last executing test programs: 2.857298265s ago: executing program 1 (id=2213): syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={r1}, 0x8) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$bt_hci(r2, 0x84, 0x70, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) 2.693435194s ago: executing program 1 (id=2217): pipe(&(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000580)=[{&(0x7f0000000040)='d', 0x1}], 0x1, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) 2.593114242s ago: executing program 1 (id=2221): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000340), 0x8) 2.326862041s ago: executing program 1 (id=2227): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000c00)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001840)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92344f242b416ae9eeefc0e9c60ebab1c176bfdbb4ddffffff7f02f732e4c2eab72bf40c0682fd0a0c4ac106b29e220dc28d0072599456d4c4e6f3fe684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb39df9858037458a4ca037604007600b6be484e4c9517af216bd8ed42f7dd5adb8e49f4a94608c9a20819e02fc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8a80366ce5401ec61921a1b529cc8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa228504e4afd8c1cc3eb215ba22f43115f4d39ddbb1edb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e0200000057033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400001000000000ff8d01006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb6b3cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a634b93a09fab1daae4b518d7a5d95a017864010067d6bab101446ebfe3fdeed7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6f4a78444986f9b1ab61f9dab53038010000004abbfc59d6d1b18fe380df4bf024f120bd755d82033f2fb7d8fc9e0de834f7646c8dd27da1297d0c77b294e097e293db7f002c0024ab2fb4d32972cba6f49051cec1ff6f16231bbb90a2d201a500000000000000007700b06fa191ebd3a0c2ef0058ffebd7cc4cf80f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f8107671141ffffffe0c7d8e94a27a06a4e3d9acee835fd0571e5bbb3e6d2b5eba505000000968983811f832dc5390f83e817c64ac4f1f0d0504255c22ee8674053d0e160e5255366139bbe5863e23c3dd42d21f542816edf56a93d0a7e6f08f9ffffff64875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875857f083144c642f71cdc8e5634c1360c056430fe77ee7ed7ac1f9743786b2fb8e0fcfcc3d36c93230b7b059bc295aa0e38ff07edc3492b96e73d2060acfd8145e4a5851bc4d6fdc5ad939db52812e07795f3879baa88bd194d48e50c84892c97c800d156b059a718f6b10274b077a710f27ab8ee953de70ea860b74a0f3c3dc11177b11cc2e62a95f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f7975fe599678fee48f83b59895e0309130f534741377ea7b7bea3c46c0c4c4b7c27c5d057d95ac85a41cdcee8e6fa31f7d2137ed1fb4b21c13b9a2c5e3f7c9ef9e45a35adbf0b9312be929863f000000000000004a82bc080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561e34e4e8e51e81d4a355a7d00d917c16a2bb0cfb284fcfde9015769b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb46e1878c5295fecc27f9c6d1f62da58c0002ea00000000009aa38a05e70591d5cdab1c488ef3c1984c7c0a566cfc2a080000009ec206a54fb49056a555414178ef00d8b8f3c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a10100000000000000c9ccc89df41c39dd58dd70569dde45f8adeaad7d3328fbb6e279f745d2872f0208635e465ca443a6a64c7803760880af23fb3f430a5d11fffc96dd13b951642f1433f65b4e170a62a5f7b7d0f9d5cef0d17289c43d4aee0001f7a343899434594cc23e1c864164e130754b337e560f285dc670e31241bf657babf0615b85dc200a10294b7d5885b43ac62fc7f97a85586168483427072a535f2c7481ec261c00f725de74e48d9a86f7d4a5d28da3f099ca3e6472b9d7c86d961f525f799b4517141f018af0673b8296f867eca1ec07be11bc497a6f7d2b752bcf77c2908b64630ed5a0c2261bc2d5de6ee174534b8dfc0432ab6bbcf296d36807544aa7c3d3301ae227b713a371414c98695e559f9cbf6b046184064a5f2424cc6f41f21fc24a3ad7d20a89e00a9dc99a40f890869d35fba3ce6f297661d3f8ba21c65badf55d1859581f9e7ef3e2693b46a8fc85be061ce79aa2832c04dc04de8b6536123b24be2ef80eb06b2db900fb30596c1574bda31f81d61ccfd58080d2330b9c7b87b5d17d48c32daffead3414b91603e250eeedc7d601000000037426f643797be3e93da96b5643d3feed0b7c885d06006b830d7cbf3152f27522f5142dcc84a9e48a07518f0142167a9f006685d09945cbc778bcc3e7dcfaee5d9c1689a3bafc0d3b51b5a3bfd6007954c36d532960964183842601e5364ecb6ad9168040388c7640bfa2f88643de7eebf4da8d1c3e76daace5217761d933d06bbe9609fcf5971aa1e77c3123910e63daaadd8878ad468eabaf78a96012a4ada1a9cd217fb2a0da2d521454ea9e8fcd3b5badfd6f00003a73345b841d04a02bf441955b932c59608a555bc44873272812e0fb874618a0b56b4cf44990f60000000000000000000000b20000da0ca67905e877893646d185a75582f866785af6b0149e336c31fb177e3e85f4c60cbbde4ce6ea73a95f434328620fa493937386ad2e2a0d60eb815aa05c33e02c32276dab36d14c63db66a31409ab2a403ec3c7a4e07bd745efa2835a8c932f22aa6da40af9bcdf808b916bc8deb37d5b8c422b65c42d17e61751c561ce985a31b52703d398d52694cfbb7d2b3791b030093b321d9f16b2f06676cf94d75cbba6491ae0b5a16ce92320321314d8d2e88d1cd7e7b1216bdaecba309a38e107103e649d46958cc6ba2d660dd41b78d832beb7206ae01508377273ea96e40760410aeed1866971e04f578e9d856d01000000045aea928f5f669be0636dc3f34f90a6e865225f271527412d1ae755a9243da523d713071f9370b509a34eeb46415b2f0d271a7072cbd17e293f20132e6c15756e92776c6a0d7c3a9f512ce17edf3f1ea190853b8b79d504c057000e7d8f8249a8158e68a90bbea8bfab2bd3045b9c790984c6fb65fd7887bd8bfcbe663df6b7770000f58fbad41e6eee5c9595950c4172b9c925403b2f99bbf3cb1981bb0d14bded8eae35e08278020a1ec7f508628056fd3d408a02a1cf8594bcbb21a88f477673442804f714212dedd245b9f563b5352fe460a30489b1b6a6d37daead86151492f7fd4b5c64007b68a1b04027eac124478a2ef7f59fe472795785de83578cb96334e0f7c1370dc397d3aa42d937b5718b7610cdcdfe104db7801ec74980b8b111a2748321f81512e4204eb2b024b9fc9e0f257f8c6037b93b2caa236d4354b32434d5a6b01e000000000000000000000087b97a200609c77e0000000000000000d3a54ccd0900a966801e9341260d6cbce5fe03999214462cbaa297448677ab659102d0f430fbeae119a7ef2e962d2829d4dd2201c4b30d491269594c88252fbd09ac0090609851bd9e5c307e7e0d39e73579c1f3563eff1a6237d3699f61acdc8e36010d76093ddd227d9ff2f5e8b5e0ba2048d542de40f643fda4036124b8feb2dd45d0fa52300518c8052cc09ad73f89732c651ed2644f34cfbc32e8b29cf29e895e43b473ddb9a43421b4b25f8bbce8e2d7cb8547d156d5972021ae4c9e30f85413276ddebde55999d2ec3c524632b74d703147ba09e0dcb26c4b89636d28428b67e955f53bfd0c9eebf33a260a9b2647726795617a9d1700000000000000f65d0eb4b7b077f1b4d3c5254753ddc9d5861fca4ec4205af1c89fa638b00342ff5f5994fc1f042d1b4a0000000000000070035394b646baa4ba26f70c2c2fe2bc501ecc19f538fdeb7485b73a72a3cba6c50721ce39a0dba3757fcfdb20f40fc9f7fb5d0b6100000000000000005bc7aff2c5b266f8276c6a6eebeae26b7410b7b506f7518ef70721f4315b04f1c35d5c5ab58d6d78682c21821d8e0648feddf5734daba6e219ddc4708f0de8032515fdd2825334e43786d58caeaaee3bdfcfc7e27d90f26de71d00417b23910b4f2c06d21313a73fdb069482241e09d49d37d91a43a08812df97700683e828735af95018960271e49d61fb985e088d079ee30b347952dc5ba725047cef9b0065fed61cf2a4336bd8b3dea27ab071fc2cea404b8d39b798aef5739327b0f02add98cb77ad6c6fc582798a8e5b0e7baf898efaff86d859932b903881253c3457a86fb5ff849bb51959d3d16cba8e59bc854be0509d12d800000000000000000000000000f317892775411b258f8065c160e82caabcc7b2dd9bd88d2974d465ca94431d92f2240fa8e11aec7ee5c726b2c32b749ca10490eab4194626c58ec84f9fe93551027e829eed"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe28, 0xfffffffffffffff5, &(0x7f0000000980)="b0ff04c66b0d698cb89e2fe086dd1f74ffff06000000fe80000000000000ac14140746647b7954c4c06b580febc28eb143d0f6c0bad62fb7e4fe02ba4125c7024f63fdb0b6c8ee826b4dfe6042a2f057c66cad677d850ea9928bcfcb47e585e427746ed3b27c40060cbd030a6d675c9926af53cd3085b24f9b7a486775c4f284f8c5a572ca115bce90c0ee9d4e7a07f5f1518092cb1f156694036f6618a59196631e6303fd5307d1112601d3641c9492f7dc3503416836b14590c53b1fc1ac149b70cc1142d6bc57fc3a76839fa2f96878b520fedfb9f64d81584a2e85ab4f6ec718b02d78f2ebf04e6b3b94610a21616181629a03c3dc0bf05e0a71f887833b81db7a10bc53259cb80716f6804934a411d424c1db98d454be1adb2776fdbb92b299d3b80af6987a871b4549fdb4c8297ee31ad925c8b0fb1a9d2589b08ed52602cbc26b56df71201bc4ea8621c56f33d251c1d4589af2dcd78fbb4e34bde02cb3920a30cee9489ee72c3e19304c16c2110e1839712d484b80abe77786a7e2ba834874a4e16b93dd07297554a06c2ad2c906f8ebb1db8730df096709184728d48f0a806696bd0d4b12d0064b933d9675353dae77fe8419451f85da63be78b70ca2a84a77f572d9f289d4313e6f6039fe756ac13a5d08838315dff44cda433cc7bc6b77449f8c", 0x0, 0x2f, 0xe8034000, 0xf000, 0xfffffffffffffe2a, &(0x7f0000000000), &(0x7f00000000c0)="c6769e45b7c61302926682c7f9e9bb5ba2b3cdf023e8da0392a4cd62e2370f25ae5ba0dab896bcf5b774cd28bebbde39f796ae27d04582bb7c03e9fe830ea22c9fd03f6d2779515fdad3f5d0de07b7b70996102fdb67b1e77a34a5b7136a212fa2c0ea502588309dc3e42c55a6f93e6ba5e1b492f9db48f0fdd2f9fb937b3e8a63dcf9dd855837433998ba579da27559", 0x5dc}, 0x28) 2.072591092s ago: executing program 0 (id=2232): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) recvmmsg(r1, &(0x7f0000001880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000480)=""/189, 0xbd}], 0x1}}], 0x2, 0x0, 0x0) 2.032114968s ago: executing program 1 (id=2233): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendto(0xffffffffffffffff, &(0x7f0000000600)="78f01fdd318b3d303d0d32d4c0c82be8c1c2cb3ba95bdfe21be037ee42bd8eb4459e4b2a0faa334b41b1c8924bee84548e169ac08c55ff8e2e5ef42003e755a0d716e7824aa2a96b03f3172cfe5e991de0866ac3a573e9675c74165a777e98", 0x5f, 0x80, &(0x7f0000000680)=@phonet={0x23, 0x81, 0x6, 0x80}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) r3 = socket(0x400000000010, 0x0, 0x0) write(r3, &(0x7f0000000040)="3a03000019002551075c0165ff0ffc02", 0x10) socket(0x10, 0x0, 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@ifindex, 0xffffffffffffffff, 0x0, 0x0, 0x0, @link_id}, 0x20) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) r4 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x54) socket(0xa, 0x5, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$MRT_TABLE(0xffffffffffffffff, 0x0, 0x6, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0x60, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x2c, 0x2, [@TCA_FQ_CODEL_LIMIT={0x8}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x1}, @TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x5}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x2e, 0xb, 0x44}, @TCA_FQ_CODEL_TARGET={0x8}]}}]}, 0x60}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@broadcast, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {0x1000}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @void, @val={0x1, 0x5, [{0x2}, {}, {0xb, 0x1}, {0x0, 0x1}, {0xc}]}, @void, @val={0x4, 0x6, {0x5, 0x40, 0x7}}, @void, @void, @void, @void}, 0x33) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) 1.76073108s ago: executing program 4 (id=2238): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000007500)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000001500)=""/4096, 0x1000}, {&(0x7f0000000940)=""/242, 0xf2}], 0x2, 0x0, 0x16}}], 0x1, 0x0, 0x0) 1.581544478s ago: executing program 0 (id=2240): r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000780)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c"], 0x30}}], 0x1, 0x0) 1.581449022s ago: executing program 4 (id=2241): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private0}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000180), 0x8) 1.441304161s ago: executing program 0 (id=2244): r0 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x9) socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) epoll_create1(0x0) getsockopt$nfc_llcp(0xffffffffffffffff, 0x6a, 0x0, 0x0, 0x20000071) r1 = socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) r4 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r4, 0x11b, 0x8, &(0x7f0000003140), &(0x7f0000000040)=0x30) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_SET_CONFIG(r5, &(0x7f00000002c0)={&(0x7f0000000200), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4011}, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) ppoll(&(0x7f0000000480)=[{r2}, {r1}], 0x2, &(0x7f0000000100)={0x77359400}, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 841.275494ms ago: executing program 1 (id=2251): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x34}]}, &(0x7f0000002100)=0x10) setsockopt$inet6_int(r2, 0x29, 0x22, 0x0, 0xfff3) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x60}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2002000010003b15b5c6c4a60000000000000000", @ANYRES64=0x0, @ANYRES8=r3, @ANYRES64=r0], 0x20}}, 0x0) r4 = socket$caif_stream(0x25, 0x1, 0x0) connect$caif(r4, &(0x7f0000000080)=@rfm={0x25, 0x9, "22702b854ebe94eb05ccb9e81a67e13b"}, 0x18) r5 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_SET_FEATURE(r5, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x20, 0x3fa, 0x2, 0x70bd2b, 0x25dfdbfc, {0x1, 0x0, 0x1, 0x1}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x81}, 0x4000810) socket$netlink(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)={0x2, 0x4, 0x8, 0x1, 0x80, r6, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4}, 0x48) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x18, 0x4, 0xfff, 0x89, 0x4e9}, 0x48) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x4, &(0x7f00000001c0)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r8}}], &(0x7f0000000300)='GPL\x00', 0x5, 0x53, &(0x7f0000000340)=""/83, 0x100, 0x2e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x4, 0x5, 0x1ff, 0x9}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000440)=[r7, r7], &(0x7f0000000480)=[{0x1, 0x3, 0x0, 0x2}], 0x10, 0x99}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_compaction_try_to_compact_pages\x00', r9}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1812000000000000000000070000f9ffffff0000197f5085e3a274c389ff1c9d8ba3b8a36da978a5f30d0dbc5ebfbb1b1ca4"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r10}, 0x10) r11 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r11, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030033000b07d25a806c8c6f94f90b24fc60100005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0) 691.624275ms ago: executing program 3 (id=2253): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)={0x9c, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @private1}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @local}}}]}, @CTA_TIMEOUT={0x8}]}, 0x9c}}, 0x0) 630.267884ms ago: executing program 4 (id=2254): bpf$MAP_CREATE(0x0, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x90) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1c0088f5"], 0x74) 585.388769ms ago: executing program 2 (id=2255): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)={0x50, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_PEERS={0x4}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x50}}, 0x0) 558.130469ms ago: executing program 0 (id=2256): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x58}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x58}}, 0x0) (async) 546.730785ms ago: executing program 3 (id=2257): socket$nl_route(0x10, 0x3, 0x0) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0xc, 0x16, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x4}]}]}, @IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_IFALIASn={0x4}]}, 0x44}}, 0x40000) 450.541199ms ago: executing program 0 (id=2258): mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0xb, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) getsockopt$nfc_llcp(r0, 0x107, 0xe, 0x0, 0x209fffff) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000180)={0x0, @initdev, @broadcast}, &(0x7f00000001c0)=0xc) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000140)='<', 0x1, 0x0, &(0x7f0000000240)={0x2, 0x0, @rand_addr=0x64010100}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000023c0), 0x4) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x19, &(0x7f0000000280)={r2}, 0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000040)={r2, @in={{0x2, 0x4e20, @rand_addr=0x64010102}}, 0x2, 0x8000, 0x800, 0x80000000, 0x79, 0x7, 0x5}, 0x9c) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x7}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x4, 0x0, 0x0) ioctl$int_in(r3, 0x5452, &(0x7f0000000300)=0x208) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) setsockopt$sock_int(r3, 0x1, 0x12, &(0x7f0000000180)=0x4000000, 0x4) sendto$inet6(r3, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090011006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) shutdown(r3, 0x1) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000640)={0x0, 0x9, 0x0, [0xfffffffffffffffd, 0x0, 0x0, 0x400], [0x100, 0x7fd, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x10000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000, 0x40000, 0x0, 0x0, 0x0, 0x0, 0xb062, 0x0, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x5]}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000840)={{}, 0x0, 0x0, @unused=[0x0, 0x0, 0x0, 0x60], @devid}) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f00000001c0)={0x0, 0x3, 0x0, 0x1}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000200)={0x0, 0x9, 0x8, 0x1}) ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f00000013c0)={0x0, "9125587169283e8e19a9c00264ea2b63"}) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000300)={0x0, 0x3, 0x6}) 450.226152ms ago: executing program 4 (id=2259): r0 = socket(0x10, 0x803, 0x0) sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)={0x54, 0xa, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_SET_EXPRESSIONS={0x40, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_MATCH_NAME={0x9, 0x1, ')+}%\x00'}]}}}, {0x1c, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x4}}}]}]}, 0x54}}, 0x0) sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x331}, {&(0x7f0000000280)=""/85, 0x6bc}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x596}, {&(0x7f00000007c0)=""/154, 0x32}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 450.112231ms ago: executing program 2 (id=2260): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000005500000008000100000000000c0099000400000002"], 0x28}}, 0x0) 394.145361ms ago: executing program 2 (id=2261): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="580000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000380012800e00010069703665727370616e00589e099839c81900002400028014000500ff010000000000000000000000000001080004000000000004001200"], 0x58}}, 0x0) r1 = socket$rxrpc(0x21, 0x2, 0x2) setsockopt$RXRPC_SECURITY_KEYRING(r1, 0x110, 0x2, &(0x7f00000003c0)='{+%\x00\x10\x15TD\xf6\xc8\x15l\x04\x00\x00\x00\xe2\xe3\xa5\xb6\x0e\xe7\xcaR\xaa\x96\x8e\xfen\x1bK`\xa89hui\fW\xb8\xa2\x008\xfe#\xc1\x1f\x93V\xcac\xc6q\x87\xb1(\x05]8\xf6mIR\x93\xcdp\xf4-/4\xa8g\xdd\x91\xe0\xea\xb4\xd4XM\t\xcb\xdf\x87\xc0\xa6\xfb\xce0:y\x9cI\x98\xa1\x8e\x11\xcfo ?\xcc\xae\x1c\xab\xea\xd2\x06\x8c\xe8\xd9S\xc0E\xcd$E\xf8Z\x1d\xc1\x8d]h\xc08\xfc\xdbf\xe5\xc3\xa5\xbc)|\x93#[\xf5\xfeY\xa4\x1d \x12\x8b\xb3P_G\x85^\xc5\x81\xf5\xb5\xd6\xfcl\x1c]VC\x9f\f\xc5\xef\xc7\x8e\xf7\x86\xc3a\xaa\xc6\x91\xa2\xe3\x98\xd31\xe7\x06\xd5Nbu?\xe5>c\xa8\xb2\x0e\xf5\b\x01\fH\xaaMu\x15AuK\xf6\x8d\xd5\xf1\xeb9\xf5\riqt\x93,\xa2!