] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.345662][T11369] __sock_sendmsg+0x219/0x270 [ 265.345692][T11369] ____sys_sendmsg+0x505/0x830 [ 265.345719][T11369] ? __pfx_____sys_sendmsg+0x10/0x10 [ 265.345749][T11369] ? import_iovec+0x74/0xa0 [ 265.345773][T11369] ___sys_sendmsg+0x21f/0x2a0 [ 265.345797][T11369] ? __pfx____sys_sendmsg+0x10/0x10 [ 265.345854][T11369] ? __fget_files+0x2a/0x420 [ 265.345872][T11369] ? __fget_files+0x3a0/0x420 [ 265.345902][T11369] __x64_sys_sendmsg+0x19b/0x260 [ 265.345925][T11369] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 265.345962][T11369] ? do_syscall_64+0xba/0x210 [ 265.345982][T11369] do_syscall_64+0xf6/0x210 [ 265.345998][T11369] ? clear_bhb_loop+0x45/0xa0 [ 265.346019][T11369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.346035][T11369] RIP: 0033:0x7fdf2118e969 [ 265.346050][T11369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.346064][T11369] RSP: 002b:00007fdf22073038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 265.346081][T11369] RAX: ffffffffffffffda RBX: 00007fdf213b5fa0 RCX: 00007fdf2118e969 [ 265.346092][T11369] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 265.346102][T11369] RBP: 00007fdf22073090 R08: 0000000000000000 R09: 0000000000000000 [ 265.346112][T11369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 265.346121][T11369] R13: 0000000000000000 R14: 00007fdf213b5fa0 R15: 00007fffad5daf28 [ 265.346151][T11369] [ 265.890247][T11383] Cannot find set identified by id 2 to match [ 266.802280][T11432] FAULT_INJECTION: forcing a failure. [ 266.802280][T11432] name failslab, interval 1, probability 0, space 0, times 0 [ 266.833543][T11432] CPU: 1 UID: 0 PID: 11432 Comm: syz.1.1852 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 266.833568][T11432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 266.833577][T11432] Call Trace: [ 266.833584][T11432] [ 266.833592][T11432] dump_stack_lvl+0x189/0x250 [ 266.833621][T11432] ? __pfx_dump_stack_lvl+0x10/0x10 [ 266.833643][T11432] ? __pfx__printk+0x10/0x10 [ 266.833662][T11432] ? __pfx___might_resched+0x10/0x10 [ 266.833681][T11432] should_fail_ex+0x414/0x560 [ 266.833701][T11432] should_failslab+0xa8/0x100 [ 266.833723][T11432] __kmalloc_cache_noprof+0x70/0x3d0 [ 266.833742][T11432] ? ovs_ct_limit_cmd_set+0x2f7/0xb00 [ 266.833765][T11432] ovs_ct_limit_cmd_set+0x2f7/0xb00 [ 266.833798][T11432] genl_family_rcv_msg_doit+0x212/0x300 [ 266.833820][T11432] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 266.833849][T11432] ? bpf_lsm_capable+0x9/0x20 [ 266.833867][T11432] ? security_capable+0x7e/0x2e0 [ 266.833890][T11432] genl_rcv_msg+0x60e/0x790 [ 266.833913][T11432] ? __pfx_genl_rcv_msg+0x10/0x10 [ 266.833926][T11432] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 266.833959][T11432] netlink_rcv_skb+0x219/0x490 [ 266.833979][T11432] ? __pfx_genl_rcv_msg+0x10/0x10 [ 266.833994][T11432] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 266.834033][T11432] ? down_read+0x1ad/0x2e0 [ 266.834054][T11432] genl_rcv+0x28/0x40 [ 266.834074][T11432] netlink_unicast+0x758/0x8d0 [ 266.834104][T11432] netlink_sendmsg+0x805/0xb30 [ 266.834134][T11432] ? __pfx_netlink_sendmsg+0x10/0x10 [ 266.834157][T11432] ? aa_sock_msg_perm+0x94/0x160 [ 266.834176][T11432] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 266.834192][T11432] ? __pfx_netlink_sendmsg+0x10/0x10 [ 266.834213][T11432] __sock_sendmsg+0x219/0x270 [ 266.834233][T11432] ____sys_sendmsg+0x505/0x830 [ 266.834257][T11432] ? __pfx_____sys_sendmsg+0x10/0x10 [ 266.834285][T11432] ? import_iovec+0x74/0xa0 [ 266.834309][T11432] ___sys_sendmsg+0x21f/0x2a0 [ 266.834343][T11432] ? __pfx____sys_sendmsg+0x10/0x10 [ 266.834400][T11432] ? __fget_files+0x2a/0x420 [ 266.834419][T11432] ? __fget_files+0x3a0/0x420 [ 266.834449][T11432] __x64_sys_sendmsg+0x19b/0x260 [ 266.834473][T11432] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 266.834511][T11432] ? do_syscall_64+0xba/0x210 [ 266.834532][T11432] do_syscall_64+0xf6/0x210 [ 266.834550][T11432] ? clear_bhb_loop+0x45/0xa0 [ 266.834569][T11432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.834584][T11432] RIP: 0033:0x7fec15b8e969 [ 266.834600][T11432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.834613][T11432] RSP: 002b:00007fec16a7c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 266.834628][T11432] RAX: ffffffffffffffda RBX: 00007fec15db5fa0 RCX: 00007fec15b8e969 [ 266.834641][T11432] RDX: 000000000000c000 RSI: 0000200000000080 RDI: 0000000000000004 [ 266.834651][T11432] RBP: 00007fec16a7c090 R08: 0000000000000000 R09: 0000000000000000 [ 266.834661][T11432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 266.834670][T11432] R13: 0000000000000000 R14: 00007fec15db5fa0 R15: 00007ffd69633848 [ 266.834699][T11432] [ 267.232762][T11441] __nla_validate_parse: 14 callbacks suppressed [ 267.232779][T11441] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1857'. [ 267.291029][T11441] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1857'. [ 267.342756][T11447] netlink: 