last executing test programs: 4m6.343505721s ago: executing program 3 (id=1685): syz_emit_ethernet(0x92, &(0x7f00000006c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x5c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x17, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x1e, 0x4, 0x5}, @sack_perm={0x4, 0x2}, @timestamp={0x8, 0xa, 0xa, 0x4}, @timestamp={0x8, 0xa}, @mptcp=@generic={0x80, 0xf, "c8977f7eebf5f9f1fe7276f7f2"}, @md5sig={0x13, 0x12, "7232407c80067615774fdbb46eb86cc8"}, @timestamp={0x8, 0xa, 0x10, 0x10001}]}}}}}}}}, 0x0) 4m5.351978134s ago: executing program 4 (id=1706): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000200008385000000710000001801000002696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x64}}, 0x0) 3m49.110349158s ago: executing program 3 (id=1685): syz_emit_ethernet(0x92, &(0x7f00000006c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x5c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x17, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x1e, 0x4, 0x5}, @sack_perm={0x4, 0x2}, @timestamp={0x8, 0xa, 0xa, 0x4}, @timestamp={0x8, 0xa}, @mptcp=@generic={0x80, 0xf, "c8977f7eebf5f9f1fe7276f7f2"}, @md5sig={0x13, 0x12, "7232407c80067615774fdbb46eb86cc8"}, @timestamp={0x8, 0xa, 0x10, 0x10001}]}}}}}}}}, 0x0) 3m47.262811059s ago: executing program 4 (id=1706): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000200008385000000710000001801000002696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x64}}, 0x0) 3m31.332072644s ago: executing program 3 (id=1685): syz_emit_ethernet(0x92, &(0x7f00000006c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x5c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x17, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x1e, 0x4, 0x5}, @sack_perm={0x4, 0x2}, @timestamp={0x8, 0xa, 0xa, 0x4}, @timestamp={0x8, 0xa}, @mptcp=@generic={0x80, 0xf, "c8977f7eebf5f9f1fe7276f7f2"}, @md5sig={0x13, 0x12, "7232407c80067615774fdbb46eb86cc8"}, @timestamp={0x8, 0xa, 0x10, 0x10001}]}}}}}}}}, 0x0) 3m30.610500231s ago: executing program 4 (id=1706): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000200008385000000710000001801000002696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x64}}, 0x0) 3m14.903920791s ago: executing program 3 (id=1685): syz_emit_ethernet(0x92, &(0x7f00000006c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x5c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x17, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x1e, 0x4, 0x5}, @sack_perm={0x4, 0x2}, @timestamp={0x8, 0xa, 0xa, 0x4}, @timestamp={0x8, 0xa}, @mptcp=@generic={0x80, 0xf, "c8977f7eebf5f9f1fe7276f7f2"}, @md5sig={0x13, 0x12, "7232407c80067615774fdbb46eb86cc8"}, @timestamp={0x8, 0xa, 0x10, 0x10001}]}}}}}}}}, 0x0) 3m12.11293753s ago: executing program 4 (id=1706): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000200008385000000710000001801000002696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x64}}, 0x0) 2m56.567803016s ago: executing program 3 (id=1685): syz_emit_ethernet(0x92, &(0x7f00000006c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x5c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x17, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x1e, 0x4, 0x5}, @sack_perm={0x4, 0x2}, @timestamp={0x8, 0xa, 0xa, 0x4}, @timestamp={0x8, 0xa}, @mptcp=@generic={0x80, 0xf, "c8977f7eebf5f9f1fe7276f7f2"}, @md5sig={0x13, 0x12, "7232407c80067615774fdbb46eb86cc8"}, @timestamp={0x8, 0xa, 0x10, 0x10001}]}}}}}}}}, 0x0) 2m55.668834925s ago: executing program 4 (id=1706): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000200008385000000710000001801000002696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x64}}, 0x0) 2m50.321341529s ago: executing program 4 (id=1706): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000200008385000000710000001801000002696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x64}}, 0x0) 2m50.242434219s ago: executing program 3 (id=1685): syz_emit_ethernet(0x92, &(0x7f00000006c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x5c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x17, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x1e, 0x4, 0x5}, @sack_perm={0x4, 0x2}, @timestamp={0x8, 0xa, 0xa, 0x4}, @timestamp={0x8, 0xa}, @mptcp=@generic={0x80, 0xf, "c8977f7eebf5f9f1fe7276f7f2"}, @md5sig={0x13, 0x12, "7232407c80067615774fdbb46eb86cc8"}, @timestamp={0x8, 0xa, 0x10, 0x10001}]}}}}}}}}, 0x0) 2m49.83710033s ago: executing program 32 (id=1706): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000200008385000000710000001801000002696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x64}}, 0x0) 2m49.822997368s ago: executing