\xc0h^p\xa96q\xb5\x14\xfef.1', 0xfffffffffffffc59) sendto$l2tp6(0xffffffffffffffff, 0x0, 0x56, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev}, 0x20) 341.470988ms ago: executing program 3 (id=2262): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) ioctl$SIOCAX25DELUID(r0, 0x89e2, 0x0) 323.433613ms ago: executing program 0 (id=2263): socketpair(0x2b, 0x1, 0x0, &(0x7f00000020c0)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x0, 0x989680}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'virt_wifi0\x00'}) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) r1 = socket(0x2, 0x6, 0x0) connect$rxrpc(r1, &(0x7f0000000480)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x24) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40}, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x75, &(0x7f0000000040)={r4, 0x0, 0x0, 0x0, 0x1}, &(0x7f0000000080)=0x18) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000a00)=ANY=[@ANYBLOB="68010000100013070000030000000000ac1414bb000000000000000000000000ac1414aa00000000000000000000000000000000000000000000000000000000a8c95e370a9a424d0bae70216a4958b3d147782ae1bc117f6b02f60480eb4e", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="7f00000100000000000000000000000000000000330000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000480002006374722d63616d656c6c69612d6165736e69000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014000e00fe8800000000000000000000000000011c0004000000000000000000fc00"/288], 0x168}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="3c00330080000000080211000001080211000000505050505050000000000002aba519ed06dd895d00000100040600000000000025"], 0x58}}, 0x0) 285.461964ms ago: executing program 3 (id=2264): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001940)={0x20, 0x2b, 0x9f2d3d3f99cf9fb9, 0x0, 0x0, "", [@nested={0x10, 0x30ff, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x20}], 0x1}, 0x0) 270.988231ms ago: executing program 2 (id=2265): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000dc0)=ANY=[@ANYBLOB="b4000000020000006600000000000000730135000000000095000000000000004bb5eea0a6ec9fcd4b0a008a8443f22702000000e63bde9e4a0587536a966992ae7011d6e6c03175717e9912e0dd1a59541f7cbb1548ee5bd627f5b0b8ec77bd6d5f7b543f9aafaabe53339b12fbbe7decc4aa61b8aad0359083bdd61543fbeee8d560bb4b5925fae801f4c91e31674b124a1b38000000bc4da4a9b3d5cc9e0000f6a7a729009973ff07000000000000ac79e5d84abbec7d96629490727375b853f6308a980fba61fbe0131f3c7a026d8f000008000000000000000b20d7ac2df89d7989bf53bec908213d396edf24e9fc3cc004a1097fddc65c1b1b328277ff85ed56b9261eb7bcee28ec2d3616689ab3f31f849eebce6f21e6302003c0467844e000000000db0700bd694a09b253a1c6c7c138b3ec6ee9b83edcc55d3403acd5c50e27401aa306a7ab7069790da79b7ab4512fa4b64a00009bab066bf7a4ab148d44c7e2e4d219cdd7ebeb51511d9df85a648b1b85f93cb6cd21f93d5ea3da2b31657c065d052d9b9ee00320def97ebac25b929b3c15e33be6e7d54e622b427ee8d181f5f18d772fb5c58a93b5afed6ce430a50f398d2ec77b1d7a6620ba1f5fbb48703ab220f442697edc165b449db2e3c221fbf270a6db414516949b97c200000096a1cbe81a38a23f03bd741a3e60c2e294f828e06f1b2cb70328f151f949e369efed52a28b87aae9d7d2800c8efe7f93c05adc9086d3f143a7b87d06838c6525cafdc01820a8912a131ff1f6acb9439f2d95a746291641b38333ce1c33edc9da00c8a2b42e8adfeff69fce7a35f79748e3e5b235269310988a05bf7c4e4cef3d1aa550c83d6328eb000000044a6458c31431d58973c93f5e9452258a7098bc3d014afe638a45526e054d6b3ba5ca8f357df67c41acc28edacb31d38994544c3511ea1e8a448e66039425cfb03efb5d5eb81a306746adb8809ef9691863c00085e2dc401325327e54cbfceb400c2663466cd4a79c94b62c9882626499a8a29c564464f2a7aee6a929f831c93d23005787d272b5eaf0c6e11a7f0f1f39f68df44f6bf2ebe448cbe850efd24bf7b96ad33abbd3a8b5814b5e7f85d1a47ee604ccef20bda53c9ce06910568fc200eee12fc6ef2734a6e9af5132f0c507e277fd97f9b48c840697289d38e454467f4d2f94b2f76d06edd083dafefd76deb251b5818de9c27d0df6e7b8862fe42f6c453f551f35b6d76395a1d205f276ae628fbdb8081905a1d7c2805532d3387b88f2997e8ce41c5dca83659cfb7f3a1c7b2bec8a7575dc4241dde6c680ee9a27b197739f4ad86f3bad3e42d4954bef864586ad02c27858d63efc495bcfb6e30f30fedf536d63769a196fc3b472195d0a1a13ecf803136d751cefb0edb5794cab8681214b39f86d88f3aebea4d465ef05f975b09f264d6c8d8e3bb6ea7d21c6602bcc8f76f2546cccc074f55c22aa8b502968040000000000000047c8a50036dd268a1aeff951f5090492b5e941feb1d3785aafe1655876e5a36c40fb5afcfd1eb28952662782097836a4d1aa3de0c06bb7dc27cf1a546b6aa6ce9932f3c6a013bc3791da4d8a33680ba8f1334d75a43e991ebd4582d786ec05cdd3152d52ab15fc7595cbd339f730d2ec8e37e6c500c4c30280a6af986f62a22d9c5c275e7798c165545abfcd304243274db15924a136a0896d56576ed5de90b1bda90f4024b9a0b3b33f688db8e38f784ae3942aba874f95d10c47e2405ceb0438cc272133fac718a6553710e4ca97df646b21d03652c54eade2e99344e11a2671cf274d397650fba8fcfb7e51a926e37b3980a1732111175dd99b9d979042b3ea411a7b4f9081ae9b82974d5eb6fd4e4bcd95e4f897dfba4e44777e6d02a896b650a66d9139696b9c6c36a33eb3adc092bf4586bfab34002f802bbfe6a7679cec20cc25e01f129bbe92a65961fac7bffa3d8feda2ac927743d2bce57ee39b671948576337535180aa754e035421cf1709bc1b5e46c35515fb1fcda637a6405e9b216d2ca09795c5d2f27665da5b17bcf0f387e6dd58202a3a1148e46e55ac7ea027eb3022eee4a000ca543ab566921e5db4f741a71dc202c851d99851bc7a62ea705f942855a9fa30b912045f78ab1e3fdeada84bc8ac36cc1223901e56f6ecbabbc3263098c9c47a1f505a8299b5715a455e834ddddc430f387cafa07bf915522f6a70c031929a42e34eea5169b796320e892d27924045bcf56135684ca96ada82749371d5766c0d0cae8772f140eef001ca39dc28743f77b8724487a9b37ca66d20aef8a5236393fce29b0531cbd3265c209761ed41a2e473fbd84ca9b67e3ceb58a4b774ee127628faba8702c0a73f8311d269429aaadf74c439404fc9f864e69807dfe2bae2bd4c498a10d4e17dceb1f7539bfeb392e22e7b93d0ecf66cd253a4062bbc8a4307f0e4360651dc7f89247a89ab73dd7c11be13707482c369f02d7b6f242599f95dbfcb55bea158665231f8fe04ed2a8c407fed1a8702e2486386f2ae6347231128be789186ff5651208c8b781f85d3fb51bd28b939a8bc88a471c36fa17fd04c3fbdbd3f7bf144b1466014a77c582aa0380e612cd101d557dd1e5b7bae3da3ea2659f66a3641eaa3b008b978e0a5f69671f52401892dba8a63c8f7eb280880dbdcee5d8e8aae9de9d28cbe0de2f4642c4fe69db3b7432b2eb7ca282fbfe030ad6c33a73feef1cd517cedc2c0059e5636ae0fb3969ce7f64c6f6cffcc40ac1331f6b50d4f95c490edd75e8cdba278a602c8a200000000000000000000000091b39ecd9b22cc68dde3760f3bd7377b35f4d41a46959070cddc4a9c340455f97ff0ea8c6adbff47a39269b2e90dffa1ec22d41f9da01ec44847a88334e106ff455f9ca2a0b2900591ceac1f0e823eaa7ed5b359eed1a39a6f75e7556ab52ac0c2c46b28f3791edf8f25cc2e6cab30841d3fac1e1644f35ed7899a903df3901f89e13cee8589df43652fbe05a789881dcae97ffdc52363bc61c334480afac09e04f9e5ce0bcd12c997545053b64bb2ba920a1071d2ca692c72965bdc0022f7f147943001a55ed8c7b3181fbfabd2069ac7bd4f9b459463edb8a05d1fde9a000000000085b6f76cf1667ca9c4c09bc185348df7972ed45ef93479986d28a6e72ea9becd8d83434c009f089f07da335da3711b0e2b6e813f79aafdbd5858463ae47a5495dc0a7e6548774ad6f9dc3356481c4472a6455324731fe1635fd7d35bba6c7475cad7702815070f8b38c0ca2222daba"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x21e, 0x10, &(0x7f00000002c0), 0x83419149c3b785d0}, 0x48) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000000c0)={@cgroup, r0, 0x1}, 0x14) 270.512019ms ago: executing program 4 (id=2266): r0 = socket$kcm(0x11, 0x200000000000002, 0x300) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000340)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000002f000000b7090000000000001801000020646c0a00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000d00)=r2, 0x4) syz_emit_ethernet(0x32, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2000000081c"], 0x0) 145.428853ms ago: executing program 3 (id=2267): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)={0x9c, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @private1}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @local}}}]}, @CTA_TIMEOUT={0x8}]}, 0x9c}}, 0x0) 136.04317ms ago: executing program 4 (id=2268): r0 = socket$kcm(0x11, 0x200000000000002, 0x300) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000340)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000002f000000b7090000000000001801000020646c0a00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000d00)=r2, 0x4) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x28, 0x1, 0x4, 0x401, 0x0, 0x0, {}, [@NFULA_CFG_MODE={0xa, 0x2, {0x0, 0x29c6c1df324dad1c}}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x28}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r6}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_MODE={0x8}]}}}]}, 0x3c}}, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, {0x0, @broadcast, 'lo\x00'}}, 0x1e) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r7, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004d00)={&(0x7f0000004640)={{0x14}, [@NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x301, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}]}], {0x14}}, 0x5c}}, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f00000000c0)={0x18, 0x0, {0x0, @remote, 'syzkaller0\x00'}}, 0x1e) syz_emit_ethernet(0x32, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2000000081c"], 0x0) 116.970328ms ago: executing program 2 (id=2269): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @private0, 0x600}, 0x1c, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002\x00\x00\x00', @ANYRES32], 0x28}}], 0x1, 0x0) 41.193912ms ago: executing program 3 (id=2270): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000038c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001440)={'\x00', 0x2}) (async) pipe(&(0x7f0000000140)={0xffffffffffffffff}) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000000)=r1) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) (async) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000020101040000000000000000000000000600124000030000878597d3cf0322083d98bf8e4f5a3ffa4cd8c91ef5821d4efc371c02fcf1ef879bca15bef6d8466c00e99956e7c558d6eb75b887e03b461be127a2e323fdcc8aafa5a8ed30842e59f7e5899f5a2a744802191e04c4e3ecf0f768122dff"], 0x1c}}, 0x0) (async) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="4c0000001000210400"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000024001280090001007866726d00000000140002800800010002000000080002000300000008020a00", @ANYRES32=r6, @ANYBLOB], 0x4c}}, 0x0) (async) r7 = socket(0x15, 0x5, 0x0) getsockopt(r7, 0x200000000114, 0x2711, &(0x7f0000005ec0)=""/102394, &(0x7f0000000040)=0x18ffa) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x90) (async, rerun: 64) r8 = socket(0x10, 0x3, 0x0) (rerun: 64) r9 = socket$packet(0x11, 0x2, 0x300) (async) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=@newtaction={0x18, 0x30, 0x10b, 0x2000, 0x0, {}, [{0x15}, {0x0, 0x1, [@m_gact={0x0, 0x16, 0x0, 0x0, {{}, {0x0, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0x0, 0x3, {0x2, 0x1812, 0x4}}, @TCA_GACT_PARMS={0x0, 0x2, {0x3, 0x2, 0x8, 0x2, 0x40000000}}, @TCA_GACT_PARMS={0x0, 0x2, {0x83bb, 0x3, 0x7, 0x1, 0xf1e}}, @TCA_GACT_PROB={0x0, 0x3, {0x1, 0x235d, 0x10000000}}]}, {0x0, 0x6, "cfcda03c36cde757197ffd696a19246a57e9f0c4265cc061a5f0247e62e383ddc118c4683bbd59a8768b44fb6e300660b764a9317ab41301681eecd28a53cda53e9ceb0a88300d3b6f15a461c860fee234dba051e638f083c5e07ee1a9d4ef220b29db4f6f1d9480ff54bbf0f4b18b7877f6cf49be44b7bdfdae3cec3ed906c8d953408735e763289d67a1087432a72ec48943fad79670531065aa57e1bf102ac966bf5a2bdaf6ed8bdd38c490b0d153db"}, {}, {0x0, 0x8, {0x3, 0x1}}}}, @m_tunnel_key={0x0, 0x1c, 0x0, 0x0, {{}, {0x0, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x0, 0x9, 0x4e23}, @TCA_TUNNEL_KEY_PARMS={0x0, 0x2, {{0x7f0f0724, 0xf, 0xffffffffffffffff, 0x1, 0x5}, 0x1}}]}, {0x0, 0x6, "71085f0cf5646af0bc5b0004d07b88d4a0744f8db599f650ef5fdc6071aed52185b01b6a58a55accc4d81cdc669283a15c3d737c24a71740997900ac0fb76956c218e5e9bf964a682e6bc2f10e4be48d07dd22d05a94b53ccc7ba96dfa141e46f660babaee9ec48708efc5bfb199ad871e80ba0f62c077f3e9eb2f0e00d05edbfe"}, {0x0, 0x7, {0x0, 0x1}}, {0x0, 0x8, {0x2}}}}]}]}, 0x18}}, 0x4000802) (async) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x464, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0xfff3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x438, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}}, @TCA_TBF_PBURST={0x8, 0x7, 0x86f}, @TCA_TBF_PTAB={0x404, 0x3, [0x3c, 0xbb30, 0x7, 0x1, 0x6, 0x7, 0xc7, 0x7000000, 0x40, 0x5, 0x0, 0x2, 0x4, 0x661, 0x4, 0x8, 0x0, 0x8, 0x5, 0x9, 0x0, 0x400, 0xa, 0x1, 0x3, 0x27a8, 0xba95, 0x1ff, 0x6, 0x7ff, 0x0, 0x8, 0x3, 0x54, 0x2, 0x101, 0x12640, 0xd4, 0x6, 0x5e68, 0x6, 0x8, 0x0, 0x7f, 0x200, 0x7, 0x0, 0x400, 0x4, 0xd, 0xcd, 0xf, 0x5798, 0x6, 0x0, 0x5, 0x31cb, 0x80, 0x7f, 0x101, 0x400, 0x5, 0x4, 0xd0e, 0x8, 0x2, 0x1000, 0xbb2, 0xc, 0x9, 0x5, 0x9, 0x40, 0x3, 0x7, 0x8, 0x2, 0x34, 0x1, 0x7e, 0x1194, 0xd5a, 0x5, 0x3f, 0x4, 0x9, 0xfffffff4, 0x81, 0x2, 0x77, 0x3, 0x3, 0xc, 0x3ff, 0xd6, 0x1, 0x6115, 0x2, 0x7, 0x4, 0x48d107e7, 0x5, 0x2518, 0x7, 0x7fff, 0xfffffff7, 0x3, 0x6, 0x7f, 0x400, 0x0, 0x9, 0x7fff, 0x4, 0x9, 0xd, 0x4, 0xffffffff, 0x1, 0x2, 0x81, 0x7, 0xb, 0x8, 0x44, 0x8, 0xbd1, 0x4, 0x7f, 0x0, 0x8, 0x0, 0x9, 0x80000001, 0x2, 0x3, 0x5, 0x1dbc, 0x6, 0xffffffc0, 0x7, 0x3, 0x33e5, 0x6, 0x9b80, 0x1, 0x1, 0x50000, 0x7, 0x9, 0xca, 0x446, 0xfffffffb, 0x1, 0x7, 0xe8, 0xfffffffc, 0x10000, 0x70, 0xc3, 0x4, 0x0, 0x81, 0x2, 0x3, 0x9, 0x2, 0x1, 0x2, 0x1ff, 0x43b8, 0x8, 0x8001, 0x200, 0x3, 0x14000, 0x10000, 0x3f52, 0x0, 0x85, 0x3, 0xd, 0xc6e, 0xa, 0x73, 0x4, 0x7, 0x10000, 0x1000, 0x8, 0x7fffffff, 0xa3, 0x7fffffff, 0x800, 0x4, 0x3, 0x0, 0x2, 0x800, 0x0, 0x5, 0x6, 0xbe99, 0xffffffff, 0x0, 0x7, 0xc0000000, 0xbdd, 0x800, 0xb3a, 0x7, 0x8, 0x5, 0x7, 0x5, 0x4, 0x7, 0xffffff5b, 0x400, 0x6, 0x0, 0xb58e, 0x1, 0x6, 0x7c7f, 0x2, 0x2, 0x7, 0x7, 0x400, 0x9, 0x7, 0x1, 0xff, 0x5, 0x9, 0x6, 0x2, 0x8, 0x1, 0x6, 0xffff7fff, 0x6, 0xe, 0xa, 0x8000, 0xffffffff, 0x4, 0xf, 0x5, 0xf5ae, 0xffffff80, 0xd, 0xfffffff9, 0x7, 0x2]}]}}]}, 0x464}}, 0x0) (async, rerun: 64) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) (async, rerun: 64) r12 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r13 = openat$cgroup_procs(r12, &(0x7f0000000140)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000040), 0x9) (async) sendfile(r13, r13, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x26}}, &(0x7f0000000480)='GPL\x00'}, 0x90) (async, rerun: 32) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x20, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) (rerun: 32) r14 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r14, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) 0s ago: executing program 2 (id=2271): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000005500000008000100000000000c0099000400000002"], 0x28}}, 0x0) kernel console output (not intermixed with test programs): 8e038 [ 101.440829][ T7213] [ 101.803306][ T7243] netlink: 4 bytes leftover after parsing attributes in process `syz.2.754'. [ 101.833022][ T7247] netlink: 24 bytes leftover after parsing attributes in process `syz.3.756'. [ 101.872255][ T7243] batadv0: entered promiscuous mode [ 101.884894][ T7243] macvtap1: entered promiscuous mode [ 101.890485][ T7243] macvtap1: entered allmulticast mode [ 101.904381][ T7243] batadv0: entered allmulticast mode [ 101.922850][ T7243] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 102.183812][ T7259] netlink: 4 bytes leftover after parsing attributes in process `syz.4.760'. [ 102.218706][ T7259] netlink: 4 bytes leftover after parsing attributes in process `syz.4.760'. [ 102.499899][ T7282] bridge0: port 3(vlan2) entered blocking state [ 102.516087][ T7282] bridge0: port 3(vlan2) entered disabled state [ 102.530950][ T7282] vlan2: entered allmulticast mode [ 102.563824][ T7282] vlan2: left allmulticast mode [ 102.995696][ T7302] syz.2.774[7302] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 102.995853][ T7302] syz.2.774[7302] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 103.287748][ T7311] netlink: 'syz.1.775': attribute type 1 has an invalid length. [ 103.343524][ T7311] netlink: 'syz.1.775': attribute type 1 has an invalid length. [ 104.250060][ T7379] Bluetooth: MGMT ver 1.22 [ 104.268438][ T7379] Bluetooth: hci3: invalid length 0, exp 2 for type 6 [ 104.546412][ T7392] macvtap2: entered promiscuous mode [ 104.551946][ T7392] macvtap2: entered allmulticast mode [ 104.585208][ T7392] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 104.852349][ T7412] xt_TCPMSS: Only works on TCP SYN packets [ 105.173524][ T7436] batadv0: entered promiscuous mode [ 105.184223][ T7436] macvtap1: entered promiscuous mode [ 105.189708][ T7436] macvtap1: entered allmulticast mode [ 105.222120][ T7436] batadv0: entered allmulticast mode [ 105.223285][ C0] vxcan1: j1939_xtp_rx_abort_one: 0xffff888079024000: 0x00000: (8) Duplicate sequence number (and software is not able to recover) [ 105.237131][ T7436] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 105.241235][ C0] vxcan1: j1939_xtp_rx_abort_one: 0xffff888079024400: 0x00000: (8) Duplicate sequence number (and software is not able to recover) [ 105.261956][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888079024800: 0x00000: (8) Duplicate sequence number (and software is not able to recover) [ 105.290796][ T7438] netlink: 'syz.1.820': attribute type 4 has an invalid length. [ 105.466225][ T7456] __nla_validate_parse: 12 callbacks suppressed [ 105.466246][ T7456] netlink: 20 bytes leftover after parsing attributes in process `syz.0.831'. [ 105.496866][ T7438] syz.1.820 (7438) used greatest stack depth: 18832 bytes left [ 106.311196][ T7474] netlink: 4 bytes leftover after parsing attributes in process `syz.1.840'. [ 106.349844][ T7474] batadv0: entered promiscuous mode [ 106.362635][ T7474] macvtap1: entered promiscuous mode [ 106.395188][ T7474] macvtap1: entered allmulticast mode [ 106.411440][ T7474] batadv0: entered allmulticast mode [ 106.418285][ T7474] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 106.708228][ T7502] FAULT_INJECTION: forcing a failure. [ 106.708228][ T7502] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 106.708602][ T7499] netlink: 542 bytes leftover after parsing attributes in process `syz.2.847'. [ 106.783826][ T7502] CPU: 1 PID: 7502 Comm: syz.4.848 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 106.793860][ T7502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 106.804054][ T7502] Call Trace: [ 106.807349][ T7502] [ 106.810297][ T7502] dump_stack_lvl+0x241/0x360 [ 106.814998][ T7502] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.820229][ T7502] ? __pfx__printk+0x10/0x10 [ 106.824850][ T7502] ? __pfx_lock_release+0x10/0x10 [ 106.829901][ T7502] should_fail_ex+0x3b0/0x4e0 [ 106.834610][ T7502] _copy_to_user+0x2f/0xb0 [ 106.839083][ T7502] bpf_test_finish+0x593/0x8b0 [ 106.843876][ T7502] ? __pfx_bpf_test_finish+0x10/0x10 [ 106.849200][ T7502] ? convert___skb_to_skb+0x41/0x620 [ 106.854509][ T7502] ? convert_skb_to___skb+0x2d3/0x510 [ 106.859906][ T7502] bpf_prog_test_run_skb+0xd06/0x13b0 [ 106.865306][ T7502] ? __pfx_lock_release+0x10/0x10 [ 106.870361][ T7502] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 106.876192][ T7502] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 106.882024][ T7502] bpf_prog_test_run+0x33a/0x3b0 [ 106.886991][ T7502] __sys_bpf+0x48d/0x810 [ 106.891261][ T7502] ? __pfx___sys_bpf+0x10/0x10 [ 106.896064][ T7502] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 106.902064][ T7502] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 106.908408][ T7502] ? do_syscall_64+0x100/0x230 [ 106.913166][ T7502] __x64_sys_bpf+0x7c/0x90 [ 106.917595][ T7502] do_syscall_64+0xf3/0x230 [ 106.922109][ T7502] ? clear_bhb_loop+0x35/0x90 [ 106.926809][ T7502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.932722][ T7502] RIP: 0033:0x7f5e6e775b99 [ 106.937152][ T7502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.956966][ T7502] RSP: 002b:00007f5e6f5b4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 106.965440][ T7502] RAX: ffffffffffffffda RBX: 00007f5e6e903f60 RCX: 00007f5e6e775b99 [ 106.973445][ T7502] RDX: 0000000000000050 RSI: 0000000020000600 RDI: 000000000000000a [ 106.981502][ T7502] RBP: 00007f5e6f5b40a0 R08: 0000000000000000 R09: 0000000000000000 [ 106.989472][ T7502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.997441][ T7502] R13: 000000000000000b R14: 00007f5e6e903f60 R15: 00007fffed029318 [ 107.005443][ T7502] [ 107.055627][ T7511] netlink: 172 bytes leftover after parsing attributes in process `syz.0.853'. [ 107.079880][ T7511] netlink: 20 bytes leftover after parsing attributes in process `syz.0.853'. [ 107.109515][ T7516] trusted_key: syz.4.855 sent an empty control message without MSG_MORE. [ 107.152147][ T7511] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 107.164686][ T7511] batadv_slave_0: entered allmulticast mode [ 107.179565][ T7511] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 107.202634][ T7519] netlink: 4 bytes leftover after parsing attributes in process `syz.3.856'. [ 107.233130][ T7519] macvtap2: entered promiscuous mode [ 107.248306][ T7519] macvtap2: entered allmulticast mode [ 107.256433][ T7519] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 107.530227][ T7546] netlink: 12 bytes leftover after parsing attributes in process `syz.0.861'. [ 107.555074][ T7541] netlink: 'syz.4.860': attribute type 3 has an invalid length. [ 107.557645][ T7546] netlink: 'syz.0.861': attribute type 25 has an invalid length. [ 107.586539][ T7546] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.595662][ T7546] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.604979][ T7546] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.615407][ T7546] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 107.652715][ T7548] ip6gre0: entered allmulticast mode [ 107.909805][ T7561] netlink: 5 bytes leftover after parsing attributes in process `syz.1.870'. [ 107.952998][ T7561] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 108.315077][ T7581] netlink: 32 bytes leftover after parsing attributes in process `syz.3.877'. [ 108.485131][ T7581] netlink: 'syz.3.877': attribute type 1 has an invalid length. [ 108.521417][ T7581] netlink: 'syz.3.877': attribute type 2 has an invalid length. [ 108.551020][ T7598] netlink: 4 bytes leftover after parsing attributes in process `syz.3.877'. [ 108.655471][ T7597] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.670335][ T7597] team0: Device batadv0 failed to register rx_handler [ 109.220098][ T7581] tipc: Started in network mode [ 109.225147][ T7581] tipc: Node identity aaaaaaaaaa0c, cluster identity 4711 [ 109.244512][ T7581] tipc: Enabled bearer , priority 16 [ 109.503247][ T7604] syzkaller1: entered promiscuous mode [ 109.531991][ T7604] syzkaller1: entered allmulticast mode [ 109.811361][ T7641] FAULT_INJECTION: forcing a failure. [ 109.811361][ T7641] name failslab, interval 1, probability 0, space 0, times 0 [ 109.839381][ T7641] CPU: 0 PID: 7641 Comm: syz.0.898 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 109.849411][ T7641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 109.859493][ T7641] Call Trace: [ 109.862799][ T7641] [ 109.865745][ T7641] dump_stack_lvl+0x241/0x360 [ 109.870443][ T7641] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.875664][ T7641] ? __pfx__printk+0x10/0x10 [ 109.880289][ T7641] ? ref_tracker_alloc+0x332/0x490 [ 109.885431][ T7641] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 109.890919][ T7641] should_fail_ex+0x3b0/0x4e0 [ 109.895626][ T7641] ? skb_clone+0x20c/0x390 [ 109.900043][ T7641] should_failslab+0x9/0x20 [ 109.904539][ T7641] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 109.909909][ T7641] skb_clone+0x20c/0x390 [ 109.914150][ T7641] __netlink_deliver_tap+0x3cc/0x7c0 [ 109.919436][ T7641] ? netlink_deliver_tap+0x2e/0x1b0 [ 109.924623][ T7641] netlink_deliver_tap+0x19d/0x1b0 [ 109.929725][ T7641] netlink_sendskb+0x68/0x140 [ 109.934395][ T7641] netlink_unicast+0x39d/0x990 [ 109.939149][ T7641] ? __asan_memcpy+0x40/0x70 [ 109.943744][ T7641] ? __pfx_netlink_unicast+0x10/0x10 [ 109.949038][ T7641] netlink_rcv_skb+0x262/0x430 [ 109.953794][ T7641] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 109.959249][ T7641] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 109.964642][ T7641] xfrm_netlink_rcv+0x79/0x90 [ 109.969321][ T7641] netlink_unicast+0x7f0/0x990 [ 109.974082][ T7641] ? __pfx_netlink_unicast+0x10/0x10 [ 109.979354][ T7641] ? __virt_addr_valid+0x183/0x520 [ 109.984459][ T7641] ? __check_object_size+0x49c/0x900 [ 109.989737][ T7641] ? bpf_lsm_netlink_send+0x9/0x10 [ 109.994934][ T7641] netlink_sendmsg+0x8e4/0xcb0 [ 109.999704][ T7641] ? __pfx_netlink_sendmsg+0x10/0x10 [ 110.004982][ T7641] ? __import_iovec+0x536/0x820 [ 110.009824][ T7641] ? aa_sock_msg_perm+0x91/0x160 [ 110.014758][ T7641] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 110.020029][ T7641] ? security_socket_sendmsg+0x87/0xb0 [ 110.025568][ T7641] ? __pfx_netlink_sendmsg+0x10/0x10 [ 110.030846][ T7641] __sock_sendmsg+0x221/0x270 [ 110.035516][ T7641] ____sys_sendmsg+0x525/0x7d0 [ 110.040281][ T7641] ? __pfx_____sys_sendmsg+0x10/0x10 [ 110.045571][ T7641] __sys_sendmsg+0x2b0/0x3a0 [ 110.050160][ T7641] ? __pfx___sys_sendmsg+0x10/0x10 [ 110.055285][ T7641] ? __pfx_sched_clock_cpu+0x10/0x10 [ 110.060562][ T7641] ? __pfx___schedule+0x10/0x10 [ 110.065426][ T7641] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 110.071746][ T7641] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 110.078065][ T7641] ? do_syscall_64+0xb6/0x230 [ 110.082745][ T7641] do_syscall_64+0xf3/0x230 [ 110.087239][ T7641] ? clear_bhb_loop+0x35/0x90 [ 110.091907][ T7641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.097792][ T7641] RIP: 0033:0x7f2606175b99 [ 110.102202][ T7641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.121798][ T7641] RSP: 002b:00007f2605bff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 110.130222][ T7641] RAX: ffffffffffffffda RBX: 00007f2606303f60 RCX: 00007f2606175b99 [ 110.138278][ T7641] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 110.146335][ T7641] RBP: 00007f2605bff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 110.154322][ T7641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 110.162377][ T7641] R13: 000000000000004d R14: 00007f2606303f60 R15: 00007ffc0b6ebdf8 [ 110.170358][ T7641] [ 110.185954][ T7636] netlink: 'syz.3.897': attribute type 3 has an invalid length. [ 110.313720][ T783] tipc: Node number set to 10922666 [ 110.460373][ T7664] netlink: 'syz.4.903': attribute type 15 has an invalid length. [ 110.498590][ T7664] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.507392][ T7664] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.516360][ T7664] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.525212][ T7664] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.563891][ T7664] vxlan0: entered promiscuous mode [ 110.578677][ T7663] FAULT_INJECTION: forcing a failure. [ 110.578677][ T7663] name failslab, interval 1, probability 0, space 0, times 0 [ 110.616241][ T7663] CPU: 1 PID: 7663 Comm: syz.2.906 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 110.626276][ T7663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 110.636351][ T7663] Call Trace: [ 110.639658][ T7663] [ 110.642610][ T7663] dump_stack_lvl+0x241/0x360 [ 110.647312][ T7663] ? __pfx_dump_stack_lvl+0x10/0x10 [ 110.652541][ T7663] ? __pfx__printk+0x10/0x10 [ 110.657173][ T7663] should_fail_ex+0x3b0/0x4e0 [ 110.661879][ T7663] ? __alloc_skb+0x1c3/0x440 [ 110.666494][ T7663] should_failslab+0x9/0x20 [ 110.671054][ T7663] kmem_cache_alloc_node_noprof+0x71/0x320 [ 110.676892][ T7663] __alloc_skb+0x1c3/0x440 [ 110.681329][ T7663] ? __pfx_lock_release+0x10/0x10 [ 110.686383][ T7663] ? __pfx___alloc_skb+0x10/0x10 [ 110.691343][ T7663] alloc_uevent_skb+0x74/0x230 [ 110.696106][ T7663] kobject_uevent_net_broadcast+0x2fd/0x580 [ 110.702023][ T7663] kobject_uevent_env+0x57d/0x8e0 [ 110.707067][ T7663] nbd_config_put+0x184/0x7e0 [ 110.711749][ T7663] nbd_genl_connect+0x15af/0x1c80 [ 110.716875][ T7663] ? __pfx_nbd_genl_connect+0x10/0x10 [ 110.722262][ T7663] ? __nla_parse+0x40/0x60 [ 110.726787][ T7663] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 110.733143][ T7663] genl_rcv_msg+0xb14/0xec0 [ 110.737656][ T7663] ? mark_lock+0x9a/0x350 [ 110.742006][ T7663] ? __pfx_genl_rcv_msg+0x10/0x10 [ 110.747049][ T7663] ? __pfx_lock_acquire+0x10/0x10 [ 110.752078][ T7663] ? __pfx_nbd_genl_connect+0x10/0x10 [ 110.757448][ T7663] ? __pfx___might_resched+0x10/0x10 [ 110.762736][ T7663] netlink_rcv_skb+0x1e3/0x430 [ 110.767498][ T7663] ? __pfx_genl_rcv_msg+0x10/0x10 [ 110.772518][ T7663] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 110.777826][ T7663] genl_rcv+0x28/0x40 [ 110.781808][ T7663] netlink_unicast+0x7f0/0x990 [ 110.786579][ T7663] ? __pfx_netlink_unicast+0x10/0x10 [ 110.791854][ T7663] ? __virt_addr_valid+0x183/0x520 [ 110.796964][ T7663] ? __check_object_size+0x49c/0x900 [ 110.802332][ T7663] ? bpf_lsm_netlink_send+0x9/0x10 [ 110.807462][ T7663] netlink_sendmsg+0x8e4/0xcb0 [ 110.812234][ T7663] ? __pfx_netlink_sendmsg+0x10/0x10 [ 110.817516][ T7663] ? __import_iovec+0x536/0x820 [ 110.822398][ T7663] ? aa_sock_msg_perm+0x91/0x160 [ 110.827339][ T7663] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 110.832614][ T7663] ? security_socket_sendmsg+0x87/0xb0 [ 110.838068][ T7663] ? __pfx_netlink_sendmsg+0x10/0x10 [ 110.843345][ T7663] __sock_sendmsg+0x221/0x270 [ 110.848036][ T7663] ____sys_sendmsg+0x525/0x7d0 [ 110.852910][ T7663] ? __pfx_____sys_sendmsg+0x10/0x10 [ 110.858213][ T7663] __sys_sendmsg+0x2b0/0x3a0 [ 110.862905][ T7663] ? __pfx___sys_sendmsg+0x10/0x10 [ 110.868035][ T7663] ? vfs_write+0x7c4/0xc90 [ 110.872506][ T7663] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 110.878833][ T7663] ? do_syscall_64+0x100/0x230 [ 110.883606][ T7663] ? do_syscall_64+0xb6/0x230 [ 110.888288][ T7663] do_syscall_64+0xf3/0x230 [ 110.892783][ T7663] ? clear_bhb_loop+0x35/0x90 [ 110.897460][ T7663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.903379][ T7663] RIP: 0033:0x7f0300f75b99 [ 110.907790][ T7663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.927737][ T7663] RSP: 002b:00007f0301de1048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 110.936236][ T7663] RAX: ffffffffffffffda RBX: 00007f0301103f60 RCX: 00007f0300f75b99 [ 110.944290][ T7663] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004 [ 110.952257][ T7663] RBP: 00007f0301de10a0 R08: 0000000000000000 R09: 0000000000000000 [ 110.960218][ T7663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 110.968198][ T7663] R13: 000000000000004d R14: 00007f0301103f60 R15: 00007ffd4978e038 [ 110.976190][ T7663] [ 111.594122][ T7702] tap0: tun_chr_ioctl cmd 1074812118 [ 111.632012][ T7709] ieee802154 phy0 wpan0: encryption failed: -90 [ 111.645077][ T7708] xt_addrtype: ipv6 BLACKHOLE matching not supported [ 111.719872][ T7713] __nla_validate_parse: 3 callbacks suppressed [ 111.719892][ T7713] netlink: 40 bytes leftover after parsing attributes in process `syz.0.921'. [ 111.801031][ T7719] netlink: 'syz.3.926': attribute type 10 has an invalid length. [ 111.810923][ T7719] netlink: 148 bytes leftover after parsing attributes in process `syz.3.926'. [ 111.922206][ T7723] netlink: 52 bytes leftover after parsing attributes in process `syz.3.928'. [ 111.973377][ T7723] netlink: 1528 bytes leftover after parsing attributes in process `syz.3.928'. [ 112.223235][ T7738] netlink: 16 bytes leftover after parsing attributes in process `syz.2.935'. [ 112.272877][ T7742] netlink: 'syz.3.934': attribute type 3 has an invalid length. [ 112.287149][ T7742] netlink: 'syz.3.934': attribute type 3 has an invalid length. [ 112.349059][ T7706] netlink: 120 bytes leftover after parsing attributes in process `syz.4.923'. [ 112.370217][ T7745] syzkaller0: entered promiscuous mode [ 112.377332][ T7745] syzkaller0: entered allmulticast mode [ 113.662449][ T7757] netlink: 8 bytes leftover after parsing attributes in process `syz.1.941'. [ 113.889017][ T7774] netlink: 56 bytes leftover after parsing attributes in process `syz.0.949'. [ 114.051091][ T7781] netlink: 4 bytes leftover after parsing attributes in process `syz.1.950'. [ 114.091917][ T7781] macvtap2: entered promiscuous mode [ 114.108213][ T7781] macvtap2: entered allmulticast mode [ 114.131745][ T7781] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 114.156573][ T7791] netlink: 4 bytes leftover after parsing attributes in process `syz.1.950'. [ 115.509272][ T7850] batadv_slave_1: entered promiscuous mode [ 115.525381][ T7849] batadv_slave_1: left promiscuous mode [ 115.596673][ T7855] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 115.665929][ T7854] sch_tbf: burst 0 is lower than device lo mtu (17) ! [ 115.838227][ T7866] netlink: 'syz.3.982': attribute type 25 has an invalid length. [ 115.871718][ T7867] xt_HMARK: proto mask must be zero with L3 mode [ 115.872630][ T7866] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.887426][ T7866] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.896205][ T7866] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.905652][ T7866] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 116.765453][ T7911] bridge6: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 117.095864][ T7930] netlink: 'syz.4.1010': attribute type 10 has an invalid length. [ 117.180304][ T7930] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 117.206941][ T7929] __nla_validate_parse: 4 callbacks suppressed [ 117.206959][ T7929] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1009'. [ 117.500703][ T7951] FAULT_INJECTION: forcing a failure. [ 117.500703][ T7951] name failslab, interval 1, probability 0, space 0, times 0 [ 117.513922][ T7951] CPU: 1 PID: 7951 Comm: syz.4.1015 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 117.524021][ T7951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 117.534267][ T7951] Call Trace: [ 117.537564][ T7951] [ 117.540512][ T7951] dump_stack_lvl+0x241/0x360 [ 117.545230][ T7951] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.550792][ T7951] ? __pfx__printk+0x10/0x10 [ 117.555407][ T7951] ? __pfx___might_resched+0x10/0x10 [ 117.560710][ T7951] ? __asan_memset+0x23/0x50 [ 117.565323][ T7951] should_fail_ex+0x3b0/0x4e0 [ 117.570028][ T7951] should_failslab+0x9/0x20 [ 117.574563][ T7951] __kmalloc_node_noprof+0xdf/0x440 [ 117.579762][ T7951] ? kvmalloc_node_noprof+0x72/0x190 [ 117.585161][ T7951] kvmalloc_node_noprof+0x72/0x190 [ 117.590268][ T7951] alloc_netdev_mqs+0x87c/0xff0 [ 117.595757][ T7951] rtnl_create_link+0x2f9/0xc20 [ 117.601133][ T7951] rtnl_newlink+0x1423/0x20a0 [ 117.605815][ T7951] ? rtnl_newlink+0xb11/0x20a0 [ 117.610589][ T7951] ? __pfx_rtnl_newlink+0x10/0x10 [ 117.615610][ T7951] ? __pfx___mutex_trylock_common+0x10/0x10 [ 117.621585][ T7951] ? rcu_is_watching+0x15/0xb0 [ 117.626340][ T7951] ? trace_contention_end+0x3c/0x120 [ 117.631615][ T7951] ? __mutex_lock+0x2ef/0xd70 [ 117.636292][ T7951] ? __pfx_lock_release+0x10/0x10 [ 117.641320][ T7951] ? __pfx_rtnl_newlink+0x10/0x10 [ 117.646357][ T7951] rtnetlink_rcv_msg+0x89b/0x1180 [ 117.651376][ T7951] ? rtnetlink_rcv_msg+0x208/0x1180 [ 117.656567][ T7951] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 117.662021][ T7951] ? __local_bh_enable_ip+0x168/0x200 [ 117.667395][ T7951] ? lockdep_hardirqs_on+0x99/0x150 [ 117.672587][ T7951] ? __local_bh_enable_ip+0x168/0x200 [ 117.677945][ T7951] ? dev_hard_start_xmit+0x773/0x7e0 [ 117.683223][ T7951] ? __dev_queue_xmit+0x2da/0x3e90 [ 117.688424][ T7951] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 117.694156][ T7951] ? __dev_queue_xmit+0x2da/0x3e90 [ 117.699262][ T7951] ? __dev_queue_xmit+0x1763/0x3e90 [ 117.704453][ T7951] ? kasan_save_track+0x51/0x80 [ 117.709317][ T7951] ? do_syscall_64+0xf3/0x230 [ 117.713988][ T7951] ? __dev_queue_xmit+0x2da/0x3e90 [ 117.719095][ T7951] ? __pfx___dev_queue_xmit+0x10/0x10 [ 117.724475][ T7951] ? ref_tracker_free+0x643/0x7e0 [ 117.729507][ T7951] netlink_rcv_skb+0x1e3/0x430 [ 117.734285][ T7951] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 117.739736][ T7951] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 117.745047][ T7951] ? netlink_deliver_tap+0x2e/0x1b0 [ 117.750240][ T7951] netlink_unicast+0x7f0/0x990 [ 117.755003][ T7951] ? __pfx_netlink_unicast+0x10/0x10 [ 117.760278][ T7951] ? __virt_addr_valid+0x183/0x520 [ 117.765391][ T7951] ? __check_object_size+0x49c/0x900 [ 117.770673][ T7951] ? bpf_lsm_netlink_send+0x9/0x10 [ 117.775785][ T7951] netlink_sendmsg+0x8e4/0xcb0 [ 117.780551][ T7951] ? __pfx_netlink_sendmsg+0x10/0x10 [ 117.785829][ T7951] ? __import_iovec+0x536/0x820 [ 117.790754][ T7951] ? aa_sock_msg_perm+0x91/0x160 [ 117.795690][ T7951] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 117.800967][ T7951] ? security_socket_sendmsg+0x87/0xb0 [ 117.806421][ T7951] ? __pfx_netlink_sendmsg+0x10/0x10 [ 117.811695][ T7951] __sock_sendmsg+0x221/0x270 [ 117.816393][ T7951] ____sys_sendmsg+0x525/0x7d0 [ 117.821157][ T7951] ? __pfx_____sys_sendmsg+0x10/0x10 [ 117.826449][ T7951] __sys_sendmsg+0x2b0/0x3a0 [ 117.831125][ T7951] ? __pfx___sys_sendmsg+0x10/0x10 [ 117.836229][ T7951] ? vfs_write+0x7c4/0xc90 [ 117.840677][ T7951] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 117.846998][ T7951] ? do_syscall_64+0x100/0x230 [ 117.851758][ T7951] ? do_syscall_64+0xb6/0x230 [ 117.856436][ T7951] do_syscall_64+0xf3/0x230 [ 117.860933][ T7951] ? clear_bhb_loop+0x35/0x90 [ 117.865605][ T7951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.871748][ T7951] RIP: 0033:0x7f5e6e775b99 [ 117.876157][ T7951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.895756][ T7951] RSP: 002b:00007f5e6f5b4048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 117.904164][ T7951] RAX: ffffffffffffffda RBX: 00007f5e6e903f60 RCX: 00007f5e6e775b99 [ 117.912124][ T7951] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 117.920085][ T7951] RBP: 00007f5e6f5b40a0 R08: 0000000000000000 R09: 0000000000000000 [ 117.928048][ T7951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.936009][ T7951] R13: 000000000000000b R14: 00007f5e6e903f60 R15: 00007fffed029318 [ 117.944074][ T7951] [ 118.349985][ T7977] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1023'. [ 118.560691][ T7994] netlink: 'syz.1.1029': attribute type 1 has an invalid length. [ 118.758783][ T7994] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 118.804176][ T7998] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1029'. [ 118.826502][ T7994] bond2: (slave batadv1): Enslaving as a backup interface with an up link [ 118.877532][ T7998] bond2 (unregistering): (slave batadv1): Releasing backup interface [ 118.902571][ T7998] bond2 (unregistering): Released all slaves [ 119.108257][ T8018] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1038'. [ 119.136211][ T8021] netlink: 'syz.0.1036': attribute type 1 has an invalid length. [ 119.136811][ T8018] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1038'. [ 119.599893][ T8045] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1046'. [ 119.791032][ T8054] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1050'. [ 119.802683][ T8054] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1050'. [ 119.846021][ T8051] sctp: [Deprecated]: syz.1.1049 (pid 8051) Use of struct sctp_assoc_value in delayed_ack socket option. [ 119.846021][ T8051] Use struct sctp_sack_info instead [ 119.888481][ T8051] sctp: [Deprecated]: syz.1.1049 (pid 8051) Use of struct sctp_assoc_value in delayed_ack socket option. [ 119.888481][ T8051] Use struct sctp_sack_info instead [ 120.130865][ T8048] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1048'. [ 120.248650][ T8074] syz_tun: entered promiscuous mode [ 120.259411][ T8074] syz_tun: left promiscuous mode [ 120.396166][ T8081] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1060'. [ 120.551029][ T8051] syz.1.1049 (8051) used greatest stack depth: 17904 bytes left [ 121.074166][ T8117] netlink: 'syz.1.1073': attribute type 2 has an invalid length. [ 121.089824][ T8117] netlink: 'syz.1.1073': attribute type 8 has an invalid length. [ 121.098705][ T8117] netlink: 'syz.1.1073': attribute type 1 has an invalid length. [ 121.505143][ T8126] sctp: [Deprecated]: syz.0.1077 (pid 8126) Use of struct sctp_assoc_value in delayed_ack socket option. [ 121.505143][ T8126] Use struct sctp_sack_info instead [ 121.543897][ T8126] sctp: [Deprecated]: syz.0.1077 (pid 8126) Use of struct sctp_assoc_value in delayed_ack socket option. [ 121.543897][ T8126] Use struct sctp_sack_info instead [ 122.130431][ T8126] syz.0.1077 (8126) used greatest stack depth: 16240 bytes left [ 122.228441][ T8191] __nla_validate_parse: 11 callbacks suppressed [ 122.228461][ T8191] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1102'. [ 122.269402][ T8191] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1102'. [ 122.583215][ T8209] netlink: 596 bytes leftover after parsing attributes in process `syz.3.1108'. [ 122.755349][ T8219] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1113'. [ 122.826744][ T8223] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1114'. [ 122.864544][ T8223] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1114'. [ 122.941357][ T8230] bridge0: port 3(hsr_slave_1) entered blocking state [ 122.959453][ T8230] bridge0: port 3(hsr_slave_1) entered disabled state [ 122.975904][ T8230] hsr_slave_1: entered allmulticast mode [ 122.986818][ T8230] hsr_slave_1: left allmulticast mode [ 123.053202][ T8238] team0: Device macvtap2 is