last executing test programs: 1.638403703s ago: executing program 2 (id=1864): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x12, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000710600000000000095"], &(0x7f00000003c0)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000480)=[{0x20, 0xfc, 0xff, 0xfffff00c}, {0xb1, 0xf0, 0xee, 0x7ffff020}, {0x6, 0xfc, 0x2, 0x4}]}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="660a00000700000061114c000000000085000000cf00000095"], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00', 0x0}) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bind$packet(0xffffffffffffffff, &(0x7f0000000a00)={0x11, 0x1c, r2, 0x1, 0x7, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r3) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000d40), 0xffffffffffffffff) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@bridge_delneigh={0x1c, 0x1d, 0xf07, 0x0, 0x0, {0x7, 0x0, 0x0, r6, 0x0, 0xd2, 0xb}}, 0x1c}}, 0x0) sendmsg$NBD_CMD_RECONFIGURE(r3, &(0x7f0000000e00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x34, r4, 0x10, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x34}, 0x1, 0x0, 0x0, 0x40080}, 0x1000) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000000)={'syztnl0\x00', &(0x7f0000000080)={'ip6_vti0\x00', r2, 0x4, 0x0, 0x0, 0x7d7, 0x20, @loopback, @local, 0x8, 0x80, 0x800, 0x5}}) writev(r0, &(0x7f00000005c0)=[{&(0x7f0000000180)="d7798ec42cb05dacf50435", 0xb}, {&(0x7f00000001c0)="0893c636bf401039ca478734659def2fbc270ad7f0bd55f07e7588d8598a43f47b57745128c6770bab336f5ad274b77cfba419dd435d6dc3d61cc238de95d425fc670c20313c2cf730087c03d8aace00484af7333f19a3fa3f888ba9", 0x5c}, {&(0x7f0000000240)="08d7d3abe07ebee32bd4c5da02fdeb26feb4392f13fdccc9e380113ef17d90deda282c2a0b37a7b72e68afbd5dde2a27a43d091af08b2dfb9a9678f7e9adb46796118612f53c51", 0x47}, {&(0x7f0000000340)="00bc184518b148685f7ef58a77e04df585a1fe5ec11801cf1f05208149112bab1bde7bb06e61a430d4d985f51074600160dadbc306ebc339142aded297684589fbc25ca0d46360995655601f70b8d58be59949ecfdbb4757046322a276d2f1c3dacc19bf8ac02182", 0x68}, {&(0x7f00000002c0)}, {&(0x7f00000004c0)="e33dbe0b57e287c8fafd59b7b61e0ac6a16f109db5da6abf28a700c19ff84aed972de31b4f7cecdf03f1db5c7e6cf895390925636792363130a66a758091b92dfb55687a190c2c0449566633c879bc4bb4c844a6d33f30727f3ba3772d014471bb533ad9ed124a852cf9f431297ca8036fee2830098878dedfd11b61e4ee2677ca71f4ea0b08822a033465049ac146d95d5305223d7e1815d6f829e7c62a3d87eb4dbd36292489faaec37ec1f2364c37c2b537ad1716f233c1e81d675b7edcec0895a46c6571fd4e7bbdb9b423bc286d06a4", 0xd2}, {&(0x7f0000000700)="def915e31bed843e4e1c9622d42413305942adc26c94ab078474d035cde2e3d3707ce633290fe659c05c4a310353f23376ab4dfaa6575f59b03e520f5b7a65849383d05376d7210602af589e04f79ee1da930430f8b604593292a603a7530323e20aaef90fc954ea4299a8f2e6fe2998972e933ac36da034c1a2f3f742dc9ce0b7fb5cc070613d2485cfacc929501d00538224edd6aff49ff3794f1deec395ab62cac780d113d27487e96bd98bb0610e9e3f9edb46dd3c9309f2d278d2edf7c3b5d782734d2b9944b3654118e6deae51cbc521eda9a40a65850d685bb127c034144b87afe8f391bfbf002fb8d3f3292ba7f4cd5cee13d79f", 0xf8}, {&(0x7f0000000400)="55b75202a46999a27d85", 0xa}], 0x8) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'veth0\x00', 0x0}) r10 = socket$nl_route(0x10, 0x3, 0x0) readv(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000000880)=""/221, 0xdd}, {&(0x7f0000000980)=""/124, 0x7c}, {&(0x7f00000002c0)=""/18, 0x12}, {&(0x7f0000000e40)=""/77, 0x4d}, {&(0x7f0000000a80)=""/92, 0x5c}], 0x5) sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000800)=@ipv4_deladdr={0x48, 0x15, 0x1, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, r9}, [@IFA_CACHEINFO={0x14, 0x6, {0x0, 0x3, 0x0, 0x2}}, @IFA_CACHEINFO={0x14, 0x6, {0x4e61, 0x2, 0x8001, 0x4}}, @IFA_LOCAL={0x8, 0x2, @broadcast}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004044}, 0x4000000) r11 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), r11) sendmsg$WG_CMD_SET_DEVICE(r11, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000b80)=ANY=[@ANYBLOB="d4000000", @ANYBLOB="45d06f4546bc5ecd4d37ed28e04d0704f0b920d9d981f31201fe190a5d8ca8ee823d445c9121d20ba9f6c9bb968a15d37e997781a4191d0e67c26f1ee004fc93a486d39e774fe09c7b4bff7b4aa25e0b27949cd6e28a716b862a161609a1dad50ec21d885050f50dfd17ba3abc59ba61e344b94e94e4dec183b62677fe6887f734c84b6681bb8bae448fd91e9b132040a1e1540d3683a3997dd82b44c2b92e3421a06262f7ecdf0410348dca06aef8ad826301613232549b989a213515cc140d6c07d27c15e4cbab54ab468ebfc0e58e947052f66d4e001ef715a3e1aa1ad2c80237d36c313c2e1b0b87ea751279a8e08c6f44", @ANYBLOB="0100000000000000000001000000140002007767314000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb542880008808400008024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c5c0009801c"], 0xd4}, 0x1, 0x0, 0x0, 0x4084}, 0x20000010) setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x7, r7, 0x2}, 0xc) r12 = socket$inet6(0xa, 0x400000000001, 0x0) sendto$inet6(r12, 0x0, 0xfffffffffffffe5c, 0x20000048, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_TIMESTAMPING(r12, 0x1, 0x25, &(0x7f0000000040)=0x8000003290, 0x4) write(r1, &(0x7f0000000300)="1c0000001a005f0214f9f4070d0903001f000000fe05000000020000", 0x1c) socket$alg(0x26, 0x5, 0x0) 1.533928897s ago: executing program 3 (id=1866): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet6_buf(r2, 0x29, 0x3d, 0x0, &(0x7f0000000040)) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000ec0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_KEY(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000fdffffff1800000008000300", @ANYRES32=r5, @ANYBLOB="100030800c00018008cab4b3efffffff"], 0x2c}}, 0x0) r6 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r6, 0x28, 0x1, &(0x7f0000000380)=0xffffffff00000041, 0x8) bind$vsock_stream(r6, &(0x7f0000000940), 0x10) listen(r6, 0x0) r7 = socket$vsock_stream(0x28, 0x1, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$vsock_stream(r7, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) writev(r7, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1) setsockopt$sock_int(r7, 0x28, 0x13, 0x0, 0x0) sendmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0) recvmsg$unix(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x20) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000100)=@pppoe={0x18, 0x0, {0x1, @remote, 'batadv_slave_1\x00'}}, 0x80, 0x0, 0x0, 0x0, 0x18, 0x68000000}, 0x0) r8 = socket$kcm(0xa, 0x6, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, &(0x7f0000002280)=ANY=[@ANYBLOB="18020000e2ffffff00000000000000c685000000360000009500001800000000922ae83713ab9600010000801b10fb54a8cb72d232ad558c46fff4208d4990ec11ce9413ac30e00bd0081f8504e19a5183d769676520e98a263345e44d5ad12bca35510100c4d86abeb12303ff1c9fe0d0020000d60400000007d3670000008aff66d6b3181ffc1d62a3954c1198bbc4fa13aee48ca9e8969faebf3183fe803ab3f5024b52dc265b36fc9dae00a09404f01f9504d0976d252bd8d24538556e5e57bee3b8cf464ef3c6a7def8bad3ca6e3abdb21696e340bb8e2a093add57196b40def3858ef569147fa4108328392d322ab5df10a2f69a6bdf72ee7944e810d0223917c3d042410f57466f59544047d6d8ac44060000000000ee16c729300d2301800000000000002b5a8b05fcc154ad5290a8cdb97c343f454ff69dd6cbde49b28a6cb5f4fc0001745cff6e00e7ffffff0000acf3209a08439f1ff01779b6f6df7e02aa6d7760525b595fe1f697bc114ed1778e97a3f0395f946974cfb458be2a34cf924dc37b5592bf17956f3547497aba814382ff67b345b677a9d6523d87008000000400000000003fe8613ca29ff92be0d8deffff7b68136b0046d535dd39c0f35408869e9b342b953f91447e6b9eab304f134306320600a44095254b45a6c1312a13696c7202df5f764713504facc532c5a6d44d99ec7530ed7b0311000000000000e54e9072a22d911f4a2c2e2fa806e63c5cd98a8569a6d6bcfb000064885117e2ad910eae67e0ebe380d0f648713e68153579e02d71c58d147b00821ab9a6475b31e1ebf1369a04000000fbf3983f283f2f00000000992774814d63c933912d000006000000a66acb0a38856929e7d8b1b06c9bd5d7e5490f3b8596b694ea9483bd4bd287c83dd998a74694d18bdd8ad0983bc90770bbd26a82b9d99d5fc04563b523c47ef8c33400e90d02000000000000000edf1147a7afe772cd45af8aeffe2753088e02ca6bb2feec446ce7dbce66f0a93a03371320980865c7c62ea4d8f8a864dce9fa85aeb0454349100296ee2dba39c3f6fd6cf96714e11fe03b5062809a7418b165dd0336d226bac1e1223be1c97b15175d0e664beb126000e96549e1a1228c686edb475b705eaa9515c96f4fc6b3c925ea404e0f1de61026dc6c6618580fd6ce9eac602c1756f6d1056712412131ed9925989e01eae489ec7052e0ed72c326c7a8aa63999e2297c54ce1822d14b7c7699a9d0600f11f2e7f474cffbc35bc8623cd5eb68af82275a940be0400000000423346da092cbe220de96d6a8e9f32f18d1f606b381e4903b500000000000000000000004a2357ba5f03000000000000005dcf4f2aaee86d4802000000000000007cdb686d5da2a42e4b5024b6535811f362201d4f82012e6af704973d04ea923c19e6cb723c1923b3eea2d73e176dff383c9fbbac53dfdcb1a68c98e96fe39eec23963faf3ebed3409144c7c53d6318ced678a621450a9b01e9f2772e5f2999d3435da02556e36c3215d2bd4e96c93bff3ad04a82ff3cfadcf65eb92adc6c68d66b11cb2d7556414a86dfa94bb7aa52c7febb1e9b2efcbbc5bccf9d39bed802f4f056976a9a362ee9cc624ec454b90200fd9603f96908bddc14500000000000000000000000000044d917c62b27679913075731e8fddb07c10c82002d60181588ae63a440454287de9e340f611267f37bdd0f2d21cb06fcaf45a0a297e396f428d43371424b307eef82c5d6d19f3ef0d3b8f7fa51957e3099caab31133b34a1d3eebc0f0c9056df2e9667ba0b55695c7894010079b07e7aef7785e248deb8c83ab6eb2c72c484241dc3b66da78260f800fffd39368b952f6f4a10295c50c887a31d8b543c5d10f2dbd4d0b84eaad43feb6e169a9f2fcff7000000000000000000e011bc6366f56fa787f212c1f8c0f47f5078191c8a02ad436725771738a2a98891971e3b932352896e1ea10f62e8ef7a87e16151b39d6c27575714540d8c293a3fa4b5a825360423c1cbc8b5d19167152823ed853140edda002c16c842b168bb55f6bb713deb57d0aa78d6d4e5fc5be2c402bd77125d98120358900000892b135a92e8c844938aa98ba4839a1408a696454d40e5eed4d4dce481ca86bfac54c330331b7f2cde17cbaeb0377696faf546ecbe742d73d47d726a50f6e752f3325255bd7e8b5923aa3cfb6f7e06494f21ca450139c558000000000000000000000800000000000000000075aa0000000000000000000000005560bd9eb81e839e4992e64b074a66cccccf00334fa94da8477be7d99b558ec6a5b1596ac1e7617c6b32eed0cc70286caf2c5189a103f4b0b04aff171c4d388ccf67fea37e782f025c94c853cde330a193a967d907a8c88fcb033e680f559a72150cb900bafcd536f48797915a2fe9922ce27300009e1b36aa4730117d9b00000000003c630000000000008fbbd11b015c415ca04192fbfb1a8b0e3460af35771dbac10062835c9bab3ad09f7a022c52d8000000000000000000004000000000000000000000000000000000000000000400000000000000000000000000006ec473c54399b7b8aa1ee46132fc45da8292631178cecf19550108b8b8423de4295777a17bf4dfdfee5de0f3e4dadf51ab9562827b762fa611ba5f32861c19dffe1dc9fd5c41cd46cf131fd6b0c2ddad90ac33f768f9ecc70327c59918fa5a249befe98262f53c8182d95f6da3698a6a88c2c31d801a8f1f5e0ce05138d5422da0a6a62b9dfe1f39775d1d0c9186096415f544aaf76b0a1c877a6c826a5adcfb22c4a0e5a46271caa3eaf4f389dd5f3c20dbddc0377a4266d7b9fd61b9287e9b4be0a413ee31be0ddecab0ef7b25cba1fb3654ddf291ecb7768ac1e177042cb4c452fa6b3966950000000000000000c187da23d6855500fe8510b51e13a890e394b84a6ea2cc8d42b97c697c29122298d55e2e1cca8e07abda2606a3f381c64b9fec0000000a7965e4854e8e3572ad5149b3872342dea9252132860c9af1bd5fe263c0313dea5d6e0c11a466d6892ed65f34667dd79b07b5cbdd8aa7dd561a26b5562d4861a7e1b0f48930e0b696ea3bee7eb72794e163d7aeac9a0fa5403ac9cb421eae283b0550f1d0d339cd7b96e71d3ab48ad9d7975e0c9b117f71d3ab80a0c9b0284ecc469fa6181c9c71fce07a6ffb23296a107763138e8d9876291af2076890c47925ac773d95d2ca42acb3e5f3a1550665b898462c139ffd0106bc8a61b6117d252efcab7106b4c3a3c13a70ff452e9d2096142c517b0e91b5cf88332faca5b3ee96363065c3ce32d3d39ec36e20d597e05664f2526bd918090649da11f7299789d00f502cdf1e99d3efecb9b457642fe810370ba4fbe00fa60a28af966a27a1659e448bbe43a1dcd2ea760018b57a36ac41ef2051a7b703d55c0602540663016e20d50385766df4dac47802a55bd38dd767ee9960c6daa704fc5d01a14591f26b7b538c9bb22f6a2f7a34d1b9edfd125a9e25a110228c64253588ff420644dbc0854e69a7bdda72f93ceaccf92cfe7dd6296c950db10f6dd8a5ef9b73cf6a12a1ba16fdc7e35b805f4fd2fcff0a623722149c1465e4de2d53f0f10b14c21865027abc71a12cb1e9f8029c7a20000000eeb0d53a83e518c8d2052c08b515d9d0bde24ac4e798040c7db0bb03c019507d6377f3d5dd94a27abc6d6b120d61f772407e0d2cb50d29168b68aef9f176b4c3aa8b21279d4ea9c1f669aa8c2c17d5b3a8d1dda58d26f1019af04b7774c85d5bce8be010f27c5211938031c3404680b01279c778bd1fe1b48c4b5b8e0fe756e54a8d76b7cec5e3407d93b4eadc446440607de844acf5524a4657e33af2115547b735b57b5092d0bc8fa6acb832509abe0882d570ce400aaebd7baff88526608d6991aac95751671174129457e4a03aca69d82b64b89e6ad6ed1e275ec5002e48170e4c7b4f3971481098dedb88fba90770e44bf404d5a97fefe2fe8e459fe45933b78c7ab5fe985a480193a20fb07da1455fb283df68af569ac82aa6dc703e29bf158931fb79f2abfa6ff7eb8c4f381c9da58bea460e2ead969933e5391970ca4fddd64da2e5df9c4d82044068caaaab771b37bb06bbe673056d849825525f1120b2250f6b8520381f7a74b1c687781cb6b23e67b918844b83dbaeeb559ec8520d710dd6d6b4e64838bd434a36ed03fc0c488b24571032ffbc9f8ce97041e1bc4729d539358dc9599c1266b9ce2cb6dd0ad57a6e9d3d4a11a27f70b2934c96237e2ba09c58eeda678d4d08b6da99b7a86e946215afb1b48792fde54492e306cb5342e2589874b603a1de972b1f09cc350096f5c3e814118af9ba0793cfdf20c77b34eacfdf63ce59ec4d2f867bf884e941559b068d908325667672b5e1cf71f4829c0493e8b141399ed926b822becead7a0a2b4a4c008ab16b616d60f347e4da54f06443507efe57ea62399ef4eb11b2f559e1b056456a53998bf1c6d13c92e75136147f91ae3a75ca15eb1b51bf700b3c0bf54bc3745ff313c5e75dc66386897f6ee45429371b8d0878c442ad2fe9baf85c1390da13efc353ccbef950c29f39ddf436f0d9bf1be1515ed251d8b6f11ecb16b1e8d1ed04196e9b6c2f9e068b7749bb6c1f533e493f22c901662c65cb761dc2eeff2f698bd4dbae83e2dfdc4f1c7f918a00515c1bc189d10ec22b35c92725cbf0ba244fd029c4f026f68e000000060000ab0476c3fd7f7c1e5c000000000000000000000011e43e39d3f4394fbfa13c416b1c443c5e52eea726491ad75100ebad7c6d5a665c59a3fb158e43da904f19e7e8daa4e90390b8da945f6cd78536c0d2be07221f85ad46b180f256d4d84592691d15d65896b66b63a46705338b67b72dc1c3075fcdc5cbffb0366151632ba5be8ae815dfea9fadfd31c473a24a73d3e5116c3023b3563c72d26fbd59877132bde5ca4ef8d92fd3613c768b35223f6fd0b5e9a8b98cccf1e2b4612e620e3a159d6365c9045aaa826aa0ee6d26cf0397ce674c20824584b464ebdc2f3ea26a7aec4570b242a6677a4e9187f8591c3a9bdc0000001a002364bbd93964a8d0bdc802b9be2500"/3636], &(0x7f0000000040)='GPL\x00', 0x4, 0xfdc0, &(0x7f0000000300)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) setsockopt$sock_attach_bpf(r8, 0x29, 0x22, &(0x7f0000000100)=r9, 0x120) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000080)=@ax25={{0x3, @null, 0x6}, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000100)="f5449b79b47bc092ad0b822219853d66643354ad2a713d707272", 0x1a}, {&(0x7f0000000140)="0887529fd875", 0x6}, {&(0x7f0000000200)="732c41119b65ebc392adf75f3a58393532b1305f641338b238afca5bf7230550b70802251144d478f872ddb0da7a7b93ad69c33ff5bbf7908b107ae3786bd7c72bf00be160845db1560023d2c0dbc1afa474cb1bc52891258f8f1a458a36e1c0a3f9bfdc566865ff58838e91cbecc1f7a23a20ab28319e72bb8187e5bd9a277496c265c8787197a3f53d4aa3a1595a366a0e7b436bcc4f1e8af4978e71b5df1316bbec0c6ad1d8e699fa5fcd805b6e", 0xaf}, {&(0x7f0000000180)}, {&(0x7f00000002c0)="b6c31e625f30c69cc9e5f976f246640be13108bc521a9dbcdf364ea21690029a9a98c9dc95ebe91b20e88f4c87f8c524adc651010259c9aa0df84510ffd780d0046214835f091ec14f2500e5938ace07d79ec03b139b2899fc797ce3f1baa2ecd8601883d28d4fe3dfb90e8c18dbc44c14f9726415573904b37663cb3fbd3792726ffa", 0x83}], 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB="5800000000000000120100000900000018f22c0ee9ad855efaaf9dfae3010beda446dd89249d77d6815753ccecac7cf70ea2024ab408988b866c940a5ddf5f5d85ea85fb6886ad9dc42f704a27103da33ca500000000000008010000000000001a000000fcffffff82149319554cd5e024db3c81e3d09fb503677fc515c966d0fdd78b3526b3957d384a843451601d0b541ad48eb8505246b35649b0ec9a73d97477b34f2be16d14e4aa1235056a69cf4ca19928a2b1b59fe954d4c71153db6000bf3b2b3fe4e80c998ea701ed78ee4c9177d44d162dc4715844b08a810fee5e5081b05a90733094858b0f50d7781d2fa4d16df17e8dc1e1db134ea7dcffc9b7656b8f9554c99de88c5a59f3b2b82f36f6784a3f5aacf8ad619cbfc59f8e98a014afdca3fd49217a7fadc1228ba8aa22c93bf59d71d868d88b8184d8d010b78904fd4b118f30c0dbb1140fffbc90d6239d0c82f0a432fde3f8d9186100000000880000000000000006000000bdfa000006a2d11fbc70a25dd41a64778d6df4a5e653f517fb7955eff602aa75f52f451eac0afcf6890ac9bdb3e19d8cb3ee00c7dc4f211257c04674c67dbf574b140e099bda402cc0c38562512f4eb38f60a1d4dec8e504f5f1cf3f9381e2457cf166f11beccca6fc17cb8207f85b275c5b15099a00"], 0x1e8}, 0x20004080) 1.482926359s ago: executing program 2 (id=1868): socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x6a, &(0x7f0000000180)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaae308004503005c00000000fe2f907800000000e0000001248088a800000000100008000000000086dd0002080088be00000000100000000100000000000000080322eb000000002000000002000000000000e8ffffff000800655800e7ff00"], 0x0) socket$rxrpc(0x21, 0x2, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001240)={{0x14}, [@NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_COMPAT={0xc, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x88ca}]}, @NFTA_RULE_ID={0x8}]}], {0x14}}, 0x5c}}, 0x20000081) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)}, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r1 = getpid() syz_open_procfs$namespace(r1, &(0x7f0000001080)='ns/user\x00') r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x85, &(0x7f0000000000)={r4, @in={{0x2, 0x0, @empty}}, 0x27c0}, 0x90) 1.339122037s ago: executing program 2 (id=1869): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, 0x0, &(0x7f00000000c0)) listen(0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x0, 0x2}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x2c, r5, 0x1, 0x0, 0xfffffffd, {}, [@TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffffffff8000}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44}, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x41}, 0x1be) sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) 1.306826337s ago: executing program 4 (id=1870): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x17c, 0x65, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x9}, {0x0, 0xb}}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_bpf={{0x8}, {0x84, 0x2, [@TCA_BPF_FLAGS={0x8}, @TCA_BPF_FD={0x8}, @TCA_BPF_CLASSID={0x8, 0x3, {0xfff2, 0x2}}, @TCA_BPF_OPS={{0x6, 0x4, 0x2}, {0x14, 0x5, [{0x40, 0x1, 0x6, 0x177}, {0x400, 0x7, 0xfc}]}}, @TCA_BPF_OPS={{0x6, 0x4, 0x8}, {0x44, 0x5, [{0x7, 0x6, 0x0, 0x8001}, {0x7, 0x3, 0x4, 0xb4e}, {0x3, 0x2, 0xb, 0x7}, {0x2, 0x0, 0x2, 0x5}, {0x5, 0x0, 0x7, 0x31d}, {0x0, 0xc2, 0x1, 0x400}, {0x1, 0x6f, 0xf6, 0x9}, {0x6bb3, 0x1, 0x9, 0xfffffff4}]}}]}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x48, 0x2, [@TCA_FLOWER_KEY_ENC_IPV6_DST_MASK={0x14, 0x22, [0x0, 0xff, 0xff, 0xffffff00]}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x5}, @TCA_FLOWER_KEY_PORT_SRC_MAX={0x6, 0x58, 0x4e21}, @TCA_FLOWER_KEY_UDP_SRC_MASK={0x6}, @TCA_FLOWER_KEY_ICMPV6_TYPE={0x5}, @TCA_FLOWER_KEY_ARP_TIP_MASK={0x8, 0x3c, 0xff000000}, @TCA_FLOWER_KEY_SCTP_DST_MASK={0x6}]}}, @filter_kind_options=@f_route={{0xa}, {0x5c, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x40, 0x6, [@m_connmark={0x3c, 0x0, 0x0, 0x0, {{0xd}, {0x4}, {0xa, 0x6, "66396e732cf6"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x17c}, 0x1, 0x0, 0x0, 0x81}, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0) sendmsg$NLBL_UNLABEL_C_LIST(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r1, 0x1}, 0x14}}, 0x0) r2 = socket(0x10, 0x803, 0x0) sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) unshare(0x20000400) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000900)={r5, 0x0, 0x0, 0x4}, 0x20) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={0x30, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x30}}, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c00018006000600800a000004050280ff0414"], 0x528}}, 0xc000) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) r8 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r8, 0x107, 0xa, &(0x7f0000000000)=0x2, 0x4) setsockopt$packet_tx_ring(r8, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) sendto$packet(r8, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @link_local}, 0x14) ioctl$TUNSETOFFLOAD(r3, 0x400454d0, 0x10) r9 = socket(0x11, 0xa, 0x0) getpeername$packet(r9, 0x0, 0x0) recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x41}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 1.132375428s ago: executing program 2 (id=1873): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001800e10200000000000000000a800000ff0300"], 0x30}}, 0x10010) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000016c0)=@newlink={0x58, 0x10, 0x437, 0x0, 0xff00, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x28, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE6={0x14, 0x7, @empty}, @IFLA_GENEVE_TTL={0x5}, @IFLA_GENEVE_ID={0x8, 0x1, 0x3}]}}}]}, 