program 33 (id=1685): syz_emit_ethernet(0x92, &(0x7f00000006c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x5c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x17, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x1e, 0x4, 0x5}, @sack_perm={0x4, 0x2}, @timestamp={0x8, 0xa, 0xa, 0x4}, @timestamp={0x8, 0xa}, @mptcp=@generic={0x80, 0xf, "c8977f7eebf5f9f1fe7276f7f2"}, @md5sig={0x13, 0x12, "7232407c80067615774fdbb46eb86cc8"}, @timestamp={0x8, 0xa, 0x10, 0x10001}]}}}}}}}}, 0x0) 25.525480984s ago: executing program 2 (id=4444): r0 = socket(0x5, 0xa, 0x7) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)={0x18, r1, 0x1, 0x70bd2d, 0x0, {0x1c}, [@HEADER={0x4}]}, 0x18}, 0x1, 0xa60d000000000000}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r3}, 0x38) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@cgroup=r4, 0xffffffffffffffff, 0x15, 0x0, 0x4000, @void, @value}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x10, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x2f}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000740), r5) socket$inet6_dccp(0xa, 0x6, 0x0) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f0000000480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x110, r6, 0x200, 0x70bd26, 0x25dfdbfe, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x7}, {0x8, 0x15, 0x6}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x4}, {0x6, 0x11, 0xd6d9}, {0x8, 0x15, 0x10}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x4}, {0x6, 0x11, 0xdd}, {0x8, 0x15, 0xcb4}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8}, {0x6, 0x11, 0x1}, {0x8, 0x15, 0x4}}]}, 0x110}, 0x1, 0x0, 0x0, 0x4000800}, 0x20000000) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) syz_emit_ethernet(0xca, &(0x7f0000000640)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xbc, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote}, @dest_unreach={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x28, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @multicast2, @local, {[@rr={0x7, 0x3, 0xdd}, @generic={0x0, 0xd, "ee0dd9de36ed4bcc5b4e23"}, @timestamp_prespec={0x44, 0xc, 0x0, 0x3, 0x0, [{@private}]}, @ssrr={0x89, 0xf, 0x0, [@private, @broadcast, @broadcast]}, @timestamp_addr={0x44, 0x4c, 0x0, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@loopback}, {}, {@local}, {@loopback}, {@private}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@broadcast}, {@broadcast}]}, @timestamp={0x44, 0x14, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000011c0)=ANY=[@ANYBLOB="1c000000800800188009ac0f000000000900"/28], 0x1c}], 0x1}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) shutdown(0xffffffffffffffff, 0x1) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x636, 0x0, 0x0) sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)=ANY=[@ANYBLOB="280000002c000100000000000000006604000080140016"], 0x28}], 0x1}, 0x0) getpeername$ax25(r0, &(0x7f0000000280)={{0x3, @bcast}, [@remote, @rose, @netrom, @netrom, @default, @null, @rose]}, &(0x7f0000000080)=0x48) 24.446181001s ago: executing program 2 (id=4451): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="340000001a00010000000000000000000a000000000000000000000006001b000000000006001c0000000000080019"], 0x34}}, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4000002, 0x3032, 0xffffffffffffffff, 0x2a1cf000) unshare(0x6a040000) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) bind$phonet(r1, &(0x7f0000000040)={0x23, 0x4, 0x2}, 0x10) socket$phonet_pipe(0x23, 0x5, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000000, 0x12, r3, 0x3fd0000) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_mptcp_buf(r4, 0x11c, 0x2, 0x0, 0x0) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x1a, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bind$phonet(r5, &(0x7f0000000040)={0x23, 0x4, 0x2}, 0x10) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) bind$phonet(r6, &(0x7f0000000040)={0x23, 0x4}, 0x10) 21.45623532s ago: executing program 2 (id=4477): bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000140)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20) unshare(0x22020400) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) socket(0x10, 0x803, 0x0) socket(0x1, 0x803, 0x0) socket(0x10, 0x803, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet(0x2, 0x80001, 0x84) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x1, 0x84) socket$packet(0x11, 0x3, 0x300) socket$igmp(0x2, 0x3, 0x2) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="1502ffffffa100001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x4c}, 0x1, 0xba01}, 0x0) 21.200506228s ago: executing program 2 (id=4480): r0 = socket(0x10, 0x80002, 0x2) bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) close(r1) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) socket$unix(0x1, 0x1, 0x0) sendto(r0, &(0x7f00000000c0)='\x00', 0x1, 0x0, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="2400000029000100000000000000000002002000000000000000000008000200ffffffff"], 0x24}, 0x1, 0x0, 0x0, 0x2000c811}, 0x0) 20.951708152s ago: executing program 2 (id=4483): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000002c0)=[{0x0, 0x2c}], 0x1}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvlan0\x00'}) socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="240000001a001fffffffff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\b'], 0x24}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180200000100000000000000ff000000850000008700000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0xe, 0x0, &(0x7f0000000000)="e06921e8682d85ff9782762f86dd", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$tipc(r2, &(0x7f00000003c0)={&(0x7f0000000100)=@name={0x1e, 0x2, 0x1, {{0x42, 0x2}, 0x3}}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000180)="0a1063fe439cf2bd6a366697f09770b619527c5186e8ec046ebe6ee2269d52efdaa36478e070392403be09fd012f533d2bbb2fe9c353a82bda4f7b0f6be4759f93eb53987d8a384bd10b8795f9974c00f82aa13e7ee8a5949105ec534d97abb149b24f622a01afa348fab955c222bdcab144d857c05124062ccfb0d26ff60c1ffad4ddcb27414ce2a242fe7b53d206b62f1ff1851fa9faccdcdf54343599f6", 0x9f}], 0x1, &(0x7f0000000300)="4e652568ce746aadaf50f9e7279763a2e42236fe50ab19625ceeb1aff2b4fa36d0d39e76a9ab69cbb2525a8818683f9e9a37127e18ce05da4c29cb1864a7fd3b6945f8d63c954b", 0x47, 0xc064}, 0x8000) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)=@ipv4_getroute={0x1c, 0x1a, 0x800, 0x70bd27, 0x25dfdbfb, {0x2, 0x0, 0x80, 0x7, 0xfc, 0x4, 0xfd, 0x2, 0x1800}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000085}, 0x4) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) ioctl$TUNSETLINK(r7, 0x400454cd, 0xfffffffe) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010000100"/20, @ANYRES32=0x0, @ANYBLOB="00040000020000001c00b428cc0dedb10b42d012800b00010067726574617000000c0002"], 0x3c}}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet_tcp_SIOCOUTQ(r6, 0x5411, &(0x7f0000000580)) r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x9, 0x3, 0x228, 0x0, 0xffffffff, 0xffffffff, 0x98, 0xffffffff, 0x190, 0xffffffff, 0xffffffff, 0x190, 0xffffffff, 0x3, &(0x7f0000000400), {[{{@uncond, 0x0, 0x70, 0x98}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x2}}}, {{@ip={@local, @loopback, 0x101ffffff, 0xffffffff, 'veth1_to_bridge\x00', 'hsr0\x00', {}, {0xff}, 0x1d, 0x3, 0x40}, 0x0, 0xd8, 0xf8, 0x0, {}, [@common=@inet=@iprange={{0x68}, {@ipv6=@private2, @ipv4=@private=0xa010102, @ipv6=@mcast2, @ipv4=@local, 0x13}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x288) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r9, &(0x7f0000000140)={0x0, 0x700, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="69060000", @ANYRES16=r10, @ANYBLOB="070000000000000000000200000014000180060001000200000008000300ac1414aa"], 0x28}}, 0x0) sendto$inet(r6, &(0x7f0000000380)='g', 0x1, 0x40, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f00000005c0)=0x17c1, 0x4) 19.276613398s ago: executing program 2 (id=4501): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000500), 0x12) bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_procs(r4, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f00000001c0), 0x12) readv(r3, &(0x7f00000003c0)=[{&(0x7f0000000280)=""/151, 0x97}], 0x1) 4.206171122s ago: executing program 34 (id=4501): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000500), 0x12) bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_procs(r4, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f00000001c0), 0x12) readv(r3, &(0x7f00000003c0)=[{&(0x7f0000000280)=""/151, 0x97}], 0x1) 3.96932816s ago: executing program 1 (id=4635): socket$alg(0x26, 0x5, 0x0) (async) r0 = socket$alg(0x26, 0x5, 0x0) socket$alg(0x26, 0x5, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x1a8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000001b000012000000004b28c962170b7020000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000086dd6361696630000000000000000000000076657468315f746f5f7465616d00000073797a6b616c6c65723100000000000076657468315f746f5f7465616d000000aaaaaaaaaabb0000000000000180c2000000000000000099ecb525000000e80000001801000069703600000100000000000009000000000300000000000000000000000000005000000000000000fe80000000000000000000000000000000000000000000000000ffffac1e00707154f51b8b0980f73a0f35ca6a4100000000000000000000004000000000000000000080000000000000010000000000063e004904004a194dc2f70d04a500000000000000000000000800000000000400"/424]}, 