already an upper device of the team interface [ 123.313947][ T8260] netlink: 596 bytes leftover after parsing attributes in process `syz.1.1123'. [ 123.369123][ T8260] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.378881][ T8260] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.388436][ T8260] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.397302][ T8260] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.586302][ T8271] netlink: 'syz.2.1130': attribute type 29 has an invalid length. [ 123.604235][ T8271] netlink: 'syz.2.1130': attribute type 29 has an invalid length. [ 123.632292][ T8271] netlink: 'syz.2.1130': attribute type 29 has an invalid length. [ 123.667110][ T8271] netlink: 'syz.2.1130': attribute type 29 has an invalid length. [ 123.839897][ T8285] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1133'. [ 123.890889][ T8288] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1134'. [ 123.963410][ T8288] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1134'. [ 124.480656][ T8337] FAULT_INJECTION: forcing a failure. [ 124.480656][ T8337] name failslab, interval 1, probability 0, space 0, times 0 [ 124.513502][ T8337] CPU: 0 PID: 8337 Comm: syz.2.1149 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 124.523621][ T8337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 124.533697][ T8337] Call Trace: [ 124.534979][ T8338] netlink: 'syz.3.1147': attribute type 5 has an invalid length. [ 124.536976][ T8337] [ 124.537010][ T8337] dump_stack_lvl+0x241/0x360 [ 124.552339][ T8337] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.557633][ T8337] ? __pfx__printk+0x10/0x10 [ 124.562226][ T8337] ? __pfx___might_resched+0x10/0x10 [ 124.567530][ T8337] should_fail_ex+0x3b0/0x4e0 [ 124.572294][ T8337] ? sock_kmalloc+0xd7/0x160 [ 124.576879][ T8337] should_failslab+0x9/0x20 [ 124.581394][ T8337] __kmalloc_noprof+0xd8/0x400 [ 124.586252][ T8337] ? do_raw_spin_unlock+0x13c/0x8b0 [ 124.591459][ T8337] sock_kmalloc+0xd7/0x160 [ 124.596233][ T8337] hash_sendmsg+0x80a/0x1110 [ 124.600843][ T8337] ? __pfx_hash_sendmsg+0x10/0x10 [ 124.605875][ T8337] __sock_sendmsg+0x221/0x270 [ 124.610550][ T8337] ____sys_sendmsg+0x525/0x7d0 [ 124.615323][ T8337] ? __pfx_____sys_sendmsg+0x10/0x10 [ 124.620617][ T8337] __sys_sendmsg+0x2b0/0x3a0 [ 124.625203][ T8337] ? __pfx___sys_sendmsg+0x10/0x10 [ 124.630395][ T8337] ? vfs_write+0x7c4/0xc90 [ 124.634835][ T8337] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 124.641154][ T8337] ? do_syscall_64+0x100/0x230 [ 124.645911][ T8337] ? do_syscall_64+0xb6/0x230 [ 124.650578][ T8337] do_syscall_64+0xf3/0x230 [ 124.655071][ T8337] ? clear_bhb_loop+0x35/0x90 [ 124.659739][ T8337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.665627][ T8337] RIP: 0033:0x7f0300f75b99 [ 124.670034][ T8337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.689644][ T8337] RSP: 002b:00007f0301de1048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 124.698056][ T8337] RAX: ffffffffffffffda RBX: 00007f0301103f60 RCX: 00007f0300f75b99 [ 124.706021][ T8337] RDX: 0000000000008041 RSI: 00000000200003c0 RDI: 0000000000000004 [ 124.714167][ T8337] RBP: 00007f0301de10a0 R08: 0000000000000000 R09: 0000000000000000 [ 124.722309][ T8337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.730270][ T8337] R13: 000000000000004d R14: 00007f0301103f60 R15: 00007ffd4978e038 [ 124.738244][ T8337] [ 125.194077][ T8355] vlan3: entered promiscuous mode [ 125.580002][ T8378] netlink: 'syz.3.1166': attribute type 1 has an invalid length. [ 125.641141][ T8378] netlink: 'syz.3.1166': attribute type 1 has an invalid length. [ 125.706314][ T8390] team0: entered promiscuous mode [ 125.734921][ T8390] team_slave_0: entered promiscuous mode [ 125.762904][ T8390] team_slave_1: entered promiscuous mode [ 125.786089][ T8396] team0: left promiscuous mode [ 125.791133][ T8396] team_slave_0: left promiscuous mode [ 125.805873][ T8396] team_slave_1: left promiscuous mode [ 125.915589][ T8363] infiniband syz2: set active [ 125.922504][ T8363] infiniband syz2: added veth1_to_bridge [ 125.941404][ T8363] syz2: rxe_create_cq: returned err = -12 [ 125.957135][ T8363] infiniband syz2: Couldn't create ib_mad CQ [ 125.964874][ T8363] infiniband syz2: Couldn't open port 1 [ 126.056836][ T8363] RDS/IB: syz2: added [ 126.058606][ T8409] (unnamed net_device) (uninitialized): peer notification delay (1) is not a multiple of miimon (129), value rounded to 0 ms [ 126.067737][ T8363] smc: adding ib device syz2 with port count 1 [ 126.081379][ T8363] smc: ib device syz2 port 1 has pnetid [ 126.090225][ T8409] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (511) [ 126.106240][ T8409] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255 [ 126.620605][ T8427] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 126.648461][ T8427] bond2: (slave ip6gre1): Error -95 calling set_mac_address [ 127.078296][ T8451] validate_nla: 1 callbacks suppressed [ 127.078316][ T8451] netlink: 'syz.1.1190': attribute type 5 has an invalid length. [ 127.822042][ T8472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 127.916853][ T8481] tipc: Started in network mode [ 127.960099][ T8481] tipc: Node identity aaaaaaaaaa34, cluster identity 4711 [ 127.981623][ T8481] tipc: Enabled bearer , priority 0 [ 128.246979][ T8500] bond0: (slave bond_slave_0): Releasing backup interface [ 128.497041][ T8500] bond_slave_0: left promiscuous mode [ 128.524991][ T8483] __nla_validate_parse: 13 callbacks suppressed [ 128.525010][ T8483] netlink: 120 bytes leftover after parsing attributes in process `syz.3.1203'. [ 128.884970][ T8530] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1218'. [ 129.018416][ T8542] bond3: (slave vcan1): The slave device specified does not support setting the MAC address [ 129.036494][ T8542] bond3: (slave vcan1): Error -95 calling set_mac_address [ 129.093745][ T783] tipc: Node number set to 10398378 [ 129.244248][ T8560] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1224'. [ 129.329464][ T8560] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 129.355533][ T8560] bond2: (slave ip6gre1): Error -95 calling set_mac_address [ 129.623477][ T8576] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1230'. [ 130.129533][ T8608] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1239'. [ 130.238584][ T8613] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 130.261368][ T8613] bond1: (slave ip6gre1): Error -95 calling set_mac_address [ 130.433512][ T8627] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1244'. [ 130.459701][ T8630] FAULT_INJECTION: forcing a failure. [ 130.459701][ T8630] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 130.491903][ T8630] CPU: 1 PID: 8630 Comm: syz.3.1246 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 130.502017][ T8630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 130.512087][ T8630] Call Trace: [ 130.515380][ T8630] [ 130.518324][ T8630] dump_stack_lvl+0x241/0x360 [ 130.523026][ T8630] ? __pfx_dump_stack_lvl+0x10/0x10 [ 130.528236][ T8630] ? __pfx__printk+0x10/0x10 [ 130.532847][ T8630] ? __pfx_lock_release+0x10/0x10 [ 130.537886][ T8630] ? vfs_write+0x7c4/0xc90 [ 130.542312][ T8630] should_fail_ex+0x3b0/0x4e0 [ 130.546996][ T8630] _copy_from_user+0x2f/0xe0 [ 130.551594][ T8630] __sys_bpf+0x1a4/0x810 [ 130.555835][ T8630] ? __pfx___sys_bpf+0x10/0x10 [ 130.560605][ T8630] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 130.566585][ T8630] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 130.572908][ T8630] ? do_syscall_64+0x100/0x230 [ 130.577669][ T8630] __x64_sys_bpf+0x7c/0x90 [ 130.582079][ T8630] do_syscall_64+0xf3/0x230 [ 130.586578][ T8630] ? clear_bhb_loop+0x35/0x90 [ 130.591246][ T8630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.597127][ T8630] RIP: 0033:0x7fe62df75b99 [ 130.601622][ T8630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.621225][ T8630] RSP: 002b:00007fe62ed52048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 130.629633][ T8630] RAX: ffffffffffffffda RBX: 00007fe62e103f60 RCX: 00007fe62df75b99 [ 130.637595][ T8630] RDX: 0000000000000057 RSI: 0000000020000240 RDI: 000000000000000a [ 130.645558][ T8630] RBP: 00007fe62ed520a0 R08: 0000000000000000 R09: 0000000000000000 [ 130.653524][ T8630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.661480][ T8630] R13: 000000000000000b R14: 00007fe62e103f60 R15: 00007fff9ca7bf28 [ 130.669452][ T8630] [ 130.689480][ T8634] netlink: 'syz.4.1248': attribute type 5 has an invalid length. [ 130.786656][ T8638] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1247'. [ 130.872637][ T8646] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1247'. [ 131.144521][ T8656] team0: entered promiscuous mode [ 131.149638][ T8656] team_slave_0: entered promiscuous mode [ 131.175091][ T8656] team_slave_1: entered promiscuous mode [ 131.232583][ T8659] openvswitch: netlink: nsh attr 2048 is out of range max 3 [ 131.277045][ T8659] pim6reg: entered allmulticast mode [ 131.819601][ T8656] team0: left promiscuous mode [ 131.873915][ T8656] team_slave_0: left promiscuous mode [ 131.885102][ T8656] team_slave_1: left promiscuous mode [ 132.049837][ T8689] openvswitch: netlink: nsh attr 2048 is out of range max 3 [ 132.118340][ T8689] pim6reg: entered allmulticast mode [ 132.331614][ T8703] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 132.351490][ T8703] team0: Port device batadv2 added [ 133.128216][ T1243] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.248109][ T8760] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1293'. [ 133.439352][ T8765] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1297'. [ 133.728702][ T8780] rdma_rxe: rxe_newlink: failed to add veth1_to_bridge [ 134.352663][ T8805] netlink: 'syz.2.1310': attribute type 29 has an invalid length. [ 134.379404][ T8805] netlink: 'syz.2.1310': attribute type 29 has an invalid length. [ 134.410107][ T8805] netlink: 'syz.2.1310': attribute type 29 has an invalid length. [ 134.443448][ T8805] netlink: 'syz.2.1310': attribute type 29 has an invalid length. [ 135.792774][ T8848] netlink: 'syz.4.1324': attribute type 29 has an invalid length. [ 135.822937][ T8848] netlink: 'syz.4.1324': attribute type 29 has an invalid length. [ 135.876007][ T8848] netlink: 'syz.4.1324': attribute type 29 has an invalid length. [ 136.219952][ T8865] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1335'. [ 136.350429][ T8871] netlink: 232 bytes leftover after parsing attributes in process `syz.1.1337'. [ 136.424849][ T8879] netlink: 'syz.0.1339': attribute type 29 has an invalid length. [ 136.459324][ T8879] netlink: 'syz.0.1339': attribute type 29 has an invalid length. [ 136.505332][ T8883] netlink: 'syz.0.1339': attribute type 29 has an invalid length. [ 136.528036][ T8881] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1338'. [ 136.565262][ T8885] ebt_limit: overflow, try lower: 570423552/2483027968 [ 136.928705][ T8906] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1346'. [ 139.044674][ T5096] Bluetooth: hci2: command tx timeout [ 139.374931][ T9004] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 139.384741][ T1098] bond0: (slave bond_slave_0): interface is now down [ 139.400586][ T1098] bond0: (slave bond_slave_1): interface is now down [ 139.455952][ T1098] bond0: now running without any active interface! [ 139.585848][ T9010] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1384'. [ 140.064917][ T9027] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1388'. [ 140.103685][ T9027] validate_nla: 6 callbacks suppressed [ 140.103703][ T9027] netlink: 'syz.0.1388': attribute type 25 has an invalid length. [ 140.514964][ T9037] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.1391'. [ 141.481514][ T9064] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1400'. [ 141.890273][ T9080] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1407'. [ 142.094212][ T9088] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1410'. [ 142.122920][ T9088] vxcan3: entered promiscuous mode [ 142.137933][ T9088] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1410'. [ 142.176091][ T9092] No such timeout policy "syz0" [ 142.278773][ T9093] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2 [ 142.297865][ T9093] gretap2: entered promiscuous mode [ 142.308978][ T9093] gretap2: entered allmulticast mode [ 142.837531][ T9105] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1418'. [ 143.171686][ T9118] netlink: 277 bytes leftover after parsing attributes in process `syz.4.1423'. [ 143.481524][ T9142] syzkaller1: entered promiscuous mode [ 143.487588][ T9142] syzkaller1: entered allmulticast mode [ 143.872452][ T9158] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1439'. [ 144.497018][ T9180] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1449'. [ 146.538740][ T9263] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1480'. [ 146.570883][ T9263] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1480'. [ 146.613753][ T9263] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1480'. [ 146.658399][ T9255] geneve3: entered promiscuous mode [ 146.694049][ T9255] geneve3: entered allmulticast mode [ 147.340665][ T9292] netlink: 'syz.3.1488': attribute type 10 has an invalid length. [ 147.426307][ T9292] batman_adv: batadv0: Adding interface: team0 [ 147.449579][ T9292] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.486307][ T9292] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 147.722361][ T9303] netlink: 'syz.3.1492': attribute type 11 has an invalid length. [ 147.762649][ T9303] netlink: 203156 bytes leftover after parsing attributes in process `syz.3.1492'. [ 147.795439][ T9303] netlink: 'syz.3.1492': attribute type 4 has an invalid length. [ 147.810172][ T9303] netlink: 193140 bytes leftover after parsing attributes in process `syz.3.1492'. [ 147.919052][ T9311] netlink: 'syz.4.1495': attribute type 1 has an invalid length. [ 147.956660][ T9311] netlink: 'syz.4.1495': attribute type 1 has an invalid length. [ 148.065428][ T9318] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1496'. [ 148.424841][ T9336] netlink: 'syz.4.1502': attribute type 10 has an invalid length. [ 148.473726][ T9336] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1502'. [ 148.513940][ T9336] team0: entered promiscuous mode [ 148.519227][ T9336] team_slave_0: entered promiscuous mode [ 148.564184][ T9336] team_slave_1: entered promiscuous mode [ 148.586170][ T9336] bridge0: port 3(team0) entered blocking state [ 148.593085][ T9336] bridge0: port 3(team0) entered disabled state [ 148.663899][ T9336] team0: entered allmulticast mode [ 148.669073][ T9336] team_slave_0: entered allmulticast mode [ 148.713134][ T9336] team_slave_1: entered allmulticast mode [ 148.733966][ T9336] macvlan2: entered allmulticast mode [ 148.739393][ T9336] vlan1: entered allmulticast mode [ 148.765440][ T9336] bridge0: port 3(team0) entered blocking state [ 148.772192][ T9336] bridge0: port 3(team0) entered forwarding state [ 148.819386][ T9342] netlink: 'syz.3.1503': attribute type 10 has an invalid length. [ 148.998805][ T9360] netlink: 'syz.3.1507': attribute type 33 has an invalid length. [ 149.014252][ T9360] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1507'. [ 149.534037][ T9377] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1514'. [ 149.555143][ T9377] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1514'. [ 150.498044][ T9429] netlink: 'syz.0.1532': attribute type 25 has an invalid length. [ 151.039402][ T9464] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.046843][ T9464] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.804544][ T9508] __nla_validate_parse: 2 callbacks suppressed [ 151.804562][ T9508] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1560'. [ 151.860892][ T9508] macvtap3: entered promiscuous mode [ 151.867072][ T9508] macvtap3: entered allmulticast mode [ 151.885343][ T9508] 8021q: adding VLAN 0 to HW filter on device macvtap3 [ 151.997950][ T9518] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1565'. [ 152.022744][ T9518] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1565'. [ 152.039204][ T9522] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 152.056628][ T9518] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 152.072684][ T9518] batadv_slave_0: entered promiscuous mode [ 152.362340][ T9533] bond0: (slave macvlan3): Error -98 calling set_mac_address [ 152.823968][ T9549] netlink: 'syz.3.1575': attribute type 1 has an invalid length. [ 152.864790][ T9549] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1575'. [ 152.945821][ T9553] netlink: 'syz.4.1576': attribute type 10 has an invalid length. [ 152.969937][ T9554] FAULT_INJECTION: forcing a failure. [ 152.969937][ T9554] name failslab, interval 1, probability 0, space 0, times 0 [ 152.985499][ T9553] ipvlan1: entered promiscuous mode [ 153.013851][ T9553] team0: Device ipvlan1 failed to register rx_handler [ 153.028576][ T9554] CPU: 1 PID: 9554 Comm: syz.3.1575 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 153.039197][ T9554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 153.049247][ T9554] Call Trace: [ 153.052523][ T9554] [ 153.055447][ T9554] dump_stack_lvl+0x241/0x360 [ 153.060123][ T9554] ? __pfx_dump_stack_lvl+0x10/0x10 [ 153.065331][ T9554] ? __pfx__printk+0x10/0x10 [ 153.069918][ T9554] ? __pfx___might_resched+0x10/0x10 [ 153.075202][ T9554] should_fail_ex+0x3b0/0x4e0 [ 153.079892][ T9554] should_failslab+0x9/0x20 [ 153.084388][ T9554] __kmalloc_node_noprof+0xdf/0x440 [ 153.089574][ T9554] ? kvmalloc_node_noprof+0x72/0x190 [ 153.094855][ T9554] kvmalloc_node_noprof+0x72/0x190 [ 153.099956][ T9554] bpf_test_run_xdp_live+0x277/0x2110 [ 153.105320][ T9554] ? arch_stack_walk+0x16d/0x1b0 [ 153.110268][ T9554] ? stack_trace_save+0x118/0x1d0 [ 153.115291][ T9554] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 153.121089][ T9554] ? mark_lock+0x9a/0x350 [ 153.125457][ T9554] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 153.131347][ T9554] ? __might_fault+0xaa/0x120 [ 153.136012][ T9554] ? __might_fault+0xc6/0x120 [ 153.140687][ T9554] ? _copy_from_user+0xa6/0xe0 [ 153.145442][ T9554] ? bpf_test_init+0x15a/0x180 [ 153.150195][ T9554] ? xdp_convert_md_to_buff+0x5b/0x330 [ 153.155653][ T9554] bpf_prog_test_run_xdp+0x80e/0x11b0 [ 153.161022][ T9554] ? __pfx_lock_release+0x10/0x10 [ 153.166044][ T9554] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 153.171845][ T9554] ? __fget_files+0x29/0x470 [ 153.176439][ T9554] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 153.182244][ T9554] bpf_prog_test_run+0x33a/0x3b0 [ 153.187183][ T9554] __sys_bpf+0x48d/0x810 [ 153.191422][ T9554] ? __pfx___sys_bpf+0x10/0x10 [ 153.196188][ T9554] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 153.202158][ T9554] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 153.208486][ T9554] ? do_syscall_64+0x100/0x230 [ 153.213243][ T9554] __x64_sys_bpf+0x7c/0x90 [ 153.217653][ T9554] do_syscall_64+0xf3/0x230 [ 153.222149][ T9554] ? clear_bhb_loop+0x35/0x90 [ 153.226824][ T9554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.232707][ T9554] RIP: 0033:0x7fe62df75b99 [ 153.237113][ T9554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.256725][ T9554] RSP: 002b:00007fe62ed31048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 153.265144][ T9554] RAX: ffffffffffffffda RBX: 00007fe62e104038 RCX: 00007fe62df75b99 [ 153.273209][ T9554] RDX: 0000000000000050 RSI: 0000000020000640 RDI: 000000000000000a [ 153.281274][ T9554] RBP: 00007fe62ed310a0 R08: 0000000000000000 R09: 0000000000000000 [ 153.289246][ T9554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 153.297217][ T9554] R13: 000000000000006e R14: 00007fe62e104038 R15: 00007fff9ca7bf28 [ 153.305209][ T9554] [ 153.479591][ T9560] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1577'. [ 153.528894][ T9560] macvtap4: entered promiscuous mode [ 153.536073][ T9560] macvtap4: entered allmulticast mode [ 153.542599][ T9560] 