'syz.0.1854': attribute type 2 has an invalid length. [ 267.370648][T11451] sctp: [Deprecated]: syz.3.1858 (pid 11451) Use of struct sctp_assoc_value in delayed_ack socket option. [ 267.370648][T11451] Use struct sctp_sack_info instead [ 267.393083][T11447] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1854'. [ 267.408646][T11439] lo speed is unknown, defaulting to 1000 [ 267.416190][T11439] hsr0 speed is unknown, defaulting to 1000 [ 267.569534][T11461] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1860'. [ 267.672394][T11466] xt_recent: hitcount (33554432) is larger than allowed maximum (65535) [ 267.702830][T11464] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1862'. [ 267.736202][T11468] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1865'. [ 267.921098][T11469] xt_CT: No such helper "pptp" [ 267.934909][T11484] sctp: [Deprecated]: syz.3.1868 (pid 11484) Use of int in maxseg socket option. [ 267.934909][T11484] Use struct sctp_assoc_value instead [ 268.107324][T11490] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1869'. [ 268.147211][T11490] dummy0: entered promiscuous mode [ 268.156942][T11490] dummy0: left promiscuous mode [ 268.416841][T11509] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1876'. [ 268.598625][T11520] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1879'. [ 268.607143][T11521] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1880'. [ 268.615073][T11520] vlan3: entered promiscuous mode [ 268.647265][T11518] netlink: 'syz.2.1881': attribute type 10 has an invalid length. [ 268.674002][T11522] netlink: 'syz.2.1881': attribute type 10 has an invalid length. [ 268.950765][T11538] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 269.164075][T11551] netem: incorrect ge model size [ 269.183993][T11551] netem: change failed [ 269.583395][T11574] lo speed is unknown, defaulting to 1000 [ 269.591999][T11574] hsr0 speed is unknown, defaulting to 1000 [ 269.725411][T11580] netlink: 'syz.4.1898': attribute type 4 has an invalid length. [ 269.916156][T11580] netlink: 'syz.4.1898': attribute type 4 has an invalid length. [ 270.399175][T11606] FAULT_INJECTION: forcing a failure. [ 270.399175][T11606] name failslab, interval 1, probability 0, space 0, times 0 [ 270.414646][T11606] CPU: 1 UID: 0 PID: 11606 Comm: syz.3.1909 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 270.414669][T11606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 270.414679][T11606] Call Trace: [ 270.414686][T11606] [ 270.414693][T11606] dump_stack_lvl+0x189/0x250 [ 270.414720][T11606] ? __pfx_dump_stack_lvl+0x10/0x10 [ 270.414741][T11606] ? __pfx__printk+0x10/0x10 [ 270.414759][T11606] ? __pfx___might_resched+0x10/0x10 [ 270.414780][T11606] should_fail_ex+0x414/0x560 [ 270.414802][T11606] should_failslab+0xa8/0x100 [ 270.414821][T11606] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 270.414838][T11606] ? __alloc_skb+0x112/0x2d0 [ 270.414860][T11606] __alloc_skb+0x112/0x2d0 [ 270.414881][T11606] netlink_sendmsg+0x5c6/0xb30 [ 270.414910][T11606] ? __pfx_netlink_sendmsg+0x10/0x10 [ 270.414932][T11606] ? aa_sock_msg_perm+0x94/0x160 [ 270.414950][T11606] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 270.414967][T11606] ? __pfx_netlink_sendmsg+0x10/0x10 [ 270.414987][T11606] __sock_sendmsg+0x219/0x270 [ 270.415007][T11606] ____sys_sendmsg+0x505/0x830 [ 270.415032][T11606] ? __pfx_____sys_sendmsg+0x10/0x10 [ 270.415059][T11606] ? import_iovec+0x74/0xa0 [ 270.415082][T11606] ___sys_sendmsg+0x21f/0x2a0 [ 270.415113][T11606] ? __pfx____sys_sendmsg+0x10/0x10 [ 270.415166][T11606] ? __fget_files+0x2a/0x420 [ 270.415184][T11606] ? __fget_files+0x3a0/0x420 [ 270.415210][T11606] __x64_sys_sendmsg+0x19b/0x260 [ 270.415233][T11606] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 270.415270][T11606] ? do_syscall_64+0xba/0x210 [ 270.415290][T11606] do_syscall_64+0xf6/0x210 [ 270.415310][T11606] ? clear_bhb_loop+0x45/0xa0 [ 270.415327][T11606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.415342][T11606] RIP: 0033:0x7fc90a58e969 [ 270.415357][T11606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 270.415370][T11606] RSP: 002b:00007fc90b420038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 270.415387][T11606] RAX: ffffffffffffffda RBX: 00007fc90a7b6080 RCX: 00007fc90a58e969 [ 270.415397][T11606] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 270.415406][T11606] RBP: 00007fc90b420090 R08: 0000000000000000 R09: 0000000000000000 [ 270.415416][T11606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 270.415426][T11606] R13: 0000000000000000 R14: 00007fc90a7b6080 R15: 00007ffc89747ff8 [ 270.415453][T11606] [ 270.767601][T11610] syz_tun: entered allmulticast mode [ 270.838218][T11610] dvmrp1: entered allmulticast mode [ 271.042987][T11621] netlink: 'syz.3.1915': attribute type 4 has an invalid length. [ 271.065923][T11610] syz_tun (unregistering): left allmulticast mode [ 271.148422][T11631] openvswitch: netlink: Message has 5 unknown bytes. [ 271.307930][T11638] netlink: 