0x220) bind$alg(r0, &(0x7f0000000240)={0x26, 'aead\x00', 0x0, 0x0, 'morus640-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e) getpid() (async) r3 = getpid() socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r4, &(0x7f0000000100)={0x0, 0x4100, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r5, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r3}}]}, 0x3c}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={r3, 0xffffffffffffffff, 0x0, 0x4, &(0x7f00000000c0)='\\*$\x00'}, 0x30) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_SERVICE(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01000000000000000000010000004000018007000600666f00000800080000000000060001000200000008000500000000000c0007000000000000000000080009"], 0x54}}, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)={0x28, r8, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x20040000) (async) sendmsg$IPVS_CMD_DEL_SERVICE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)={0x28, r8, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x20040000) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0xb, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0xe07c1000) (async) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0xb, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0xe07c1000) socket(0x2, 0x3, 0x6) (async) socket(0x2, 0x3, 0x6) sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000780)={0x20, 0x0, 0x2, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4044}, 0x40000000) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0) sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000010c0)=@newlink={0x38, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_AF_SPEC={0x18, 0x1a, 0x0, 0x1, [@AF_INET6={0x14, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_ADDR_GEN_MODE={0x5}]}]}]}, 0x38}}, 0x0) (async) sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000010c0)=@newlink={0x38, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_AF_SPEC={0x18, 0x1a, 0x0, 0x1, [@AF_INET6={0x14, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_ADDR_GEN_MODE={0x5}]}]}]}, 0x38}}, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r9) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r9, 0x8933, &(0x7f00000007c0)={'batadv_slave_1\x00'}) 3.274065456s ago: executing program 5 (id=4639): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x1f00, r0}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 3.128223417s ago: executing program 5 (id=4640): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000040000a20000000000a01010000000000000000050000000900010073797a3100000000e0000000020a01020000000000000000000000000c000440000000000000000208000240000000020900010073797a31000000000800024000000002a3000600b2aeb54a713dde573cd04c23c13cffd4410307bcbd420c82edac9dbb84f986468cea5962d877af22939d25261c84b3f5ba09de3515a7aece12bbb3792a0e789eeefaf4cfdcbe955bce0114afb9296274ccffe96bd3f024e375b00b5346dd61219528bbb237fd43eb340a728b49039806e6998e4ee04055693db6d15f4eedd0bf7e3b7bba865cdcdde298e28c95179cb424c5eabf8ed6b01e87e7262fb2e39f0014000000020a0103000000000000000000000000140000001100010000000000000000000000000a"], 0x13c}}, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000003c0)=@generic={&(0x7f0000000200)='./file0\x00', 0x0, 0x18}, 0x18) socket$inet_smc(0x2b, 0x1, 0x0) (async) socket$inet_smc(0x2b, 0x1, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)="6880a642beaf34317f0dd3122a90ad0d2b", 0x11}], 0x1}, 0x0) (async) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)="6880a642beaf34317f0dd3122a90ad0d2b", 0x11}], 0x1}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r1, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600) socket$inet6_sctp(0xa, 0x1, 0x84) (async) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000600)={0x2, [0x6, 0x7]}, 0x8) r3 = accept4(0xffffffffffffffff, &(0x7f0000000000)=@vsock={0x28, 0x0, 0x0, @host}, &(0x7f0000000080)=0x80, 0x80800) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, 0x2, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x80) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r4, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)={&(0x7f0000000640)=ANY=[@ANYBLOB="10000000051401002da2574de7dbdf8ff005b0148236e784ac47017aa125"], 0x10}, 0x1, 0x0, 0x0, 0xc841}, 0x20000000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r5, 0xc0709411, &(0x7f0000000500)={{0x0, 0x1, 0xefeb, 0x0, 0x7fffffffffffffff, 0x4, 0x57ae24ed, 0x7, 0xe, 0x6, 0x1, 0x9, 0x401, 0x2}, 0x10, [0x0, 