8021q: adding VLAN 0 to HW filter on device macvtap4 [ 153.564161][ T9564] netlink: 'syz.0.1578': attribute type 4 has an invalid length. [ 153.572463][ T9564] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1578'. [ 153.596033][ T9562] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1579'. [ 153.623627][ T9562] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1579'. [ 153.635796][ T9564] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 153.744661][ T5139] tipc: Resetting bearer [ 154.082356][ T9592] FAULT_INJECTION: forcing a failure. [ 154.082356][ T9592] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 154.117517][ T9592] CPU: 0 PID: 9592 Comm: syz.0.1586 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 154.127642][ T9592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 154.137715][ T9592] Call Trace: [ 154.141012][ T9592] [ 154.143956][ T9592] dump_stack_lvl+0x241/0x360 [ 154.148655][ T9592] ? __pfx_dump_stack_lvl+0x10/0x10 [ 154.153871][ T9592] ? __pfx__printk+0x10/0x10 [ 154.158496][ T9592] should_fail_ex+0x3b0/0x4e0 [ 154.163192][ T9592] prepare_alloc_pages+0x1da/0x5d0 [ 154.168343][ T9592] __alloc_pages_noprof+0x166/0x6c0 [ 154.173573][ T9592] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 154.179341][ T9592] alloc_pages_mpol_noprof+0x3e8/0x680 [ 154.184834][ T9592] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 154.190881][ T9592] ? xas_load+0x59b/0x5c0 [ 154.195247][ T9592] ? mpol_shared_policy_lookup+0x148/0x1f0 [ 154.201085][ T9592] shmem_alloc_and_add_folio+0x24d/0xdb0 [ 154.206833][ T9592] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 154.213015][ T9592] ? filemap_map_pages+0x24f/0x1e70 [ 154.218238][ T9592] ? __pfx_lock_release+0x10/0x10 [ 154.223287][ T9592] shmem_get_folio_gfp+0x82d/0x1f50 [ 154.228504][ T9592] ? do_raw_spin_unlock+0x13c/0x8b0 [ 154.233724][ T9592] ? filemap_map_pages+0x18e0/0x1e70 [ 154.239029][ T9592] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 154.244673][ T9592] shmem_fault+0x252/0x6f0 [ 154.249104][ T9592] ? __pfx_shmem_fault+0x10/0x10 [ 154.254043][ T9592] ? __pfx_lock_release+0x10/0x10 [ 154.259174][ T9592] ? pte_offset_map_nolock+0x137/0x1f0 [ 154.264649][ T9592] ? __lock_acquire+0x1346/0x1fd0 [ 154.269944][ T9592] __do_fault+0x135/0x460 [ 154.274324][ T9592] ? handle_pte_fault+0x222c/0x7090 [ 154.279535][ T9592] handle_pte_fault+0x3d15/0x7090 [ 154.284576][ T9592] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 154.290322][ T9592] ? __pfx_lock_acquire+0x10/0x10 [ 154.295350][ T9592] ? __pfx_handle_pte_fault+0x10/0x10 [ 154.300722][ T9592] ? do_raw_spin_lock+0x14f/0x370 [ 154.305761][ T9592] ? follow_page_pte+0x292/0x1d90 [ 154.310781][ T9592] ? follow_page_pte+0x859/0x1d90 [ 154.315797][ T9592] ? __pfx_lock_release+0x10/0x10 [ 154.320815][ T9592] ? do_raw_spin_unlock+0x13c/0x8b0 [ 154.326020][ T9592] handle_mm_fault+0x10df/0x1ba0 [ 154.330974][ T9592] ? __pfx_handle_mm_fault+0x10/0x10 [ 154.336277][ T9592] ? __pfx_find_vma+0x10/0x10 [ 154.340945][ T9592] ? vma_is_secretmem+0xd/0x50 [ 154.345700][ T9592] ? check_vma_flags+0x500/0x5a0 [ 154.350652][ T9592] __get_user_pages+0x6ef/0x1590 [ 154.355602][ T9592] ? mt_find+0x62d/0x850 [ 154.359841][ T9592] ? __pfx___get_user_pages+0x10/0x10 [ 154.365223][ T9592] populate_vma_page_range+0x264/0x330 [ 154.370698][ T9592] ? __pfx_populate_vma_page_range+0x10/0x10 [ 154.376672][ T9592] ? userfaultfd_unmap_complete+0x30c/0x360 [ 154.382562][ T9592] ? do_mmap+0x915/0xfa0 [ 154.386806][ T9592] __mm_populate+0x27a/0x460 [ 154.391400][ T9592] ? __pfx___mm_populate+0x10/0x10 [ 154.396512][ T9592] vm_mmap_pgoff+0x2c3/0x3d0 [ 154.401098][ T9592] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 154.406208][ T9592] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 154.412528][ T9592] ? do_syscall_64+0x100/0x230 [ 154.417279][ T9592] ? ksys_mmap_pgoff+0xdf/0x720 [ 154.422129][ T9592] ? __x64_sys_mmap+0x7f/0x140 [ 154.426893][ T9592] do_syscall_64+0xf3/0x230 [ 154.431386][ T9592] ? clear_bhb_loop+0x35/0x90 [ 154.436054][ T9592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.441938][ T9592] RIP: 0033:0x7f2606175b99 [ 154.446349][ T9592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.465968][ T9592] RSP: 002b:00007f2605bde048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 154.474415][ T9592] RAX: ffffffffffffffda RBX: 00007f2606304038 RCX: 00007f2606175b99 [ 154.482377][ T9592] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000 [ 154.490428][ T9592] RBP: 00007f2605bde0a0 R08: ffffffffffffffff R09: 0000000000000000 [ 154.498389][ T9592] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000002 [ 154.506352][ T9592] R13: 000000000000006e R14: 00007f2606304038 R15: 00007ffc0b6ebdf8 [ 154.514327][ T9592] [ 154.640301][ T9599] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1591'. [ 154.730566][ T9601] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1590'. [ 154.923380][ T9607] tipc: Enabling of bearer rejected, failed to enable media [ 155.652182][ T9633] batadv0: entered promiscuous mode [ 155.814765][ T9648] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.182122][ T9664] Bluetooth: hci3: invalid length 0, exp 2 for type 6 [ 156.321798][ T9670] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 156.905676][ T9703] __nla_validate_parse: 5 callbacks suppressed [ 156.905695][ T9703] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1623'. [ 156.933329][ T9703] netlink: 'syz.4.1623': attribute type 25 has an invalid length. [ 156.945664][ T9705] sctp: [Deprecated]: syz.0.1622 (pid 9705) Use of int in max_burst socket option deprecated. [ 156.945664][ T9705] Use struct sctp_assoc_value instead [ 156.984956][ T9700] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1624'. [ 156.996322][ T9700] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1624'. [ 157.013264][ T9700] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 157.024566][ T9700] batadv_slave_0: entered promiscuous mode [ 157.031181][ T9700] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 157.040660][ T9700] Cannot create hsr debugfs directory [ 157.111919][ T9708] FAULT_INJECTION: forcing a failure. [ 157.111919][ T9708] name failslab, interval 1, probability 0, space 0, times 0 [ 157.126388][ T9708] CPU: 1 PID: 9708 Comm: syz.2.1625 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 157.136587][ T9708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 157.146659][ T9708] Call Trace: [ 157.149947][ T9708] [ 157.152881][ T9708] dump_stack_lvl+0x241/0x360 [ 157.157569][ T9708] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.162768][ T9708] ? __pfx__printk+0x10/0x10 [ 157.167369][ T9708] should_fail_ex+0x3b0/0x4e0 [ 157.172063][ T9708] ? __alloc_skb+0x1c3/0x440 [ 157.176657][ T9708] should_failslab+0x9/0x20 [ 157.181159][ T9708] kmem_cache_alloc_node_noprof+0x71/0x320 [ 157.186972][ T9708] ? br_get_link_af_size_filtered+0xdb/0xd30 [ 157.192943][ T9708] __alloc_skb+0x1c3/0x440 [ 157.197448][ T9708] ? __pfx___alloc_skb+0x10/0x10 [ 157.202380][ T9708] ? if_nlmsg_size+0x74f/0x7a0 [ 157.207139][ T9708] ? if_nlmsg_size+0x53a/0x7a0 [ 157.211898][ T9708] rtmsg_ifinfo_build_skb+0x84/0x260 [ 157.217177][ T9708] ? in6_dev_get+0x22a/0x290 [ 157.221764][ T9708] ? notifier_call_chain+0x162/0x3e0 [ 157.227045][ T9708] rtmsg_ifinfo+0x91/0x1b0 [ 157.231464][ T9708] netdev_state_change+0x139/0x1a0 [ 157.236571][ T9708] ? __pfx_netdev_state_change+0x10/0x10 [ 157.242202][ T9708] ? dev_change_xdp_fd+0x213/0x260 [ 157.247313][ T9708] do_setlink+0x3e3/0x41f0 [ 157.251736][ T9708] ? stack_trace_save+0x118/0x1d0 [ 157.256755][ T9708] ? __pfx_stack_trace_save+0x10/0x10 [ 157.262118][ T9708] ? __pfx_do_setlink+0x10/0x10 [ 157.266964][ T9708] ? __nla_validate_parse+0x26ce/0x3090 [ 157.272497][ T9708] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 157.277856][ T9708] ? rtnl_newlink+0xf2/0x20a0 [ 157.282544][ T9708] ? __pfx___nla_validate_parse+0x10/0x10 [ 157.288310][ T9708] ? validate_linkmsg+0x71e/0x900 [ 157.293432][ T9708] rtnl_newlink+0x1119/0x20a0 [ 157.298131][ T9708] ? rtnl_newlink+0xb11/0x20a0 [ 157.302914][ T9708] ? __pfx_rtnl_newlink+0x10/0x10 [ 157.307939][ T9708] ? __pfx___mutex_trylock_common+0x10/0x10 [ 157.313836][ T9708] ? rcu_is_watching+0x15/0xb0 [ 157.318607][ T9708] ? trace_contention_end+0x3c/0x120 [ 157.323887][ T9708] ? __mutex_lock+0x2ef/0xd70 [ 157.328564][ T9708] ? __pfx_lock_release+0x10/0x10 [ 157.333647][ T9708] ? __pfx_rtnl_newlink+0x10/0x10 [ 157.338679][ T9708] rtnetlink_rcv_msg+0x89b/0x1180 [ 157.343702][ T9708] ? rtnetlink_rcv_msg+0x208/0x1180 [ 157.348896][ T9708] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 157.354439][ T9708] ? __local_bh_enable_ip+0x168/0x200 [ 157.359804][ T9708] ? lockdep_hardirqs_on+0x99/0x150 [ 157.365086][ T9708] ? __local_bh_enable_ip+0x168/0x200 [ 157.370444][ T9708] ? dev_hard_start_xmit+0x773/0x7e0 [ 157.375725][ T9708] ? __dev_queue_xmit+0x2da/0x3e90 [ 157.380830][ T9708] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 157.386545][ T9708] ? __dev_queue_xmit+0x2da/0x3e90 [ 157.391655][ T9708] ? __dev_queue_xmit+0x1763/0x3e90 [ 157.396847][ T9708] ? kasan_save_track+0x51/0x80 [ 157.401695][ T9708] ? do_syscall_64+0xf3/0x230 [ 157.406367][ T9708] ? __dev_queue_xmit+0x2da/0x3e90 [ 157.411474][ T9708] ? __pfx___dev_queue_xmit+0x10/0x10 [ 157.416858][ T9708] ? ref_tracker_free+0x643/0x7e0 [ 157.421886][ T9708] netlink_rcv_skb+0x1e3/0x430 [ 157.426649][ T9708] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 157.432100][ T9708] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 157.437394][ T9708] ? netlink_deliver_tap+0x2e/0x1b0 [ 157.442591][ T9708] netlink_unicast+0x7f0/0x990 [ 157.447358][ T9708] ? __pfx_netlink_unicast+0x10/0x10 [ 157.452723][ T9708] ? __virt_addr_valid+0x183/0x520 [ 157.457833][ T9708] ? __check_object_size+0x49c/0x900 [ 157.463114][ T9708] ? bpf_lsm_netlink_send+0x9/0x10 [ 157.468223][ T9708] netlink_sendmsg+0x8e4/0xcb0 [ 157.472997][ T9708] ? __pfx_netlink_sendmsg+0x10/0x10 [ 157.478280][ T9708] ? __import_iovec+0x536/0x820 [ 157.483120][ T9708] ? aa_sock_msg_perm+0x91/0x160 [ 157.488064][ T9708] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 157.493345][ T9708] ? security_socket_sendmsg+0x87/0xb0 [ 157.498814][ T9708] ? __pfx_netlink_sendmsg+0x10/0x10 [ 157.504099][ T9708] __sock_sendmsg+0x221/0x270 [ 157.508781][ T9708] ____sys_sendmsg+0x525/0x7d0 [ 157.513564][ T9708] ? __pfx_____sys_sendmsg+0x10/0x10 [ 157.518874][ T9708] __sys_sendmsg+0x2b0/0x3a0 [ 157.523472][ T9708] ? __pfx___sys_sendmsg+0x10/0x10 [ 157.528584][ T9708] ? vfs_write+0x7c4/0xc90 [ 157.533038][ T9708] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 157.539364][ T9708] ? do_syscall_64+0x100/0x230 [ 157.544126][ T9708] ? do_syscall_64+0xb6/0x230 [ 157.548796][ T9708] do_syscall_64+0xf3/0x230 [ 157.553290][ T9708] ? clear_bhb_loop+0x35/0x90 [ 157.557963][ T9708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.563851][ T9708] RIP: 0033:0x7f0300f75b99 [ 157.568255][ T9708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.587852][ T9708] RSP: 002b:00007f0301de1048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 157.596269][ T9708] RAX: ffffffffffffffda RBX: 00007f0301103f60 RCX: 00007f0300f75b99 [ 157.604409][ T9708] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 157.612373][ T9708] RBP: 00007f0301de10a0 R08: 0000000000000000 R09: 0000000000000000 [ 157.620334][ T9708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 157.628297][ T9708] R13: 000000000000004d R14: 00007f0301103f60 R15: 00007ffd4978e038 [ 157.636276][ T9708] [ 157.795632][ T9711] netlink: 232 bytes leftover after parsing attributes in process `syz.2.1627'. [ 157.835397][ T9719] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1626'. [ 157.868821][ T9719] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1626'. [ 157.911949][ T9719] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.179229][ T9742] unsupported nla_type 40 [ 158.247130][ T9742] netlink: 'syz.3.1637': attribute type 9 has an invalid length. [ 158.276783][ T9742] netlink: 'syz.3.1637': attribute type 7 has an invalid length. [ 158.285043][ T9741] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1635'. [ 158.285077][ T9741] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1635'. [ 158.319962][ T9742] netlink: 'syz.3.1637': attribute type 8 has an invalid length. [ 158.332059][ T9741] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 158.362713][ T9741] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 158.423912][ T9748] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1639'. [ 158.447249][ T9748] netlink: 'syz.2.1639': attribute type 25 has an invalid length. [ 158.831904][ T9770] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1647'. [ 158.854122][ T9771] netlink: 'syz.3.1646': attribute type 25 has an invalid length. [ 159.020749][ T9773] infiniband syz2: set active [ 159.422484][ T9794] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 159.798684][ T9817] veth1_macvtap: left promiscuous mode [ 159.808992][ T9817] macsec0: entered promiscuous mode [ 159.820619][ T9817] macsec0: entered allmulticast mode [ 159.865048][ T9817] veth1_macvtap: entered promiscuous mode [ 159.885320][ T9817] veth1_macvtap: entered allmulticast mode [ 159.891456][ T9817] macsec0: left promiscuous mode [ 159.904181][ T9817] macsec0: left allmulticast mode [ 159.909269][ T9817] veth1_macvtap: left allmulticast mode [ 159.930216][ T9824] netlink: 'syz.3.1663': attribute type 25 has an invalid length. [ 159.934173][ T9817] dccp_invalid_packet: P.type (CLOSE) not Data || [Data]Ack, while P.X == 0 [ 160.079092][ T9829] netlink: 'syz.2.1665': attribute type 10 has an invalid length. [ 160.088595][ T9829] geneve0: entered promiscuous mode [ 160.108665][ T9829] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 160.124925][ T1089] bond0: (slave geneve0): interface is now down [ 160.154516][ T8539] bond0: (slave geneve0): interface is now down [ 160.193814][ T8539] bond0: (slave geneve0): interface is now down [ 160.203060][ T8539] bond0: now running without any active interface! [ 160.435688][ T9849] netlink: 'syz.0.1671': attribute type 25 has an invalid length. [ 160.761588][ T9857] bridge5: entered promiscuous mode [ 160.784583][ T9857] vlan2: entered promiscuous mode [ 160.803178][ T9857] bridge5: port 1(vlan2) entered blocking state [ 160.835114][ T9857] bridge5: port 1(vlan2) entered disabled state [ 160.841611][ T9857] vlan2: entered allmulticast mode [ 160.863668][ T9857] bridge5: entered allmulticast mode [ 161.056003][ T9857] vlan2: left allmulticast mode [ 161.060919][ T9857] bridge5: left allmulticast mode [ 161.194667][ T9857] bridge5: left promiscuous mode [ 161.386572][ T9866] netlink: 'syz.0.1677': attribute type 10 has an invalid length. [ 161.440304][ T9866] geneve0: entered promiscuous mode [ 161.629215][ T9877] syzkaller1: entered promiscuous mode [ 161.639533][ T9877] syzkaller1: entered allmulticast mode [ 161.690929][ T9887] netlink: 'syz.0.1686': attribute type 25 has an invalid length. [ 161.812682][ T9891] xt_limit: Overflow, try lower: 262144/524288 [ 162.280274][ T9914] __nla_validate_parse: 17 callbacks suppressed [ 162.280304][ T9914] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1698'. [ 162.359193][ T9918] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1700'. [ 162.372738][ T9918] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 162.380070][ T9918] IPv6: NLM_F_CREATE should be set when creating new route [ 162.387463][ T9918] IPv6: NLM_F_CREATE should be set when creating new route [ 162.608179][ T9933] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1705'. [ 162.639359][ T9933] block nbd0: not configured, cannot reconfigure [ 162.858241][ T9946] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1710'. [ 162.892914][ T9949] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1709'. [ 162.906789][ T9946] netlink: 1528 bytes leftover after parsing attributes in process `syz.3.1710'. [ 162.916848][ T9949] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1709'. [ 163.058047][ T9961] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1714'. [ 163.325106][ T9974] validate_nla: 3 callbacks suppressed [ 163.325126][ T9974] netlink: 'syz.0.1719': attribute type 3 has an invalid length. [ 163.605619][ T9996] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1729'. [ 163.668433][ T9998] netlink: 'syz.3.1728': attribute type 10 has an invalid length. [ 163.719999][ T9998] geneve0: entered promiscuous mode [ 163.753838][ T9998] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 164.111170][T10023] IPv6: sit1: Disabled Multicast RS [ 164.460824][T10053] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1746'. [ 164.495199][T10053] netlink: 'syz.3.1746': attribute type 25 has an invalid length. [ 165.598156][T10115] IPv6: sit1: Disabled Multicast RS [ 165.992762][T10125] FAULT_INJECTION: forcing a failure. [ 165.992762][T10125] name failslab, interval 1, probability 0, space 0, times 0 [ 166.034389][T10125] CPU: 0 PID: 10125 Comm: syz.2.1771 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 166.044598][T10125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 166.054719][T10125] Call Trace: [ 166.058014][T10125] [ 166.060957][T10125] dump_stack_lvl+0x241/0x360 [ 166.065656][T10125] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.070872][T10125] ? __pfx__printk+0x10/0x10 [ 166.075502][T10125] should_fail_ex+0x3b0/0x4e0 [ 166.080194][T10125] ? __xdp_reg_mem_model+0x1e3/0x620 [ 166.085485][T10125] should_failslab+0x9/0x20 [ 166.090014][T10125] kmalloc_trace_noprof+0x6c/0x2c0 [ 166.095141][T10125] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 166.101151][T10125] __xdp_reg_mem_model+0x1e3/0x620 [ 166.106289][T10125] ? __pfx___xdp_reg_mem_model+0x10/0x10 [ 166.111941][T10125] ? page_pool_list+0x232/0x280 [ 166.116819][T10125] xdp_reg_mem_model+0x22/0x40 [ 166.121609][T10125] bpf_test_run_xdp_live+0x31e/0x2110 [ 166.127000][T10125] ? arch_stack_walk+0x16d/0x1b0 [ 166.131982][T10125] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 166.137808][T10125] ? mark_lock+0x9a/0x350 [ 166.142202][T10125] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 166.148114][T10125] ? __might_fault+0xaa/0x120 [ 166.152782][T10125] ? __might_fault+0xc6/0x120 [ 166.157449][T10125] ? _copy_from_user+0xa6/0xe0 [ 166.162203][T10125] ? bpf_test_init+0x15a/0x180 [ 166.166955][T10125] ? xdp_convert_md_to_buff+0x5b/0x330 [ 166.172411][T10125] bpf_prog_test_run_xdp+0x80e/0x11b0 [ 166.177807][T10125] ? __pfx_lock_release+0x10/0x10 [ 166.182831][T10125] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 166.188632][T10125] ? __fget_files+0x29/0x470 [ 166.193226][T10125] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 166.199025][T10125] bpf_prog_test_run+0x33a/0x3b0 [ 166.203957][T10125] __sys_bpf+0x48d/0x810 [ 166.208194][T10125] ? __pfx___sys_bpf+0x10/0x10 [ 166.212963][T10125] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 166.218932][T10125] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 166.225246][T10125] ? do_syscall_64+0x100/0x230 [ 166.230002][T10125] __x64_sys_bpf+0x7c/0x90 [ 166.234413][T10125] do_syscall_64+0xf3/0x230 [ 166.238908][T10125] ? clear_bhb_loop+0x35/0x90 [ 166.243586][T10125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.249476][T10125] RIP: 0033:0x7f0300f75b99 [ 166.253885][T10125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.273480][T10125] RSP: 002b:00007f0301de1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 166.281886][T10125] RAX: ffffffffffffffda RBX: 00007f0301103f60 RCX: 00007f0300f75b99 [ 166.289853][T10125] RDX: 0000000000000050 RSI: 0000000020000340 RDI: 000000000000000a [ 166.297815][T10125] RBP: 00007f0301de10a0 R08: 0000000000000000 R09: 0000000000000000 [ 166.305792][T10125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 166.313761][T10125] R13: 000000000000004d R14: 00007f0301103f60 R15: 00007ffd4978e038 [ 166.321743][T10125] [ 