'syz.3.1922': attribute type 1 has an invalid length. [ 271.510770][T11655] FAULT_INJECTION: forcing a failure. [ 271.510770][T11655] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 271.546382][T11656] macsec1: entered promiscuous mode [ 271.552560][T11656] macsec1: entered allmulticast mode [ 271.564395][T11655] CPU: 1 UID: 0 PID: 11655 Comm: syz.0.1927 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 271.564418][T11655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 271.564433][T11655] Call Trace: [ 271.564440][T11655] [ 271.564448][T11655] dump_stack_lvl+0x189/0x250 [ 271.564479][T11655] ? __pfx_dump_stack_lvl+0x10/0x10 [ 271.564500][T11655] ? __pfx__printk+0x10/0x10 [ 271.564531][T11655] should_fail_ex+0x414/0x560 [ 271.564558][T11655] _copy_to_user+0x31/0xb0 [ 271.564582][T11655] simple_read_from_buffer+0xe1/0x170 [ 271.564606][T11655] proc_fail_nth_read+0x1df/0x250 [ 271.564631][T11655] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 271.564654][T11655] ? rw_verify_area+0x258/0x650 [ 271.564671][T11655] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 271.564694][T11655] vfs_read+0x1fd/0x980 [ 271.564718][T11655] ? __pfx___mutex_lock+0x10/0x10 [ 271.564737][T11655] ? __pfx_vfs_read+0x10/0x10 [ 271.564756][T11655] ? __fget_files+0x2a/0x420 [ 271.564780][T11655] ? __fget_files+0x3a0/0x420 [ 271.564797][T11655] ? __fget_files+0x2a/0x420 [ 271.564826][T11655] ksys_read+0x145/0x250 [ 271.564846][T11655] ? __pfx_ksys_read+0x10/0x10 [ 271.564867][T11655] ? do_syscall_64+0xba/0x210 [ 271.564889][T11655] do_syscall_64+0xf6/0x210 [ 271.564907][T11655] ? clear_bhb_loop+0x45/0xa0 [ 271.564928][T11655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.564944][T11655] RIP: 0033:0x7f723d78d37c [ 271.564958][T11655] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 271.564973][T11655] RSP: 002b:00007f723e5ef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 271.564991][T11655] RAX: ffffffffffffffda RBX: 00007f723d9b5fa0 RCX: 00007f723d78d37c [ 271.565004][T11655] RDX: 000000000000000f RSI: 00007f723e5ef0a0 RDI: 0000000000000004 [ 271.565034][T11655] RBP: 00007f723e5ef090 R08: 0000000000000000 R09: 0000000000000000 [ 271.565044][T11655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 271.565054][T11655] R13: 0000000000000000 R14: 00007f723d9b5fa0 R15: 00007ffce59327d8 [ 271.565084][T11655] [ 271.862753][T11660] FAULT_INJECTION: forcing a failure. [ 271.862753][T11660] name failslab, interval 1, probability 0, space 0, times 0 [ 271.876714][T11660] CPU: 1 UID: 0 PID: 11660 Comm: syz.1.1931 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 271.876738][T11660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 271.876746][T11660] Call Trace: [ 271.876754][T11660] [ 271.876761][T11660] dump_stack_lvl+0x189/0x250 [ 271.876790][T11660] ? __pfx_dump_stack_lvl+0x10/0x10 [ 271.876811][T11660] ? __pfx__printk+0x10/0x10 [ 271.876832][T11660] ? __pfx___might_resched+0x10/0x10 [ 271.876850][T11660] should_fail_ex+0x414/0x560 [ 271.876873][T11660] should_failslab+0xa8/0x100 [ 271.876896][T11660] __kmalloc_cache_noprof+0x70/0x3d0 [ 271.876915][T11660] ? ovs_ct_limit_cmd_set+0x2f7/0xb00 [ 271.876940][T11660] ovs_ct_limit_cmd_set+0x2f7/0xb00 [ 271.876974][T11660] genl_family_rcv_msg_doit+0x212/0x300 [ 271.876997][T11660] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 271.877026][T11660] ? bpf_lsm_capable+0x9/0x20 [ 271.877046][T11660] ? security_capable+0x7e/0x2e0 [ 271.877071][T11660] genl_rcv_msg+0x60e/0x790 [ 271.877093][T11660] ? __pfx_genl_rcv_msg+0x10/0x10 [ 271.877113][T11660] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 271.877149][T11660] netlink_rcv_skb+0x219/0x490 [ 271.877169][T11660] ? __pfx_genl_rcv_msg+0x10/0x10 [ 271.877186][T11660] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 271.877225][T11660] ? down_read+0x1ad/0x2e0 [ 271.877251][T11660] genl_rcv+0x28/0x40 [ 271.877271][T11660] netlink_unicast+0x758/0x8d0 [ 271.877298][T11660] netlink_sendmsg+0x805/0xb30 [ 271.877325][T11660] ? __pfx_netlink_sendmsg+0x10/0x10 [ 271.877346][T11660] ? aa_sock_msg_perm+0x94/0x160 [ 271.877365][T11660] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 271.877381][T11660] ? __pfx_netlink_sendmsg+0x10/0x10 [ 271.877402][T11660] __sock_sendmsg+0x219/0x270 [ 271.877422][T11660] ____sys_sendmsg+0x505/0x830 [ 271.877449][T11660] ? __pfx_____sys_sendmsg+0x10/0x10 [ 271.877481][T11660] ? import_iovec+0x74/0xa0 [ 271.877505][T11660] ___sys_sendmsg+0x21f/0x2a0 [ 271.877528][T11660] ? __pfx____sys_sendmsg+0x10/0x10 [ 271.877585][T11660] ? __fget_files+0x2a/0x420 [ 271.877604][T11660] ? __fget_files+0x3a0/0x420 [ 271.877633][T11660] __x64_sys_sendmsg+0x19b/0x260 [ 271.877657][T11660] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 271.877695][T11660] ? do_syscall_64+0xba/0x210 [ 271.877715][T11660] do_syscall_64+0xf6/0x210 [ 271.877733][T11660] ? clear_bhb_loop+0x45/0xa0 [ 271.877753][T11660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.877769][T11660] RIP: 0033:0x7fec15b8e969 [ 