0x58}}, 0x0) 1.110799477s ago: executing program 3 (id=1874): socket$caif_seqpacket(0x25, 0x5, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000003c0)={0x40, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x5, 0x13, [{0x30, 0x1}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x80c1}, 0x0) 1.044372179s ago: executing program 1 (id=1875): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x10240}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 1.004263649s ago: executing program 0 (id=1876): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x10, 0x0, 0x0, {[@window={0x3, 0x1, 0x4}]}}}}}}}}, 0x0) 830.768618ms ago: executing program 4 (id=1877): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x10, 0x0, 0x0, {[@window={0x3, 0x1, 0x4}]}}}}}}}}, 0x0) (fail_nth: 1) 829.169173ms ago: executing program 2 (id=1878): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYRES32=r2, @ANYBLOB="08009e000e"], 0x24}}, 0x0) 797.314363ms ago: executing program 3 (id=1879): socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x6a, &(0x7f0000000180)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaae308004503005c00000000fe2f907800000000e0000001248088a800000000100008000000000086dd0002080088be00000000100000000100000000000000080322eb000000002000000002000000000000e8ffffff000800655800e7ff00"], 0x0) socket$rxrpc(0x21, 0x2, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001240)={{0x14}, [@NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_COMPAT={0xc, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x88ca}]}, @NFTA_RULE_ID={0x8}]}], {0x14}}, 0x5c}}, 0x20000081) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)}, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r1 = getpid() syz_open_procfs$namespace(r1, &(0x7f0000001080)='ns/user\x00') r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x85, &(0x7f0000000000)={r4, @in={{0x2, 0x0, @empty}}, 0x27c0}, 0x90) 757.5575ms ago: executing program 0 (id=1880): r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETTABLE(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c000000010a0108400000f1ffffffff09000001090001"], 0x2c}, 0x1, 0x0, 0x0, 0x8040050}, 0x8004) openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) unshare(0x2000400) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000040)="1300000032001f00030300f9002304000a04d6", 0x13) setsockopt$packet_int(r2, 0x107, 0x14, 0x0, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(0xffffffffffffffff, 0x28, 0x0, &(0x7f0000000000), 0x8) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, &(0x7f0000000140)={0x4, 0x80000000, 0x4, 0xe}, 0x10) r4 = getpid() r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x14, r8, 0x1, 0x78bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x90) sendmsg$DEVLINK_CMD_RELOAD(r5, &(0x7f0000000100)={0x0, 0x4100, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000000000000000000250dbe10e54e490000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008b00", @ANYRES32=r4, @ANYBLOB], 0x3c}}, 0x0) syz_genetlink_get_family_id$ethtool(0x0, r5) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000001f00)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r9, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000140)={0x3c, 0x0, 0xc01, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r11}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}], @NL80211_ATTR_DURATION={0x8, 0x57, 0xff}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x40000c4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xd, &(0x7f0000000900)=ANY=[@ANYRESDEC=r9, @ANYRES32, @ANYRESOCT=r4], &(0x7f0000000180)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) close(0xffffffffffffffff) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) syz_emit_ethernet(0x7a, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60be690b00442f0000000000000000000000fffffffffffdff020000000000000000000000000001242086dd00"], 0x0) r12 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYRES32=r12, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 659.847255ms ago: executing program 1 (id=1881): socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x5e8c, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000005c0)={'ip6gre0\x00', &(0x7f0000000500)={'syztnl2\x00', 0x0, 0x4, 0x8, 0x8, 0x8, 0x22, @mcast1, @rand_addr=' \x01\x00', 0x700, 0x7, 0xfffffff9, 0xfffffffe}}) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000b80)={0x8, 0x0}, 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000640)={0x124, r5, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_PEERS={0xac, 0x8, 0x0, 0x1, [{0x78, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x2000}, @WGPEER_A_ALLOWEDIPS={0x48, 0x9, 0x0, 0x1, [{0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x36}}, {0x5, 0x3, 0x1}}]}, {0x4}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}, {0x30, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x1}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x4084}, 0x20000010) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB='$\x00\t\x00', @ANYRES16=r1, @ANYRES32=r3, @ANYRES32=r4, @ANYBLOB="08002600ad160000"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) 658.467375ms ago: executing program 2 (id=1882): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) connect$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x5, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 608.058839ms ago: executing program 4 (id=1883): pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000100039a00"/20, @ANYRES32], 0x3}}, 0x0) splice(r0, 0x0, r1, 0x0, 0x10500, 0x0) 606.791434ms ago: executing program 3 (id=1884): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bond_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="800000001000030400"/19, @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e00000000400002800600010000000000340003800c000100000ffe00000000000c00010094040000000000000c00010000010000000000000c000100040000000000000008000500", @ANYRES32=r2, @ANYBLOB="080003"], 0x80}}, 0x0) 526.77171ms ago: executing program 0 (id=1885): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000003c0)={0x38, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x80c1}, 0x0) 507.045862ms ago: executing program 1 (id=1886): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000880)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="01002dbd7000ffdbdf255300000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x44804}, 0xc04) 486.470768ms ago: executing program 0 (id=1887): r0 = socket(0x10, 0x3, 0x0) recvmmsg$unix(r0, &(0x7f0000002300)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffa4}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000040), r0) sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x12000405}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, r1, 0x20, 0x70bd28, 0x25dfdbff, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000040}, 0x40844) write(r0, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14) 465.539968ms ago: executing program 4 (id=1888): socket$nl_generic(0x11, 0x3, 0x10) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @random="be2205f95cd0", 'veth1_to_batadv\x00'}}, 0x1e) socket$nl_route(0x10, 0x3, 0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r0, 0xf503, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)={0x5c, 0x2c, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x800}, @nested={0x45, 0x11, 0x0, 0x1, [@generic="2fe5afbf24fbcccc554cd9761e79b8dad8a2018544a3f855448c77987d9d7a5233e2eb702840054f9e143ec6c09650dbe7a1520d6147f9cdbd9d15d2dcd393701e"]}]}, 0x5c}], 0x1}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=ANY=[@ANYBLOB="f8000000160001000000000000000000ff01000000000000000000000000000100000000000000000000ffff000000000000000000000000000080a000000000", @ANYRESOCT=r1, @ANYRES32=0x0, @ANYBLOB="00000000000000000000ffdfac14142000000000330000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f1ffffffffffffff03000000000000000000000000000000000000000000000000000000000000000000000000000000feffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000016b1a0010026c278746cdbd3e8db1f7c3ec036225a3c79f68b94312554134540f0c741daac01e2a649ada073b821d14be095d46c5001bc152d4d638ab0f2f0386f788e9ad58cb3468ae2e8f3e495a5561abdfc8b90bc08de83d344ffe62d17c894978a890901ee933236415e53dde4427dd48d1726fc8a814a27b9e8e41894e5509dcadf55c3286e7826"], 0xf8}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) ioctl$sock_TIOCOUTQ(r3, 0x5411, &(0x7f0000000240)) sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20010000120013070000000000000000e0000001000000000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x0, @random="7c9ab5135269", 'pim6reg0\x00'}}, 0x1e) 458.925367ms ago: executing program 3 (id=1889): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0xc00, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a80180001"], 0x4c}}, 0x0) 389.566165ms ago: executing program 1 (id=1890): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], &(0x7f0000002680)=""/4106, 0x26, 0x100a, 0x1, 0x0, 0x0, @void, @value}, 0x28) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x86, &(0x7f0000002600)}, 0x10) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$TIPC_IMPORTANCE(r2, 0x10f, 0x7f, 0x0, 0x0) r3 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e28, 0x0, @mcast2}, 0x1c) ioctl$sock_proto_private(r1, 0x89e2, &(0x7f0000000140)="ba") 302.657913ms ago: executing program 3 (id=1891): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x54, r1, 0x1, 0x0, 0x0, {0x26}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x51}, {0xc}, {0xc}}]}, 0x54}}, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="34000000010101020000000000000000070000000400028008001a40004000060c001980080002002800100008000340"], 0x34}}, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) syz_emit_ethernet(0x46, &(0x7f00000002c0)={@multicast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f4adf7", 0x10, 0x2c, 0x0, @dev, @mcast2, {[@hopopts={0x3c}], @echo_reply}}}}}, 0x0) unshare(0x100) sendmmsg$inet(r2, &(0x7f0000000c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="2000000000000000000000000700000001440e05"], 0x20}}], 0x1, 0x0) 291.008347ms ago: executing program 1 (id=1892): socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x1, 0x0) close(0xffffffffffffffff) socket$unix(0x1, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$unix(0x1, 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000b98bc2c900000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x700, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c00000010000104000000000000000000002000", @ANYRES32=0x0, @ANYBLOB="03000000000000002c0012800c0001006d6163766c616e001c000280080001000800000006ef0200010000001ffe02000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0xc010) 275.319755ms ago: executing program 4 (id=1893): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_netrom_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f00000000c0)={0x1, @bcast, @bpq0, 0x5b, 'syz1\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xd, 0x8, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x11, &(0x7f0000000080)=0xfffffffe, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x23a, 0x9, 0x2008, 0x2}, 0x1c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000009c0)=@newlink={0x44, 0x10, 0x403, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1008}, [@IFLA_ADDRESS={0xa}, @IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x4}}}]}, 0x44}}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x35, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x7c}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r2, 0x29, 0x4b, &(0x7f0000000180)=0xfffffff8, 0x4) bind$inet6(r2, &(0x7f00000003c0)={0xa, 0x4e20, 0xfffffffd, @private2, 0x7}, 0x1c) r3 = socket$inet(0x2, 0x2, 0x1) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000440)="0800eca3486fa3e8", 0x8}], 0x1, &(0x7f0000000640)=[@ip_tos_u8={{0x11, 0x0, 0x7}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @local, @initdev={0xac, 0x1e, 0x1, 0x0}}}}], 0x38}, 0x10) r5 = socket$inet6(0xa, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0xa, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x7, 0x8, &(0x7f00000009c0)=@framed={{0x18, 0x2}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}}]}, &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$inet6_int(r5, 0x29, 0x4b, &(0x7f00000009c0)=0x8, 0x4) r7 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_INIT(r7, 0x29, 0xc8, &(0x7f0000000340), 0x4) close(r7) bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x8, @private2}, 0x1c) r8 = socket$igmp(0x2, 0x3, 0x2) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000680), 0x4) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r9}, 0x10) setsockopt$IP_VS_SO_SET_STOPDAEMON(r8, 0x0, 0x48c, &(0x7f0000000000)={0x1, 'dummy0\x00'}, 0x18) 267.477586ms ago: executing program 0 (id=1894): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x700, &(0x7f0000000000), 0x8) 158.825855ms ago: executing program 0 (id=1895): r0 = socket$inet6(0xa, 0x80002, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000080)=0x6, 0x4) recvmmsg(r0, &(0x7f0000001dc0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)=""/142, 0x8e}], 0x1}, 0x9}], 0x1, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x10010000004e20}, 0x1c) sendmmsg$inet(r0, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="c1", 0x1}], 0x1}}], 0x1, 0x0) 125.205367ms ago: executing program 4 (id=1896): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000003c0)={0x38, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x5, 0x13, [{0x30, 0x1}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x80c1}, 0x0) 0s ago: executing program 1 (id=1897): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000003c0)={0x3c, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80c1}, 0x0) kernel console output (not intermixed with test programs): 4_after_hwframe+0x77/0x7f [ 142.898564][ T8678] RIP: 0033:0x7f51d8985d29 [ 142.902985][ T8678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.922590][ T8678] RSP: 002b:00007f51d9795038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 142.931005][ T8678] RAX: ffffffffffffffda RBX: 00007f51d8b75fa0 RCX: 00007f51d8985d29 [ 142.938977][ T8678] RDX: 0000000000008080 RSI: 0000000020000080 RDI: 0000000000000005 [ 142.946947][ T8678] RBP: 00007f51d9795090 R08: 0000000000000000 R09: 0000000000000000 [ 142.954917][ T8678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.962887][ T8678] R13: 0000000000000000 R14: 00007f51d8b75fa0 R15: 00007fff6de10e58 [ 142.970873][ T8678] [ 143.169203][ T8697] netlink: 4 bytes leftover after parsing attributes in process `syz.2.888'. [ 143.435658][ T8712] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 143.553670][ T8717] netlink: 'syz.4.897': attribute type 1 has an invalid length. [ 143.565360][ T8717] netlink: 'syz.4.897': attribute type 1 has an invalid length. [ 143.597742][ T8720] FAULT_INJECTION: forcing a failure. [ 143.597742][ T8720] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.665540][ T8720] CPU: 0 UID: 0 PID: 8720 Comm: syz.2.898 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 143.676207][ T8720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 143.686303][ T8720] Call Trace: [ 143.689597][ T8720] [ 143.692537][ T8720] dump_stack_lvl+0x241/0x360 [ 143.697242][ T8720] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.702461][ T8720] ? __pfx__printk+0x10/0x10 [ 143.707065][ T8720] ? snprintf+0xda/0x120 [ 143.711317][ T8720] should_fail_ex+0x3b0/0x4e0 [ 143.716005][ T8720] _copy_to_user+0x31/0xb0 [ 143.720426][ T8720] simple_read_from_buffer+0xca/0x150 [ 143.725805][ T8720] proc_fail_nth_read+0x1e9/0x250 [ 143.730830][ T8720] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 143.736377][ T8720] ? rw_verify_area+0x55e/0x6f0 [ 143.741225][ T8720] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 143.746775][ T8720] vfs_read+0x1fc/0xb70 [ 143.750932][ T8720] ? __pfx___mutex_lock+0x10/0x10 [ 143.755959][ T8720] ? __pfx_vfs_read+0x10/0x10 [ 143.760647][ T8720] ? __fget_files+0x2a/0x410 [ 143.765240][ T8720] ? __fget_files+0x395/0x410 [ 143.769923][ T8720] ? __fget_files+0x2a/0x410 [ 143.774522][ T8720] ksys_read+0x18f/0x2b0 [ 143.778767][ T8720] ? __pfx_ksys_read+0x10/0x10 [ 143.783529][ T8720] ? do_syscall_64+0x100/0x230 [ 143.788294][ T8720] ? do_syscall_64+0xb6/0x230 [ 143.792972][ T8720] do_syscall_64+0xf3/0x230 [ 143.797476][ T8720] ? clear_bhb_loop+0x35/0x90 [ 143.802154][ T8720] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.808046][ T8720] RIP: 0033:0x7f6aeff8473c [ 143.812460][ T8720] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 143.832069][ T8720] RSP: 002b:00007f6af0d45030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 143.840489][ T8720] RAX: ffffffffffffffda RBX: 00007f6af0175fa0 RCX: 00007f6aeff8473c [ 143.848461][ T8720] RDX: 000000000000000f RSI: 00007f6af0d450a0 RDI: 0000000000000008 [ 143.856429][ T8720] RBP: 00007f6af0d45090 R08: 0000000000000000 R09: 0000000000000000 [ 143.864400][ T8720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.872367][ T8720] R13: 0000000000000000 R14: 00007f6af0175fa0 R15: 00007ffe9dbd1c18 [ 143.880350][ T8720] [ 144.016103][ T8725] bridge_slave_1: left allmulticast mode [ 144.059688][ T8725] bridge_slave_1: left promiscuous mode [ 144.078636][ T8725] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.116639][ T8725] bridge_slave_0: left allmulticast mode [ 144.140593][ T8725] bridge_slave_0: left promiscuous mode [ 144.149231][ T8725] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.702079][ T8751] netlink: 'syz.1.908': attribute type 8 has an invalid length. [ 144.723835][ T8751] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 145.912136][ T8815] __nla_validate_parse: 6 callbacks suppressed [ 145.912156][ T8815] netlink: 28 bytes leftover after parsing attributes in process `syz.2.920'. [ 145.934066][ T8815] netlink: 28 bytes leftover after parsing attributes in process `syz.2.920'. [ 146.004247][ T8815] team0: entered promiscuous mode [ 146.009497][ T8815] team_slave_0: entered promiscuous mode [ 146.025720][ T8815] team_slave_1: entered promiscuous mode [ 146.045432][ T8815] bridge0: entered promiscuous mode [ 146.058856][ T8815] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 146.084125][ T8815] Cannot create hsr debugfs directory [ 146.091414][ T8822] netlink: 20 bytes leftover after parsing attributes in process `syz.0.924'. [ 146.361199][ T8840] set match dimension is over the limit! [ 146.369568][ T8840] netlink: 8 bytes leftover after parsing attributes in process `syz.2.931'. [ 146.380248][ T8840] netlink: 'syz.2.931': attribute type 3 has an invalid length. [ 146.394137][ T8840] pim6reg: entered allmulticast mode [ 146.469991][ T8850] pim6reg: left allmulticast mode [ 146.521654][ T8855] FAULT_INJECTION: forcing a failure. [ 146.521654][ T8855] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 146.560698][ T8855] CPU: 0 UID: 0 PID: 8855 Comm: syz.0.936 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 146.571341][ T8855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 146.581407][ T8855] Call Trace: [ 146.584694][ T8855] [ 146.587627][ T8855] dump_stack_lvl+0x241/0x360 [ 146.592311][ T8855] ? __pfx_dump_stack_lvl+0x10/0x10 [ 146.597517][ T8855] ? __pfx__printk+0x10/0x10 [ 146.602113][ T8855] ? __pfx_lock_release+0x10/0x10 [ 146.607149][ T8855] ? __lock_acquire+0x1397/0x2100 [ 146.612178][ T8855] should_fail_ex+0x3b0/0x4e0 [ 146.616860][ T8855] _copy_from_iter+0x1e9/0x1c20 [ 146.621725][ T8855] ? __pfx__copy_from_iter+0x10/0x10 [ 146.627016][ T8855] ? tun_get_user+0x86e/0x4890 [ 146.631781][ T8855] ? __pfx_lock_release+0x10/0x10 [ 146.636809][ T8855] ? page_copy_sane+0x46/0x260 [ 146.641578][ T8855] copy_page_from_iter+0x7a/0x100 [ 146.646611][ T8855] tun_get_user+0x203c/0x4890 [ 146.651304][ T8855] ? tun_get_user+0x86e/0x4890 [ 146.656074][ T8855] ? __lock_acquire+0x1397/0x2100 [ 146.661110][ T8855] ? __pfx_tun_get_user+0x10/0x10 [ 146.666153][ T8855] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 146.671609][ T8855] ? tun_get+0x1e/0x2f0 [ 146.675766][ T8855] ? __pfx_lock_release+0x10/0x10 [ 146.680801][ T8855] ? tun_get+0x1e/0x2f0 [ 146.684954][ T8855] ? tun_get+0x27d/0x2f0 [ 146.689197][ T8855] tun_chr_write_iter+0x10d/0x1f0 [ 146.694224][ T8855] vfs_write+0xaeb/0xd30 [ 146.698470][ T8855] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 146.704018][ T8855] ? __pfx_vfs_write+0x10/0x10 [ 146.708783][ T8855] ? __fget_files+0x2a/0x410 [ 146.713373][ T8855] ? __fget_files+0x2a/0x410 [ 146.717966][ T8855] ksys_write+0x18f/0x2b0 [ 146.722300][ T8855] ? __pfx_ksys_write+0x10/0x10 [ 146.727148][ T8855] ? do_syscall_64+0x100/0x230 [ 146.731911][ T8855] ? do_syscall_64+0xb6/0x230 [ 146.736591][ T8855] do_syscall_64+0xf3/0x230 [ 146.741088][ T8855] ? clear_bhb_loop+0x35/0x90 [ 146.745772][ T8855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.751674][ T8855] RIP: 0033:0x7f7b36f847df [ 146.756092][ T8855] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 146.775706][ T8855] RSP: 002b:00007f7b37e55000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 146.784128][ T8855] RAX: ffffffffffffffda RBX: 00007f7b37175fa0 RCX: 00007f7b36f847df [ 146.792097][ T8855] RDX: 0000000000000038 RSI: 0000000020000300 RDI: 00000000000000c8 [ 146.800069][ T8855] RBP: 00007f7b37e55090 R08: 0000000000000000 R09: 0000000000000000 [ 146.808043][ T8855] R10: 0000000000000038 R11: 0000000000000293 R12: 0000000000000001 [ 146.816008][ T8855] R13: 0000000000000000 R14: 00007f7b37175fa0 R15: 00007ffe7bbad578 [ 146.824077][ T8855] [ 147.080561][ T8866] netlink: 'syz.1.942': attribute type 10 has an invalid length. [ 147.094245][ T8866] netlink: 132 bytes leftover after parsing attributes in process `syz.1.942'. [ 147.094755][ T8868] FAULT_INJECTION: forcing a failure. [ 147.094755][ T8868] name failslab, interval 1, probability 0, space 0, times 0 [ 147.108891][ T8866] FAULT_INJECTION: forcing a failure. [ 147.108891][ T8866] name failslab, interval 1, probability 0, space 0, times 0 [ 147.135414][ T8868] CPU: 1 UID: 0 PID: 8868 Comm: syz.2.940 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 147.146059][ T8868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 147.156131][ T8868] Call Trace: [ 147.159419][ T8868] [ 147.162360][ T8868] dump_stack_lvl+0x241/0x360 [ 147.167075][ T8868] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.172297][ T8868] ? __pfx__printk+0x10/0x10 [ 147.176912][ T8868] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 147.182308][ T8868] ? __pfx___might_resched+0x10/0x10 [ 147.187621][ T8868] should_fail_ex+0x3b0/0x4e0 [ 147.192330][ T8868] should_failslab+0xac/0x100 [ 147.197027][ T8868] __kmalloc_node_noprof+0xe1/0x4d0 [ 147.202235][ T8868] ? crypto_create_tfm_node+0x88/0x3d0 [ 147.207697][ T8868] crypto_create_tfm_node+0x88/0x3d0 [ 147.212986][ T8868] crypto_alloc_tfm_node+0x161/0x360 [ 147.218279][ T8868] esp_init_state+0x611/0x10b0 [ 147.223054][ T8868] ? __pfx_esp_init_state+0x10/0x10 [ 147.228265][ T8868] ? __xfrm_init_state+0x708/0xea0 [ 147.233374][ T8868] ? __pfx_lock_release+0x10/0x10 [ 147.238408][ T8868] __xfrm_init_state+0x9db/0xea0 [ 147.243356][ T8868] xfrm_add_sa+0x2c6e/0x3d70 [ 147.247959][ T8868] ? __pfx_xfrm_add_sa+0x10/0x10 [ 147.252900][ T8868] ? __nla_parse+0x40/0x60 [ 147.257317][ T8868] xfrm_user_rcv_msg+0x890/0xb90 [ 147.262258][ T8868] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 147.267735][ T8868] ? __mutex_trylock_common+0x183/0x2e0 [ 147.273286][ T8868] ? __pfx___might_resched+0x10/0x10 [ 147.278578][ T8868] ? __pfx___mutex_trylock_common+0x10/0x10 [ 147.284480][ T8868] netlink_rcv_skb+0x1e3/0x430 [ 147.289244][ T8868] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 147.294704][ T8868] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 147.300004][ T8868] xfrm_netlink_rcv+0x79/0x90 [ 147.304678][ T8868] netlink_unicast+0x7f6/0x990 [ 147.309451][ T8868] ? __pfx_netlink_unicast+0x10/0x10 [ 147.314733][ T8868] ? __virt_addr_valid+0x45f/0x530 [ 147.319848][ T8868] ? __phys_addr_symbol+0x2f/0x70 [ 147.324872][ T8868] ? __check_object_size+0x47a/0x730 [ 147.330159][ T8868] netlink_sendmsg+0x8e4/0xcb0 [ 147.334929][ T8868] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.340230][ T8868] ? aa_sock_msg_perm+0x91/0x160 [ 147.345172][ T8868] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.350454][ T8868] __sock_sendmsg+0x221/0x270 [ 147.355136][ T8868] ____sys_sendmsg+0x52a/0x7e0 [ 147.359907][ T8868] ? __pfx_____sys_sendmsg+0x10/0x10 [ 147.365189][ T8868] ? __fget_files+0x2a/0x410 [ 147.369787][ T8868] ? __fget_files+0x2a/0x410 [ 147.374396][ T8868] __sys_sendmsg+0x269/0x350 [ 147.378985][ T8868] ? __pfx_lock_release+0x10/0x10 [ 147.384012][ T8868] ? __pfx___sys_sendmsg+0x10/0x10 [ 147.389130][ T8868] ? __pfx_vfs_write+0x10/0x10 [ 147.393911][ T8868] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 147.400240][ T8868] ? do_syscall_64+0x100/0x230 [ 147.405002][ T8868] ? do_syscall_64+0xb6/0x230 [ 147.409675][ T8868] do_syscall_64+0xf3/0x230 [ 147.414173][ T8868] ? clear_bhb_loop+0x35/0x90 [ 147.418853][ T8868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.424743][ T8868] RIP: 0033:0x7f6aeff85d29 [ 147.429154][ T8868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.448756][ T8868] RSP: 002b:00007f6af0d45038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 147.457170][ T8868] RAX: ffffffffffffffda RBX: 00007f6af0175fa0 RCX: 00007f6aeff85d29 [ 147.465139][ T8868] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 147.473106][ T8868] RBP: 00007f6af0d45090 R08: 0000000000000000 R09: 0000000000000000 [ 147.481078][ T8868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 147.489045][ T8868] R13: 0000000000000000 R14: 00007f6af0175fa0 R15: 00007ffe9dbd1c18 [ 147.497029][ T8868] [ 147.501358][ T8866] CPU: 0 UID: 0 PID: 8866 Comm: syz.1.942 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 147.511994][ T8866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 147.522090][ T8866] Call Trace: [ 147.525386][ T8866] [ 147.528319][ T8866] dump_stack_lvl+0x241/0x360 [ 147.533005][ T8866] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.538207][ T8866] ? __pfx__printk+0x10/0x10 [ 147.542799][ T8866] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 147.548783][ T8866] ? __pfx___might_resched+0x10/0x10 [ 147.554093][ T8866] should_fail_ex+0x3b0/0x4e0 [ 147.558809][ T8866] should_failslab+0xac/0x100 [ 147.563505][ T8866] kmem_cache_alloc_node_noprof+0x77/0x380 [ 147.569320][ T8866] ? __alloc_skb+0x1c3/0x440 [ 147.573919][ T8866] __alloc_skb+0x1c3/0x440 [ 147.578343][ T8866] ? __pfx___alloc_skb+0x10/0x10 [ 147.583284][ T8866] ? netlink_ack_tlv_len+0x6e/0x200 [ 147.588484][ T8866] netlink_ack+0x145/0xa50 [ 147.592898][ T8866] ? __pfx___might_resched+0x10/0x10 [ 147.598188][ T8866] netlink_rcv_skb+0x262/0x430 [ 147.602989][ T8866] ? __pfx_genl_rcv_msg+0x10/0x10 [ 147.608032][ T8866] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 147.613349][ T8866] genl_rcv+0x28/0x40 [ 147.617341][ T8866] netlink_unicast+0x7f6/0x990 [ 147.622115][ T8866] ? __pfx_netlink_unicast+0x10/0x10 [ 147.627408][ T8866] ? __virt_addr_valid+0x45f/0x530 [ 147.632524][ T8866] ? __phys_addr_symbol+0x2f/0x70 [ 147.637547][ T8866] ? __check_object_size+0x47a/0x730 [ 147.642858][ T8866] netlink_sendmsg+0x8e4/0xcb0 [ 147.647664][ T8866] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.652970][ T8866] ? aa_sock_msg_perm+0x91/0x160 [ 147.657923][ T8866] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.663213][ T8866] __sock_sendmsg+0x221/0x270 [ 147.667901][ T8866] ____sys_sendmsg+0x52a/0x7e0 [ 147.672671][ T8866] ? __pfx_____sys_sendmsg+0x10/0x10 [ 147.677953][ T8866] ? __fget_files+0x2a/0x410 [ 147.682547][ T8866] ? __fget_files+0x2a/0x410 [ 147.687146][ T8866] __sys_sendmsg+0x269/0x350 [ 147.691735][ T8866] ? __pfx_lock_release+0x10/0x10 [ 147.696761][ T8866] ? __pfx___sys_sendmsg+0x10/0x10 [ 147.701880][ T8866] ? __pfx_vfs_write+0x10/0x10 [ 147.706659][ T8866] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 147.712985][ T8866] ? do_syscall_64+0x100/0x230 [ 147.717752][ T8866] ? do_syscall_64+0xb6/0x230 [ 147.722425][ T8866] do_syscall_64+0xf3/0x230 [ 147.726926][ T8866] ? clear_bhb_loop+0x35/0x90 [ 147.731615][ T8866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.737505][ T8866] RIP: 0033:0x7f51d8985d29 [ 147.741924][ T8866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.761541][ T8866] RSP: 002b:00007f51d9795038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 147.769956][ T8866] RAX: ffffffffffffffda RBX: 00007f51d8b75fa0 RCX: 00007f51d8985d29 [ 147.777932][ T8866] RDX: 0000000000000000 RSI: 0000000020000800 RDI: 0000000000000004 [ 147.785908][ T8866] RBP: 00007f51d9795090 R08: 0000000000000000 R09: 0000000000000000 [ 147.793879][ T8866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 147.801852][ T8866] R13: 0000000000000000 R14: 00007f51d8b75fa0 R15: 00007fff6de10e58 [ 147.809830][ T8866] [ 148.087102][ T8883] netlink: 12 bytes leftover after parsing attributes in process `syz.3.941'. [ 148.290318][ T8878] syz.3.941: vmalloc error: size 33554432, failed to allocated page array size 65536, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 148.328879][ T8878] CPU: 0 UID: 0 PID: 8878 Comm: syz.3.941 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 148.339975][ T8878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 148.350063][ T8878] Call Trace: [ 148.353352][ T8878] [ 148.356301][ T8878] dump_stack_lvl+0x241/0x360 [ 148.361036][ T8878] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.366261][ T8878] ? __pfx__printk+0x10/0x10 [ 148.370890][ T8878] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 148.377333][ T8878] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 148.383872][ T8878] warn_alloc+0x278/0x410 [ 148.388234][ T8878] ? __pfx_warn_alloc+0x10/0x10 [ 148.393108][ T8878] ? xp_create_and_assign_umem+0x17b/0xc50 [ 148.398934][ T8878] ? __get_vm_area_node+0x1c8/0x2d0 [ 148.404144][ T8878] ? __get_vm_area_node+0x25c/0x2d0 [ 148.409354][ T8878] __vmalloc_node_range_noprof+0x62f/0x1380 [ 148.415252][ T8878] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 148.420992][ T8878] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 148.427320][ T8878] ? rcu_is_watching+0x15/0xb0 [ 148.432091][ T8878] ? trace_kmalloc+0x1f/0xd0 [ 148.436690][ T8878] ? __kmalloc_node_noprof+0x2ad/0x4d0 [ 148.442160][ T8878] ? __kvmalloc_node_noprof+0x72/0x190 [ 148.447621][ T8878] __kvmalloc_node_noprof+0x142/0x190 [ 148.452993][ T8878] ? xp_create_and_assign_umem+0x17b/0xc50 [ 148.458813][ T8878] xp_create_and_assign_umem+0x17b/0xc50 [ 148.464459][ T8878] ? dev_get_by_index+0x23/0x2d0 [ 148.469401][ T8878] xsk_bind+0x386/0xdc0 [ 148.473573][ T8878] __sys_bind+0x1e4/0x290 [ 148.477912][ T8878] ? __pfx___sys_bind+0x10/0x10 [ 148.482776][ T8878] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 148.489108][ T8878] ? exc_page_fault+0x590/0x8b0 [ 148.493976][ T8878] __x64_sys_bind+0x7a/0x90 [ 148.498487][ T8878] do_syscall_64+0xf3/0x230 [ 148.502991][ T8878] ? clear_bhb_loop+0x35/0x90 [ 148.507678][ T8878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.513634][ T8878] RIP: 0033:0x7f154db85d29 [ 148.518103][ T8878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.537729][ T8878] RSP: 002b:00007f154e98f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 148.546151][ T8878] RAX: ffffffffffffffda RBX: 00007f154dd76240 RCX: 00007f154db85d29 [ 148.554127][ T8878] RDX: 0000000000000010 RSI: 0000000020000100 RDI: 0000000000000003 [ 148.562119][ T8878] RBP: 00007f154dc01a20 R08: 0000000000000000 R09: 0000000000000000 [ 148.570090][ T8878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.578085][ T8878] R13: 0000000000000001 R14: 00007f154dd76240 R15: 00007ffff9fdb558 [ 148.586091][ T8878] [ 148.633418][ T8878] Mem-Info: [ 148.636623][ T8878] active_anon:6812 inactive_anon:0 isolated_anon:0 [ 148.636623][ T8878] active_file:1699 inactive_file:38284 isolated_file:0 [ 148.636623][ T8878] unevictable:768 dirty:476 writeback:0 [ 148.636623][ T8878] slab_reclaimable:10574 slab_unreclaimable:97944 [ 148.636623][ T8878] mapped:32875 shmem:1415 pagetables:734 [ 148.636623][ T8878] sec_pagetables:0 bounce:0 [ 148.636623][ T8878] kernel_misc_reclaimable:0 [ 148.636623][ T8878] free:1319025 free_pcp:308 free_cma:0 [ 148.691343][ T8878] Node 0 active_anon:27048kB inactive_anon:0kB active_file:6796kB inactive_file:153060kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:127400kB dirty:1900kB writeback:0kB shmem:4124kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10812kB pagetables:2836kB sec_pagetables:0kB all_unreclaimable? no [ 148.729351][ T8878] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 148.766275][ T8878] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 148.799568][ T8878] lowmem_reserve[]: 0 2465 2466 0 0 [ 148.811754][ T8878] Node 0 DMA32 free:1354804kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:27012kB inactive_anon:0kB active_file:6796kB inactive_file:152220kB unevictable:1536kB writepending:1900kB present:3129332kB managed:2552760kB mlocked:0kB bounce:0kB free_pcp:2448kB local_pcp:988kB free_cma:0kB [ 148.859776][ T8878] lowmem_reserve[]: 0 0 0 0 0 [ 148.865081][ T8878] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:840kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 148.903492][ T8878] lowmem_reserve[]: 0 0 0 0 0 [ 148.908768][ T8878] Node 1 Normal free:3904540kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 148.940023][ T8878] lowmem_reserve[]: 0 0 0 0 0 [ 148.945948][ T8878] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 148.962561][ T8878] Node 0 DMA32: 406*4kB (UM) 725*8kB (UME) 617*16kB (UME) 450*32kB (UME) 218*64kB (UME) 51*128kB (UME) 56*256kB (UME) 100*512kB (UME) 77*1024kB (UME) 6*2048kB (ME) 280*4096kB (M) = 1355728kB [ 148.990783][ T8878] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 149.010753][ T8878] Node 1 Normal: 219*4kB (UE) 46*8kB (UME) 40*16kB (UME) 200*32kB (UME) 101*64kB (UME) 29*128kB (UME) 14*256kB (UME) 7*512kB (UM) 6*1024kB (UM) 3*2048kB (UE) 944*4096kB (M) = 3904540kB [ 149.032638][ T8878] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 149.042367][ T8878] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 149.052836][ T8878] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 149.062617][ T8878] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 149.072977][ T8878] 41398 total pagecache pages [ 149.077834][ T8878] 0 pages in swap cache [ 149.082002][ T8878] Free swap = 124996kB [ 149.086340][ T8878] Total swap = 124996kB [ 149.090505][ T8878] 2097051 pages RAM [ 149.094526][ T8878] 0 pages HighMem/MovableOnly [ 149.099332][ T8878] 427011 pages reserved [ 149.103541][ T8878] 0 pages cma reserved [ 149.151836][ T8880] netlink: 8 bytes leftover after parsing attributes in process `syz.1.945'. [ 149.671349][ T8931] set match dimension is over the limit! [ 149.751254][ T8931] netlink: 'syz.2.960': attribute type 3 has an invalid length. [ 149.771869][ T8931] pim6reg: entered allmulticast mode [ 149.802033][ T8931] pim6reg: left allmulticast mode [ 149.808308][ T8933] netlink: 8 bytes leftover after parsing attributes in process `syz.3.962'. [ 150.195588][ T8953] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:24) already exists on: dummy0 [ 150.218166][ T8953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.230518][ T8953] dummy0: entered promiscuous mode [ 150.385685][ T8963] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 150.554111][ T8953] dummy0: left promiscuous mode [ 150.922186][ T8978] netlink: 12 bytes leftover after parsing attributes in process `syz.0.977'. [ 150.977742][ T8981] netlink: 28 bytes leftover after parsing attributes in process `syz.4.975'. [ 150.996654][ T8981] netlink: 28 bytes leftover after parsing attributes in process `syz.4.975'. [ 150.998267][ T8978] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.248477][ T8978] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.561713][ T9005] FAULT_INJECTION: forcing a failure. [ 151.561713][ T9005] name failslab, interval 1, probability 0, space 0, times 0 [ 151.562157][ T8978] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.574993][ T9005] CPU: 0 UID: 0 PID: 9005 Comm: syz.1.986 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 151.595601][ T9005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 151.605658][ T9005] Call Trace: [ 151.608936][ T9005] [ 151.611865][ T9005] dump_stack_lvl+0x241/0x360 [ 151.616552][ T9005] ? __pfx_dump_stack_lvl+0x10/0x10 [ 151.621749][ T9005] ? __pfx__printk+0x10/0x10 [ 151.626352][ T9005] should_fail_ex+0x3b0/0x4e0 [ 151.631034][ T9005] should_failslab+0xac/0x100 [ 151.635719][ T9005] ? skb_clone+0x20c/0x390 [ 151.640131][ T9005] kmem_cache_alloc_noprof+0x70/0x380 [ 151.645505][ T9005] skb_clone+0x20c/0x390 [ 151.649747][ T9005] __netlink_deliver_tap+0x3cc/0x7f0 [ 151.655043][ T9005] ? netlink_deliver_tap+0x2e/0x1b0 [ 151.660238][ T9005] netlink_deliver_tap+0x19d/0x1b0 [ 151.665348][ T9005] netlink_unicast+0x7c4/0x990 [ 151.670120][ T9005] ? __pfx_netlink_unicast+0x10/0x10 [ 151.675406][ T9005] ? __virt_addr_valid+0x45f/0x530 [ 151.680519][ T9005] ? __phys_addr_symbol+0x2f/0x70 [ 151.685543][ T9005] ? __check_object_size+0x47a/0x730 [ 151.690832][ T9005] netlink_sendmsg+0x8e4/0xcb0 [ 151.695645][ T9005] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.700934][ T9005] ? aa_sock_msg_perm+0x91/0x160 [ 151.705874][ T9005] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.711154][ T9005] __sock_sendmsg+0x221/0x270 [ 151.715837][ T9005] ____sys_sendmsg+0x52a/0x7e0 [ 151.720604][ T9005] ? __pfx_____sys_sendmsg+0x10/0x10 [ 151.725885][ T9005] ? __fget_files+0x2a/0x410 [ 151.730477][ T9005] ? __fget_files+0x2a/0x410 [ 151.735074][ T9005] __sys_sendmsg+0x269/0x350 [ 151.739663][ T9005] ? __pfx_lock_release+0x10/0x10 [ 151.744690][ T9005] ? __pfx___sys_sendmsg+0x10/0x10 [ 151.749807][ T9005] ? __pfx_vfs_write+0x10/0x10 [ 151.754586][ T9005] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 151.760909][ T9005] ? do_syscall_64+0x100/0x230 [ 151.765672][ T9005] ? do_syscall_64+0xb6/0x230 [ 151.770346][ T9005] do_syscall_64+0xf3/0x230 [ 151.774847][ T9005] ? clear_bhb_loop+0x35/0x90 [ 151.779532][ T9005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.785422][ T9005] RIP: 0033:0x7f51d8985d29 [ 151.789835][ T9005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.809442][ T9005] RSP: 002b:00007f51d9795038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.817865][ T9005] RAX: ffffffffffffffda RBX: 00007f51d8b75fa0 RCX: 00007f51d8985d29 [ 151.825834][ T9005] RDX: 0000000020004000 RSI: 00000000200005c0 RDI: 0000000000000003 [ 151.833800][ T9005] RBP: 00007f51d9795090 R08: 0000000000000000 R09: 0000000000000000 [ 151.841774][ T9005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.849740][ T9005] R13: 0000000000000000 R14: 00007f51d8b75fa0 R15: 00007fff6de10e58 [ 151.857730][ T9005] [ 151.900368][ T9006] netlink: 'syz.3.985': attribute type 8 has an invalid length. [ 152.092076][ T8978] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.271328][ T8978] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.318353][ T8978] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.353218][ T8978] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.387360][ T8978] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.707477][ T9052] IPv6: sit1: Disabled Multicast RS [ 152.721379][ T9052] sit1: entered allmulticast mode [ 152.971202][ T9062] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1006'. [ 153.021379][ T9058] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1002'. [ 153.073661][ T9058] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1002'. [ 153.428823][ T9077] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1010'. [ 153.446599][ T9077] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1010'. [ 154.282425][ T9125] nftables ruleset with unbound set [ 154.414688][ T9135] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1031'. [ 154.431650][ T9127] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1029'. [ 154.470082][ T9135] bond2: entered promiscuous mode [ 154.509147][ T9140] gretap1: entered promiscuous mode [ 154.537957][ T9140] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 154.572738][ T9135] bond2 (unregistering): (slave gretap1): Releasing backup interface [ 154.600022][ T9135] bond2 (unregistering): Released all slaves [ 154.936198][ T9158] ip6gretap0: entered promiscuous mode [ 155.002439][ T9158] batadv_slave_0: entered promiscuous mode [ 155.026636][ T9158] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 155.035379][ T9158] Cannot create hsr debugfs directory [ 155.527073][ T9192] FAULT_INJECTION: forcing a failure. [ 155.527073][ T9192] name failslab, interval 1, probability 0, space 0, times 0 [ 155.561253][ T9192] CPU: 0 UID: 0 PID: 9192 Comm: syz.3.1049 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 155.572003][ T9192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 155.582100][ T9192] Call Trace: [ 155.585404][ T9192] [ 155.588361][ T9192] dump_stack_lvl+0x241/0x360 [ 155.593256][ T9192] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.598490][ T9192] ? __pfx__printk+0x10/0x10 [ 155.603135][ T9192] should_fail_ex+0x3b0/0x4e0 [ 155.607859][ T9192] should_failslab+0xac/0x100 [ 155.612582][ T9192] __kmalloc_cache_noprof+0x70/0x390 [ 155.617908][ T9192] ? sctp_add_bind_addr+0x89/0x3a0 [ 155.623060][ T9192] sctp_add_bind_addr+0x89/0x3a0 [ 155.628032][ T9192] sctp_copy_local_addr_list+0x311/0x500 [ 155.633701][ T9192] ? sctp_copy_local_addr_list+0xab/0x500 [ 155.639448][ T9192] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 155.645637][ T9192] ? sctp_v6_is_any+0x60/0x70 [ 155.650352][ T9192] sctp_bind_addr_copy+0xad/0x3b0 [ 155.655400][ T9192] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 155.661737][ T9192] sctp_connect_new_asoc+0x2f3/0x6c0 [ 155.667202][ T9192] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 155.673007][ T9192] ? sctp_sendmsg+0xbb9/0x3520 [ 155.677789][ T9192] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 155.683605][ T9192] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 155.689162][ T9192] sctp_sendmsg+0x219a/0x3520 [ 155.693854][ T9192] ? __pfx_sctp_sendmsg+0x10/0x10 [ 155.698884][ T9192] ? __pfx_aa_sk_perm+0x10/0x10 [ 155.703741][ T9192] ? inet_sendmsg+0x330/0x390 [ 155.708419][ T9192] __sock_sendmsg+0x1a6/0x270 [ 155.713098][ T9192] ____sys_sendmsg+0x52a/0x7e0 [ 155.717870][ T9192] ? __pfx_____sys_sendmsg+0x10/0x10 [ 155.723150][ T9192] ? __fget_files+0x2a/0x410 [ 155.727744][ T9192] ? __fget_files+0x2a/0x410 [ 155.732344][ T9192] __sys_sendmmsg+0x36a/0x720 [ 155.737029][ T9192] ? __pfx___sys_sendmmsg+0x10/0x10 [ 155.742238][ T9192] ? __pfx_lock_release+0x10/0x10 [ 155.747264][ T9192] ? kstrtouint_from_user+0x128/0x190 [ 155.752652][ T9192] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 155.758548][ T9192] ? ksys_write+0x22a/0x2b0 [ 155.763049][ T9192] ? __pfx_lock_release+0x10/0x10 [ 155.768076][ T9192] ? vfs_write+0x730/0xd30 [ 155.772495][ T9192] ? __mutex_unlock_slowpath+0x21e/0x790 [ 155.778147][ T9192] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 155.784128][ T9192] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 155.790451][ T9192] ? do_syscall_64+0x100/0x230 [ 155.795220][ T9192] __x64_sys_sendmmsg+0xa0/0xb0 [ 155.800071][ T9192] do_syscall_64+0xf3/0x230 [ 155.804575][ T9192] ? clear_bhb_loop+0x35/0x90 [ 155.809251][ T9192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.815141][ T9192] RIP: 0033:0x7f154db85d29 [ 155.819555][ T9192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.839162][ T9192] RSP: 002b:00007f154e9f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 155.847581][ T9192] RAX: ffffffffffffffda RBX: 00007f154dd75fa0 RCX: 00007f154db85d29 [ 155.855552][ T9192] RDX: 0000000000000001 RSI: 0000000020001800 RDI: 0000000000000003 [ 155.863524][ T9192] RBP: 00007f154e9f2090 R08: 0000000000000000 R09: 0000000000000000 [ 155.871499][ T9192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 155.879469][ T9192] R13: 0000000000000000 R14: 00007f154dd75fa0 R15: 00007ffff9fdb558 [ 155.887455][ T9192] [ 155.915060][ T9194] FAULT_INJECTION: forcing a failure. [ 155.915060][ T9194] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 155.937572][ T9194] CPU: 1 UID: 0 PID: 9194 Comm: syz.0.1050 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 155.948303][ T9194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 155.958368][ T9194] Call Trace: [ 155.961645][ T9194] [ 155.964573][ T9194] dump_stack_lvl+0x241/0x360 [ 155.969257][ T9194] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.974465][ T9194] ? __pfx__printk+0x10/0x10 [ 155.979066][ T9194] should_fail_ex+0x3b0/0x4e0 [ 155.983754][ T9194] _copy_to_user+0x31/0xb0 [ 155.988173][ T9194] bpf_test_finish+0x2e6/0x890 [ 155.992937][ T9194] ? __might_fault+0xaa/0x120 [ 155.997612][ T9194] ? __pfx_bpf_test_finish+0x10/0x10 [ 156.002896][ T9194] ? _copy_from_user+0x99/0xc0 [ 156.007664][ T9194] ? bpf_test_init+0x15a/0x180 [ 156.012429][ T9194] bpf_prog_test_run_xdp+0x8f4/0x11e0 [ 156.017800][ T9194] ? __pfx_lock_release+0x10/0x10 [ 156.022831][ T9194] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 156.028633][ T9194] ? __fget_files+0x2a/0x410 [ 156.033232][ T9194] ? __fget_files+0x2a/0x410 [ 156.037827][ T9194] ? fput+0x21b/0x290 [ 156.041806][ T9194] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 156.047609][ T9194] bpf_prog_test_run+0x2e4/0x360 [ 156.052546][ T9194] __sys_bpf+0x48d/0x810 [ 156.056785][ T9194] ? __pfx___sys_bpf+0x10/0x10 [ 156.061551][ T9194] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 156.067532][ T9194] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 156.073863][ T9194] ? do_syscall_64+0x100/0x230 [ 156.078631][ T9194] __x64_sys_bpf+0x7c/0x90 [ 156.083047][ T9194] do_syscall_64+0xf3/0x230 [ 156.087545][ T9194] ? clear_bhb_loop+0x35/0x90 [ 156.092230][ T9194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.098121][ T9194] RIP: 0033:0x7f7b36f85d29 [ 156.102538][ T9194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.122144][ T9194] RSP: 002b:00007f7b37e55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 156.130561][ T9194] RAX: ffffffffffffffda RBX: 00007f7b37175fa0 RCX: 00007f7b36f85d29 [ 156.138527][ T9194] RDX: 0000000000000050 RSI: 0000000020000c80 RDI: 000000000000000a [ 156.146494][ T9194] RBP: 00007f7b37e55090 R08: 0000000000000000 R09: 0000000000000000 [ 156.154459][ T9194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 156.162428][ T9194] R13: 0000000000000000 R14: 00007f7b37175fa0 R15: 00007ffe7bbad578 [ 156.170405][ T9194] [ 156.689867][ T9215] __nla_validate_parse: 3 callbacks suppressed [ 156.689886][ T9215] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1058'. [ 157.462369][ T9150] Set syz1 is full, maxelem 65536 reached [ 183.050216][ T9234] netlink: 'syz.4.1066': attribute type 2 has an invalid length. [ 183.368374][ T9251] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1070'. [ 183.688048][ T9262] tipc: Cannot configure node identity twice [ 183.910743][ T9281] netlink: 136 bytes leftover after parsing attributes in process `syz.1.1077'. [ 183.948478][ T9281] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 184.304787][ T9296] veth1_macvtap: left promiscuous mode [ 184.813786][ T9311] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1089'. [ 184.842267][ T9311] (unnamed net_device) (uninitialized): option arp_validate: invalid value (1024) [ 184.993978][ T9311] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 185.001314][ T9311] IPv6: NLM_F_CREATE should be set when creating new route [ 185.085286][ T9326] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1093'. [ 185.176692][ T9331] set match dimension is over the limit! [ 185.254301][ T9336] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1096'. [ 185.287505][ T9331] pim6reg: entered allmulticast mode [ 185.356226][ T9331] pim6reg: left allmulticast mode [ 185.531956][ T9344] netlink: 'syz.1.1099': attribute type 7 has an invalid length. [ 185.558621][ T9344] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1099'. [ 185.591506][ T9344] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1099'. [ 185.764932][ T9354] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1103'. [ 185.878369][ T9354] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.257046][ T9354] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.431960][ T5842] Bluetooth: hci3: command 0x0406 tx timeout [ 186.432029][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout [ 186.438839][ T5834] Bluetooth: hci1: command 0x0406 tx timeout [ 186.445514][ T5845] Bluetooth: hci2: command 0x0406 tx timeout [ 186.504659][ T9354] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.695174][ T9354] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.777903][ T9376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:24) already exists on: dummy0 [ 186.795308][ T9376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.057677][ T9385] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1112'. [ 187.067549][ T9385] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1112'. [ 187.111693][ T9385] bond0: entered promiscuous mode [ 187.117715][ T9385] bond_slave_0: entered promiscuous mode [ 187.123818][ T9385] bond_slave_1: entered promiscuous mode [ 187.129617][ T9385] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 187.139653][ T9385] ip6gretap0: entered promiscuous mode [ 187.204941][ T9354] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.249106][ T9354] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.315656][ T9354] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.523838][ T9354] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.016145][ T9407] FAULT_INJECTION: forcing a failure. [ 188.016145][ T9407] name failslab, interval 1, probability 0, space 0, times 0 [ 188.052636][ T9407] CPU: 0 UID: 0 PID: 9407 Comm: syz.3.1119 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 188.063377][ T9407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 188.073457][ T9407] Call Trace: [ 188.076758][ T9407] [ 188.079702][ T9407] dump_stack_lvl+0x241/0x360 [ 188.084431][ T9407] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.089658][ T9407] ? __pfx__printk+0x10/0x10 [ 188.094275][ T9407] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 188.100278][ T9407] ? __pfx___might_resched+0x10/0x10 [ 188.105588][ T9407] should_fail_ex+0x3b0/0x4e0 [ 188.110294][ T9407] should_failslab+0xac/0x100 [ 188.114994][ T9407] kmem_cache_alloc_node_noprof+0x77/0x380 [ 188.120826][ T9407] ? __alloc_skb+0x1c3/0x440 [ 188.125444][ T9407] ? netlink_dump+0xcb/0xe10 [ 188.130067][ T9407] __alloc_skb+0x1c3/0x440 [ 188.134504][ T9407] ? __kasan_slab_free+0x59/0x70 [ 188.139468][ T9407] ? kmem_cache_free+0x195/0x410 [ 188.144439][ T9407] ? __pfx___alloc_skb+0x10/0x10 [ 188.149410][ T9407] netlink_dump+0x239/0xe10 [ 188.153949][ T9407] ? __pfx_netlink_dump+0x10/0x10 [ 188.159022][ T9407] ? netlink_recvmsg+0x60a/0x11d0 [ 188.164093][ T9407] ? netlink_recvmsg+0x60a/0x11d0 [ 188.169145][ T9407] netlink_recvmsg+0x6bb/0x11d0 [ 188.174031][ T9407] ? __pfx_netlink_recvmsg+0x10/0x10 [ 188.179367][ T9407] ? iovec_from_user+0x61/0x240 [ 188.184254][ T9407] ? __import_iovec+0x3a8/0x870 [ 188.189135][ T9407] ? __pfx_netlink_recvmsg+0x10/0x10 [ 188.194443][ T9407] sock_recvmsg_nosec+0x18e/0x1d0 [ 188.199507][ T9407] ____sys_recvmsg+0x3cd/0x480 [ 188.204306][ T9407] ? __pfx_____sys_recvmsg+0x10/0x10 [ 188.209609][ T9407] ? do_recvmmsg+0x44e/0xab0 [ 188.214202][ T9407] ? __might_fault+0xaa/0x120 [ 188.218885][ T9407] do_recvmmsg+0x426/0xab0 [ 188.223314][ T9407] ? __pfx_do_recvmmsg+0x10/0x10 [ 188.228269][ T9407] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 188.234170][ T9407] ? ksys_write+0x22a/0x2b0 [ 188.238673][ T9407] ? __pfx_lock_release+0x10/0x10 [ 188.243703][ T9407] ? vfs_write+0x730/0xd30 [ 188.248130][ T9407] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 188.254111][ T9407] ? __fget_files+0x2a/0x410 [ 188.258714][ T9407] __x64_sys_recvmmsg+0x199/0x250 [ 188.263744][ T9407] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 188.269293][ T9407] ? do_syscall_64+0x100/0x230 [ 188.274060][ T9407] ? do_syscall_64+0xb6/0x230 [ 188.278738][ T9407] do_syscall_64+0xf3/0x230 [ 188.283239][ T9407] ? clear_bhb_loop+0x35/0x90 [ 188.287927][ T9407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.293822][ T9407] RIP: 0033:0x7f154db85d29 [ 188.298244][ T9407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.317874][ T9407] RSP: 002b:00007f154e9f2038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 188.326318][ T9407] RAX: ffffffffffffffda RBX: 00007f154dd75fa0 RCX: 00007f154db85d29 [ 188.334307][ T9407] RDX: 0000000000000003 RSI: 0000000020002300 RDI: 0000000000000003 [ 188.342284][ T9407] RBP: 00007f154e9f2090 R08: 0000000000000000 R09: 0000000000000000 [ 188.350258][ T9407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.358232][ T9407] R13: 0000000000000000 R14: 00007f154dd75fa0 R15: 00007ffff9fdb558 [ 188.366222][ T9407] [ 188.597603][ T9412] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1117'. [ 188.835503][ T9421] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1123'. [ 190.091350][ T9462] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1132'. [ 190.132959][ T9455] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1134'. [ 190.172979][ T9463] vlan2: entered allmulticast mode [ 190.190482][ T9463] : entered allmulticast mode [ 190.196049][ T9463] bond_slave_0: entered allmulticast mode [ 190.204658][ T9463] bond_slave_1: entered allmulticast mode [ 190.222767][ T9463] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode [ 190.244635][ T9463] : left allmulticast mode [ 190.249299][ T9463] bond_slave_0: left allmulticast mode [ 190.259070][ T9463] bond_slave_1: left allmulticast mode [ 190.264726][ T9463] mac80211_hwsim hwsim6 wlan1: left allmulticast mode [ 190.593963][ T9480] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1137'. [ 190.612776][ T9485] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1140'. [ 190.893833][ T9499] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1145'. [ 190.975870][ T9502] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1146'. [ 191.124799][ T9516] FAULT_INJECTION: forcing a failure. [ 191.124799][ T9516] name failslab, interval 1, probability 0, space 0, times 0 [ 191.172710][ T9516] CPU: 1 UID: 0 PID: 9516 Comm: syz.2.1149 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 191.183497][ T9516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 191.193586][ T9516] Call Trace: [ 191.196901][ T9516] [ 191.199862][ T9516] dump_stack_lvl+0x241/0x360 [ 191.204588][ T9516] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.209830][ T9516] ? __pfx__printk+0x10/0x10 [ 191.214520][ T9516] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 191.220533][ T9516] ? __pfx___might_resched+0x10/0x10 [ 191.225858][ T9516] should_fail_ex+0x3b0/0x4e0 [ 191.230581][ T9516] should_failslab+0xac/0x100 [ 191.235291][ T9516] kmem_cache_alloc_node_noprof+0x77/0x380 [ 191.241107][ T9516] ? __alloc_skb+0x1c3/0x440 [ 191.245701][ T9516] __alloc_skb+0x1c3/0x440 [ 191.250116][ T9516] ? __pfx___alloc_skb+0x10/0x10 [ 191.255397][ T9516] ? netlink_ack_tlv_len+0x6e/0x200 [ 191.260593][ T9516] netlink_ack+0x145/0xa50 [ 191.265010][ T9516] ? __up_read+0x2c2/0x6b0 [ 191.269435][ T9516] ? __pfx___up_read+0x10/0x10 [ 191.274299][ T9516] ? bpf_lsm_capable+0x9/0x10 [ 191.278985][ T9516] rdma_nl_rcv+0x3f6/0x9e0 [ 191.283411][ T9516] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 191.288366][ T9516] ? netlink_deliver_tap+0x2e/0x1b0 [ 191.293565][ T9516] netlink_unicast+0x7f6/0x990 [ 191.298343][ T9516] ? __pfx_netlink_unicast+0x10/0x10 [ 191.303633][ T9516] ? __virt_addr_valid+0x45f/0x530 [ 191.308760][ T9516] ? __phys_addr_symbol+0x2f/0x70 [ 191.313784][ T9516] ? __check_object_size+0x47a/0x730 [ 191.319075][ T9516] netlink_sendmsg+0x8e4/0xcb0 [ 191.323850][ T9516] ? __pfx_netlink_sendmsg+0x10/0x10 [ 191.329136][ T9516] ? aa_sock_msg_perm+0x91/0x160 [ 191.334084][ T9516] ? __pfx_netlink_sendmsg+0x10/0x10 [ 191.339366][ T9516] __sock_sendmsg+0x221/0x270 [ 191.344065][ T9516] ____sys_sendmsg+0x52a/0x7e0 [ 191.348864][ T9516] ? __pfx_____sys_sendmsg+0x10/0x10 [ 191.354163][ T9516] ? __fget_files+0x2a/0x410 [ 191.358766][ T9516] ? __fget_files+0x2a/0x410 [ 191.363371][ T9516] __sys_sendmsg+0x269/0x350 [ 191.367972][ T9516] ? __pfx_lock_release+0x10/0x10 [ 191.373000][ T9516] ? __pfx___sys_sendmsg+0x10/0x10 [ 191.378125][ T9516] ? __pfx_vfs_write+0x10/0x10 [ 191.382936][ T9516] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 191.389302][ T9516] ? do_syscall_64+0x100/0x230 [ 191.394090][ T9516] ? do_syscall_64+0xb6/0x230 [ 191.398778][ T9516] do_syscall_64+0xf3/0x230 [ 191.403297][ T9516] ? clear_bhb_loop+0x35/0x90 [ 191.407992][ T9516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.413889][ T9516] RIP: 0033:0x7f6aeff85d29 [ 191.418302][ T9516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.437926][ T9516] RSP: 002b:00007f6af0d45038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 191.446351][ T9516] RAX: ffffffffffffffda RBX: 00007f6af0175fa0 RCX: 00007f6aeff85d29 [ 191.454324][ T9516] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000006 [ 191.462292][ T9516] RBP: 00007f6af0d45090 R08: 0000000000000000 R09: 0000000000000000 [ 191.470262][ T9516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 191.478234][ T9516] R13: 0000000000000000 R14: 00007f6af0175fa0 R15: 00007ffe9dbd1c18 [ 191.486218][ T9516] [ 191.536694][ T9525] netlink: 'syz.3.1154': attribute type 8 has an invalid length. [ 191.906553][ T9547] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1163'. [ 192.051605][ T9544] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1161'. [ 192.330869][ T9562] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 192.457723][ T9567] geneve2: entered promiscuous mode [ 192.469110][ T9567] geneve2: entered allmulticast mode [ 193.074581][ T9596] FAULT_INJECTION: forcing a failure. [ 193.074581][ T9596] name failslab, interval 1, probability 0, space 0, times 0 [ 193.087586][ T9596] CPU: 0 UID: 0 PID: 9596 Comm: syz.0.1182 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 193.098300][ T9596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 193.108387][ T9596] Call Trace: [ 193.111691][ T9596] [ 193.114646][ T9596] dump_stack_lvl+0x241/0x360 [ 193.119361][ T9596] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.124592][ T9596] ? __pfx__printk+0x10/0x10 [ 193.129214][ T9596] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 193.134625][ T9596] ? __pfx___might_resched+0x10/0x10 [ 193.139944][ T9596] should_fail_ex+0x3b0/0x4e0 [ 193.144664][ T9596] should_failslab+0xac/0x100 [ 193.149377][ T9596] __kmalloc_node_noprof+0xe1/0x4d0 [ 193.154618][ T9596] ? crypto_create_tfm_node+0x88/0x3d0 [ 193.160112][ T9596] crypto_create_tfm_node+0x88/0x3d0 [ 193.165428][ T9596] crypto_spawn_tfm2+0x5c/0x90 [ 193.170205][ T9596] crypto_authenc_init_tfm+0x6a/0x220 [ 193.175585][ T9596] crypto_create_tfm_node+0x167/0x3d0 [ 193.180962][ T9596] crypto_alloc_tfm_node+0x161/0x360 [ 193.186256][ T9596] esp_init_state+0x611/0x10b0 [ 193.191039][ T9596] ? __pfx_esp_init_state+0x10/0x10 [ 193.196250][ T9596] ? __xfrm_init_state+0x708/0xea0 [ 193.201363][ T9596] ? __pfx_lock_release+0x10/0x10 [ 193.206400][ T9596] __xfrm_init_state+0x9db/0xea0 [ 193.211346][ T9596] xfrm_add_sa+0x2c6e/0x3d70 [ 193.215947][ T9596] ? __pfx_xfrm_add_sa+0x10/0x10 [ 193.220886][ T9596] ? __nla_parse+0x40/0x60 [ 193.225312][ T9596] xfrm_user_rcv_msg+0x890/0xb90 [ 193.230256][ T9596] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 193.235736][ T9596] ? __mutex_trylock_common+0x183/0x2e0 [ 193.241284][ T9596] ? __pfx___might_resched+0x10/0x10 [ 193.246571][ T9596] ? __pfx___mutex_trylock_common+0x10/0x10 [ 193.252485][ T9596] netlink_rcv_skb+0x1e3/0x430 [ 193.257254][ T9596] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 193.262719][ T9596] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 193.268026][ T9596] xfrm_netlink_rcv+0x79/0x90 [ 193.272703][ T9596] netlink_unicast+0x7f6/0x990 [ 193.277486][ T9596] ? __pfx_netlink_unicast+0x10/0x10 [ 193.282772][ T9596] ? __virt_addr_valid+0x45f/0x530 [ 193.287890][ T9596] ? __phys_addr_symbol+0x2f/0x70 [ 193.292910][ T9596] ? __check_object_size+0x47a/0x730 [ 193.298201][ T9596] netlink_sendmsg+0x8e4/0xcb0 [ 193.302976][ T9596] ? __pfx_netlink_sendmsg+0x10/0x10 [ 193.308263][ T9596] ? aa_sock_msg_perm+0x91/0x160 [ 193.313204][ T9596] ? __pfx_netlink_sendmsg+0x10/0x10 [ 193.318491][ T9596] __sock_sendmsg+0x221/0x270 [ 193.323172][ T9596] ____sys_sendmsg+0x52a/0x7e0 [ 193.327943][ T9596] ? __pfx_____sys_sendmsg+0x10/0x10 [ 193.333227][ T9596] ? __fget_files+0x2a/0x410 [ 193.337841][ T9596] ? __fget_files+0x2a/0x410 [ 193.342440][ T9596] __sys_sendmsg+0x269/0x350 [ 193.347031][ T9596] ? __pfx_lock_release+0x10/0x10 [ 193.352058][ T9596] ? __pfx___sys_sendmsg+0x10/0x10 [ 193.357178][ T9596] ? __pfx_vfs_write+0x10/0x10 [ 193.361958][ T9596] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 193.368287][ T9596] ? do_syscall_64+0x100/0x230 [ 193.373072][ T9596] ? do_syscall_64+0xb6/0x230 [ 193.377784][ T9596] do_syscall_64+0xf3/0x230 [ 193.382301][ T9596] ? clear_bhb_loop+0x35/0x90 [ 193.386992][ T9596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.392895][ T9596] RIP: 0033:0x7f7b36f85d29 [ 193.397317][ T9596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.416933][ T9596] RSP: 002b:00007f7b37e55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 193.425352][ T9596] RAX: ffffffffffffffda RBX: 00007f7b37175fa0 RCX: 00007f7b36f85d29 [ 193.433326][ T9596] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 193.441295][ T9596] RBP: 00007f7b37e55090 R08: 0000000000000000 R09: 0000000000000000 [ 193.449268][ T9596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 193.457326][ T9596] R13: 0000000000000000 R14: 00007f7b37175fa0 R15: 00007ffe7bbad578 [ 193.465316][ T9596] [ 193.604486][ T9605] netlink: 'syz.1.1185': attribute type 46 has an invalid length. [ 193.612479][ T9605] __nla_validate_parse: 4 callbacks suppressed [ 193.612497][ T9605] netlink: 212868 bytes leftover after parsing attributes in process `syz.1.1185'. [ 193.915217][ T9620] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1188'. [ 194.096105][ T9626] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1192'. [ 194.197386][ T9629] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1195'. [ 194.227435][ T9629] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1195'. [ 194.247304][ T9629] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1195'. [ 194.283792][ T9629] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1195'. [ 194.411134][ T9639] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1197'. [ 194.568877][ T9648] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1199'. [ 194.621622][ T9648] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1199'. [ 195.141303][ T9668] bond2: entered promiscuous mode [ 195.195517][ T9667] bond2 (unregistering): Released all slaves [ 196.025879][ T9708] tipc: Started in network mode [ 196.050769][ T9708] tipc: Node identity 7, cluster identity 4711 [ 196.064138][ T9708] tipc: Node number set to 7 [ 197.002729][ T9752] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.131851][ T9752] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.335421][ T9752] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.085059][ T9752] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.113579][ T9790] netlink: 'syz.4.1239': attribute type 12 has an invalid length. [ 199.269932][ T9752] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.295021][ T9752] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.316515][ T9752] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.338776][ T9752] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.467254][ T9803] tipc: Enabling of bearer rejected, failed to enable media [ 199.534618][ T9814] netlink: 'syz.0.1248': attribute type 4 has an invalid length. [ 199.542524][ T9814] __nla_validate_parse: 6 callbacks suppressed [ 199.542541][ T9814] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1248'. [ 199.639606][ T9817] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1250'. [ 200.701219][ T9832] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1253'. [ 200.793554][ T9849] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 200.829883][ T9849] netlink: 'syz.2.1259': attribute type 10 has an invalid length. [ 201.171610][ T9873] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 201.201698][ T9873] netlink: 'syz.4.1268': attribute type 10 has an invalid length. [ 201.527822][ T9896] netlink: 560 bytes leftover after parsing attributes in process `syz.0.1276'. [ 201.538241][ T9896] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1276'. [ 201.587133][ T9899] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1277'. [ 201.661373][ T9902] SET target dimension over the limit! [ 201.871285][ T9909] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1280'. [ 201.916079][ T9909] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1280'. [ 201.948236][ T9909] bond0: entered promiscuous mode [ 201.955914][ T9909] bond_slave_0: entered promiscuous mode [ 201.961724][ T9909] bond_slave_1: entered promiscuous mode [ 201.972426][ T9909] ip6gretap0: entered promiscuous mode [ 201.979679][ T9909] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 201.987564][ T9909] Cannot create hsr debugfs directory [ 202.006076][ T9912] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1281'. [ 202.130990][ T9920] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1282'. [ 202.235656][ T9923] FAULT_INJECTION: forcing a failure. [ 202.235656][ T9923] name failslab, interval 1, probability 0, space 0, times 0 [ 202.274349][ T9923] CPU: 0 UID: 0 PID: 9923 Comm: syz.0.1284 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 202.285089][ T9923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 202.295182][ T9923] Call Trace: [ 202.298477][ T9923] [ 202.301433][ T9923] dump_stack_lvl+0x241/0x360 [ 202.306154][ T9923] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.311381][ T9923] ? __pfx__printk+0x10/0x10 [ 202.315983][ T9923] ? ref_tracker_alloc+0x332/0x490 [ 202.321103][ T9923] should_fail_ex+0x3b0/0x4e0 [ 202.325788][ T9923] should_failslab+0xac/0x100 [ 202.330465][ T9923] ? skb_clone+0x20c/0x390 [ 202.334879][ T9923] kmem_cache_alloc_noprof+0x70/0x380 [ 202.340257][ T9923] skb_clone+0x20c/0x390 [ 202.344505][ T9923] __netlink_deliver_tap+0x3cc/0x7f0 [ 202.349795][ T9923] ? netlink_deliver_tap+0x2e/0x1b0 [ 202.354988][ T9923] netlink_deliver_tap+0x19d/0x1b0 [ 202.360105][ T9923] netlink_sendskb+0x68/0x140 [ 202.364788][ T9923] netlink_unicast+0x39d/0x990 [ 202.369559][ T9923] ? __pfx_netlink_unicast+0x10/0x10 [ 202.374855][ T9923] netlink_rcv_skb+0x262/0x430 [ 202.379616][ T9923] ? __pfx_genl_rcv_msg+0x10/0x10 [ 202.384639][ T9923] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 202.389935][ T9923] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 202.395404][ T9923] genl_rcv+0x28/0x40 [ 202.399413][ T9923] netlink_unicast+0x7f6/0x990 [ 202.404216][ T9923] ? __pfx_netlink_unicast+0x10/0x10 [ 202.409524][ T9923] ? __virt_addr_valid+0x45f/0x530 [ 202.414639][ T9923] ? __phys_addr_symbol+0x2f/0x70 [ 202.419666][ T9923] ? __check_object_size+0x47a/0x730 [ 202.424954][ T9923] netlink_sendmsg+0x8e4/0xcb0 [ 202.429728][ T9923] ? __pfx_netlink_sendmsg+0x10/0x10 [ 202.435015][ T9923] ? aa_sock_msg_perm+0x91/0x160 [ 202.439953][ T9923] ? __pfx_netlink_sendmsg+0x10/0x10 [ 202.445233][ T9923] __sock_sendmsg+0x221/0x270 [ 202.449923][ T9923] ____sys_sendmsg+0x52a/0x7e0 [ 202.454697][ T9923] ? __pfx_____sys_sendmsg+0x10/0x10 [ 202.459987][ T9923] ? __fget_files+0x2a/0x410 [ 202.464589][ T9923] ? __fget_files+0x2a/0x410 [ 202.469186][ T9923] __sys_sendmsg+0x269/0x350 [ 202.473776][ T9923] ? __pfx_lock_release+0x10/0x10 [ 202.478802][ T9923] ? __pfx___sys_sendmsg+0x10/0x10 [ 202.483931][ T9923] ? __pfx_vfs_write+0x10/0x10 [ 202.488708][ T9923] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 202.495065][ T9923] ? do_syscall_64+0x100/0x230 [ 202.499863][ T9923] ? do_syscall_64+0xb6/0x230 [ 202.504556][ T9923] do_syscall_64+0xf3/0x230 [ 202.509060][ T9923] ? clear_bhb_loop+0x35/0x90 [ 202.513741][ T9923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.519631][ T9923] RIP: 0033:0x7f7b36f85d29 [ 202.524053][ T9923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.543660][ T9923] RSP: 002b:00007f7b37e55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 202.552087][ T9923] RAX: ffffffffffffffda RBX: 00007f7b37175fa0 RCX: 00007f7b36f85d29 [ 202.560055][ T9923] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000003 [ 202.568034][ T9923] RBP: 00007f7b37e55090 R08: 0000000000000000 R09: 0000000000000000 [ 202.576012][ T9923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 202.583983][ T9923] R13: 0000000000000000 R14: 00007f7b37175fa0 R15: 00007ffe7bbad578 [ 202.591975][ T9923] [ 202.698646][ T9927] netlink: 'syz.3.1286': attribute type 1 has an invalid length. [ 202.698986][ T9929] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 202.722206][ T9929] netlink: 'syz.1.1288': attribute type 10 has an invalid length. [ 202.833487][ T9936] FAULT_INJECTION: forcing a failure. [ 202.833487][ T9936] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 202.848326][ T9936] CPU: 0 UID: 0 PID: 9936 Comm: syz.0.1291 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 202.859056][ T9936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 202.869143][ T9936] Call Trace: [ 202.872439][ T9936] [ 202.875387][ T9936] dump_stack_lvl+0x241/0x360 [ 202.880073][ T9936] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.885275][ T9936] ? __pfx__printk+0x10/0x10 [ 202.889868][ T9936] ? snprintf+0xda/0x120 [ 202.894114][ T9936] should_fail_ex+0x3b0/0x4e0 [ 202.898797][ T9936] _copy_to_user+0x31/0xb0 [ 202.903213][ T9936] simple_read_from_buffer+0xca/0x150 [ 202.908593][ T9936] proc_fail_nth_read+0x1e9/0x250 [ 202.913621][ T9936] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 202.919165][ T9936] ? rw_verify_area+0x55e/0x6f0 [ 202.924015][ T9936] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 202.929559][ T9936] vfs_read+0x1fc/0xb70 [ 202.933717][ T9936] ? __pfx___mutex_lock+0x10/0x10 [ 202.938738][ T9936] ? __pfx_vfs_read+0x10/0x10 [ 202.943412][ T9936] ? __fget_files+0x2a/0x410 [ 202.948003][ T9936] ? __fget_files+0x395/0x410 [ 202.952683][ T9936] ? __fget_files+0x2a/0x410 [ 202.957279][ T9936] ksys_read+0x18f/0x2b0 [ 202.961518][ T9936] ? __pfx_ksys_read+0x10/0x10 [ 202.966280][ T9936] ? do_syscall_64+0x100/0x230 [ 202.971058][ T9936] ? do_syscall_64+0xb6/0x230 [ 202.975749][ T9936] do_syscall_64+0xf3/0x230 [ 202.980250][ T9936] ? clear_bhb_loop+0x35/0x90 [ 202.984930][ T9936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.990822][ T9936] RIP: 0033:0x7f7b36f8473c [ 202.995237][ T9936] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 203.014843][ T9936] RSP: 002b:00007f7b37e55030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 203.023260][ T9936] RAX: ffffffffffffffda RBX: 00007f7b37175fa0 RCX: 00007f7b36f8473c [ 203.031236][ T9936] RDX: 000000000000000f RSI: 00007f7b37e550a0 RDI: 0000000000000004 [ 203.039206][ T9936] RBP: 00007f7b37e55090 R08: 0000000000000000 R09: 0000000000000000 [ 203.047173][ T9936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 203.055144][ T9936] R13: 0000000000000000 R14: 00007f7b37175fa0 R15: 00007ffe7bbad578 [ 203.063127][ T9936] [ 203.096585][ T9941] bridge0: entered promiscuous mode [ 203.101898][ T9941] macvlan2: entered promiscuous mode [ 203.111082][ T9941] bridge0: port 4(macvlan2) entered blocking state [ 203.118537][ T9941] bridge0: port 4(macvlan2) entered disabled state [ 203.148529][ T9941] macvlan2: entered allmulticast mode [ 203.154557][ T9941] bridge0: entered allmulticast mode [ 203.168231][ T9941] macvlan2: left allmulticast mode [ 203.178419][ T9941] bridge0: left allmulticast mode [ 203.194277][ T9941] bridge0: left promiscuous mode [ 204.779927][ T9996] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 204.829889][ T9993] netlink: 'syz.0.1307': attribute type 10 has an invalid length. [ 205.058064][T10007] netlink: zone id is out of range [ 205.073546][T10007] netlink: zone id is out of range [ 205.078724][T10007] netlink: zone id is out of range [ 205.583399][T10046] __nla_validate_parse: 3 callbacks suppressed [ 205.583417][T10046] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1324'. [ 205.803506][T10057] netlink: 'syz.1.1331': attribute type 1 has an invalid length. [ 205.902800][T10061] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1332'. [ 206.151182][T10081] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1340'. [ 206.448460][T10099] bridge0: entered promiscuous mode [ 206.454487][T10099] macvlan2: entered promiscuous mode [ 206.461075][T10099] bridge0: port 3(macvlan2) entered blocking state [ 206.467826][T10099] bridge0: port 3(macvlan2) entered disabled state [ 206.474624][T10099] macvlan2: entered allmulticast mode [ 206.480117][T10099] bridge0: entered allmulticast mode [ 206.502397][T10099] macvlan2: left allmulticast mode [ 206.513436][T10099] bridge0: left allmulticast mode [ 206.538184][T10099] bridge0: left promiscuous mode [ 206.553622][T10106] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1347'. [ 206.632917][T10111] netlink: 'syz.4.1350': attribute type 10 has an invalid length. [ 206.640947][T10111] netlink: 55 bytes leftover after parsing attributes in process `syz.4.1350'. [ 206.910849][T10123] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1354'. [ 206.923394][T10123] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1354'. [ 206.987522][T10130] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1354'. [ 207.548106][T10159] FAULT_INJECTION: forcing a failure. [ 207.548106][T10159] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 207.561866][T10159] CPU: 0 UID: 0 PID: 10159 Comm: syz.2.1368 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 207.572683][T10159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 207.582771][T10159] Call Trace: [ 207.586078][T10159] [ 207.589038][T10159] dump_stack_lvl+0x241/0x360 [ 207.593747][T10159] ? __pfx_dump_stack_lvl+0x10/0x10 [ 207.598978][T10159] ? __pfx__printk+0x10/0x10 [ 207.603601][T10159] ? __pfx_lock_release+0x10/0x10 [ 207.608675][T10159] ? rcu_is_watching+0x15/0xb0 [ 207.613478][T10159] should_fail_ex+0x3b0/0x4e0 [ 207.618196][T10159] _copy_from_iter+0x1e9/0x1c20 [ 207.623093][T10159] ? alloc_pages_mpol_noprof+0x417/0x680 [ 207.628758][T10159] ? __pfx__copy_from_iter+0x10/0x10 [ 207.634079][T10159] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 207.640071][T10159] ? alloc_pages_noprof+0xef/0x170 [ 207.645197][T10159] ? page_copy_sane+0x46/0x260 [ 207.649980][T10159] copy_page_from_iter+0x7a/0x100 [ 207.655045][T10159] tun_get_user+0x203c/0x4890 [ 207.659751][T10159] ? tun_get_user+0x86e/0x4890 [ 207.664526][T10159] ? __lock_acquire+0x1397/0x2100 [ 207.669563][T10159] ? __pfx_tun_get_user+0x10/0x10 [ 207.674607][T10159] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 207.680066][T10159] ? tun_get+0x1e/0x2f0 [ 207.684234][T10159] ? __pfx_lock_release+0x10/0x10 [ 207.689270][T10159] ? tun_get+0x1e/0x2f0 [ 207.693430][T10159] ? tun_get+0x27d/0x2f0 [ 207.697671][T10159] tun_chr_write_iter+0x10d/0x1f0 [ 207.702697][T10159] vfs_write+0xaeb/0xd30 [ 207.706943][T10159] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 207.712490][T10159] ? __pfx_vfs_write+0x10/0x10 [ 207.717252][T10159] ? __fget_files+0x2a/0x410 [ 207.721844][T10159] ? __fget_files+0x2a/0x410 [ 207.726445][T10159] ksys_write+0x18f/0x2b0 [ 207.730774][T10159] ? __pfx_ksys_write+0x10/0x10 [ 207.735623][T10159] ? do_syscall_64+0x100/0x230 [ 207.740387][T10159] ? do_syscall_64+0xb6/0x230 [ 207.745061][T10159] do_syscall_64+0xf3/0x230 [ 207.749563][T10159] ? clear_bhb_loop+0x35/0x90 [ 207.754244][T10159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.760160][T10159] RIP: 0033:0x7f6aeff847df [ 207.764606][T10159] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 207.784232][T10159] RSP: 002b:00007f6af0d45000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 207.792659][T10159] RAX: ffffffffffffffda RBX: 00007f6af0175fa0 RCX: 00007f6aeff847df [ 207.800632][T10159] RDX: 000000000000002a RSI: 00000000200002c0 RDI: 00000000000000c8 [ 207.808603][T10159] RBP: 00007f6af0d45090 R08: 0000000000000000 R09: 0000000000000000 [ 207.816568][T10159] R10: 000000000000002a R11: 0000000000000293 R12: 0000000000000001 [ 207.824536][T10159] R13: 0000000000000001 R14: 00007f6af0175fa0 R15: 00007ffe9dbd1c18 [ 207.832517][T10159] [ 208.235648][T10180] lo speed is unknown, defaulting to 1000 [ 208.301840][T10180] lo speed is unknown, defaulting to 1000 [ 208.318078][T10180] lo speed is unknown, defaulting to 1000 [ 208.365137][T10180] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 208.389678][T10180] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 208.472642][T10180] lo speed is unknown, defaulting to 1000 [ 208.493913][T10180] lo speed is unknown, defaulting to 1000 [ 208.501885][T10180] lo speed is unknown, defaulting to 1000 [ 208.518320][T10180] lo speed is unknown, defaulting to 1000 [ 208.529840][T10180] lo speed is unknown, defaulting to 1000 [ 208.748638][T10204] bridge0: entered allmulticast mode [ 208.762747][T10204] pim6reg: entered allmulticast mode [ 208.776665][T10201] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1383'. [ 208.992357][T10221] netlink: 'syz.0.1390': attribute type 5 has an invalid length. [ 209.126954][T10228] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1393'. [ 209.678379][T10256] tipc: Cannot configure node identity twice [ 210.117621][T10277] FAULT_INJECTION: forcing a failure. [ 210.117621][T10277] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 210.156276][T10277] CPU: 1 UID: 0 PID: 10277 Comm: syz.3.1416 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 210.167103][T10277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 210.177186][T10277] Call Trace: [ 210.180490][T10277] [ 210.183442][T10277] dump_stack_lvl+0x241/0x360 [ 210.188155][T10277] ? __pfx_dump_stack_lvl+0x10/0x10 [ 210.193392][T10277] ? __pfx__printk+0x10/0x10 [ 210.198018][T10277] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 210.204205][T10277] should_fail_ex+0x3b0/0x4e0 [ 210.208912][T10277] prepare_alloc_pages+0x1da/0x5b0 [ 210.214057][T10277] __alloc_pages_noprof+0x16f/0x710 [ 210.219283][T10277] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 210.225045][T10277] alloc_pages_mpol_noprof+0x3e8/0x680 [ 210.230544][T10277] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 210.236576][T10277] ? alloc_pages_noprof+0xef/0x170 [ 210.241716][T10277] get_free_pages_noprof+0xc/0x30 [ 210.246765][T10277] kasan_populate_vmalloc_pte+0x38/0xe0 [ 210.252339][T10277] __apply_to_page_range+0x806/0xde0 [ 210.257665][T10277] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 210.264027][T10277] ? __pfx___apply_to_page_range+0x10/0x10 [ 210.269858][T10277] ? do_raw_spin_unlock+0x13c/0x8b0 [ 210.275076][T10277] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 210.280495][T10277] alloc_vmap_area+0x1d4e/0x2400 [ 210.285477][T10277] ? __pfx_alloc_vmap_area+0x10/0x10 [ 210.290776][T10277] ? __kasan_kmalloc+0x98/0xb0 [ 210.295555][T10277] ? __kmalloc_cache_node_noprof+0x25d/0x3a0 [ 210.301542][T10277] ? __get_vm_area_node+0x132/0x2d0 [ 210.306756][T10277] ? stack_map_alloc+0x298/0x4a0 [ 210.311698][T10277] __get_vm_area_node+0x1c8/0x2d0 [ 210.316732][T10277] __vmalloc_node_range_noprof+0x344/0x1380 [ 210.322623][T10277] ? stack_map_alloc+0x298/0x4a0 [ 210.327568][T10277] ? __lock_acquire+0x1397/0x2100 [ 210.332628][T10277] ? aa_get_newest_label+0xff/0x6f0 [ 210.337869][T10277] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 210.344233][T10277] bpf_map_area_alloc+0xfc/0x120 [ 210.349183][T10277] ? stack_map_alloc+0x298/0x4a0 [ 210.354131][T10277] stack_map_alloc+0x298/0x4a0 [ 210.358900][T10277] map_create+0x946/0x11c0 [ 210.363325][T10277] __sys_bpf+0x6d1/0x810 [ 210.367577][T10277] ? __pfx___sys_bpf+0x10/0x10 [ 210.372342][T10277] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 210.378321][T10277] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 210.384649][T10277] ? do_syscall_64+0x100/0x230 [ 210.389413][T10277] __x64_sys_bpf+0x7c/0x90 [ 210.393831][T10277] do_syscall_64+0xf3/0x230 [ 210.398330][T10277] ? clear_bhb_loop+0x35/0x90 [ 210.403005][T10277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.408893][T10277] RIP: 0033:0x7f154db85d29 [ 210.413308][T10277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 210.432920][T10277] RSP: 002b:00007f154e9f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 210.441333][T10277] RAX: ffffffffffffffda