166.523511][T10141] netlink: 'syz.1.1775': attribute type 25 has an invalid length. [ 166.613256][T10139] netlink: 'syz.3.1774': attribute type 25 has an invalid length. [ 167.532045][T10169] can: request_module (can-proto-0) failed. [ 167.551850][T10173] vlan3: entered promiscuous mode [ 167.560305][T10173] syz_tun: entered promiscuous mode [ 167.573893][T10173] syz_tun: left promiscuous mode [ 167.888911][T10198] __nla_validate_parse: 7 callbacks suppressed [ 167.888929][T10198] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1793'. [ 167.906912][T10198] netlink: 'syz.1.1793': attribute type 25 has an invalid length. [ 167.939631][T10197] netlink: 'syz.2.1796': attribute type 1 has an invalid length. [ 167.941237][T10200] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1794'. [ 167.948904][T10199] netlink: 'syz.0.1797': attribute type 1 has an invalid length. [ 167.976522][T10200] netlink: 'syz.4.1794': attribute type 25 has an invalid length. [ 167.984478][T10199] netlink: 9348 bytes leftover after parsing attributes in process `syz.0.1797'. [ 167.984518][T10199] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1797'. [ 168.047131][T10197] netlink: 54 bytes leftover after parsing attributes in process `syz.2.1796'. [ 168.064697][T10199] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1797'. [ 168.077814][T10202] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1797'. [ 168.221187][T10208] sctp: [Deprecated]: syz.0.1799 (pid 10208) Use of struct sctp_assoc_value in delayed_ack socket option. [ 168.221187][T10208] Use struct sctp_sack_info instead [ 168.238779][T10209] sctp: [Deprecated]: syz.0.1799 (pid 10209) Use of struct sctp_assoc_value in delayed_ack socket option. [ 168.238779][T10209] Use struct sctp_sack_info instead [ 168.770740][T10237] netlink: 'syz.2.1811': attribute type 1 has an invalid length. [ 168.825590][T10237] netlink: 54 bytes leftover after parsing attributes in process `syz.2.1811'. [ 168.846134][T10241] IPVS: length: 162 != 8 [ 168.874233][T10241] x_tables: duplicate underflow at hook 3 [ 168.961396][T10249] macvlan3: entered allmulticast mode [ 168.968404][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 169.138315][T10260] netlink: 484 bytes leftover after parsing attributes in process `syz.1.1820'. [ 169.526015][T10275] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1824'. [ 169.564277][T10275] netlink: 'syz.1.1824': attribute type 25 has an invalid length. [ 169.720531][ T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 169.730459][ T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 169.740288][ T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 169.759073][ T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 169.775571][ T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 169.785312][ T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 169.945742][T10293] netlink: 'syz.3.1831': attribute type 1 has an invalid length. [ 170.487476][T10321] syzkaller0: entered promiscuous mode [ 170.520122][T10321] syzkaller0: entered allmulticast mode [ 170.545143][T10284] chnl_net:caif_netlink_parms(): no params data found [ 170.713342][T10284] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.728009][T10284] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.739446][T10284] bridge_slave_0: entered allmulticast mode [ 170.760145][T10284] bridge_slave_0: entered promiscuous mode [ 170.802462][T10284] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.831739][T10284] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.860810][T10284] bridge_slave_1: entered allmulticast mode [ 170.875868][T10284] bridge_slave_1: entered promiscuous mode [ 170.891768][T10345] netlink: 'syz.4.1848': attribute type 25 has an invalid length. [ 171.110439][T10284] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 171.143338][T10284] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 171.265044][T10284] team0: Port device team_slave_0 added [ 171.291937][T10284] team0: Port device team_slave_1 added [ 171.433007][T10284] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 171.454120][T10284] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 171.499587][T10284] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 171.547946][T10284] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 171.562286][T10284] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 171.589342][T10284] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 171.784219][T10372] FAULT_INJECTION: forcing a failure. [ 171.784219][T10372] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 171.826566][T10284] hsr_slave_0: entered promiscuous mode [ 171.838382][T10372] CPU: 0 PID: 10372 Comm: syz.4.1858 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 171.848666][T10372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 171.858735][T10372] Call Trace: [ 171.862043][T10372] [ 171.865002][T10372] dump_stack_lvl+0x241/0x360 [ 171.869708][T10372] ? __pfx_dump_stack_lvl+0x10/0x10 [ 171.874934][T10372] ? __pfx__printk+0x10/0x10 [ 171.879550][T10372] ? __pfx_lock_release+0x10/0x10 [ 171.884579][T10372] should_fail_ex+0x3b0/0x4e0 [ 171.889257][T10372] _copy_from_user+0x2f/0xe0 [ 171.893847][T10372] copy_msghdr_from_user+0xae/0x680 [ 171.899051][T10372] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 171.904858][T10372] __sys_sendmsg+0x23d/0x3a0 [ 171.909442][T10372] ? __pfx___sys_sendmsg+0x10/0x10 [ 171.914549][T10372] ? vfs_write+0x7c4/0xc90 [ 171.918994][T10372] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 171.925329][T10372] ? do_syscall_64+0x100/0x230 [ 171.930092][T10372] ? do_syscall_64+0xb6/0x230 [ 171.934760][T10372] do_syscall_64+0xf3/0x230 [ 171.939251][T10372] ? clear_bhb_loop+0x35/0x90 [ 171.943923][T10372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.949896][T10372] RIP: 0033:0x7f5e6e775b99 [ 171.954304][T10372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.973990][T10372] RSP: 002b:00007f5e6f5b4048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 171.982487][T10372] RAX: ffffffffffffffda RBX: 00007f5e6e903f60 RCX: 00007f5e6e775b99 [ 171.990447][T10372] RDX: 0000000000000000 RSI: 0000000020001240 RDI: 0000000000000004 [ 171.998406][T10372] RBP: 00007f5e6f5b40a0 R08: 0000000000000000 R09: 0000000000000000 [ 172.006368][T10372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 172.014327][T10372] R13: 000000000000000b R14: 00007f5e6e903f60 R15: 00007fffed029318 [ 172.022305][T10372] [ 172.028107][T10284] hsr_slave_1: entered promiscuous mode [ 172.044117][ T53] Bluetooth: hci1: command tx timeout [ 172.052411][T10284] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 172.062886][T10284] Cannot create hsr debugfs directory [ 172.861452][T10284] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 172.889304][T10284] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.917365][T10408] __nla_validate_parse: 7 callbacks suppressed [ 172.917388][T10408] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1868'. [ 173.010022][T10412] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.1870'. [ 173.062189][T10284] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 173.072911][T10284] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.195457][T10284] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 173.217345][T10284] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.251391][T10426] netlink: 484 bytes leftover after parsing attributes in process `syz.3.1874'. [ 173.282450][T10425] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1875'. [ 173.297806][T10428] netlink: 'syz.4.1876': attribute type 29 has an invalid length. [ 173.309790][T10425] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1875'. [ 173.349596][T10284] netdevsim netdevsim2 netdevsim0 (unregistering): left promiscuous mode [ 173.370121][T10284] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 173.382118][T10284] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.399333][T10428] netlink: 'syz.4.1876': attribute type 29 has an invalid length. [ 173.420807][T10430] netlink: 'syz.4.1876': attribute type 29 has an invalid length. [ 173.441368][T10434] netlink: 'syz.4.1876': attribute type 29 has an invalid length. [ 173.651517][T10447] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1878'. [ 173.676335][T10447] netlink: 'syz.4.1878': attribute type 25 has an invalid length. [ 173.739799][T10284] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 173.763519][T10284] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 173.820060][T10284] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 173.844176][T10284] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 173.929462][T10455] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1880'. [ 174.040509][T10284] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.071104][T10284] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.090599][ T53] Bluetooth: hci1: command tx timeout [ 174.098103][ T783] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.105290][ T783] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.125825][ T783] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.132983][ T783] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.465667][T10284] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.586987][T10284] veth0_vlan: entered promiscuous mode [ 174.612156][T10478] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1886'. [ 174.646588][T10478] netlink: 'syz.4.1886': attribute type 25 has an invalid length. [ 174.712459][T10284] veth1_vlan: entered promiscuous mode [ 174.810093][T10284] veth0_macvtap: entered promiscuous mode [ 174.833230][T10284] veth1_macvtap: entered promiscuous mode [ 174.893892][T10284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.906657][T10284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.925879][T10284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.942416][T10284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.954150][T10284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.965698][T10488] FAULT_INJECTION: forcing a failure. [ 174.965698][T10488] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 174.980763][T10284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.995147][T10488] CPU: 1 PID: 10488 Comm: syz.1.1892 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 175.005332][T10488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 175.015393][T10488] Call Trace: [ 175.018719][T10488] [ 175.021633][T10488] dump_stack_lvl+0x241/0x360 [ 175.024087][T10284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 175.026292][T10488] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.038241][T10284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.041880][T10488] ? __pfx__printk+0x10/0x10 [ 175.041918][T10488] ? snprintf+0xda/0x120 [ 175.041943][T10488] should_fail_ex+0x3b0/0x4e0 [ 175.041977][T10488] _copy_to_user+0x2f/0xb0 [ 175.041999][T10488] simple_read_from_buffer+0xca/0x150 [ 175.042024][T10488] proc_fail_nth_read+0x1e9/0x250 [ 175.042047][T10488] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 175.042071][T10488] ? rw_verify_area+0x514/0x6b0 [ 175.042091][T10488] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 175.042109][T10488] vfs_read+0x204/0xbd0 [ 175.042128][T10488] ? __pfx_lock_release+0x10/0x10 [ 175.042155][T10488] ? __pfx_vfs_read+0x10/0x10 [ 175.042178][T10488] ? __fget_files+0x29/0x470 [ 175.114524][T10488] ? __fget_files+0x3f6/0x470 [ 175.119393][T10488] ksys_read+0x1a0/0x2c0 [ 175.123642][T10488] ? __pfx_ksys_read+0x10/0x10 [ 175.128431][T10488] ? do_syscall_64+0x100/0x230 [ 175.133203][T10488] ? do_syscall_64+0xb6/0x230 [ 175.137901][T10488] do_syscall_64+0xf3/0x230 [ 175.142425][T10488] ? clear_bhb_loop+0x35/0x90 [ 175.147120][T10488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.153014][T10488] RIP: 0033:0x7f67d437467c [ 175.157482][T10488] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 175.177105][T10488] RSP: 002b:00007f67d513c040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 175.185523][T10488] RAX: ffffffffffffffda RBX: 00007f67d4503f60 RCX: 00007f67d437467c [ 175.193510][T10488] RDX: 000000000000000f RSI: 00007f67d513c0b0 RDI: 0000000000000005 [ 175.201480][T10488] RBP: 00007f67d513c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 175.209547][T10488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 175.217531][T10488] R13: 000000000000000b R14: 00007f67d4503f60 R15: 00007ffdb3ba7568 [ 175.225529][T10488] [ 175.232375][T10284] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 175.246701][T10284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.274075][T10284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.295947][T10284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.311224][T10284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.321299][T10284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.339030][T10284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.349560][T10284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.363640][T10284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.385426][T10284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.396797][T10284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.423167][T10284] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 175.496228][T10284] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.518996][T10284] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.540222][T10284] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.549239][T10284] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.789929][ T8539] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.798213][T10511] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1900'. [ 175.812625][T10511] netlink: 'syz.0.1900': attribute type 25 has an invalid length. [ 175.821593][ T8539] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.918252][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.954923][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 176.165536][ T5100] Bluetooth: hci3: command 0x0406 tx timeout [ 176.171681][ T5100] Bluetooth: hci0: command 0x0c1a tx timeout [ 176.178502][ T5101] Bluetooth: hci1: command tx timeout [ 176.178574][ T5107] Bluetooth: hci2: command 0x0406 tx timeout [ 176.334747][T10531] netlink: 'syz.4.1908': attribute type 3 has an invalid length. [ 176.363881][T10531] netlink: 130984 bytes leftover after parsing attributes in process `syz.4.1908'. [ 176.477465][T10545] netlink: 'syz.1.1911': attribute type 1 has an invalid length. [ 176.566361][T10551] x_tables: duplicate underflow at hook 1 [ 176.607708][T10547] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.616772][T10547] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.626193][T10547] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.635512][T10547] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.659362][T10547] vxlan0: entered promiscuous mode [ 176.691846][T10550] bond3: (slave vcan0): The slave device specified does not support setting the MAC address [ 176.713783][T10550] bond3: (slave vcan0): Setting fail_over_mac to active for active-backup mode [ 176.734480][T10550] bond3: (slave vcan0): making interface the new active one [ 176.742339][T10550] bond3: (slave vcan0): Enslaving as an active interface with an up link [ 176.933503][T10565] netlink: 'syz.4.1917': attribute type 11 has an invalid length. [ 177.070484][T10570] ieee802154 phy0 wpan0: encryption failed: -22 [ 177.974233][T10631] netlink: 'syz.2.1944': attribute type 5 has an invalid length. [ 178.187219][T10647] __nla_validate_parse: 4 callbacks suppressed [ 178.187237][T10647] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1948'. [ 178.230008][T10647] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1948'. [ 178.244397][ T5096] Bluetooth: hci1: command tx timeout [ 178.439328][T10668] netlink: 'syz.2.1957': attribute type 2 has an invalid length. [ 178.468621][T10668] netlink: 'syz.2.1957': attribute type 8 has an invalid length. [ 178.488627][T10668] netlink: 'syz.2.1957': attribute type 1 has an invalid length. [ 178.510578][T10668] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1957'. [ 178.538618][T10673] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1956'. [ 178.563659][T10673] netlink: 'syz.3.1956': attribute type 25 has an invalid length. [ 179.135646][T10692] sctp: [Deprecated]: syz.2.1964 (pid 10692) Use of int in maxseg socket option. [ 179.135646][T10692] Use struct sctp_assoc_value instead [ 179.317884][T10702] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1969'. [ 179.474379][T10707] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1971'. [ 179.599901][T10715] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 80 [ 179.741542][T10723] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1979'. [ 179.754448][T10733] validate_nla: 3 callbacks suppressed [ 179.754465][T10733] netlink: 'syz.0.1979': attribute type 5 has an invalid length. [ 179.842974][T10733] : entered promiscuous mode [ 179.942355][T10723] netlink: 116 bytes leftover after parsing attributes in process `syz.0.1979'. [ 179.964587][T10723] bridge_slave_1: left allmulticast mode [ 179.970255][T10723] bridge_slave_1: left promiscuous mode [ 180.016229][T10723] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.043336][T10723] bridge_slave_0: left allmulticast mode [ 180.049673][T10723] bridge_slave_0: left promiscuous mode [ 180.057407][T10723] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.541693][T10778] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1995'. [ 180.581518][T10781] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1998'. [ 180.611669][T10781] gtp0: entered promiscuous mode [ 180.632732][T10781] gtp0: entered allmulticast mode [ 180.882315][T10804] gtp0: entered promiscuous mode [ 180.891324][T10804] gtp0: entered allmulticast mode [ 181.164269][T10821] FAULT_INJECTION: forcing a failure. [ 181.164269][T10821] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 181.199287][T10821] CPU: 1 PID: 10821 Comm: syz.2.2013 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 181.209493][T10821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 181.219569][T10821] Call Trace: [ 181.222860][T10821] [ 181.225806][T10821] dump_stack_lvl+0x241/0x360 [ 181.230506][T10821] ? __pfx_dump_stack_lvl+0x10/0x10 [ 181.235724][T10821] ? __pfx__printk+0x10/0x10 [ 181.240342][T10821] ? __pfx_lock_release+0x10/0x10 [ 181.245397][T10821] should_fail_ex+0x3b0/0x4e0 [ 181.247345][T10826] netlink: 'syz.1.2015': attribute type 11 has an invalid length. [ 181.250083][T10821] _copy_from_user+0x2f/0xe0 [ 181.250113][T10821] alg_setkey+0xc4/0x1b0 [ 181.266743][T10821] alg_setsockopt+0x383/0x450 [ 181.271535][T10821] ? __pfx_alg_setsockopt+0x10/0x10 [ 181.276753][T10821] do_sock_setsockopt+0x3af/0x720 [ 181.281806][T10821] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 181.287392][T10821] ? __fget_files+0x29/0x470 [ 181.292618][T10821] ? __fget_files+0x3f6/0x470 [ 181.297331][T10821] __sys_setsockopt+0x1ae/0x250 [ 181.302190][T10821] __x64_sys_setsockopt+0xb5/0xd0 [ 181.307256][T10821] do_syscall_64+0xf3/0x230 [ 181.311779][T10821] ? clear_bhb_loop+0x35/0x90 [ 181.316470][T10821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.322378][T10821] RIP: 0033:0x7f9c16775b99 [ 181.326796][T10821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.346500][T10821] RSP: 002b:00007f9c17623048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 181.354932][T10821] RAX: ffffffffffffffda RBX: 00007f9c16903f60 RCX: 00007f9c16775b99 [ 181.362909][T10821] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003 [ 181.370968][T10821] RBP: 00007f9c176230a0 R08: 0000000000000020 R09: 0000000000000000 [ 181.378952][T10821] R10: 0000000020000340 R11: 0000000000000246 R12: 0000000000000001 [ 181.386923][T10821] R13: 000000000000000b R14: 00007f9c16903f60 R15: 00007fffd39aa118 [ 181.394905][T10821] [ 181.449280][T10824] tap0: tun_chr_ioctl cmd 