271.877784][T11660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.877798][T11660] RSP: 002b:00007fec16a7c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 271.877817][T11660] RAX: ffffffffffffffda RBX: 00007fec15db5fa0 RCX: 00007fec15b8e969 [ 271.877829][T11660] RDX: 000000000000c000 RSI: 0000200000000080 RDI: 0000000000000004 [ 271.877840][T11660] RBP: 00007fec16a7c090 R08: 0000000000000000 R09: 0000000000000000 [ 271.877850][T11660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 271.877858][T11660] R13: 0000000000000000 R14: 00007fec15db5fa0 R15: 00007ffd69633848 [ 271.877887][T11660] [ 272.225183][T11667] FAULT_INJECTION: forcing a failure. [ 272.225183][T11667] name failslab, interval 1, probability 0, space 0, times 0 [ 272.237984][T11667] CPU: 1 UID: 0 PID: 11667 Comm: syz.4.1933 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 272.238005][T11667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 272.238014][T11667] Call Trace: [ 272.238022][T11667] [ 272.238029][T11667] dump_stack_lvl+0x189/0x250 [ 272.238058][T11667] ? __pfx_dump_stack_lvl+0x10/0x10 [ 272.238080][T11667] ? __pfx__printk+0x10/0x10 [ 272.238100][T11667] ? pcpu_alloc_noprof+0xd4b/0x16b0 [ 272.238131][T11667] should_fail_ex+0x414/0x560 [ 272.238154][T11667] should_failslab+0xa8/0x100 [ 272.238183][T11667] kmem_cache_alloc_noprof+0x73/0x3c0 [ 272.238202][T11667] ? fib6_add+0x3b0/0x18a0 [ 272.238225][T11667] fib6_add+0x3b0/0x18a0 [ 272.238257][T11667] ? __pfx_fib6_add+0x10/0x10 [ 272.238280][T11667] ? ip6_route_info_create+0x629/0xa70 [ 272.238302][T11667] ? ip6_route_add+0x172/0x2f0 [ 272.238325][T11667] ip6_route_add+0x187/0x2f0 [ 272.238343][T11667] ? ip6_route_add+0x4d/0x2f0 [ 272.238365][T11667] ipv6_route_ioctl+0x38d/0x4b0 [ 272.238392][T11667] ? __pfx_ipv6_route_ioctl+0x10/0x10 [ 272.238447][T11667] inet6_ioctl+0x219/0x280 [ 272.238464][T11667] ? __pfx_inet6_ioctl+0x10/0x10 [ 272.238492][T11667] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 272.238517][T11667] sock_do_ioctl+0xd9/0x300 [ 272.238536][T11667] ? __pfx_sock_do_ioctl+0x10/0x10 [ 272.238553][T11667] ? __lock_acquire+0xaac/0xd20 [ 272.238588][T11667] sock_ioctl+0x576/0x790 [ 272.238607][T11667] ? __pfx_sock_ioctl+0x10/0x10 [ 272.238627][T11667] ? __fget_files+0x3a0/0x420 [ 272.238646][T11667] ? __fget_files+0x2a/0x420 [ 272.238668][T11667] ? bpf_lsm_file_ioctl+0x9/0x20 [ 272.238688][T11667] ? __pfx_sock_ioctl+0x10/0x10 [ 272.238703][T11667] __se_sys_ioctl+0xf9/0x170 [ 272.238724][T11667] do_syscall_64+0xf6/0x210 [ 272.238742][T11667] ? clear_bhb_loop+0x45/0xa0 [ 272.238763][T11667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.238778][T11667] RIP: 0033:0x7fba8058e969 [ 272.238794][T11667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.238808][T11667] RSP: 002b:00007fba7e3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 272.238826][T11667] RAX: ffffffffffffffda RBX: 00007fba807b5fa0 RCX: 00007fba8058e969 [ 272.238838][T11667] RDX: 0000200000000580 RSI: 000000000000890b RDI: 0000000000000003 [ 272.238849][T11667] RBP: 00007fba7e3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 272.238860][T11667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 272.238869][T11667] R13: 0000000000000000 R14: 00007fba807b5fa0 R15: 00007ffce2aa2788 [ 272.238899][T11667] [ 272.575402][T11673] __nla_validate_parse: 14 callbacks suppressed [ 272.575420][T11673] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1935'. [ 272.591320][T11673] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1935'. [ 272.672684][T11678] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 272.913617][T11693] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1939'. [ 272.963699][T11701] xt_recent: hitcount (33554432) is larger than allowed maximum (65535) [ 273.106125][T11710] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1951'. [ 273.121896][T11710] dummy0: entered promiscuous mode [ 273.129228][T11710] dummy0: left promiscuous mode [ 273.194509][T11707] xt_CT: No such helper "pptp" [ 273.205768][T11718] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1953'. [ 273.498497][T11729] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 273.652789][T11741] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1960'. [ 274.105280][T11775] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1975'. [ 274.262187][T11788] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1981'. [ 274.378735][T11792] x_tables: duplicate underflow at hook 3 [ 274.494233][T11796] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1983'. [ 274.670054][T11809] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1992'. [ 276.970637][T11885] xt_CT: You must specify a L4 protocol and not use inversions on it [ 277.208128][T11899] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20002 - 0 [ 277.337240][T11899] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20002 - 0 [ 277.383167][T11907] team0: Port device vlan0 removed [ 277.395138][T11907] bond3: (slave batadv2): Releasing backup interface [ 277.425845][T11907] batadv2: left promiscuous mode [ 277.545666][T11899] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20002 - 0 [ 277.691700][T11899] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20002 - 0 [ 277.783167][T11930] __nla_validate_parse: 15 callbacks suppressed [ 277.783186][T11930] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2035'. [ 277.923654][T11938] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2038'. [ 277.931627][T11926] IPVS: length: 78 != 8 [ 277.989175][T11941] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2039'. [ 278.028657][T11899] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20002 - 0 [ 278.124894][T11899] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20002 - 0 [ 278.185198][T11899] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20002 - 0 [ 278.203230][T11954] TCP: TCP_TX_DELAY enabled [ 278.291120][T11899] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20002 - 0 [ 278.428993][T11960] netlink: 'syz.3.2047': attribute type 3 has an invalid length. [ 278.441312][T11960] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2047'. [ 278.451705][T11960] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2047'. [ 278.790919][T11972] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2048'. [ 278.876654][T11976] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2050'. [ 278.993645][T11979] ip6gre1: entered allmulticast mode [ 279.044268][T11982] netlink: 3168 bytes leftover after parsing attributes in process `syz.3.2052'. [ 279.143754][T11985] netlink: 'syz.3.2055': attribute type 15 has an invalid length. [ 279.217518][ T30] audit: type=1800 audit(1747162446.216:4): pid=11990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2057" name="memory.events" dev="tmpfs" ino=2000 res=0 errno=0 [ 279.277561][ T30] audit: type=1804 audit(1747162446.276:5): pid=11990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2057" name="memory.events" dev="tmpfs" ino=2000 res=1 errno=0 [ 279.314280][T11992] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2056'. [ 279.431542][T11997] netlink: 'syz.4.2059': attribute type 29 has an invalid length. [ 279.480948][T11997] netlink: 'syz.4.2059': attribute type 29 has an invalid length. [ 279.520210][T11997] netlink: 'syz.4.2059': attribute type 29 has an invalid length. [ 279.528320][T11997] netlink: 'syz.4.2059': attribute type 29 has an invalid length. [ 279.548678][T11997] netlink: 'syz.4.2059': attribute type 29 has an invalid length. [ 279.569284][T11997] netlink: 'syz.4.2059': attribute type 29 has an invalid length. [ 279.581609][T11997] netlink: 'syz.4.2059': attribute type 29 has an invalid length. [ 279.591882][T11997] netlink: 'syz.4.2059': attribute type 29 has an invalid length. [ 279.614467][T12007] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2063'. [ 279.867531][T12022] batadv_slave_0: entered promiscuous mode [ 279.890834][T12023] batadv_slave_0: left promiscuous mode [ 281.690390][T12084] sch_tbf: burst 0 is lower than device bridge6 mtu (1514) ! [ 282.810545][T12127] __nla_validate_parse: 12 callbacks suppressed [ 282.810563][T12127] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2104'. [ 282.904841][T12106] delete_channel: no stack [ 283.177100][T12147] syzkaller0: entered promiscuous mode [ 283.183072][T12147] syzkaller0: entered allmulticast mode [ 283.245121][T12154] xt_CT: No such helper "snmp" [ 283.272393][T12160] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 283.356036][T12162] xt_CT: No such helper "pptp" [ 284.849868][T12182] vlan6: entered promiscuous mode [ 284.859899][ T5835] Bluetooth: hci4: command 0x0405 tx timeout [ 285.025064][T12187] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2125'. [ 285.259904][T12194] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2127'. [ 285.405251][T12204] sctp: [Deprecated]: syz.3.2132 (pid 12204) Use of struct sctp_assoc_value in delayed_ack socket option. [ 285.405251][T12204] Use struct sctp_sack_info instead [ 285.805211][T12226] validate_nla: 23 callbacks suppressed [ 285.805229][T12226] netlink: 'syz.3.2142': attribute type 15 has an invalid length. [ 285.842081][T12227] FAULT_INJECTION: forcing a failure. [ 285.842081][T12227] name failslab, interval 1, probability 0, space 0, times 0 [ 285.895505][T12231] netlink: 'syz.3.2144': attribute type 16 has an invalid length. [ 285.904952][T12227] CPU: 1 UID: 0 PID: 12227 Comm: syz.4.2140 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 285.904973][T12227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 285.904982][T12227] Call Trace: [ 285.904988][T12227] [ 285.904995][T12227] dump_stack_lvl+0x189/0x250 [ 285.905024][T12227] ? __pfx_dump_stack_lvl+0x10/0x10 [ 285.905043][T12227] ? __pfx__printk+0x10/0x10 [ 285.905063][T12227] ? __pfx___might_resched+0x10/0x10 [ 285.905082][T12227] should_fail_ex+0x414/0x560 [ 285.905101][T12227] should_failslab+0xa8/0x100 [ 285.905120][T12227] __kmalloc_cache_noprof+0x70/0x3d0 [ 285.905138][T12227] ? ovs_ct_limit_cmd_set+0x2f7/0xb00 [ 285.905161][T12227] ovs_ct_limit_cmd_set+0x2f7/0xb00 [ 285.905197][T12227] genl_family_rcv_msg_doit+0x212/0x300 [ 285.905219][T12227] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 285.905225][T12231] netlink: 'syz.3.2144': attribute type 3 has an invalid length. [ 285.905246][T12227] ? bpf_lsm_capable+0x9/0x20 [ 285.905273][T12227] ? security_capable+0x7e/0x2e0 [ 285.905296][T12227] genl_rcv_msg+0x60e/0x790 [ 285.905318][T12227] ? __pfx_genl_rcv_msg+0x10/0x10 [ 285.905333][T12227] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 285.905355][T12227] ? ref_tracker_free+0x63a/0x7d0 [ 285.905370][T12227] ? __copy_skb_header+0xa7/0x550 [ 285.905399][T12227] netlink_rcv_skb+0x219/0x490 [ 285.905419][T12227] ? __pfx_genl_rcv_msg+0x10/0x10 [ 285.905436][T12227] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 285.905478][T12227] ? down_read+0x1ad/0x2e0 [ 285.905499][T12227] genl_rcv+0x28/0x40 [ 285.905519][T12227] netlink_unicast+0x758/0x8d0 [ 285.905548][T12227] netlink_sendmsg+0x805/0xb30 [ 285.905576][T12227] ? __pfx_netlink_sendmsg+0x10/0x10 [ 285.905599][T12227] ? aa_sock_msg_perm+0x94/0x160 [ 285.905618][T12227] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 285.905635][T12227] ? __pfx_netlink_sendmsg+0x10/0x10 [ 285.905654][T12227] __sock_sendmsg+0x219/0x270 [ 285.905674][T12227] ____sys_sendmsg+0x505/0x830 [ 285.905700][T12227] ? __pfx_____sys_sendmsg+0x10/0x10 [ 285.905730][T12227] ? import_iovec+0x74/0xa0 [ 285.905753][T12227] ___sys_sendmsg+0x21f/0x2a0 [ 285.905776][T12227] ? __pfx____sys_sendmsg+0x10/0x10 [ 285.905832][T12227] ? __fget_files+0x2a/0x420 [ 285.905850][T12227] ? __fget_files+0x3a0/0x420 [ 285.905879][T12227] __x64_sys_sendmsg+0x19b/0x260 [ 285.905903][T12227] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 285.905940][T12227] ? do_syscall_64+0xba/0x210 [ 285.905960][T12227] do_syscall_64+0xf6/0x210 [ 285.905977][T12227] ? clear_bhb_loop+0x45/0xa0 [ 285.905996][T12227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.906011][T12227] RIP: 0033:0x7fba8058e969 [ 285.906026][T12227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.906039][T12227] RSP: 002b:00007fba7e3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 285.906056][T12227] RAX: ffffffffffffffda RBX: 00007fba807b5fa0 RCX: 00007fba8058e969 [ 285.906068][T12227] RDX: 000000000000c000 RSI: 0000200000000080 RDI: 0000000000000004 [ 285.906078][T12227] RBP: 00007fba7e3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 285.906088][T12227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 285.906097][T12227] R13: 0000000000000000 R14: 00007fba807b5fa0 R15: 00007ffce2aa2788 [ 285.906125][T12227] [ 286.235474][T12231] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2144'. [ 286.354522][T12242] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2145'. [ 286.389232][T12242] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2145'. [ 286.459930][ C1] ================================================================== [ 286.468054][ C1] BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x471/0x4b0 [ 286.475975][ C1] Read of size 2 at addr ffff88807c05a42a by task swapper/1/0 [ 286.483424][ C1] [ 286.485744][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 286.485762][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 286.485770][ C1] Call Trace: [ 286.485777][ C1] [ 286.485784][ C1] dump_stack_lvl+0x189/0x250 [ 286.485808][ C1] ? __virt_addr_valid+0x18c/0x540 [ 286.485826][ C1] ? rcu_is_watching+0x15/0xb0 [ 286.485846][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 286.485865][ C1] ? rcu_is_watching+0x15/0xb0 [ 286.485883][ C1] ? lock_release+0x4b/0x3e0 [ 286.485903][ C1] ? __virt_addr_valid+0x18c/0x540 [ 286.485920][ C1] ? __virt_addr_valid+0x469/0x540 [ 286.485939][ C1] print_report+0xb4/0x290 [ 286.485955][ C1] ? rose_timer_expiry+0x471/0x4b0 [ 286.485971][ C1] kasan_report+0x118/0x150 [ 286.485989][ C1] ? rose_timer_expiry+0x471/0x4b0 [ 286.486007][ C1] rose_timer_expiry+0x471/0x4b0 [ 286.486024][ C1] call_timer_fn+0x17b/0x5f0 [ 286.486042][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 286.486057][ C1] ? call_timer_fn+0xbe/0x5f0 [ 286.486074][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 286.486095][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.486114][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 286.486127][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 286.486143][ C1] __run_timer_base+0x61a/0x860 [ 286.486158][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 286.486181][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 286.486203][ C1] run_timer_softirq+0xb7/0x180 [ 286.486220][ C1] handle_softirqs+0x283/0x870 [ 286.486234][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 286.486248][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 286.486262][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 286.486287][ C1] __irq_exit_rcu+0xca/0x1f0 [ 286.486299][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 286.486314][ C1] irq_exit_rcu+0x9/0x30 [ 