RBX: 00007f154dd75fa0 RCX: 00007f154db85d29 [ 210.449301][T10277] RDX: 0000000000000048 RSI: 00000000200005c0 RDI: 0000000000000000 [ 210.457274][T10277] RBP: 00007f154e9f2090 R08: 0000000000000000 R09: 0000000000000000 [ 210.465258][T10277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 210.473229][T10277] R13: 0000000000000001 R14: 00007f154dd75fa0 R15: 00007ffff9fdb558 [ 210.481222][T10277] [ 210.730663][T10305] FAULT_INJECTION: forcing a failure. [ 210.730663][T10305] name failslab, interval 1, probability 0, space 0, times 0 [ 210.750174][T10305] CPU: 0 UID: 0 PID: 10305 Comm: syz.0.1425 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 210.760995][T10305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 210.771076][T10305] Call Trace: [ 210.774378][T10305] [ 210.777332][T10305] dump_stack_lvl+0x241/0x360 [ 210.782048][T10305] ? __pfx_dump_stack_lvl+0x10/0x10 [ 210.787291][T10305] ? __pfx__printk+0x10/0x10 [ 210.791913][T10305] ? __kmalloc_noprof+0xb5/0x4c0 [ 210.796878][T10305] ? __pfx___might_resched+0x10/0x10 [ 210.802192][T10305] should_fail_ex+0x3b0/0x4e0 [ 210.805163][T10308] FAULT_INJECTION: forcing a failure. [ 210.805163][T10308] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 210.806882][T10305] should_failslab+0xac/0x100 [ 210.824798][T10305] __kmalloc_noprof+0xdd/0x4c0 [ 210.829586][T10305] ? esp_init_state+0x740/0x10b0 [ 210.834555][T10305] esp_init_state+0x740/0x10b0 [ 210.839350][T10305] ? __pfx_esp_init_state+0x10/0x10 [ 210.844567][T10305] ? __xfrm_init_state+0x708/0xea0 [ 210.849679][T10305] ? __pfx_lock_release+0x10/0x10 [ 210.854803][T10305] __xfrm_init_state+0x9db/0xea0 [ 210.859750][T10305] xfrm_add_sa+0x2c6e/0x3d70 [ 210.864348][T10305] ? __pfx_xfrm_add_sa+0x10/0x10 [ 210.869287][T10305] ? __nla_parse+0x40/0x60 [ 210.873705][T10305] xfrm_user_rcv_msg+0x890/0xb90 [ 210.878645][T10305] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 210.884116][T10305] ? __mutex_trylock_common+0x183/0x2e0 [ 210.889661][T10305] ? __pfx___might_resched+0x10/0x10 [ 210.894944][T10305] ? __pfx___mutex_trylock_common+0x10/0x10 [ 210.900843][T10305] netlink_rcv_skb+0x1e3/0x430 [ 210.905605][T10305] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 210.911060][T10305] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 210.916360][T10305] xfrm_netlink_rcv+0x79/0x90 [ 210.921031][T10305] netlink_unicast+0x7f6/0x990 [ 210.925802][T10305] ? __pfx_netlink_unicast+0x10/0x10 [ 210.931083][T10305] ? __virt_addr_valid+0x45f/0x530 [ 210.936194][T10305] ? __phys_addr_symbol+0x2f/0x70 [ 210.941212][T10305] ? __check_object_size+0x47a/0x730 [ 210.946497][T10305] netlink_sendmsg+0x8e4/0xcb0 [ 210.951266][T10305] ? __pfx_netlink_sendmsg+0x10/0x10 [ 210.956565][T10305] ? aa_sock_msg_perm+0x91/0x160 [ 210.961507][T10305] ? __pfx_netlink_sendmsg+0x10/0x10 [ 210.966789][T10305] __sock_sendmsg+0x221/0x270 [ 210.971487][T10305] ____sys_sendmsg+0x52a/0x7e0 [ 210.976293][T10305] ? __pfx_____sys_sendmsg+0x10/0x10 [ 210.981576][T10305] ? __fget_files+0x2a/0x410 [ 210.986175][T10305] ? __fget_files+0x2a/0x410 [ 210.990769][T10305] __sys_sendmsg+0x269/0x350 [ 210.995358][T10305] ? __pfx_lock_release+0x10/0x10 [ 211.000384][T10305] ? __pfx___sys_sendmsg+0x10/0x10 [ 211.005500][T10305] ? __pfx_vfs_write+0x10/0x10 [ 211.010278][T10305] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 211.016600][T10305] ? do_syscall_64+0x100/0x230 [ 211.021363][T10305] ? do_syscall_64+0xb6/0x230 [ 211.026038][T10305] do_syscall_64+0xf3/0x230 [ 211.030537][T10305] ? clear_bhb_loop+0x35/0x90 [ 211.035213][T10305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.041100][T10305] RIP: 0033:0x7f7b36f85d29 [ 211.045510][T10305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.065121][T10305] RSP: 002b:00007f7b37e55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 211.073628][T10305] RAX: ffffffffffffffda RBX: 00007f7b37175fa0 RCX: 00007f7b36f85d29 [ 211.081596][T10305] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 211.089563][T10305] RBP: 00007f7b37e55090 R08: 0000000000000000 R09: 0000000000000000 [ 211.097530][T10305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 211.105493][T10305] R13: 0000000000000000 R14: 00007f7b37175fa0 R15: 00007ffe7bbad578 [ 211.113480][T10305] [ 211.124238][T10308] CPU: 0 UID: 0 PID: 10308 Comm: syz.2.1426 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 211.135059][T10308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 211.145139][T10308] Call Trace: [ 211.148434][T10308] [ 211.151397][T10308] dump_stack_lvl+0x241/0x360 [ 211.156120][T10308] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.161349][T10308] ? __pfx__printk+0x10/0x10 [ 211.165969][T10308] ? __pfx_lock_release+0x10/0x10 [ 211.171026][T10308] ? __lock_acquire+0x1397/0x2100 [ 211.176093][T10308] should_fail_ex+0x3b0/0x4e0 [ 211.180807][T10308] _copy_from_user+0x2f/0xc0 [ 211.185432][T10308] kstrtouint_from_user+0xc6/0x190 [ 211.190582][T10308] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 211.196329][T10308] ? __pfx_lock_acquire+0x10/0x10 [ 211.201388][T10308] proc_fail_nth_write+0xaa/0x2d0 [ 211.206446][T10308] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 211.212371][T10308] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 211.218046][T10308] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 211.223719][T10308] vfs_write+0x2a3/0xd30 [ 211.228002][T10308] ? __pfx_vfs_write+0x10/0x10 [ 211.232799][T10308] ? __fget_files+0x2a/0x410 [ 211.237425][T10308] ? __fget_files+0x395/0x410 [ 211.242143][T10308] ? __fget_files+0x2a/0x410 [ 211.246770][T10308] ksys_write+0x18f/0x2b0 [ 211.251130][T10308] ? __pfx_ksys_write+0x10/0x10 [ 211.256011][T10308] ? do_syscall_64+0x100/0x230 [ 211.260807][T10308] ? do_syscall_64+0xb6/0x230 [ 211.265521][T10308] do_syscall_64+0xf3/0x230 [ 211.270040][T10308] ? clear_bhb_loop+0x35/0x90 [ 211.274721][T10308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.280620][T10308] RIP: 0033:0x7f6aeff847df [ 211.285033][T10308] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 211.304639][T10308] RSP: 002b:00007f6af0d45030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 211.313051][T10308] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6aeff847df [ 211.321018][T10308] RDX: 0000000000000001 RSI: 00007f6af0d450a0 RDI: 0000000000000005 [ 211.328985][T10308] RBP: 00007f6af0d45090 R08: 0000000000000000 R09: 0000000000000000 [ 211.336953][T10308] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 211.344919][T10308] R13: 0000000000000000 R14: 00007f6af0175fa0 R15: 00007ffe9dbd1c18 [ 211.352898][T10308] [ 211.410588][T10316] __nla_validate_parse: 2 callbacks suppressed [ 211.410607][T10316] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1428'. [ 211.667174][T10328] FAULT_INJECTION: forcing a failure. [ 211.667174][T10328] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 211.707003][T10328] CPU: 0 UID: 0 PID: 10328 Comm: syz.0.1430 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 211.717832][T10328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 211.727917][T10328] Call Trace: [ 211.731225][T10328] [ 211.734181][T10328] dump_stack_lvl+0x241/0x360 [ 211.738896][T10328] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.744121][T10328] ? __pfx__printk+0x10/0x10 [ 211.748739][T10328] ? __pfx_lock_release+0x10/0x10 [ 211.753790][T10328] should_fail_ex+0x3b0/0x4e0 [ 211.758480][T10328] _copy_from_user+0x2f/0xc0 [ 211.763071][T10328] copy_msghdr_from_user+0xae/0x680 [ 211.768276][T10328] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 211.774080][T10328] ? __fget_files+0x2a/0x410 [ 211.778677][T10328] ? __fget_files+0x2a/0x410 [ 211.783280][T10328] __sys_sendmsg+0x209/0x350 [ 211.787877][T10328] ? __pfx_lock_release+0x10/0x10 [ 211.792912][T10328] ? __pfx___sys_sendmsg+0x10/0x10 [ 211.798029][T10328] ? __pfx_vfs_write+0x10/0x10 [ 211.802810][T10328] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 211.809133][T10328] ? do_syscall_64+0x100/0x230 [ 211.813894][T10328] ? do_syscall_64+0xb6/0x230 [ 211.818568][T10328] do_syscall_64+0xf3/0x230 [ 211.823064][T10328] ? clear_bhb_loop+0x35/0x90 [ 211.827737][T10328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.833625][T10328] RIP: 0033:0x7f7b36f85d29 [ 211.838038][T10328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.857644][T10328] RSP: 002b:00007f7b37e55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 211.866056][T10328] RAX: ffffffffffffffda RBX: 00007f7b37175fa0 RCX: 00007f7b36f85d29 [ 211.874023][T10328] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 211.881991][T10328] RBP: 00007f7b37e55090 R08: 0000000000000000 R09: 0000000000000000 [ 211.889959][T10328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.897925][T10328] R13: 0000000000000000 R14: 00007f7b37175fa0 R15: 00007ffe7bbad578 [ 211.905904][T10328] [ 212.202372][T10322] bridge0: port 3(netdevsim3) entered disabled state [ 212.209306][T10322] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.216916][T10322] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.564345][T10322] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 212.600302][T10322] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 212.869935][T10322] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.887605][T10322] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.896714][T10322] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.906209][T10322] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.130443][T10357] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 213.157493][T10360] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1440'. [ 213.159016][T10357] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 213.222258][T10362] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1440'. [ 213.299755][T10352] bond0 (unregistering): left promiscuous mode [ 213.308751][T10352] bond_slave_0: left promiscuous mode [ 213.317919][T10352] bond_slave_1: left promiscuous mode [ 213.330251][T10352] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 213.347428][T10352] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 213.360452][T10352] bond0 (unregistering): Released all slaves [ 213.805244][T10395] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1451'. [ 213.816062][T10398] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1452'. [ 213.875479][T10392] veth0_vlan: entered allmulticast mode [ 213.988577][T10398] veth0_vlan: left promiscuous mode [ 214.035307][T10398] veth0_vlan: entered promiscuous mode [ 214.245562][T10423] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1465'. [ 214.254723][T10423] netlink: 43 bytes leftover after parsing attributes in process `syz.0.1465'. [ 214.263866][T10423] netlink: 'syz.0.1465': attribute type 6 has an invalid length. [ 214.271713][T10423] netlink: 'syz.0.1465': attribute type 5 has an invalid length. [ 214.279567][T10423] netlink: 43 bytes leftover after parsing attributes in process `syz.0.1465'. [ 214.346305][T10426] FAULT_INJECTION: forcing a failure. [ 214.346305][T10426] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 214.359659][T10426] CPU: 1 UID: 0 PID: 10426 Comm: syz.3.1466 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 214.370458][T10426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 214.380520][T10426] Call Trace: [ 214.383802][T10426] [ 214.386730][T10426] dump_stack_lvl+0x241/0x360 [ 214.391430][T10426] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.396630][T10426] ? __pfx__printk+0x10/0x10 [ 214.401227][T10426] ? snprintf+0xda/0x120 [ 214.405472][T10426] should_fail_ex+0x3b0/0x4e0 [ 214.410153][T10426] _copy_to_user+0x31/0xb0 [ 214.414577][T10426] simple_read_from_buffer+0xca/0x150 [ 214.419952][T10426] proc_fail_nth_read+0x1e9/0x250 [ 214.424976][T10426] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 214.430521][T10426] ? rw_verify_area+0x55e/0x6f0 [ 214.435365][T10426] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 214.440915][T10426] vfs_read+0x1fc/0xb70 [ 214.445074][T10426] ? __pfx___mutex_lock+0x10/0x10 [ 214.450098][T10426] ? __pfx_vfs_read+0x10/0x10 [ 214.454774][T10426] ? __fget_files+0x2a/0x410 [ 214.459368][T10426] ? __fget_files+0x395/0x410 [ 214.464048][T10426] ? __fget_files+0x2a/0x410 [ 214.468645][T10426] ksys_read+0x18f/0x2b0 [ 214.472884][T10426] ? __pfx_ksys_read+0x10/0x10 [ 214.477647][T10426] ? do_syscall_64+0x100/0x230 [ 214.482415][T10426] ? do_syscall_64+0xb6/0x230 [ 214.487091][T10426] do_syscall_64+0xf3/0x230 [ 214.491593][T10426] ? clear_bhb_loop+0x35/0x90 [ 214.496268][T10426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.502159][T10426] RIP: 0033:0x7f154db8473c [ 214.506571][T10426] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 214.526184][T10426] RSP: 002b:00007f154e9f2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 214.534603][T10426] RAX: ffffffffffffffda RBX: 00007f154dd75fa0 RCX: 00007f154db8473c [ 214.542572][T10426] RDX: 000000000000000f RSI: 00007f154e9f20a0 RDI: 0000000000000003 [ 214.550545][T10426] RBP: 00007f154e9f2090 R08: 0000000000000000 R09: 0000000000000000 [ 214.558561][T10426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 214.566543][T10426] R13: 0000000000000000 R14: 00007f154dd75fa0 R15: 00007ffff9fdb558 [ 214.574537][T10426] [ 214.824978][T10450] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1473'. [ 214.849815][T10435] IPVS: length: 60 != 8 [ 214.929679][T10457] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 214.950631][T10450] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1473'. [ 215.005150][T10462] lo: entered allmulticast mode [ 215.014169][T10447] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 215.030696][T10462] lo: left allmulticast mode [ 215.768310][T10506] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 1, id = 0 [ 215.769194][T10497] IPVS: stopping master sync thread 10506 ... [ 215.974582][T10513] netlink: 'syz.1.1485': attribute type 1 has an invalid length. [ 216.009297][T10513] FAULT_INJECTION: forcing a failure. [ 216.009297][T10513] name failslab, interval 1, probability 0, space 0, times 0 [ 216.048722][T10513] CPU: 0 UID: 0 PID: 10513 Comm: syz.1.1485 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 216.059547][T10513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 216.069634][T10513] Call Trace: [ 216.072935][T10513] [ 216.075891][T10513] dump_stack_lvl+0x241/0x360 [ 216.080609][T10513] ? __pfx_dump_stack_lvl+0x10/0x10 [ 216.085838][T10513] ? __pfx__printk+0x10/0x10 [ 216.090462][T10513] ? ref_tracker_alloc+0x332/0x490 [ 216.095603][T10513] should_fail_ex+0x3b0/0x4e0 [ 216.100326][T10513] should_failslab+0xac/0x100 [ 216.105036][T10513] ? skb_clone+0x20c/0x390 [ 216.109484][T10513] kmem_cache_alloc_noprof+0x70/0x380 [ 216.114892][T10513] skb_clone+0x20c/0x390 [ 216.119170][T10513] __netlink_deliver_tap+0x3cc/0x7f0 [ 216.124497][T10513] ? netlink_deliver_tap+0x2e/0x1b0 [ 216.129720][T10513] netlink_deliver_tap+0x19d/0x1b0 [ 216.134857][T10513] netlink_sendskb+0x68/0x140 [ 216.139564][T10513] netlink_unicast+0x39d/0x990 [ 216.144361][T10513] ? __pfx_netlink_unicast+0x10/0x10 [ 216.149667][T10513] netlink_rcv_skb+0x262/0x430 [ 216.154433][T10513] ? __pfx_genl_rcv_msg+0x10/0x10 [ 216.159461][T10513] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 216.164752][T10513] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 216.170221][T10513] genl_rcv+0x28/0x40 [ 216.174200][T10513] netlink_unicast+0x7f6/0x990 [ 216.178971][T10513] ? __pfx_netlink_unicast+0x10/0x10 [ 216.184261][T10513] ? __virt_addr_valid+0x45f/0x530 [ 216.189384][T10513] ? __phys_addr_symbol+0x2f/0x70 [ 216.194405][T10513] ? __check_object_size+0x47a/0x730 [ 216.199693][T10513] netlink_sendmsg+0x8e4/0xcb0 [ 216.204464][T10513] ? __pfx_netlink_sendmsg+0x10/0x10 [ 216.209746][T10513] ? aa_sock_msg_perm+0x91/0x160 [ 216.214683][T10513] ? __pfx_netlink_sendmsg+0x10/0x10 [ 216.219962][T10513] __sock_sendmsg+0x221/0x270 [ 216.224639][T10513] ____sys_sendmsg+0x52a/0x7e0 [ 216.229407][T10513] ? __pfx_____sys_sendmsg+0x10/0x10 [ 216.234687][T10513] ? __fget_files+0x2a/0x410 [ 216.239280][T10513] ? __fget_files+0x2a/0x410 [ 216.243880][T10513] __sys_sendmsg+0x269/0x350 [ 216.248466][T10513] ? __pfx_lock_release+0x10/0x10 [ 216.253491][T10513] ? __pfx___sys_sendmsg+0x10/0x10 [ 216.258608][T10513] ? __pfx_vfs_write+0x10/0x10 [ 216.263388][T10513] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 216.269710][T10513] ? do_syscall_64+0x100/0x230 [ 216.274473][T10513] ? do_syscall_64+0xb6/0x230 [ 216.279147][T10513] do_syscall_64+0xf3/0x230 [ 216.283649][T10513] ? clear_bhb_loop+0x35/0x90 [ 216.288330][T10513] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.294217][T10513] RIP: 0033:0x7f51d8985d29 [ 216.298626][T10513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 216.318317][T10513] RSP: 002b:00007f51d9795038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 216.326730][T10513] RAX: ffffffffffffffda RBX: 00007f51d8b75fa0 RCX: 00007f51d8985d29 [ 216.334705][T10513] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000007 [ 216.342672][T10513] RBP: 00007f51d9795090 R08: 0000000000000000 R09: 0000000000000000 [ 216.350638][T10513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 216.358606][T10513] R13: 0000000000000000 R14: 00007f51d8b75fa0 R15: 00007fff6de10e58 [ 216.366585][T10513] [ 216.533624][T10528] netlink: 'syz.4.1491': attribute type 1 has an invalid length. [ 216.573515][T10528] __nla_validate_parse: 1 callbacks suppressed [ 216.573537][T10528] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1491'. [ 216.599826][T10530] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1490'. [ 216.643000][T10530] batadv0: entered promiscuous mode [ 216.664875][T10530] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 216.675058][T10530] batadv0: left promiscuous mode [ 216.939171][T10559] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1497'. [ 217.108507][T10572] set match dimension is over the limit! [ 217.172397][T10575] netlink: 'syz.4.1499': attribute type 3 has an invalid length. [ 217.188959][T10575] pim6reg: entered allmulticast mode [ 217.199859][T10572] pim6reg: left allmulticast mode [ 217.336396][T10582] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1502'. [ 217.555613][T10596] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1505'. [ 217.959223][T10618] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1515'. [ 218.109538][T10626] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1517'. [ 218.483151][T10654] FAULT_INJECTION: forcing a failure. [ 218.483151][T10654] name failslab, interval 1, probability 0, space 0, times 0 [ 218.508850][T10654] CPU: 0 UID: 0 PID: 10654 Comm: syz.0.1531 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 218.519680][T10654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 218.529764][T10654] Call Trace: [ 218.533069][T10654] [ 218.536020][T10654] dump_stack_lvl+0x241/0x360 [ 218.540735][T10654] ? __pfx_dump_stack_lvl+0x10/0x10 [ 218.545964][T10654] ? __pfx__printk+0x10/0x10 [ 218.549578][T10656] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 218.550572][T10654] ? __ip_dev_find+0x497/0x570 [ 218.565086][T10654] should_fail_ex+0x3b0/0x4e0 [ 218.569164][T10658] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1532'. [ 218.569782][T10654] should_failslab+0xac/0x100 [ 218.582103][T10656] netlink: 'syz.1.1530': attribute type 10 has an invalid length. [ 218.583347][T10654] ? dst_alloc+0x12b/0x190 [ 218.583372][T10654] kmem_cache_alloc_noprof+0x70/0x380 [ 218.583400][T10654] dst_alloc+0x12b/0x190 [ 218.583423][T10654] ip_route_output_key_hash_rcu+0x13cc/0x2390 [ 218.583458][T10654] ip_route_output_key_hash+0x193/0x2b0 [ 218.616836][T10654] ? ip_route_output_key_hash+0xdf/0x2b0 [ 218.622471][T10654] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 218.628539][T10654] ? __asan_memset+0x23/0x50 [ 218.633124][T10654] ? __xfrm4_dst_lookup+0x306/0x570 [ 218.638333][T10654] xfrm4_dst_lookup+0x94/0xe0 [ 218.643365][T10654] ? __pfx_xfrm4_dst_lookup+0x10/0x10 [ 218.650752][T10654] __xfrm_dst_lookup+0x52/0x110 [ 218.655600][T10654] xfrm_dev_state_add+0x4c2/0xbd0 [ 218.660625][T10654] ? __pfx_lock_release+0x10/0x10 [ 218.665656][T10654] ? __pfx_xfrm_dev_state_add+0x10/0x10 [ 218.671207][T10654] ? __xfrm_init_state+0xc6d/0xea0 [ 218.676323][T10654] ? xfrm_update_ae_params+0x554/0x660 [ 218.681779][T10654] ? xfrm_alloc_replay_state_esn+0x123/0x190 [ 218.687760][T10654] xfrm_add_sa+0x2fd5/0x3d70 [ 218.692355][T10654] ? __pfx_xfrm_add_sa+0x10/0x10 [ 218.697294][T10654] ? __nla_parse+0x40/0x60 [ 218.701713][T10654] xfrm_user_rcv_msg+0x890/0xb90 [ 218.706652][T10654] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 218.712126][T10654] ? __mutex_trylock_common+0x183/0x2e0 [ 218.717676][T10654] ? __pfx___might_resched+0x10/0x10 [ 218.722959][T10654] ? __pfx___mutex_trylock_common+0x10/0x10 [ 218.728859][T10654] netlink_rcv_skb+0x1e3/0x430 [ 218.733626][T10654] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 218.739084][T10654] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 218.744389][T10654] xfrm_netlink_rcv+0x79/0x90 [ 218.749073][T10654] netlink_unicast+0x7f6/0x990 [ 218.753844][T10654] ? __pfx_netlink_unicast+0x10/0x10 [ 218.759126][T10654] ? __virt_addr_valid+0x45f/0x530 [ 218.764239][T10654] ? __phys_addr_symbol+0x2f/0x70 [ 218.769256][T10654] ? __check_object_size+0x47a/0x730 [ 218.774553][T10654] netlink_sendmsg+0x8e4/0xcb0 [ 218.779324][T10654] ? __pfx_netlink_sendmsg+0x10/0x10 [ 218.784608][T10654] ? aa_sock_msg_perm+0x91/0x160 [ 218.789547][T10654] ? __pfx_netlink_sendmsg+0x10/0x10 [ 218.794824][T10654] __sock_sendmsg+0x221/0x270 [ 218.799502][T10654] ____sys_sendmsg+0x52a/0x7e0 [ 218.804269][T10654] ? __pfx_____sys_sendmsg+0x10/0x10 [ 218.809547][T10654] ? __fget_files+0x2a/0x410 [ 218.814141][T10654] ? __fget_files+0x2a/0x410 [ 218.818743][T10654] __sys_sendmsg+0x269/0x350 [ 218.823329][T10654] ? __pfx_lock_release+0x10/0x10 [ 218.828351][T10654] ? __pfx___sys_sendmsg+0x10/0x10 [ 218.833468][T10654] ? __pfx_vfs_write+0x10/0x10 [ 218.838245][T10654] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 218.844573][T10654] ? do_syscall_64+0x100/0x230 [ 218.849336][T10654] ? do_syscall_64+0xb6/0x230 [ 218.854014][T10654] do_syscall_64+0xf3/0x230 [ 218.858511][T10654] ? clear_bhb_loop+0x35/0x90 [ 218.863189][T10654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.869078][T10654] RIP: 0033:0x7f7b36f85d29 [ 218.873493][T10654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.893094][T10654] RSP: 002b:00007f7b37e55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 218.901528][T10654] RAX: ffffffffffffffda RBX: 00007f7b37175fa0 RCX: 00007f7b36f85d29 [ 218.909493][T10654] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 218.917461][T10654] RBP: 00007f7b37e55090 R08: 0000000000000000 R09: 0000000000000000 [ 218.925426][T10654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 218.933393][T10654] R13: 0000000000000000 R14: 00007f7b37175fa0 R15: 00007ffe7bbad578 [ 218.941392][T10654] [ 219.249000][T10672] pimreg: entered allmulticast mode [ 219.274637][T10672] hsr0: left allmulticast mode [ 219.288865][T10672] hsr_slave_0: left allmulticast mode [ 219.299310][T10672] hsr_slave_1: left allmulticast mode [ 219.311234][T10672] pimreg: left allmulticast mode [ 219.390744][T10678] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1539'. [ 219.603099][T10685] FAULT_INJECTION: forcing a failure. [ 219.603099][T10685] name failslab, interval 1, probability 0, space 0, times 0 [ 219.635556][T10685] CPU: 1 UID: 0 PID: 10685 Comm: syz.2.1541 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 219.646392][T10685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 219.656470][T10685] Call Trace: [ 219.659753][T10685] [ 219.662692][T10685] dump_stack_lvl+0x241/0x360 [ 219.667381][T10685] ? __pfx_dump_stack_lvl+0x10/0x10 [ 219.672584][T10685] ? __pfx__printk+0x10/0x10 [ 219.677201][T10685] should_fail_ex+0x3b0/0x4e0 [ 219.681920][T10685] should_failslab+0xac/0x100 [ 219.686616][T10685] __kmalloc_cache_noprof+0x70/0x390 [ 219.691917][T10685] ? sctp_add_bind_addr+0x89/0x3a0 [ 219.697036][T10685] sctp_add_bind_addr+0x89/0x3a0 [ 219.701981][T10685] sctp_copy_local_addr_list+0x311/0x500 [ 219.707615][T10685] ? sctp_copy_local_addr_list+0xab/0x500 [ 219.713421][T10685] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 219.719572][T10685] ? sctp_v6_is_any+0x60/0x70 [ 219.724251][T10685] sctp_bind_addr_copy+0xad/0x3b0 [ 219.729274][T10685] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 219.735606][T10685] sctp_connect_new_asoc+0x2f3/0x6c0 [ 219.740894][T10685] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 219.746699][T10685] ? sctp_sendmsg+0xbb9/0x3520 [ 219.751475][T10685] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 219.757283][T10685] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 219.762829][T10685] sctp_sendmsg+0x219a/0x3520 [ 219.767519][T10685] ? __pfx_sctp_sendmsg+0x10/0x10 [ 219.772548][T10685] ? __pfx_aa_sk_perm+0x10/0x10 [ 219.777406][T10685] ? inet_sendmsg+0x330/0x390 [ 219.782085][T10685] __sock_sendmsg+0x1a6/0x270 [ 219.786765][T10685] ____sys_sendmsg+0x52a/0x7e0 [ 219.791532][T10685] ? __pfx_____sys_sendmsg+0x10/0x10 [ 219.796813][T10685] ? __fget_files+0x2a/0x410 [ 219.801418][T10685] ? __fget_files+0x2a/0x410 [ 219.806010][T10685] __sys_sendmmsg+0x36a/0x720 [ 219.810698][T10685] ? __pfx___sys_sendmmsg+0x10/0x10 [ 219.815904][T10685] ? __pfx_lock_release+0x10/0x10 [ 219.820921][T10685] ? kstrtouint_from_user+0x128/0x190 [ 219.826304][T10685] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 219.832197][T10685] ? ksys_write+0x22a/0x2b0 [ 219.836699][T10685] ? __pfx_lock_release+0x10/0x10 [ 219.841728][T10685] ? vfs_write+0x730/0xd30 [ 219.846151][T10685] ? __mutex_unlock_slowpath+0x21e/0x790 [ 219.851799][T10685] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 219.857776][T10685] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 219.864103][T10685] ? do_syscall_64+0x100/0x230 [ 219.868867][T10685] __x64_sys_sendmmsg+0xa0/0xb0 [ 219.873723][T10685] do_syscall_64+0xf3/0x230 [ 219.878222][T10685] ? clear_bhb_loop+0x35/0x90 [ 219.882897][T10685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.888784][T10685] RIP: 0033:0x7f6aeff85d29 [ 219.893197][T10685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.912808][T10685] RSP: 002b:00007f6af0d45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 219.921222][T10685] RAX: ffffffffffffffda RBX: 00007f6af0175fa0 RCX: 00007f6aeff85d29 [ 219.929193][T10685] RDX: 0000000000000001 RSI: 0000000020001800 RDI: 0000000000000003 [ 219.937159][T10685] RBP: 00007f6af0d45090 R08: 0000000000000000 R09: 0000000000000000 [ 219.945129][T10685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 219.953097][T10685] R13: 0000000000000000 R14: 00007f6af0175fa0 R15: 00007ffe9dbd1c18 [ 219.961076][T10685] [ 220.163756][T10692] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1544'. [ 220.226718][T10694] netlink: 'syz.4.1545': attribute type 1 has an invalid length. [ 221.783685][T10766] __nla_validate_parse: 8 callbacks suppressed [ 221.783705][T10766] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1573'. [ 221.837658][T10766] netlink: 'syz.1.1573': attribute type 5 has an invalid length. [ 221.908294][T10766] bridge0: entered promiscuous mode [ 221.948202][T10766] macvlan2: entered promiscuous mode [ 221.969223][T10766] bridge0: port 3(macvlan2) entered blocking state [ 221.988794][T10766] bridge0: port 3(macvlan2) entered disabled state [ 222.006792][T10766] macvlan2: entered allmulticast mode [ 222.016507][T10766] bridge0: entered allmulticast mode [ 222.028202][T10766] macvlan2: left allmulticast mode [ 222.034908][T10766] bridge0: left allmulticast mode [ 222.054026][T10766] bridge0: left promiscuous mode [ 222.089209][T10774] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1574'. [ 222.396809][T10798] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1580'. [ 222.453087][T10804] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1583'. [ 222.533541][T10812] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1585'. [ 222.819719][T10831] FAULT_INJECTION: forcing a failure. [ 222.819719][T10831] name failslab, interval 1, probability 0, space 0, times 0 [ 222.879126][T10831] CPU: 1 UID: 0 PID: 10831 Comm: syz.0.1594 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 222.889960][T10831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 222.900041][T10831] Call Trace: [ 222.903319][T10831] [ 222.906259][T10831] dump_stack_lvl+0x241/0x360 [ 222.910955][T10831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 222.916183][T10831] ? __pfx__printk+0x10/0x10 [ 222.920784][T10831] ? __kmalloc_cache_noprof+0x48/0x390 [ 222.926243][T10831] ? __pfx___might_resched+0x10/0x10 [ 222.931537][T10831] should_fail_ex+0x3b0/0x4e0 [ 222.936240][T10831] should_failslab+0xac/0x100 [ 222.940949][T10831] __kmalloc_cache_noprof+0x70/0x390 [ 222.946261][T10831] ? alloc_netdev_mqs+0xbc6/0x1080 [ 222.951403][T10831] ? __xdp_rxq_info_reg+0x142/0x290 [ 222.956634][T10831] alloc_netdev_mqs+0xbc6/0x1080 [ 222.961586][T10831] rtnl_create_link+0x2f9/0xc20 [ 222.966453][T10831] rtnl_newlink_create+0x210/0xa40 [ 222.971579][T10831] ? __pfx___mutex_lock+0x10/0x10 [ 222.976611][T10831] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 222.982282][T10831] ? ns_capable+0x8a/0xf0 [ 222.986626][T10831] rtnl_newlink+0x160d/0x2150 [ 222.991318][T10831] ? __pfx_rtnl_newlink+0x10/0x10 [ 222.996340][T10831] ? __netlink_deliver_tap+0x56b/0x7f0 [ 223.001795][T10831] ? __pfx_validate_chain+0x10/0x10 [ 223.006995][T10831] ? __sock_sendmsg+0x221/0x270 [ 223.011842][T10831] ? ____sys_sendmsg+0x52a/0x7e0 [ 223.016777][T10831] ? __sys_sendmsg+0x269/0x350 [ 223.021538][T10831] ? do_syscall_64+0xf3/0x230 [ 223.026210][T10831] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.032290][T10831] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 223.038274][T10831] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 223.044612][T10831] ? mark_lock+0x9a/0x360 [ 223.048948][T10831] ? __lock_acquire+0x1397/0x2100 [ 223.053994][T10831] ? __pfx_lock_release+0x10/0x10 [ 223.059022][T10831] ? __pfx_rtnl_newlink+0x10/0x10 [ 223.064046][T10831] rtnetlink_rcv_msg+0x791/0xcf0 [ 223.068978][T10831] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 223.074091][T10831] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 223.079555][T10831] ? ref_tracker_free+0x643/0x7e0 [ 223.084583][T10831] netlink_rcv_skb+0x1e3/0x430 [ 223.089347][T10831] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 223.094805][T10831] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 223.100101][T10831] ? netlink_deliver_tap+0x2e/0x1b0 [ 223.105294][T10831] netlink_unicast+0x7f6/0x990 [ 223.110063][T10831] ? __pfx_netlink_unicast+0x10/0x10 [ 223.115344][T10831] ? __virt_addr_valid+0x45f/0x530 [ 223.120454][T10831] ? __phys_addr_symbol+0x2f/0x70 [ 223.125476][T10831] ? __check_object_size+0x47a/0x730 [ 223.131111][T10831] netlink_sendmsg+0x8e4/0xcb0 [ 223.135883][T10831] ? __pfx_netlink_sendmsg+0x10/0x10 [ 223.141167][T10831] ? aa_sock_msg_perm+0x91/0x160 [ 223.146103][T10831] ? __pfx_netlink_sendmsg+0x10/0x10 [ 223.151386][T10831] __sock_sendmsg+0x221/0x270 [ 223.156075][T10831] ____sys_sendmsg+0x52a/0x7e0 [ 223.160849][T10831] ? __pfx_____sys_sendmsg+0x10/0x10 [ 223.166130][T10831] ? __fget_files+0x2a/0x410 [ 223.170722][T10831] ? __fget_files+0x2a/0x410 [ 223.175317][T10831] __sys_sendmsg+0x269/0x350 [ 223.179906][T10831] ? __pfx_lock_release+0x10/0x10 [ 223.184933][T10831] ? __pfx___sys_sendmsg+0x10/0x10 [ 223.190063][T10831] ? __pfx_vfs_write+0x10/0x10 [ 223.194853][T10831] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 223.201180][T10831] ? do_syscall_64+0x100/0x230 [ 223.205943][T10831] ? do_syscall_64+0xb6/0x230 [ 223.210618][T10831] do_syscall_64+0xf3/0x230 [ 223.215124][T10831] ? clear_bhb_loop+0x35/0x90 [ 223.219806][T10831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.225699][T10831] RIP: 0033:0x7f7b36f85d29 [ 223.230109][T10831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.249717][T10831] RSP: 002b:00007f7b37e55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 223.258134][T10831] RAX: ffffffffffffffda RBX: 00007f7b37175fa0 RCX: 00007f7b36f85d29 [ 223.266103][T10831] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000011 [ 223.274070][T10831] RBP: 00007f7b37e55090 R08: 0000000000000000 R09: 0000000000000000 [ 223.282036][T10831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 223.290002][T10831] R13: 0000000000000000 R14: 00007f7b37175fa0 R15: 00007ffe7bbad578 [ 223.297986][T10831] [ 223.460291][T10843] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1599'. [ 223.738603][T10857] hsr_slave_0: left promiscuous mode [ 223.762583][T10857] hsr_slave_1: left promiscuous mode [ 223.775293][T10868] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1607'. [ 224.600135][T10926] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1625'. [ 224.632588][T10926] netlink: 'syz.1.1625': attribute type 1 has an invalid length. [ 224.830726][T10934] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1628'. [ 225.001424][T10946] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 225.026391][T10946] netlink: 'syz.4.1633': attribute type 10 has an invalid length. [ 225.796433][T10986] bridge0: port 3(gretap0) entered blocking state [ 225.801124][T10988] set match dimension is over the limit! [ 225.811962][T10986] bridge0: port 3(gretap0) entered disabled state [ 225.828501][T10986] gretap0: entered allmulticast mode [ 225.843694][T10986] gretap0: entered promiscuous mode [ 225.857535][T10986] bridge0: port 3(gretap0) entered blocking state [ 225.864187][T10986] bridge0: port 3(gretap0) entered forwarding state [ 225.895530][T10988] netlink: 'syz.4.1647': attribute type 3 has an invalid length. [ 225.896550][T10994] gretap0: left allmulticast mode [ 225.912233][T10994] gretap0: left promiscuous mode [ 225.920455][T10994] bridge0: port 3(gretap0) entered disabled state [ 225.990201][T10988] pim6reg: entered allmulticast mode [ 225.996957][T10996] pim6reg: left allmulticast mode [ 226.031862][T11002] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 226.054141][T11002] netlink: 'syz.0.1651': attribute type 10 has an invalid length. [ 226.409821][T11026] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 226.438704][T11026] netlink: 'syz.1.1660': attribute type 10 has an invalid length. [ 226.461631][T11030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 226.476454][T11030] netlink: 'syz.3.1661': attribute type 10 has an invalid length. [ 226.498993][T11032] netlink: 'syz.4.1663': attribute type 1 has an invalid length. [ 226.554945][T11032] 8021q: adding VLAN 0 to HW filter on device bond5 [ 226.598993][T11032] 8021q: adding VLAN 0 to HW filter on device bond5 [ 226.607376][T11032] bond5: (slave vti0): The slave device specified does not support setting the MAC address [ 226.619977][T11032] bond5: (slave vti0): Error -95 calling set_mac_address [ 226.875189][T11050] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1669'. [ 226.976879][T11056] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1671'. [ 227.241626][T11051] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1668'. [ 227.274136][T11051] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1668'. [ 227.378108][T11077] netlink: 'syz.3.1677': attribute type 10 has an invalid length. [ 228.028450][T11105] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1687'. [ 228.176405][T11105] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 228.568167][T11128] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1695'. [ 229.075357][T11156] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 229.135969][T11156] netlink: 'syz.3.1704': attribute type 10 has an invalid length. [ 229.177643][T11163] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1706'. [ 229.193369][T11163] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1706'. [ 229.196730][T11161] syz.1.1705 (11161) used obsolete PPPIOCDETACH ioctl [ 229.207749][T11163] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1706'. [ 229.223717][T11163] netlink: 260 bytes leftover after parsing attributes in process `syz.0.1706'. [ 229.365252][T11172] FAULT_INJECTION: forcing a failure. [ 229.365252][T11172] name failslab, interval 1, probability 0, space 0, times 0 [ 229.387406][T11172] CPU: 0 UID: 0 PID: 11172 Comm: syz.1.1710 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 229.398239][T11172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 229.408337][T11172] Call Trace: [ 229.411639][T11172] [ 229.414589][T11172] dump_stack_lvl+0x241/0x360 [ 229.419293][T11172] ? __pfx_dump_stack_lvl+0x10/0x10 [ 229.424506][T11172] ? __pfx__printk+0x10/0x10 [ 229.429129][T11172] ? __ip_dev_find+0x497/0x570 [ 229.433921][T11172] should_fail_ex+0x3b0/0x4e0 [ 229.438634][T11172] should_failslab+0xac/0x100 [ 229.443337][T11172] ? dst_alloc+0x12b/0x190 [ 229.447770][T11172] kmem_cache_alloc_noprof+0x70/0x380 [ 229.453149][T11172] dst_alloc+0x12b/0x190 [ 229.457393][T11172] ip_route_output_key_hash_rcu+0x13cc/0x2390 [ 229.463488][T11172] ip_route_output_key_hash+0x193/0x2b0 [ 229.469077][T11172] ? ip_route_output_key_hash+0xdf/0x2b0 [ 229.474711][T11172] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 229.480777][T11172] ? __asan_memset+0x23/0x50 [ 229.485362][T11172] ? __xfrm4_dst_lookup+0x306/0x570 [ 229.490564][T11172] xfrm4_dst_lookup+0x94/0xe0 [ 229.495250][T11172] ? __pfx_xfrm4_dst_lookup+0x10/0x10 [ 229.500669][T11172] __xfrm_dst_lookup+0x52/0x110 [ 229.505548][T11172] xfrm_dev_state_add+0x4c2/0xbd0 [ 229.510694][T11172] ? __pfx_lock_release+0x10/0x10 [ 229.515767][T11172] ? __pfx_xfrm_dev_state_add+0x10/0x10 [ 229.521350][T11172] ? __xfrm_init_state+0xc6d/0xea0 [ 229.526528][T11172] ? xfrm_update_ae_params+0x554/0x660 [ 229.532022][T11172] ? xfrm_alloc_replay_state_esn+0x123/0x190 [ 229.538069][T11172] xfrm_add_sa+0x2fd5/0x3d70 [ 229.542700][T11172] ? __pfx_xfrm_add_sa+0x10/0x10 [ 229.547679][T11172] ? __nla_parse+0x40/0x60 [ 229.552137][T11172] xfrm_user_rcv_msg+0x890/0xb90 [ 229.557109][T11172] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 229.559577][T11178] netlink: 'syz.0.1713': attribute type 21 has an invalid length. [ 229.562608][T11172] ? __mutex_trylock_common+0x183/0x2e0 [ 229.562643][T11172] ? __pfx___might_resched+0x10/0x10 [ 229.570979][T11178] IPv6: NLM_F_CREATE should be specified when creating new route [ 229.576138][T11172] ? __pfx___mutex_trylock_common+0x10/0x10 [ 229.576179][T11172] netlink_rcv_skb+0x1e3/0x430 [ 229.576202][T11172] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 229.576225][T11172] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 229.576270][T11172] xfrm_netlink_rcv+0x79/0x90 [ 229.576291][T11172] netlink_unicast+0x7f6/0x990 [ 229.586465][T11178] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 229.589255][T11172] ? __pfx_netlink_unicast+0x10/0x10 [ 229.595254][T11178] IPv6: NLM_F_CREATE should be set when creating new route [ 229.599894][T11172] ? __virt_addr_valid+0x45f/0x530 [ 229.599924][T11172] ? __phys_addr_symbol+0x2f/0x70 [ 229.605445][T11178] IPv6: NLM_F_CREATE should be set when creating new route [ 229.610621][T11172] ? __check_object_size+0x47a/0x730 [ 229.610654][T11172] netlink_sendmsg+0x8e4/0xcb0 [ 229.615350][T11178] IPv6: NLM_F_CREATE should be set when creating new route [ 229.620052][T11172] ? __pfx_netlink_sendmsg+0x10/0x10 [ 229.679630][T11172] ? aa_sock_msg_perm+0x91/0x160 [ 229.684604][T11172] ? __pfx_netlink_sendmsg+0x10/0x10 [ 229.689912][T11172] __sock_sendmsg+0x221/0x270 [ 229.694626][T11172] ____sys_sendmsg+0x52a/0x7e0 [ 229.699427][T11172] ? __pfx_____sys_sendmsg+0x10/0x10 [ 229.704748][T11172] ? __fget_files+0x2a/0x410 [ 229.709369][T11172] ? __fget_files+0x2a/0x410 [ 229.713995][T11172] __sys_sendmsg+0x269/0x350 [ 229.718609][T11172] ? __pfx_lock_release+0x10/0x10 [ 229.723659][T11172] ? __pfx___sys_sendmsg+0x10/0x10 [ 229.728815][T11172] ? __pfx_vfs_write+0x10/0x10 [ 229.733634][T11172] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 229.739990][T11172] ? do_syscall_64+0x100/0x230 [ 229.744783][T11172] ? do_syscall_64+0xb6/0x230 [ 229.749488][T11172] do_syscall_64+0xf3/0x230 [ 229.754078][T11172] ? clear_bhb_loop+0x35/0x90 [ 229.758776][T11172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.764677][T11172] RIP: 0033:0x7f51d8985d29 [ 229.769115][T11172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.788750][T11172] RSP: 002b:00007f51d9795038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 