1074025677 [ 181.461445][T10824] tap0: linktype set to 769 [ 181.496824][T10830] FAULT_INJECTION: forcing a failure. [ 181.496824][T10830] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 181.555177][T10830] CPU: 1 PID: 10830 Comm: syz.1.2016 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 181.565385][T10830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 181.575454][T10830] Call Trace: [ 181.578815][T10830] [ 181.581742][T10830] dump_stack_lvl+0x241/0x360 [ 181.586421][T10830] ? __pfx_dump_stack_lvl+0x10/0x10 [ 181.591613][T10830] ? __pfx__printk+0x10/0x10 [ 181.596202][T10830] ? __pfx_lock_release+0x10/0x10 [ 181.601217][T10830] ? __lock_acquire+0x1346/0x1fd0 [ 181.606239][T10830] should_fail_ex+0x3b0/0x4e0 [ 181.610923][T10830] _copy_from_user+0x2f/0xe0 [ 181.615519][T10830] kstrtouint_from_user+0xc6/0x190 [ 181.620641][T10830] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 181.626373][T10830] ? __pfx_lock_acquire+0x10/0x10 [ 181.631395][T10830] proc_fail_nth_write+0xaa/0x2d0 [ 181.636431][T10830] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 181.642319][T10830] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 181.647962][T10830] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 181.653599][T10830] vfs_write+0x2a2/0xc90 [ 181.657843][T10830] ? __pfx_vfs_write+0x10/0x10 [ 181.662598][T10830] ? __fget_files+0x29/0x470 [ 181.667183][T10830] ? __fget_files+0x3f6/0x470 [ 181.671863][T10830] ksys_write+0x1a0/0x2c0 [ 181.676190][T10830] ? __pfx_ksys_write+0x10/0x10 [ 181.681037][T10830] ? do_syscall_64+0x100/0x230 [ 181.685793][T10830] ? do_syscall_64+0xb6/0x230 [ 181.690458][T10830] do_syscall_64+0xf3/0x230 [ 181.694964][T10830] ? clear_bhb_loop+0x35/0x90 [ 181.699641][T10830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.705526][T10830] RIP: 0033:0x7f67d437471f [ 181.709935][T10830] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 181.729706][T10830] RSP: 002b:00007f67d513c040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 181.738114][T10830] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f67d437471f [ 181.746082][T10830] RDX: 0000000000000001 RSI: 00007f67d513c0b0 RDI: 0000000000000004 [ 181.754044][T10830] RBP: 00007f67d513c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 181.762022][T10830] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 181.769997][T10830] R13: 000000000000000b R14: 00007f67d4503f60 R15: 00007ffdb3ba7568 [ 181.778080][T10830] [ 182.021578][T10848] vlan2: entered promiscuous mode [ 182.041191][T10848] veth0_to_team: entered promiscuous mode [ 182.100623][T10848] team0: Port device vlan2 added [ 182.633381][T10889] Unsupported ieee802154 address type: 0 [ 183.283466][T10931] __nla_validate_parse: 7 callbacks suppressed [ 183.283482][T10931] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2059'. [ 183.616374][T10948] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2064'. [ 183.746324][T10961] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 184.219101][T10983] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2078'. [ 184.843174][T11027] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2085'. [ 184.865955][T11027] netlink: 'syz.0.2085': attribute type 25 has an invalid length. [ 185.022317][T11029] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2089'. [ 185.667350][ T5103] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 185.692561][ T5103] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 185.710000][ T5103] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 185.738846][ T5103] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 185.747513][ T5103] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 185.763823][ T5103] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 185.870945][ T5103] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 185.885910][ T5103] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 185.893933][ T5103] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 185.906143][ T5103] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 185.913914][ T5103] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 185.921550][ T5103] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 186.108412][ T1098] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 186.139488][ T1098] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.187006][T11066] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2096'. [ 186.350503][ T1098] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 186.380554][ T1098] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.026539][ T1098] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 187.047566][ T1098] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.098903][T11081] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2103'. [ 187.118310][T11081] netlink: 'syz.1.2103': attribute type 25 has an invalid length. [ 187.254292][ T1098] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 187.265882][ T1098] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.600116][ T1098] bridge_slave_1: left allmulticast mode [ 187.606559][ T1098] bridge_slave_1: left promiscuous mode [ 187.613989][ T1098] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.639935][ T1098] bridge_slave_0: left allmulticast mode [ 187.645904][ T1098] bridge_slave_0: left promiscuous mode [ 187.652480][ T1098] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.843849][ T5096] Bluetooth: hci5: command tx timeout [ 188.004546][ T5096] Bluetooth: hci1: command tx timeout [ 188.282817][T11107] FAULT_INJECTION: forcing a failure. [ 188.282817][T11107] name failslab, interval 1, probability 0, space 0, times 0 [ 188.307215][T11107] CPU: 0 PID: 11107 Comm: syz.4.2112 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 188.317412][T11107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 188.327500][T11107] Call Trace: [ 188.330789][T11107] [ 188.333734][T11107] dump_stack_lvl+0x241/0x360 [ 188.338439][T11107] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.343666][T11107] ? __pfx__printk+0x10/0x10 [ 188.348273][T11107] ? ref_tracker_alloc+0x332/0x490 [ 188.353385][T11107] should_fail_ex+0x3b0/0x4e0 [ 188.358057][T11107] ? skb_clone+0x20c/0x390 [ 188.362503][T11107] should_failslab+0x9/0x20 [ 188.367221][T11107] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 188.372605][T11107] skb_clone+0x20c/0x390 [ 188.376849][T11107] __netlink_deliver_tap+0x3cc/0x7c0 [ 188.382146][T11107] ? netlink_deliver_tap+0x2e/0x1b0 [ 188.387353][T11107] netlink_deliver_tap+0x19d/0x1b0 [ 188.392521][T11107] netlink_dump+0x851/0xd80 [ 188.397028][T11107] ? __pfx_netlink_dump+0x10/0x10 [ 188.402048][T11107] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 188.408040][T11107] ? lockdep_hardirqs_on+0x99/0x150 [ 188.413236][T11107] ? netlink_recvmsg+0x60a/0x11d0 [ 188.418271][T11107] ? kmem_cache_free+0x145/0x350 [ 188.423203][T11107] netlink_recvmsg+0x6bb/0x11d0 [ 188.428057][T11107] ? __pfx_netlink_recvmsg+0x10/0x10 [ 188.433343][T11107] ? __pfx___might_resched+0x10/0x10 [ 188.438636][T11107] ? iovec_from_user+0x61/0x240 [ 188.443494][T11107] ? __import_iovec+0x361/0x820 [ 188.448335][T11107] ? __pfx_netlink_recvmsg+0x10/0x10 [ 188.453623][T11107] sock_recvmsg_nosec+0x18e/0x1d0 [ 188.458667][T11107] ____sys_recvmsg+0x3c0/0x470 [ 188.463462][T11107] ? __pfx_____sys_recvmsg+0x10/0x10 [ 188.468769][T11107] ? __might_fault+0xaa/0x120 [ 188.473474][T11107] do_recvmmsg+0x474/0xae0 [ 188.477887][T11107] ? __pfx_lock_release+0x10/0x10 [ 188.482901][T11107] ? __pfx_do_recvmmsg+0x10/0x10 [ 188.487837][T11107] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 188.493718][T11107] ? ksys_write+0x23e/0x2c0 [ 188.498206][T11107] ? __pfx_lock_release+0x10/0x10 [ 188.503222][T11107] ? vfs_write+0x7c4/0xc90 [ 188.507629][T11107] ? __mutex_unlock_slowpath+0x21d/0x750 [ 188.513258][T11107] ? __fget_files+0x3f6/0x470 [ 188.517941][T11107] __x64_sys_recvmmsg+0x199/0x250 [ 188.523064][T11107] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 188.528600][T11107] ? do_syscall_64+0x100/0x230 [ 188.533352][T11107] ? do_syscall_64+0xb6/0x230 [ 188.538012][T11107] do_syscall_64+0xf3/0x230 [ 188.542521][T11107] ? clear_bhb_loop+0x35/0x90 [ 188.547193][T11107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.553081][T11107] RIP: 0033:0x7f5e6e775b99 [ 188.557480][T11107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.577076][T11107] RSP: 002b:00007f5e6f5b4048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 188.585480][T11107] RAX: ffffffffffffffda RBX: 00007f5e6e903f60 RCX: 00007f5e6e775b99 [ 188.593441][T11107] RDX: 000000000000005b RSI: 00000000200021c0 RDI: 0000000000000003 [ 188.601399][T11107] RBP: 00007f5e6f5b40a0 R08: 0000000000000000 R09: 0000000000000000 [ 188.609361][T11107] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000002 [ 188.617410][T11107] R13: 000000000000000b R14: 00007f5e6e903f60 R15: 00007fffed029318 [ 188.625391][T11107] [ 188.779442][ T1098] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 188.791381][ T1098] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 188.802233][ T1098] bond0 (unregistering): Released all slaves [ 188.833508][T11103] bridge0: port 3(vlan3) entered blocking state [ 188.847412][T11103] bridge0: port 3(vlan3) entered disabled state [ 188.857784][T11103] vlan3: entered allmulticast mode [ 188.885283][T11103] vlan3: left allmulticast mode [ 188.921061][T11056] chnl_net:caif_netlink_parms(): no params data found [ 189.093251][T11128] netlink: 144 bytes leftover after parsing attributes in process `syz.0.2118'. [ 189.249561][T11052] chnl_net:caif_netlink_parms(): no params data found [ 189.277606][T11056] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.303878][T11056] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.311282][T11056] bridge_slave_0: entered allmulticast mode [ 189.320071][T11056] bridge_slave_0: entered promiscuous mode [ 189.346022][T11143] team0: left allmulticast mode [ 189.363864][T11143] team_slave_0: left allmulticast mode [ 189.369383][T11143] team_slave_1: left allmulticast mode [ 189.388049][T11143] macvlan2: left allmulticast mode [ 189.393207][T11143] vlan1: left allmulticast mode [ 189.405217][T11143] bridge0: port 3(team0) entered disabled state [ 189.430655][T11143] bridge_slave_0: left allmulticast mode [ 189.449124][T11143] bridge_slave_0: left promiscuous mode [ 189.464137][T11143] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.491572][T11143] infiniband syz2: set active [ 189.498012][T11143] bridge_slave_1: left allmulticast mode [ 189.504115][T11143] bridge_slave_1: left promiscuous mode [ 189.510005][T11143] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.532187][T11143] bond0: (slave bond_slave_0): Releasing backup interface [ 189.572492][T11143] bond0: (slave bond_slave_1): Releasing backup interface [ 189.601672][T11143] team_slave_0: left promiscuous mode [ 189.637893][T11143] team0: Port device team_slave_0 removed [ 189.665484][T11143] team_slave_1: left promiscuous mode [ 189.692150][T11143] team0: Port device team_slave_1 removed [ 189.714597][T11143] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 189.726805][T11143] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 189.747269][T11143] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 189.772369][T11143] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 189.811919][T11143] bond0: (slave netdevsim0): Releasing backup interface [ 189.844176][T11143] bond1: (slave vcan1): Releasing backup interface [ 189.866204][T11143] vlan1: left promiscuous mode [ 189.878795][T11143] team0: Port device macvlan2 removed [ 189.900779][T11056] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.912891][T11056] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.920867][T11056] bridge_slave_1: entered allmulticast mode [ 189.927847][ T5096] Bluetooth: hci5: command tx timeout [ 189.936924][T11056] bridge_slave_1: entered promiscuous mode [ 189.979685][T11147] bridge0: port 1(syz_tun) entered blocking state [ 189.988379][T11147] bridge0: port 1(syz_tun) entered disabled state [ 189.996852][T11147] syz_tun: entered allmulticast mode [ 190.007827][T11147] syz_tun: entered promiscuous mode [ 190.019125][T11147] bridge0: port 1(syz_tun) entered blocking state [ 190.026328][T11147] bridge0: port 1(syz_tun) entered forwarding state [ 190.085035][ T5096] Bluetooth: hci1: command tx timeout [ 190.287788][T11056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.347051][T11056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.496948][ T1098] hsr_slave_0: left promiscuous mode [ 190.503146][ T1098] hsr_slave_1: left promiscuous mode [ 190.523149][ T1098] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 190.533746][ T1098] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 190.552701][ T1098] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 190.560308][ T1098] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 190.599692][ T1098] veth0_to_team: left promiscuous mode [ 190.607362][ T1098] veth1_macvtap: left promiscuous mode [ 190.614789][ T1098] veth0_macvtap: left promiscuous mode [ 190.624730][ T1098] veth1_vlan: left promiscuous mode [ 190.631569][ T1098] veth0_vlan: left promiscuous mode [ 190.716222][T11177] netlink: 'syz.4.2132': attribute type 1 has an invalid length. [ 190.737169][T11177] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2132'. [ 190.877580][ T1098] team0 (unregistering): Port device vlan2 removed [ 191.451624][ T1098] team0 (unregistering): Port device team_slave_1 removed [ 191.513191][ T1098] team0 (unregistering): Port device team_slave_0 removed [ 192.007415][ T5096] Bluetooth: hci5: command tx timeout [ 192.151701][T11052] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.170011][T11052] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.170922][ T5096] Bluetooth: hci1: command tx timeout [ 192.181546][T11052] bridge_slave_0: entered allmulticast mode [ 192.210990][T11052] bridge_slave_0: entered promiscuous mode [ 192.232771][T11052] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.244700][T11052] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.251984][T11052] bridge_slave_1: entered allmulticast mode [ 192.266110][T11052] bridge_slave_1: entered promiscuous mode [ 192.277301][T11056] team0: Port device team_slave_0 added [ 192.298120][T11056] team0: Port device team_slave_1 added [ 192.373421][T11208] netlink: 'syz.4.2137': attribute type 4 has an invalid length. [ 192.402222][T11208] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2137'. [ 192.440627][T11208] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 192.602391][T11052] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 192.646904][T11052] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 192.675577][T11056] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 192.682569][T11056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.744754][T11056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 192.766607][T11056] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 192.783672][T11056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.834036][T11056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.995649][T11052] team0: Port device team_slave_0 added [ 193.031959][T11052] team0: Port device team_slave_1 added [ 193.082838][T11056] hsr_slave_0: entered promiscuous mode [ 193.092030][T11056] hsr_slave_1: entered promiscuous mode [ 193.101786][T11056] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 193.110470][T11056] Cannot create hsr debugfs directory [ 193.165174][T11052] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 193.184777][T11052] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 193.224017][T11052] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 193.289866][T11052] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 193.304451][T11052] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 193.331396][T11052] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 193.663194][T11052] hsr_slave_0: entered promiscuous mode [ 193.692936][T11052] hsr_slave_1: entered promiscuous mode [ 193.723819][T11052] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 193.753874][T11052] Cannot create hsr debugfs directory [ 193.978031][T11241] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2148'. [ 194.036649][T11056] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.059425][T11056] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.084613][ T5096] Bluetooth: hci5: command tx timeout [ 194.235212][T11056] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.244348][ T5096] Bluetooth: hci1: command tx timeout [ 194.273742][T11056] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.398021][T11056] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.424301][T11056] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.569963][ T1243] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.592223][T11056] netdevsim netdevsim3 netdevsim0 (unregistering): left promiscuous mode [ 194.610327][T11056] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.633332][T11056] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.128828][T11282] netlink: 'syz.1.2158': attribute type 4 has an invalid length. [ 195.405722][T11052] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 195.444920][T11288] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2161'. [ 195.462704][T11288] netlink: 'syz.0.2161': attribute type 25 has an invalid length. [ 195.506311][T11052] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 195.537661][T11052] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 195.583725][T11052] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 195.609405][T11292] syz_tun: left allmulticast mode [ 195.615227][T11292] syz_tun: left promiscuous mode [ 195.620903][T11292] bridge0: port 1(syz_tun) entered disabled state [ 195.648710][T11292] infiniband syz2: set active [ 195.710649][T11297] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2165'. [ 195.738923][T11056] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 195.756313][T11056] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 195.775612][T11056] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 195.789181][T11056] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 195.945240][T11052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.012310][T11052] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.063410][ T5092] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.070635][ T5092] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.111914][ T5139] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.119118][ T5139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.184877][T11056] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.259488][T11056] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.298136][ T5139] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.305341][ T5139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.429490][ T5092] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.436710][ T5092] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.595532][T11056] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 196.700091][T11052] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.727533][T11325] FAULT_INJECTION: forcing a failure. [ 196.727533][T11325] name failslab, interval 1, probability 0, space 0, times 0 [ 196.768631][T11325] CPU: 1 PID: 11325 Comm: syz.1.2175 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 196.778845][T11325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 196.788923][T11325] Call Trace: [ 196.792215][T11325] [ 196.795159][T11325] dump_stack_lvl+0x241/0x360 [ 196.799861][T11325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 196.805083][T11325] ? __pfx__printk+0x10/0x10 [ 196.809699][T11325] ? ref_tracker_alloc+0x332/0x490 [ 196.814841][T11325] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 196.820329][T11325] should_fail_ex+0x3b0/0x4e0 [ 