0x0]}) (async) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r5, 0xc0709411, &(0x7f0000000500)={{0x0, 0x1, 0xefeb, 0x0, 0x7fffffffffffffff, 0x4, 0x57ae24ed, 0x7, 0xe, 0x6, 0x1, 0x9, 0x401, 0x2}, 0x10, [0x0, 0x0]}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r3, 0xc0709411, &(0x7f0000000580)={{r8, 0x3, 0x200, 0x6, 0x10, 0x9, 0x6, 0xffffffff, 0xfffffffe, 0x3, 0x200, 0x1, 0x1, 0xaa, 0x40}, 0x8, [0x0]}) (async) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r3, 0xc0709411, &(0x7f0000000580)={{r8, 0x3, 0x200, 0x6, 0x10, 0x9, 0x6, 0xffffffff, 0xfffffffe, 0x3, 0x200, 0x1, 0x1, 0xaa, 0x40}, 0x8, [0x0]}) sendmsg$TIPC_CMD_SET_LINK_PRI(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x68, r7, 0x1, 0x0, 0x0, {{}, {0x0, 0x410c}, {0x4c, 0x14, {0xfffffff0, @link='broadcast-link\x00'}}}}, 0x68}}, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x440008}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x34, r7, 0x200, 0x70bd25, 0x25dfdbfd, {{}, {}, {0x18, 0x17, {0x0, 0x7, @udp='udp:syz0\x00'}}}, ["", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x4000815}, 0x40040) (async) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x440008}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x34, r7, 0x200, 0x70bd25, 0x25dfdbfd, {{}, {}, {0x18, 0x17, {0x0, 0x7, @udp='udp:syz0\x00'}}}, ["", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x4000815}, 0x40040) 2.969955589s ago: executing program 1 (id=4642): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a3200000000dc000000060a010400000000000000000100000508000b4000000000b4000480200001800d00010073796e70726f7879000000000c000280060001400000000034000180080001006c6f670028000280080006400000000d110002402b24292d2d2a5d24402c2d400000000006000440000700003c0001800900010068617368000000002c0002800800074000000000080003400000001608000140000000120800024000000000080004400000000020000180080001006e6174001400028008000340000000000800054000000000090001007379"], 0x150}}, 0x0) 2.803989108s ago: executing program 5 (id=4644): r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) bind$inet6(r1, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x4e, &(0x7f0000000380)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0x18, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0x18, 0x0, @wg=@data={0x4, 0x7, 0x9}}}}}}}, 0x0) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000611970000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)=r2}, 0x20) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0)=0xffffffffffffffff, 0x4) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r7 = socket$netlink(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='memory.events.local\x00', 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000380)={0x1b, 0x0, 0x0, 0x81, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x3, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x2, 0x18}, 0xc) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)={0x1b, 0x0, 0x0, 0xffffff51, 0x0, 0x1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x5, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b70000008113b0ffbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071103600000000001d300500000000004704000001ed00000f030000000000001d44020000000000620a00fe040400007203000000000000e500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c9102"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000300)={{}, &(0x7f0000000080), &(0x7f0000000140)='%pS \x00'}, 0x20) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000540)={'batadv_slave_1\x00'}) setsockopt$CAN_RAW_JOIN_FILTERS(r1, 0x65, 0x6, &(0x7f00000005c0), 0x4) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'geneve1\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="5800000010000300"/20, @ANYRES32=r9, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028005000400010000001c001a8018000a8014000700fc"], 0x58}, 0x1, 0x2}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r10, @ANYBLOB="30003300c0000000ffffffffffff080211000000505050505050"], 0x54}}, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000400)={0x3, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x16, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="35b1fefffcffffff85200000030000009ab5f8ff01004d2dbabc82431aa43d8f6f61dd38000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000000000008500000086000000"], &(0x7f0000000280)='syzkaller\x00', 0x800, 0x0, 0x0, 0x61800, 0x2d, '\x00', 0x0, @flow_dissector, r4, 0x8, &(0x7f0000000300)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000340)={0x1, 0x4, 0x0, 0x6}, 0x10, r11, 0xffffffffffffffff, 0x5, &(0x7f0000000440)=[0xffffffffffffffff], &(0x7f0000000480)=[{0x3, 0x1, 0xb, 0x7}, {0x4, 