286.486325][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 286.486346][ C1] [ 286.486350][ C1] [ 286.486356][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 286.486371][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 286.486385][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 03 cb 10 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 286.486398][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 286.486411][ C1] RAX: 5d46027989658a00 RBX: ffffffff81974f28 RCX: 5d46027989658a00 [ 286.486422][ C1] RDX: 0000000000000001 RSI: ffffffff8d751c03 RDI: ffffffff8bc1d4a0 [ 286.486432][ C1] RBP: ffffc90000197f20 R08: ffff8880b8932b5b R09: 1ffff1101712656b [ 286.486442][ C1] R10: dffffc0000000000 R11: ffffed101712656c R12: ffffffff8f7f2f70 [ 286.486453][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110038d9b40 [ 286.486463][ C1] ? do_idle+0x1e8/0x510 [ 286.486480][ C1] default_idle+0x13/0x20 [ 286.486494][ C1] default_idle_call+0x74/0xb0 [ 286.486509][ C1] do_idle+0x1e8/0x510 [ 286.486523][ C1] ? __pfx_do_idle+0x10/0x10 [ 286.486542][ C1] cpu_startup_entry+0x44/0x60 [ 286.486555][ C1] start_secondary+0x101/0x110 [ 286.486568][ C1] common_startup_64+0x13e/0x147 [ 286.486594][ C1] [ 286.486599][ C1] [ 286.799856][ C1] Allocated by task 10715: [ 286.804259][ C1] kasan_save_track+0x3e/0x80 [ 286.808930][ C1] __kasan_kmalloc+0x93/0xb0 [ 286.813510][ C1] __kmalloc_node_noprof+0x276/0x4e0 [ 286.818784][ C1] allocate_slab+0x17c/0x3b0 [ 286.823359][ C1] ___slab_alloc+0xbfc/0x1480 [ 286.828026][ C1] kmem_cache_alloc_noprof+0x283/0x3c0 [ 286.833472][ C1] __send_signal_locked+0x22a/0xeb0 [ 286.838658][ C1] group_send_sig_info+0x1fd/0x260 [ 286.843759][ C1] do_bpf_send_signal+0xa9/0x1e0 [ 286.848685][ C1] irq_work_single+0xde/0x240 [ 286.853364][ C1] irq_work_run+0x155/0x2f0 [ 286.857855][ C1] __sysvec_irq_work+0xa8/0x3d0 [ 286.862691][ C1] sysvec_irq_work+0x9e/0xc0 [ 286.867296][ C1] asm_sysvec_irq_work+0x1a/0x20 [ 286.872282][ C1] [ 286.874598][ C1] Freed by task 5844: [ 286.878674][ C1] kasan_save_track+0x3e/0x80 [ 286.883400][ C1] kasan_save_free_info+0x46/0x50 [ 286.888442][ C1] __kasan_slab_free+0x62/0x70 [ 286.893286][ C1] kfree+0x193/0x440 [ 286.897172][ C1] __free_slab+0xb9/0x1c0 [ 286.901502][ C1] __slab_free+0x326/0x400 [ 286.905939][ C1] qlist_free_all+0x9a/0x140 [ 286.910520][ C1] kasan_quarantine_reduce+0x148/0x160 [ 286.915986][ C1] __kasan_slab_alloc+0x22/0x80 [ 286.920831][ C1] kmem_cache_alloc_lru_noprof+0x1c6/0x3d0 [ 286.926632][ C1] shmem_alloc_inode+0x28/0x40 [ 286.931390][ C1] alloc_inode+0x67/0x1b0 [ 286.935708][ C1] new_inode+0x22/0x170 [ 286.940128][ C1] shmem_get_inode+0x346/0xe90 [ 286.944882][ C1] shmem_mknod+0x18c/0x3e0 [ 286.949283][ C1] shmem_mkdir+0x33/0x70 [ 286.953524][ C1] vfs_mkdir+0x303/0x510 [ 286.957753][ C1] do_mkdirat+0x247/0x590 [ 286.962068][ C1] __x64_sys_mkdirat+0x87/0xa0 [ 286.966840][ C1] do_syscall_64+0xf6/0x210 [ 286.971331][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.977213][ C1] [ 286.979620][ C1] The buggy address belongs to the object at ffff88807c05a400 [ 286.979620][ C1] which belongs to the cache kmalloc-512 of size 512 [ 286.993659][ C1] The buggy address is located 42 bytes inside of [ 286.993659][ C1] freed 512-byte region [ffff88807c05a400, ffff88807c05a600) [ 287.007465][ C1] [ 287.009800][ C1] The buggy address belongs to the physical page: [ 287.016456][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807c05a400 pfn:0x7c058 [ 287.026521][ C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 287.035018][ C1] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 287.043503][ C1] page_type: f5(slab) [ 287.047470][ C1] raw: 00fff00000000240 ffff88801a041c80 ffffea0000c43b10 ffffea0000d2e210 [ 287.056040][ C1] raw: ffff88807c05a400 0000000000100004 00000000f5000000 0000000000000000 [ 287.064610][ C1] head: 00fff00000000240 ffff88801a041c80 ffffea0000c43b10 ffffea0000d2e210 [ 287.073268][ C1] head: ffff88807c05a400 0000000000100004 00000000f5000000 0000000000000000 [ 287.081924][ C1] head: 00fff00000000002 ffffea0001f01601 00000000ffffffff 00000000ffffffff [ 287.090664][ C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 287.099314][ C1] page dumped because: kasan: bad access detected [ 287.105808][ C1] page_owner tracks the page as allocated [ 287.111593][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5844, tgid 5844 (syz-executor), ts 77224607532, free_ts 77176781410 [ 287.132975][ C1] post_alloc_hook+0x1d8/0x230 [ 287.137744][ C1] get_page_from_freelist+0x21e0/0x22c0 [ 287.143315][ C1] __alloc_frozen_pages_noprof+0x181/0x370 [ 287.149118][ C1] alloc_pages_mpol+0x232/0x4a0 [ 287.153955][ C1] allocate_slab+0x8a/0x3b0 [ 287.158440][ C1] ___slab_alloc+0xbfc/0x1480 [ 287.163106][ C1] __kmalloc_noprof+0x305/0x4f0 [ 287.167944][ C1] fib6_info_alloc+0x30/0xf0 [ 287.172532][ C1] ip6_route_info_create+0x147/0xa70 [ 287.177805][ C1] addrconf_f6i_alloc+0x1c7/0x420 [ 287.182820][ C1] ipv6_add_addr+0x56e/0x1090 [ 287.187482][ C1] add_addr+0x8b/0x2d0 [ 287.191539][ C1] addrconf_init_auto_addrs+0x432/0xb50 [ 287.197073][ C1] addrconf_notify+0xacc/0x1010 [ 287.201914][ C1] notifier_call_chain+0x1b3/0x3e0 [ 287.207010][ C1] __dev_notify_flags+0x18d/0x2e0 [ 287.212035][ C1] page last free pid 5838 tgid 5838 stack trace: [ 287.218342][ C1] __free_frozen_pages+0xb14/0xce0 [ 287.223444][ C1] __slab_free+0x326/0x400 [ 287.227856][ C1] qlist_free_all+0x9a/0x140 [ 287.232437][ C1] kasan_quarantine_reduce+0x148/0x160 [ 287.237881][ C1] __kasan_slab_alloc+0x22/0x80 [ 287.242723][ C1] kmem_cache_alloc_node_noprof+0x1bb/0x3c0 [ 287.248623][ C1] __alloc_skb+0x112/0x2d0 [ 287.253053][ C1] netlink_sendmsg+0x5c6/0xb30 [ 287.257827][ C1] __sock_sendmsg+0x219/0x270 [ 287.262509][ C1] __sys_sendto+0x3bd/0x520 [ 287.267004][ C1] __x64_sys_sendto+0xde/0x100 [ 287.271759][ C1] do_syscall_64+0xf6/0x210 [ 287.276256][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.282138][ C1] [ 287.284447][ C1] Memory state around the buggy address: [ 287.290058][ C1] ffff88807c05a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 287.298110][ C1] ffff88807c05a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 287.306181][ C1] >ffff88807c05a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 287.314251][ C1] ^ [ 287.319613][ C1] ffff88807c05a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 287.327669][ C1] ffff88807c05a500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 287.335712][ C1] ================================================================== [ 287.343859][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 287.351066][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc5-syzkaller-01070-g9f607dc39b66 #0 PREEMPT(full) [ 287.362709][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 287.372868][ C1] Call Trace: [ 287.376188][ C1] [ 287.379049][ C1] dump_stack_lvl+0x99/0x250 [ 287.383663][ C1] ? __asan_memcpy+0x40/0x70 [ 287.388270][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 287.393498][ C1] ? __pfx__printk+0x10/0x10 [ 287.398112][ C1] panic+0x2db/0x790 [ 287.402048][ C1] ? __pfx_panic+0x10/0x10 [ 287.406502][ C1] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 287.412425][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 287.418357][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 287.424717][ C1] ? print_memory_metadata+0x314/0x400 [ 287.430190][ C1] ? rose_timer_expiry+0x471/0x4b0 [ 287.435304][ C1] check_panic_on_warn+0x89/0xb0 [ 287.440241][ C1] ? rose_timer_expiry+0x471/0x4b0 [ 287.445346][ C1] end_report+0x78/0x160 [ 287.449586][ C1] kasan_report+0x129/0x150 [ 287.454108][ C1] ? rose_timer_expiry+0x471/0x4b0 [ 287.459236][ C1] rose_timer_expiry+0x471/0x4b0 [ 287.464175][ C1] call_timer_fn+0x17b/0x5f0 [ 287.468867][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 287.474325][ C1] ? call_timer_fn+0xbe/0x5f0 [ 287.479004][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 287.484120][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 287.489351][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 287.494535][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 287.500076][ C1] __run_timer_base+0x61a/0x860 [ 287.504933][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 287.510127][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 287.515499][ C1] run_timer_softirq+0xb7/0x180 [ 287.520429][ C1] handle_softirqs+0x283/0x870 [ 287.525182][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 287.529934][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 287.535204][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 287.540394][ C1] __irq_exit_rcu+0xca/0x1f0 [ 287.544971][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 287.550161][ C1] irq_exit_rcu+0x9/0x30 [ 287.554416][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 287.560075][ C1] [ 287.563035][ C1] [ 287.565986][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 287.571974][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 287.577691][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 03 cb 10 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 287.597473][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 287.603541][ C1] RAX: 5d46027989658a00 RBX: ffffffff81974f28 RCX: 5d46027989658a00 [ 287.611503][ C1] RDX: 0000000000000001 RSI: ffffffff8d751c03 RDI: ffffffff8bc1d4a0 [ 287.619463][ C1] RBP: ffffc90000197f20 R08: ffff8880b8932b5b R09: 1ffff1101712656b [ 287.627428][ C1] R10: dffffc0000000000 R11: ffffed101712656c R12: ffffffff8f7f2f70 [ 287.635391][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110038d9b40 [ 287.643355][ C1] ? do_idle+0x1e8/0x510 [ 287.647607][ C1] default_idle+0x13/0x20 [ 287.651951][ C1] default_idle_call+0x74/0xb0 [ 287.656706][ C1] do_idle+0x1e8/0x510 [ 287.660788][ C1] ? __pfx_do_idle+0x10/0x10 [ 287.665373][ C1] cpu_startup_entry+0x44/0x60 [ 287.670128][ C1] start_secondary+0x101/0x110 [ 287.674878][ C1] common_startup_64+0x13e/0x147 [ 287.679815][ C1] [ 287.683071][ C1] Kernel Offset: disabled [ 287.687387][ C1] Rebooting in 86400 seconds..