196.825034][T11325] ? skb_clone+0x20c/0x390 [ 196.829472][T11325] should_failslab+0x9/0x20 [ 196.834001][T11325] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 196.839404][T11325] skb_clone+0x20c/0x390 [ 196.843671][T11325] __netlink_deliver_tap+0x3cc/0x7c0 [ 196.846911][T11052] veth0_vlan: entered promiscuous mode [ 196.848963][T11325] ? netlink_deliver_tap+0x2e/0x1b0 [ 196.859803][T11325] netlink_deliver_tap+0x19d/0x1b0 [ 196.864939][T11325] netlink_sendskb+0x68/0x140 [ 196.869890][T11325] netlink_unicast+0x39d/0x990 [ 196.871885][T11052] veth1_vlan: entered promiscuous mode [ 196.874676][T11325] ? __asan_memcpy+0x40/0x70 [ 196.874707][T11325] ? __pfx_netlink_unicast+0x10/0x10 [ 196.874736][T11325] netlink_rcv_skb+0x262/0x430 [ 196.894789][T11325] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 196.900356][T11325] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 196.905691][T11325] ? netlink_deliver_tap+0x2e/0x1b0 [ 196.910909][T11325] netlink_unicast+0x7f0/0x990 [ 196.915698][T11325] ? __pfx_netlink_unicast+0x10/0x10 [ 196.920992][T11325] ? __virt_addr_valid+0x183/0x520 [ 196.926131][T11325] ? __check_object_size+0x49c/0x900 [ 196.931440][T11325] ? bpf_lsm_netlink_send+0x9/0x10 [ 196.936580][T11325] netlink_sendmsg+0x8e4/0xcb0 [ 196.941382][T11325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 196.946688][T11325] ? __import_iovec+0x536/0x820 [ 196.951552][T11325] ? aa_sock_msg_perm+0x91/0x160 [ 196.956090][T11052] veth0_macvtap: entered promiscuous mode [ 196.956493][T11325] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 196.967486][T11325] ? security_socket_sendmsg+0x87/0xb0 [ 196.972971][T11325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 196.978274][T11325] __sock_sendmsg+0x221/0x270 [ 196.981815][T11052] veth1_macvtap: entered promiscuous mode [ 196.982952][T11325] ____sys_sendmsg+0x525/0x7d0 [ 196.982991][T11325] ? __pfx_____sys_sendmsg+0x10/0x10 [ 196.998742][T11325] __sys_sendmsg+0x2b0/0x3a0 [ 197.003359][T11325] ? __pfx___sys_sendmsg+0x10/0x10 [ 197.008496][T11325] ? vfs_write+0x7c4/0xc90 [ 197.012960][T11325] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 197.017865][T11052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 197.019281][T11325] ? do_syscall_64+0x100/0x230 [ 197.019309][T11325] ? do_syscall_64+0xb6/0x230 [ 197.030243][T11052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.034438][T11325] do_syscall_64+0xf3/0x230 [ 197.034462][T11325] ? clear_bhb_loop+0x35/0x90 [ 197.034486][T11325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.034506][T11325] RIP: 0033:0x7f67d4375b99 [ 197.034525][T11325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.034541][T11325] RSP: 002b:00007f67d513c048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 197.034563][T11325] RAX: ffffffffffffffda RBX: 00007f67d4503f60 RCX: 00007f67d4375b99 [ 197.034577][T11325] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000005 [ 197.034590][T11325] RBP: 00007f67d513c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 197.041048][T11052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 197.049011][T11325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.049027][T11325] R13: 000000000000000b R14: 00007f67d4503f60 R15: 00007ffdb3ba7568 [ 197.049056][T11325] [ 197.193788][T11052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.204715][T11052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 197.215542][T11052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.227319][T11052] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.267294][T11052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 197.309980][T11052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.337429][T11052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 197.359719][T11052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.393892][T11052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 197.413711][T11052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.433708][T11052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 197.454041][T11052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.505607][T11052] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.515308][T11333] netlink: 'syz.1.2177': attribute type 6 has an invalid length. [ 197.542992][T11052] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.563738][T11052] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.572721][T11052] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.582474][T11052] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.600714][T11343] xt_CT: You must specify a L4 protocol and not use inversions on it [ 197.617274][T11339] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2179'. [ 197.710661][T11056] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 197.838495][T11347] bridge_slave_0: left allmulticast mode [ 197.844733][T11347] bridge_slave_0: left promiscuous mode [ 197.850653][T11347] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.865413][T11347] bridge_slave_1: left allmulticast mode [ 197.876666][T11347] bridge_slave_1: left promiscuous mode [ 197.882566][T11347] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.900913][T11347] bond0: (slave bond_slave_0): Releasing backup interface [ 197.921376][T11347] bond0: (slave bond_slave_1): Releasing backup interface [ 197.965374][T11347] team0: Port device team_slave_0 removed [ 197.995774][T11347] team0: Port device team_slave_1 removed [ 198.005869][T11347] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 198.013329][T11347] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 198.042501][T11347] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 198.063496][T11347] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 198.137612][T11347] team0: Port device batadv2 removed [ 198.150961][T11347] bond3: (slave vcan0): Releasing backup interface [ 198.231014][T11361] veth1_macvtap: left promiscuous mode [ 198.255083][T11361] macsec0: entered promiscuous mode [ 198.260361][T11361] macsec0: entered allmulticast mode [ 198.303011][ T1043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.319199][ T1043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.405024][T11056] veth0_vlan: entered promiscuous mode [ 198.419914][ T8537] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.447000][ T8537] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.456017][T11056] veth1_vlan: entered promiscuous mode [ 198.546480][T11056] veth0_macvtap: entered promiscuous mode [ 198.567111][T11056] veth1_macvtap: entered promiscuous mode [ 198.592910][T11056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 198.607674][T11056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.619165][T11056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 198.630503][T11056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.657972][T11056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 198.677110][T11056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.702053][T11056] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 198.731911][T11056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 198.757259][T11056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.779373][T11056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 198.804111][T11056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.815779][T11056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 198.828777][T11056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.840804][T11056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 198.852886][T11056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.865758][T11056] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.905364][T11056] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.915052][T11056] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.928279][T11056] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.941032][T11056] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.959991][T11382] pim6reg1: entered promiscuous mode [ 198.973765][T11382] pim6reg1: entered allmulticast mode [ 199.204720][ T1043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.212583][ T1043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.313098][ T8539] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.335854][ T8539] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.779495][T11493] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2233'. [ 200.873520][T11497] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 200.967728][T11473] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 201.979416][T11543] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 202.131370][T11552] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2261'. [ 202.458434][T11566] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2268'. [ 202.515716][ T5095] ================================================================== [ 202.523832][ T5095] BUG: KASAN: slab-use-after-free in nf_tables_trans_destroy_work+0x152b/0x1750 [ 202.532870][ T5095] Read of size 2 at addr ffff888069a8b5c4 by task kworker/0:4/5095 [ 202.540777][ T5095] [ 202.543111][ T5095] CPU: 0 PID: 5095 Comm: kworker/0:4 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 202.543938][ T784] IPVS: starting estimator thread 0... [ 202.553340][ T5095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 202.553359][ T5095] Workqueue: events nf_tables_trans_destroy_work [ 202.553383][ T5095] Call Trace: [ 202.553393][ T5095] [ 202.553401][ T5095] dump_stack_lvl+0x241/0x360 [ 202.553424][ T5095] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.553442][ T5095] ? __pfx__printk+0x10/0x10 [ 202.561718][T11577] IPVS: sh: TCP 172.20.20.170:0 - no destination available [ 202.568918][ T5095] ? _printk+0xd5/0x120 [ 202.568956][ T5095] ? __virt_addr_valid+0x183/0x520 [ 202.568979][ T5095] ? __virt_addr_valid+0x183/0x520 [ 202.569000][ T5095] print_report+0x169/0x550 [ 202.569020][ T5095] ? __virt_addr_valid+0x183/0x520 [ 202.569039][ T5095] ? __virt_addr_valid+0x183/0x520 [ 202.569059][ T5095] ? __virt_addr_valid+0x44e/0x520 [ 202.569079][ T5095] ? __phys_addr+0xba/0x170 [ 202.569100][ T5095] ? nf_tables_trans_destroy_work+0x152b/0x1750 [ 202.569118][ T5095] kasan_report+0x143/0x180 [ 202.569137][ T5095] ? nf_tables_trans_destroy_work+0x152b/0x1750 [ 202.569159][ T5095] nf_tables_trans_destroy_work+0x152b/0x1750 [ 202.569186][ T5095] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10 [ 202.569203][ T5095] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 202.569222][ T5095] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 202.569244][ T5095] ? process_scheduled_works+0x945/0x1830 [ 202.569259][ T5095] process_scheduled_works+0xa2c/0x1830 [ 202.569286][ T5095] ? __pfx_process_scheduled_works+0x10/0x10 [ 202.700784][ T5095] ? assign_work+0x364/0x3d0 [ 202.705368][ T5095] worker_thread+0x86d/0xd50 [ 202.710062][ T5095] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 202.715949][ T5095] ? __kthread_parkme+0x169/0x1d0 [ 202.720961][ T5095] ? __pfx_worker_thread+0x10/0x10 [ 202.726153][ T5095] kthread+0x2f0/0x390 [ 202.730210][ T5095] ? __pfx_worker_thread+0x10/0x10 [ 202.735311][ T5095] ? __pfx_kthread+0x10/0x10 [ 202.739889][ T5095] ret_from_fork+0x4b/0x80 [ 202.744295][ T5095] ? __pfx_kthread+0x10/0x10 [ 202.748872][ T5095] ret_from_fork_asm+0x1a/0x30 [ 202.753891][ T5095] [ 202.756892][ T5095] [ 202.759208][ T5095] Allocated by task 11566: [ 202.763608][ T5095] kasan_save_track+0x3f/0x80 [ 202.768274][ T5095] __kasan_kmalloc+0x98/0xb0 [ 202.772851][ T5095] kmalloc_trace_noprof+0x19c/0x2c0 [ 202.778032][ T5095] nf_tables_newtable+0x52e/0x1dc0 [ 202.783129][ T5095] nfnetlink_rcv+0x1427/0x2a90 [ 202.787877][ T5095] netlink_unicast+0x7f0/0x990 [ 202.792623][ T5095] netlink_sendmsg+0x8e4/0xcb0 [ 202.797373][ T5095] __sock_sendmsg+0x221/0x270 [ 202.802032][ T5095] ____sys_sendmsg+0x525/0x7d0 [ 202.806779][ T5095] __sys_sendmsg+0x2b0/0x3a0 [ 202.811354][ T5095] do_syscall_64+0xf3/0x230 [ 202.815925][ T5095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.821803][ T5095] [ 202.824111][ T5095] Freed by task 11565: [ 202.828158][ T5095] kasan_save_track+0x3f/0x80 [ 202.832826][ T5095] kasan_save_free_info+0x40/0x50 [ 202.837839][ T5095] poison_slab_object+0xe0/0x150 [ 202.842770][ T5095] __kasan_slab_free+0x37/0x60 [ 202.847523][ T5095] kfree+0x149/0x360 [ 202.851407][ T5095] __nft_release_table+0xe80/0xf40 [ 202.856514][ T5095] nft_rcv_nl_event+0x55f/0x6d0 [ 202.861349][ T5095] notifier_call_chain+0x19f/0x3e0 [ 202.866449][ T5095] blocking_notifier_call_chain+0x69/0x90 [ 202.872151][ T5095] netlink_release+0x11a6/0x1b10 [ 202.877073][ T5095] sock_close+0xbc/0x240 [ 202.881300][ T5095] __fput+0x406/0x8b0 [ 202.885269][ T5095] task_work_run+0x24f/0x310 [ 202.889844][ T5095] syscall_exit_to_user_mode+0x168/0x370 [ 202.895463][ T5095] do_syscall_64+0x100/0x230 [ 202.900037][ T5095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.905917][ T5095] [ 202.908222][ T5095] Last potentially related work creation: [ 202.913920][ T5095] kasan_save_stack+0x3f/0x60 [ 202.918581][ T5095] __kasan_record_aux_stack+0xac/0xc0 [ 202.923939][ T5095] insert_work+0x3e/0x330 [ 202.928250][ T5095] __queue_work+0xc16/0xee0 [ 202.932741][ T5095] queue_work_on+0x1c2/0x380 [ 202.937312][ T5095] rhltable_remove+0x1097/0x1160 [ 202.942237][ T5095] __nft_release_table+0xc57/0xf40 [ 202.947337][ T5095] nft_rcv_nl_event+0x55f/0x6d0 [ 202.952177][ T5095] notifier_call_chain+0x19f/0x3e0 [ 202.957272][ T5095] blocking_notifier_call_chain+0x69/0x90 [ 202.962977][ T5095] netlink_release+0x11a6/0x1b10 [ 202.967899][ T5095] sock_close+0xbc/0x240 [ 202.972211][ T5095] __fput+0x406/0x8b0 [ 202.976177][ T5095] task_work_run+0x24f/0x310 [ 202.980752][ T5095] syscall_exit_to_user_mode+0x168/0x370 [ 202.986365][ T5095] do_syscall_64+0x100/0x230 [ 202.990967][ T5095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.996845][ T5095] [ 202.999151][ T5095] The buggy address belongs to the object at ffff888069a8b400 [ 202.999151][ T5095] which belongs to the cache kmalloc-cg-512 of size 512 [ 203.013443][ T5095] The buggy address is located 452 bytes inside of [ 203.013443][ T5095] freed 512-byte region [ffff888069a8b400, ffff888069a8b600) [ 203.027221][ T5095] [ 203.029525][ T5095] The buggy address belongs to the physical page: [ 203.035923][ T5095] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x69a88 [ 203.044678][ T5095] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 203.053183][ T5095] memcg:ffff8880783dc201 [ 203.057411][ T5095] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 203.065397][ T5095] page_type: 0xffffefff(slab) [ 203.070064][ T5095] raw: 00fff00000000040 ffff88801504f140 0000000000000000 0000000000000001 [ 203.078645][ T5095] raw: 0000000000000000 0000000080100010 00000001ffffefff ffff8880783dc201 [ 203.087228][ T5095] head: 00fff00000000040 ffff88801504f140 0000000000000000 0000000000000001 [ 203.095978][ T5095] head: 0000000000000000 0000000080100010 00000001ffffefff ffff8880783dc201 [ 203.104657][ T5095] head: 00fff00000000002 ffffea0001a6a201 ffffffffffffffff 0000000000000000 [ 203.113510][ T5095] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 203.122167][ T5095] page dumped because: kasan: bad access detected [ 203.128582][ T5095] page_owner tracks the page as allocated [ 203.134286][ T5095] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 11056, tgid 11056 (syz-executor), ts 189194507938, free_ts 185493449048 [ 203.159112][ T5095] post_alloc_hook+0x1f3/0x230 [ 203.163876][ T5095] get_page_from_freelist+0x2e4c/0x2f10 [ 203.169419][ T5095] __alloc_pages_noprof+0x256/0x6c0 [ 203.174607][ T5095] alloc_slab_page+0x5f/0x120 [ 203.179270][ T5095] allocate_slab+0x5a/0x2f0 [ 203.183757][ T5095] ___slab_alloc+0xcd1/0x14b0 [ 203.188416][ T5095] __slab_alloc+0x58/0xa0 [ 203.192726][ T5095] __kmalloc_node_noprof+0x286/0x440 [ 203.197995][ T5095] kvmalloc_node_noprof+0x72/0x190 [ 203.203088][ T5095] alloc_netdev_mqs+0xa1f/0xff0 [ 203.207938][ T5095] rtnl_create_link+0x2f9/0xc20 [ 203.212863][ T5095] veth_newlink+0x2c5/0xcd0 [ 203.217351][ T5095] rtnl_newlink+0x1591/0x20a0 [ 203.222014][ T5095] rtnetlink_rcv_msg+0x89b/0x1180 [ 203.227025][ T5095] netlink_rcv_skb+0x1e3/0x430 [ 203.231780][ T5095] netlink_unicast+0x7f0/0x990 [ 203.236549][ T5095] page last free pid 10284 tgid 10284 stack trace: [ 203.243030][ T5095] free_unref_page+0xd22/0xea0 [ 203.247786][ T5095] vfree+0x186/0x2e0 [ 203.251679][ T5095] kcov_close+0x2b/0x50 [ 203.255909][ T5095] __fput+0x406/0x8b0 [ 203.259877][ T5095] task_work_run+0x24f/0x310 [ 203.264456][ T5095] do_exit+0xa27/0x27e0 [ 203.268595][ T5095] do_group_exit+0x207/0x2c0 [ 203.273198][ T5095] get_signal+0x16a1/0x1740 [ 203.277715][ T5095] arch_do_signal_or_restart+0x96/0x860 [ 203.283250][ T5095] syscall_exit_to_user_mode+0xc9/0x370 [ 203.288783][ T5095] do_syscall_64+0x100/0x230 [ 203.293358][ T5095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.299293][ T5095] [ 203.301619][ T5095] Memory state around the buggy address: [ 203.307239][ T5095] ffff888069a8b480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 203.315310][ T5095] ffff888069a8b500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 203.323363][ T5095] >ffff888069a8b580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 203.331420][ T5095] ^ [ 203.337577][ T5095] ffff888069a8b600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 203.345625][ T5095] ffff888069a8b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 203.353678][ T5095] ================================================================== [ 203.440320][ T5095] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 203.447557][ T5095] CPU: 0 PID: 5095 Comm: kworker/0:4 Not tainted 6.10.0-rc5-syzkaller-01193-gac26327635d6 #0 [ 203.457723][ T5095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 203.467793][ T5095] Workqueue: events nf_tables_trans_destroy_work [ 203.474147][ T5095] Call Trace: [ 203.477432][ T5095] [ 203.480368][ T5095] dump_stack_lvl+0x241/0x360 [ 203.485063][ T5095] ? __pfx_dump_stack_lvl+0x10/0x10 [ 203.490274][ T5095] ? __pfx__printk+0x10/0x10 [ 203.494886][ T5095] ? preempt_schedule+0xe1/0xf0 [ 203.499754][ T5095] ? vscnprintf+0x5d/0x90 [ 203.504096][ T5095] panic+0x349/0x860 [ 203.508003][ T5095] ? check_panic_on_warn+0x21/0xb0 [ 203.513128][ T5095] ? __pfx_panic+0x10/0x10 [ 203.517562][ T5095] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 203.523560][ T5095] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 203.529909][ T5095] ? print_report+0x502/0x550 [ 203.534602][ T5095] check_panic_on_warn+0x86/0xb0 [ 203.539555][ T5095] ? nf_tables_trans_destroy_work+0x152b/0x1750 [ 203.545808][ T5095] end_report+0x77/0x160 [ 203.550068][ T5095] kasan_report+0x154/0x180 [ 203.554592][ T5095] ? nf_tables_trans_destroy_work+0x152b/0x1750 [ 203.560864][ T5095] nf_tables_trans_destroy_work+0x152b/0x1750 [ 203.566929][ T5095] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10 [ 203.573421][ T5095] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 203.579393][ T5095] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 203.585711][ T5095] ? process_scheduled_works+0x945/0x1830 [ 203.591417][ T5095] process_scheduled_works+0xa2c/0x1830 [ 203.596976][ T5095] ? __pfx_process_scheduled_works+0x10/0x10 [ 203.602969][ T5095] ? assign_work+0x364/0x3d0 [ 203.607562][ T5095] worker_thread+0x86d/0xd50 [ 203.612148][ T5095] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 203.618209][ T5095] ? __kthread_parkme+0x169/0x1d0 [ 203.623228][ T5095] ? __pfx_worker_thread+0x10/0x10 [ 203.628325][ T5095] kthread+0x2f0/0x390 [ 203.632384][ T5095] ? __pfx_worker_thread+0x10/0x10 [ 203.637482][ T5095] ? __pfx_kthread+0x10/0x10 [ 203.642060][ T5095] ret_from_fork+0x4b/0x80 [ 203.646471][ T5095] ? __pfx_kthread+0x10/0x10 [ 203.651051][ T5095] ret_from_fork_asm+0x1a/0x30 [ 203.655814][ T5095] [ 203.659150][ T5095] Kernel Offset: disabled [ 203.663459][ T5095] Rebooting in 86400 seconds..