0x4, 0xe, 0x9}, {0x0, 0x3, 0x4, 0x2}, {0x4, 0x3, 0xc, 0x3}, {0x3, 0x1, 0x0, 0x7}], 0x10, 0x5, @void, @value}, 0x94) 2.705691783s ago: executing program 1 (id=4645): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0xfd13, 0x0}, 0x20008020) recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) r3 = epoll_create(0x1) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x4}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$kcm(0x11, 0x200000000000002, 0x300) ioctl$sock_inet_SIOCSIFPFLAGS(r4, 0x8934, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="160000000000000004000000ffff"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0xa2}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001280)=[r7], 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xc, 0x4, 0x4, 0x7, 0x0, r7, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r8 = epoll_create1(0x0) epoll_wait(r8, &(0x7f0000002a80)=[{}], 0x1, 0xfffeffff) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r5, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x24, r6, 0x331, 0x0, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}}, 0x0) 2.618681747s ago: executing program 6 (id=4646): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x12, 0xa01, 0x0, 0x0, {0x80}}, 0x26}}, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000040)=@gcm_256={{0x303, 0x36}, "1a88ef816c4b42ed", "a5fdeb69a751e94df50ad7e9fb434d1665e9298b01e49419567b443803cf578f", "6d02cd81", "066580001dfffffd"}, 0x38) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@var={0x2, 0x0, 0x0, 0xe, 0x3}]}}, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="240000002c00010000000000000000000400008010000c"], 0x24}], 0x1}, 0x20) 2.307382965s ago: executing program 0 (id=4647): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000dd0a000000000000730179000000abdf9500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000002440), r2) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r2, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000002480)={0x20, r3, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4024800}, 0x4000800) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket(0x22, 0x2, 0x3) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r5, 0x84, 0x1, &(0x7f0000000000), 0x14) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd70004400000005000000080009000200000008000c00ac0a000006000100fa85000008000b"], 0x44}}, 0x0) sendmsg$L2TP_CMD_TUNNEL_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, r1, 0x10, 0x70bd25, 0x25dfdbfc, {}, [@L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x9}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e24}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x4}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x4}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0xfe}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0xdf05}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x40) 2.045857728s ago: executing program 6 (id=4648): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61122800000000006113140000000000bf1000000000000025000200091b00003d030000000000008701000000000000bc26000016000000bf67000000000000340300000ee600f0670200001400000015030000ffffffffbf050000000000000f650000000000006507f4ff02000400070700006b3128fe1f75000000000000bf540000000000000705000003001500ae430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305863f970eac3590ac99b798f8125f1c322c2a154a8a8d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 1.985342115s ago: executing program 0 (id=4649): r0 = socket(0x10, 0x3, 0x6) r1 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x6a, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}, @TCA_RATE={0x6}]}, 0x90}}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r4, 0x0) r5 = socket$kcm(0x2b, 0x1, 0x0) close(r5) r6 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r6, &(0x7f00000002c0)="17", 0x1, 0x2000c050, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x8}, 0x1c) r7 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) setsockopt(0xffffffffffffffff, 0x800000010d, 0x2, 0x0, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, 0x0, 0x40) setsockopt$sock_attach_bpf(r5, 0x1, 0xd, &(0x7f00000001c0), 0x45) close(r5) syz_emit_ethernet(0xa2, &(0x7f0000000280)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "102500", 0x6c, 0x6, 0x0, @empty, @local, {[], {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x1b, 0x2, 0x0, 0x0, 0x0, {[@mss={0x1e, 0x4, 0x88}, @md5sig={0x13, 0x12, "aa0627713b822243f1e1bbe830c8fa3f"}, @sack_perm={0x4, 0x2}, @timestamp={0x8, 0xa}, @fastopen={0x22, 0xb, "9800af4900035ad16d"}, @md5sig={0x13, 