229.797169][T11172] RAX: ffffffffffffffda RBX: 00007f51d8b75fa0 RCX: 00007f51d8985d29 [ 229.805147][T11172] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 229.813121][T11172] RBP: 00007f51d9795090 R08: 0000000000000000 R09: 0000000000000000 [ 229.821091][T11172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 229.829060][T11172] R13: 0000000000000000 R14: 00007f51d8b75fa0 R15: 00007fff6de10e58 [ 229.837047][T11172] [ 230.898810][T11236] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 230.930279][T11236] netlink: 'syz.1.1730': attribute type 10 has an invalid length. [ 231.118082][T11240] bond0: entered allmulticast mode [ 231.573844][T11264] netlink: 'syz.1.1742': attribute type 64 has an invalid length. [ 231.690745][T11263] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 231.863154][T11284] FAULT_INJECTION: forcing a failure. [ 231.863154][T11284] name failslab, interval 1, probability 0, space 0, times 0 [ 231.903628][T11284] CPU: 1 UID: 0 PID: 11284 Comm: syz.3.1746 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 231.914464][T11284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 231.924541][T11284] Call Trace: [ 231.927827][T11284] [ 231.930754][T11284] dump_stack_lvl+0x241/0x360 [ 231.935443][T11284] ? __pfx_dump_stack_lvl+0x10/0x10 [ 231.940641][T11284] ? __pfx__printk+0x10/0x10 [ 231.945230][T11284] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 231.951216][T11284] ? __pfx___might_resched+0x10/0x10 [ 231.956508][T11284] should_fail_ex+0x3b0/0x4e0 [ 231.961191][T11284] should_failslab+0xac/0x100 [ 231.965877][T11284] kmem_cache_alloc_node_noprof+0x77/0x380 [ 231.971693][T11284] ? __alloc_skb+0x1c3/0x440 [ 231.976289][T11284] __alloc_skb+0x1c3/0x440 [ 231.980709][T11284] ? __pfx___alloc_skb+0x10/0x10 [ 231.985642][T11284] ? netlink_autobind+0xd6/0x2f0 [ 231.990580][T11284] ? netlink_autobind+0x2b0/0x2f0 [ 231.995609][T11284] netlink_sendmsg+0x638/0xcb0 [ 232.000375][T11284] ? __pfx_netlink_sendmsg+0x10/0x10 [ 232.005658][T11284] ? aa_sock_msg_perm+0x91/0x160 [ 232.010596][T11284] ? __pfx_netlink_sendmsg+0x10/0x10 [ 232.015881][T11284] __sock_sendmsg+0x221/0x270 [ 232.020565][T11284] ____sys_sendmsg+0x52a/0x7e0 [ 232.025331][T11284] ? __pfx_____sys_sendmsg+0x10/0x10 [ 232.030613][T11284] ? __fget_files+0x2a/0x410 [ 232.035207][T11284] ? __fget_files+0x2a/0x410 [ 232.039805][T11284] __sys_sendmsg+0x269/0x350 [ 232.044392][T11284] ? __pfx_lock_release+0x10/0x10 [ 232.049414][T11284] ? __pfx___sys_sendmsg+0x10/0x10 [ 232.054536][T11284] ? __pfx_vfs_write+0x10/0x10 [ 232.059316][T11284] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 232.065644][T11284] ? do_syscall_64+0x100/0x230 [ 232.070407][T11284] ? do_syscall_64+0xb6/0x230 [ 232.075082][T11284] do_syscall_64+0xf3/0x230 [ 232.079581][T11284] ? clear_bhb_loop+0x35/0x90 [ 232.084267][T11284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.090156][T11284] RIP: 0033:0x7f154db85d29 [ 232.094566][T11284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.114261][T11284] RSP: 002b:00007f154e9f2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 232.122675][T11284] RAX: ffffffffffffffda RBX: 00007f154dd75fa0 RCX: 00007f154db85d29 [ 232.130641][T11284] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 232.138608][T11284] RBP: 00007f154e9f2090 R08: 0000000000000000 R09: 0000000000000000 [ 232.146576][T11284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 232.154541][T11284] R13: 0000000000000000 R14: 00007f154dd75fa0 R15: 00007ffff9fdb558 [ 232.162527][T11284] [ 232.479669][T11295] __nla_validate_parse: 11 callbacks suppressed [ 232.479689][T11295] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1751'. [ 232.699438][T11304] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1757'. [ 232.742986][T11304] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1757'. [ 233.205661][T11333] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 233.645965][T11353] FAULT_INJECTION: forcing a failure. [ 233.645965][T11353] name failslab, interval 1, probability 0, space 0, times 0 [ 233.670748][T11353] CPU: 0 UID: 0 PID: 11353 Comm: syz.3.1770 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 233.681586][T11353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 233.691662][T11353] Call Trace: [ 233.694947][T11353] [ 233.697911][T11353] dump_stack_lvl+0x241/0x360 [ 233.702592][T11353] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.707792][T11353] ? __pfx__printk+0x10/0x10 [ 233.712394][T11353] should_fail_ex+0x3b0/0x4e0 [ 233.717079][T11353] should_failslab+0xac/0x100 [ 233.721758][T11353] kmem_cache_alloc_node_noprof+0x77/0x380 [ 233.727563][T11353] ? __alloc_skb+0x1c3/0x440 [ 233.732154][T11353] __alloc_skb+0x1c3/0x440 [ 233.736574][T11353] ? __pfx___alloc_skb+0x10/0x10 [ 233.741508][T11353] ? __pfx___alloc_skb+0x10/0x10 [ 233.746446][T11353] create_monitor_ctrl_event+0x35/0x4d0 [ 233.751988][T11353] ? mgmt_cmd_complete+0x1b5/0x580 [ 233.757100][T11353] mgmt_cmd_complete+0x220/0x580 [ 233.762043][T11353] start_discovery_internal+0x32f/0x800 [ 233.767593][T11353] ? lockdep_hardirqs_on+0x99/0x150 [ 233.772790][T11353] ? __pfx_start_discovery_internal+0x10/0x10 [ 233.778868][T11353] ? __pfx_mgmt_init_hdev+0x10/0x10 [ 233.784070][T11353] ? mgmt_init_hdev+0x453/0x470 [ 233.788922][T11353] hci_mgmt_cmd+0xc47/0x11d0 [ 233.793533][T11353] hci_sock_sendmsg+0x7b8/0x11c0 [ 233.798477][T11353] ? __pfx_aa_sk_perm+0x10/0x10 [ 233.803335][T11353] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 233.808714][T11353] ? __pfx_aa_file_perm+0x10/0x10 [ 233.813737][T11353] ? aa_sock_msg_perm+0x91/0x160 [ 233.818673][T11353] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 233.824043][T11353] __sock_sendmsg+0x221/0x270 [ 233.828727][T11353] sock_write_iter+0x2d7/0x3f0 [ 233.833492][T11353] ? __pfx_sock_write_iter+0x10/0x10 [ 233.838788][T11353] ? bpf_lsm_file_permission+0x9/0x10 [ 233.844167][T11353] ? security_file_permission+0x74/0x280 [ 233.849802][T11353] vfs_write+0xaeb/0xd30 [ 233.854047][T11353] ? __pfx_sock_write_iter+0x10/0x10 [ 233.859332][T11353] ? __pfx_vfs_write+0x10/0x10 [ 233.864094][T11353] ? __fget_files+0x2a/0x410 [ 233.868696][T11353] ? __fget_files+0x2a/0x410 [ 233.873291][T11353] ksys_write+0x18f/0x2b0 [ 233.877619][T11353] ? __pfx_ksys_write+0x10/0x10 [ 233.882463][T11353] ? do_syscall_64+0x100/0x230 [ 233.887229][T11353] ? do_syscall_64+0xb6/0x230 [ 233.891903][T11353] do_syscall_64+0xf3/0x230 [ 233.896426][T11353] ? clear_bhb_loop+0x35/0x90 [ 233.901116][T11353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.907027][T11353] RIP: 0033:0x7f154db85d29 [ 233.911467][T11353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.931094][T11353] RSP: 002b:00007f154e9f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 233.939525][T11353] RAX: ffffffffffffffda RBX: 00007f154dd75fa0 RCX: 00007f154db85d29 [ 233.947499][T11353] RDX: 0000000000000007 RSI: 0000000020000340 RDI: 0000000000000004 [ 233.955471][T11353] RBP: 00007f154e9f2090 R08: 0000000000000000 R09: 0000000000000000 [ 233.963439][T11353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.971406][T11353] R13: 0000000000000000 R14: 00007f154dd75fa0 R15: 00007ffff9fdb558 [ 233.979390][T11353] [ 234.157464][T11361] tipc: Enabling of bearer rejected, failed to enable media [ 234.204814][T11339] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1766'. [ 234.230683][T11339] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1766'. [ 234.823401][T11389] tipc: Cannot configure node identity twice [ 235.107523][T11399] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1790'. [ 236.292385][T11475] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1817'. [ 237.065529][T11502] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1828'. [ 237.119290][T11502] sctp: [Deprecated]: syz.0.1828 (pid 11502) Use of int in maxseg socket option. [ 237.119290][T11502] Use struct sctp_assoc_value instead [ 237.416783][T11514] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1832'. [ 237.478729][T11517] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 237.491201][T11518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1832'. [ 237.506214][T11517] netlink: 'syz.1.1833': attribute type 10 has an invalid length. [ 237.595169][T11521] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1832'. [ 237.792959][T11531] netlink: 'syz.0.1838': attribute type 4 has an invalid length. [ 237.811168][T11535] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1840'. [ 238.082291][T11549] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1843'. [ 238.174279][T11557] netlink: 'syz.1.1848': attribute type 10 has an invalid length. [ 238.209887][T11557] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1848'. [ 238.383644][T11569] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1854'. [ 238.390480][T11568] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1850'. [ 238.418467][T11568] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1850'. [ 238.494834][T11576] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1850'. [ 238.620142][T11584] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 238.650200][T11578] netlink: 'syz.1.1857': attribute type 10 has an invalid length. [ 239.263521][T11620] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 239.284597][T11621] netlink: 'syz.1.1871': attribute type 4 has an invalid length. [ 239.438435][T11628] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1873'. [ 239.453003][T11628] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.494928][T11628] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.523667][T11628] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.543044][T11628] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.819386][T11648] ip6_tunnel: non-ECT from 0000:0000:0000:0000:0000:ffff:ffff:fffd with DS=0xb [ 240.242440][T11671] lo speed is unknown, defaulting to 1000 [ 240.354851][T11680] batadv0: entered promiscuous mode [ 240.361181][T11680] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 240.375328][T11680] batadv0: left promiscuous mode [ 240.518774][T11689] ------------[ cut here ]------------ [ 240.525007][T11689] WARNING: CPU: 1 PID: 11689 at net/mac80211/rate.c:53 rate_control_rate_init+0x5ec/0x680 [ 240.535387][T11689] Modules linked in: [ 240.539381][T11689] CPU: 1 UID: 0 PID: 11689 Comm: syz.1.1897 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 240.550509][T11689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 240.561042][T11689] RIP: 0010:rate_control_rate_init+0x5ec/0x680 [ 240.567776][T11689] Code: 8b 82 01 00 00 20 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 00 23 63 f6 90 0f 0b 90 eb e2 e8 f5 22 63 f6 90 <0f> 0b 90 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d e9 8e 00 00 00 [ 240.588000][T11689] RSP: 0018:ffffc9000430efd0 EFLAGS: 00010287 [ 240.594314][T11689] RAX: ffffffff8b3c3b4b RBX: 0000000000000001 RCX: 0000000000080000 [ 240.602335][T11689] RDX: ffffc90005372000 RSI: 0000000000000358 RDI: 0000000000000359 [ 240.610469][T11689] RBP: ffffffff8b3c3695 R08: ffffffff8b3c3780 R09: 1ffffffff2856b10 [ 240.618581][T11689] R10: dffffc0000000000 R11: fffffbfff2856b11 R12: ffff8880282f0e40 [ 240.626673][T11689] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff1100f7cc80a [ 240.634733][T11689] FS: 00007f51d97956c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 240.643774][T11689] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 240.650401][T11689] CR2: 0000000020001080 CR3: 0000000051f9a000 CR4: 00000000003526f0 [ 240.658685][T11689] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 240.666994][T11689] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 240.675162][T11689] Call Trace: [ 240.678474][T11689] [ 240.681438][T11689] ? __warn+0x165/0x4d0 [ 240.685706][T11689] ? rate_control_rate_init+0x5ec/0x680 [ 240.691304][T11689] ? report_bug+0x2b3/0x500 [ 240.695909][T11689] ? rate_control_rate_init+0x5ec/0x680 [ 240.701503][T11689] ? handle_bug+0x60/0x90 [ 240.705947][T11689] ? exc_invalid_op+0x1a/0x50 [ 240.710669][T11689] ? asm_exc_invalid_op+0x1a/0x20 [ 240.715814][T11689] ? rate_control_rate_init+0x135/0x680 [ 240.721408][T11689] ? rate_control_rate_init+0x220/0x680 [ 240.727052][T11689] ? rate_control_rate_init+0x5eb/0x680 [ 240.732668][T11689] ? rate_control_rate_init+0x5ec/0x680 [ 240.738590][T11689] rate_control_rate_init_all_links+0xfc/0x190 [ 240.744878][T11689] sta_apply_auth_flags+0x1b6/0x410 [ 240.750120][T11689] sta_apply_parameters+0xe23/0x1550 [ 240.755523][T11689] ieee80211_add_station+0x3da/0x630 [ 240.761007][T11689] rdev_add_station+0x11b/0x2b0 [ 240.766160][T11689] nl80211_new_station+0x1d53/0x2550 [ 240.771513][T11689] ? __pfx_nl80211_new_station+0x10/0x10 [ 240.777269][T11689] ? netdev_run_todo+0xf88/0x1000 [ 240.782368][T11689] genl_rcv_msg+0xb14/0xec0 [ 240.787018][T11689] ? __pfx_genl_rcv_msg+0x10/0x10 [ 240.792109][T11689] ? __pfx_lock_acquire+0x10/0x10 [ 240.797208][T11689] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 240.802613][T11689] ? __pfx_nl80211_new_station+0x10/0x10 [ 240.808349][T11689] ? __pfx_nl80211_post_doit+0x10/0x10 [ 240.813952][T11689] ? __pfx___might_resched+0x10/0x10 [ 240.819312][T11689] netlink_rcv_skb+0x1e3/0x430 [ 240.824204][T11689] ? __pfx_genl_rcv_msg+0x10/0x10 [ 240.829298][T11689] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 240.834689][T11689] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 240.840195][T11689] genl_rcv+0x28/0x40 [ 240.844282][T11689] netlink_unicast+0x7f6/0x990 [ 240.849091][T11689] ? __pfx_netlink_unicast+0x10/0x10 [ 240.854508][T11689] ? __virt_addr_valid+0x45f/0x530 [ 240.859997][T11689] ? __phys_addr_symbol+0x2f/0x70 [ 240.865316][T11689] ? __check_object_size+0x47a/0x730 [ 240.870652][T11689] netlink_sendmsg+0x8e4/0xcb0 [ 240.875514][T11689] ? __pfx_netlink_sendmsg+0x10/0x10 [ 240.880834][T11689] ? aa_sock_msg_perm+0x91/0x160 [ 240.885863][T11689] ? __pfx_netlink_sendmsg+0x10/0x10 [ 240.891179][T11689] __sock_sendmsg+0x221/0x270 [ 240.895993][T11689] ____sys_sendmsg+0x52a/0x7e0 [ 240.900803][T11689] ? __pfx_____sys_sendmsg+0x10/0x10 [ 240.906191][T11689] ? __fget_files+0x2a/0x410 [ 240.910824][T11689] ? __fget_files+0x2a/0x410 [ 240.915504][T11689] __sys_sendmsg+0x269/0x350 [ 240.920140][T11689] ? __pfx___sys_sendmsg+0x10/0x10 [ 240.925411][T11689] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 240.931776][T11689] ? do_syscall_64+0x100/0x230 [ 240.936653][T11689] ? do_syscall_64+0xb6/0x230 [ 240.941372][T11689] do_syscall_64+0xf3/0x230 [ 240.945998][T11689] ? clear_bhb_loop+0x35/0x90 [ 240.950707][T11689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.956706][T11689] RIP: 0033:0x7f51d8985d29 [ 240.961140][T11689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.981494][T11689] RSP: 002b:00007f51d9795038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 240.990020][T11689] RAX: ffffffffffffffda RBX: 00007f51d8b75fa0 RCX: 00007f51d8985d29 [ 240.998066][T11689] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000005 [ 241.006170][T11689] RBP: 00007f51d8a01a20 R08: 0000000000000000 R09: 0000000000000000 [ 241.014254][T11689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.022236][T11689] R13: 0000000000000000 R14: 00007f51d8b75fa0 R15: 00007fff6de10e58 [ 241.030330][T11689] [ 241.033463][T11689] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 241.040753][T11689] CPU: 1 UID: 0 PID: 11689 Comm: syz.1.1897 Not tainted 6.13.0-rc2-syzkaller-00506-g4fefbc66dfb3 #0 [ 241.051539][T11689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 241.061597][T11689] Call Trace: [ 241.064880][T11689] [ 241.067809][T11689] dump_stack_lvl+0x241/0x360 [ 241.072493][T11689] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.077711][T11689] ? __pfx__printk+0x10/0x10 [ 241.082314][T11689] ? vscnprintf+0x5d/0x90 [ 241.086670][T11689] panic+0x349/0x880 [ 241.090564][T11689] ? __warn+0x174/0x4d0 [ 241.094730][T11689] ? __pfx_panic+0x10/0x10 [ 241.099177][T11689] __warn+0x344/0x4d0 [ 241.103172][T11689] ? rate_control_rate_init+0x5ec/0x680 [ 241.108727][T11689] report_bug+0x2b3/0x500 [ 241.113062][T11689] ? rate_control_rate_init+0x5ec/0x680 [ 241.118619][T11689] handle_bug+0x60/0x90 [ 241.122772][T11689] exc_invalid_op+0x1a/0x50 [ 241.127274][T11689] asm_exc_invalid_op+0x1a/0x20 [ 241.132126][T11689] RIP: 0010:rate_control_rate_init+0x5ec/0x680 [ 241.138289][T11689] Code: 8b 82 01 00 00 20 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 00 23 63 f6 90 0f 0b 90 eb e2 e8 f5 22 63 f6 90 <0f> 0b 90 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d e9 8e 00 00 00 [ 241.157900][T11689] RSP: 0018:ffffc9000430efd0 EFLAGS: 00010287 [ 241.163972][T11689] RAX: ffffffff8b3c3b4b RBX: 0000000000000001 RCX: 0000000000080000 [ 241.171944][T11689] RDX: ffffc90005372000 RSI: 0000000000000358 RDI: 0000000000000359 [ 241.179916][T11689] RBP: ffffffff8b3c3695 R08: ffffffff8b3c3780 R09: 1ffffffff2856b10 [ 241.187886][T11689] R10: dffffc0000000000 R11: fffffbfff2856b11 R12: ffff8880282f0e40 [ 241.195857][T11689] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff1100f7cc80a [ 241.203828][T11689] ? rate_control_rate_init+0x135/0x680 [ 241.209382][T11689] ? rate_control_rate_init+0x220/0x680 [ 241.214935][T11689] ? rate_control_rate_init+0x5eb/0x680 [ 241.220496][T11689] rate_control_rate_init_all_links+0xfc/0x190 [ 241.226654][T11689] sta_apply_auth_flags+0x1b6/0x410 [ 241.231854][T11689] sta_apply_parameters+0xe23/0x1550 [ 241.237145][T11689] ieee80211_add_station+0x3da/0x630 [ 241.242431][T11689] rdev_add_station+0x11b/0x2b0 [ 241.247285][T11689] nl80211_new_station+0x1d53/0x2550 [ 241.252579][T11689] ? __pfx_nl80211_new_station+0x10/0x10 [ 241.258214][T11689] ? netdev_run_todo+0xf88/0x1000 [ 241.263278][T11689] genl_rcv_msg+0xb14/0xec0 [ 241.267786][T11689] ? __pfx_genl_rcv_msg+0x10/0x10 [ 241.272829][T11689] ? __pfx_lock_acquire+0x10/0x10 [ 241.277855][T11689] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 241.283229][T11689] ? __pfx_nl80211_new_station+0x10/0x10 [ 241.288859][T11689] ? __pfx_nl80211_post_doit+0x10/0x10 [ 241.294322][T11689] ? __pfx___might_resched+0x10/0x10 [ 241.299615][T11689] netlink_rcv_skb+0x1e3/0x430 [ 241.304382][T11689] ? __pfx_genl_rcv_msg+0x10/0x10 [ 241.309409][T11689] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 241.314702][T11689] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 241.320166][T11689] genl_rcv+0x28/0x40 [ 241.324146][T11689] netlink_unicast+0x7f6/0x990 [ 241.328933][T11689] ? __pfx_netlink_unicast+0x10/0x10 [ 241.334253][T11689] ? __virt_addr_valid+0x45f/0x530 [ 241.339366][T11689] ? __phys_addr_symbol+0x2f/0x70 [ 241.344392][T11689] ? __check_object_size+0x47a/0x730 [ 241.349681][T11689] netlink_sendmsg+0x8e4/0xcb0 [ 241.354453][T11689] ? __pfx_netlink_sendmsg+0x10/0x10 [ 241.359739][T11689] ? aa_sock_msg_perm+0x91/0x160 [ 241.364676][T11689] ? __pfx_netlink_sendmsg+0x10/0x10 [ 241.369985][T11689] __sock_sendmsg+0x221/0x270 [ 241.374689][T11689] ____sys_sendmsg+0x52a/0x7e0 [ 241.379474][T11689] ? __pfx_____sys_sendmsg+0x10/0x10 [ 241.384776][T11689] ? __fget_files+0x2a/0x410 [ 241.389379][T11689] ? __fget_files+0x2a/0x410 [ 241.393982][T11689] __sys_sendmsg+0x269/0x350 [ 241.398579][T11689] ? __pfx___sys_sendmsg+0x10/0x10 [ 241.403719][T11689] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 241.410047][T11689] ? do_syscall_64+0x100/0x230 [ 241.414811][T11689] ? do_syscall_64+0xb6/0x230 [ 241.419489][T11689] do_syscall_64+0xf3/0x230 [ 241.423994][T11689] ? clear_bhb_loop+0x35/0x90 [ 241.428671][T11689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.434562][T11689] RIP: 0033:0x7f51d8985d29 [ 241.438975][T11689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.459100][T11689] RSP: 002b:00007f51d9795038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 241.467533][T11689] RAX: ffffffffffffffda RBX: 00007f51d8b75fa0 RCX: 00007f51d8985d29 [ 241.475526][T11689] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000005 [ 241.483497][T11689] RBP: 00007f51d8a01a20 R08: 0000000000000000 R09: 0000000000000000 [ 241.491467][T11689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.499437][T11689] R13: 0000000000000000 R14: 00007f51d8b75fa0 R15: 00007fff6de10e58 [ 241.507416][T11689] [ 241.510696][T11689] Kernel Offset: disabled [ 241.515077][T11689] Rebooting in 86400 seconds..