0x12, "7232407c80067615774fdbb46eb86cc8"}, @sack={0x5, 0x16, [0x9, 0x9, 0x7, 0x1, 0x400]}]}}}}}}}}, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0x50, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x50}}, 0x0) 1.750194701s ago: executing program 6 (id=4650): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = socket$unix(0x1, 0x2, 0x0) connect$unix(r3, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r3, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) ppoll(&(0x7f0000000140)=[{0xffffffffffffffff, 0x204}, {r3, 0x5201}], 0x2, 0x0, 0x0, 0x0) readv(r2, &(0x7f0000000000)=[{&(0x7f0000000200)=""/150, 0x96}], 0x1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000080)={0x44, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}]]}, 0x44}}, 0x0) 1.54577819s ago: executing program 5 (id=4651): socket$nl_netfilter(0x10, 0x3, 0xc) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x814) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x15, 0x5, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x803}, 0xe) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298900000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24490a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1fcff7a1ef3282837771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969cc1595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d400000000000004011c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0890700eef552fcde2981f48c482bde8a168c3f5db2eaa6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000100000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed90868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c83ae45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422636f949e2ab8f162d7e3f855e378f4a1f40bc96fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df775e411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8605000000000000003fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373eaea36546791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf00000000f3ffffffffffff12a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca0000000000000000000090044ed83fec890f693d54e1c0adf7b3fe6cfcf3b9873cecd116826f1be38a8d61d866516197c199d5a3721a378de95d5c25b3887a271db57518e630dd132a518a3b2490b3a9ac177d286502aa73eb67275de3523ce65e50b67a3820faaab5e7b22850c8265b44085a0d2d3c734712591007e15d7f0b2cd7eb796e8f4318d2eb8343c5176056000000000000000000000007444a9a2b71016c9cf336078fa3fcfbdf4dcfc2f5acc09ad13dda373957ab7ed731565049f1d18bcba118079dc5307fa972f19cdf463cbf159985aeb0d92fceb4d62956f6de3f2a416a74"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='cq_alloc\x00', r2, 0x0, 0x8a}, 0x18) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000340)={r1, r0, 0x8, 0x0, 0x0, 0x1, 0x81, 0x46d, 0xfff9, 0x3, 0x0, 0x8, 'syz0\x00'}) shutdown(r1, 0x1) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendto$inet(r3, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) ioctl$sock_inet_sctp_SIOCINQ(r3, 0x541b, &(0x7f0000000080)) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r4}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000180001000101000000000000020000000000000900000000060015000400000014001680100008800c00028008000180"], 0x38}}, 0x4000000) r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r5}, 0x8) close(r7) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000580)={'vcan0\x00'}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, r7, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) unshare(0x20000400) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) 1.307072103s ago: executing program 1 (id=4652): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback, 0xf0030000}, 0x1c) 1.082057739s ago: executing program 1 (id=4653): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="021800001b000000000000000000000005000600000000000a000000000000000000000000000000000000000000000000000000000a00000800120000000000000000000000000006000000000000000000000000000000ac1e0001000000000000000000000000e000000200000000000000000000000005000500000000000a00000000000000fc0000000000000000000000000000000000000000000000070019"], 0xd8}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x4) ioctl$sock_SIOCBRDELBR(r1, 0x89a3, &(0x7f0000000200)='veth1_to_hsr\x00') r4 = socket(0x26, 0x3, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_int(r5, 0x0, 0x2, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x4, 0x7f, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000580)={r7, 0x0, 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) getsockopt$EBT_SO_GET_ENTRIES(r4, 0x0, 0x81, 0x0, &(0x7f0000000500)) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r8, &(0x7f0000000200), 0x806000) ioctl$FS_IOC_RESVSP(r8, 0x4030582a, &(0x7f0000000380)={0x0, 0x0, 0x10, 0x80000000}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$netlink(0x10, 0x3, 0x2) r9 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000040)=ANY=[@ANYRES32=r9], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$cgroup_int(r6, 0x0, 0x0) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r10}, 0x10) 972.936783ms ago: executing program 0 (id=4654): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a3200000000dc000000060a010400000000000000000100000508000b4000000000b4000480200001800d00010073796e70726f7879000000000c000280060001400000000034000180080001006c6f670028000280080006400000000d110002402b24292d2d2a5d24402c2d400000000006000440000700003c0001800900010068617368000000002c0002800800074000000000080003400000001608000140000000120800024000000000080004400000000020000180080001006e6174001400028008000340000000000800054000000000090001007379"], 0x150}}, 0x0) 953.285256ms ago: executing program 6 (id=4655): r0 = socket$alg(0x26, 0x5, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@struct, @union={0x0, 0x2, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x1}, {0x0, 0x1}]}]}}, 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x40, 0x2, 0x3, 0x301, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x3}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x1}, @NFQA_CFG_PARAMS={0x9, 0x2, {0xfffffff1}}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x3}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0xb}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x8080) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x14, r3, 0x1, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4004) syz_genetlink_get_family_id$mptcp(&(0x7f0000000640), 0xffffffffffffffff) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@dellink={0x20, 0x11, 0x1, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r5, 0x8500, 0x2}}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0) 726.61038ms ago: executing program 0 (id=4656): r0 = socket(0xa, 0x40000000002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x2, 0x208, [0x20000600, 0x0, 0x0, 0x20000630, 0x20000660], 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000600ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0200000005000000000000000000766574683098c76f5f7465616d00000064756d6d79300000000000000000000064756d0004300000000000000000000073797a6b616c6c8279a7e00000000000ffffffffffff000000000000ffffffff7fff00000000000000087000000070000000a000000072656469726563740000000000000000000000000000000000000000000000000800000000000000ffffffff000000000b00000000000000000073797a6b616c6c65723100000000000067726574617030000000000000000000766c616e30000000000000000000000064756d6d7930000000000000000000000180c2000000000000000000aaaaaaaaaabb00000000000000007000000070000000a8000000736e6174000000000000000000000000000000000000000001b700000000000010000000000000000000000000000000ffffffff00000000"]}, 0x280) 537.130605ms ago: executing program 6 (id=4657): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040), 0x10) listen(r1, 0x0) r2 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r2, &(0x7f0000000080), 0x10) setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8) sendmmsg(r2, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x1}], 0x1}}], 0x1, 0x24048094) r3 = accept4$unix(r1, 0x0, 0x0, 0x0) recvfrom$unix(r3, &(0x7f00000002c0)=""/265, 0x109, 0x0, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$netlink(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000000c0)=ANY=[], 0x10}], 0x1, 0x0, 0x0, 0x800}, 0x4000) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000005c0)=@newlink={0x58, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20305}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_LOCAL={0x14, 0x6, @local}]}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x80) sendmmsg$inet6(r0, &(0x7f0000000bc0)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000500)='p', 0x1}], 0x1}}, {{&(0x7f00000001c0)={0xa, 0x4e25, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000001440)="95", 0x1}], 0x1}}], 0x2, 0x20000004) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000000c0)={0x0, 0x6, 0x8000, 0x6, 0x1, 0x8}, &(0x7f0000000100)=0x14) 477.842444ms ago: executing program 0 (id=4658): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01fa0000000000000000010000000900010073797a300000000040000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000140003800800014000000000080002"], 0xc8}}, 0x0) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'erspan0\x00', &(0x7f0000000040)={'syztnl0\x00', 0x0, 0x700, 0x20, 0xee8, 0x9, {{0x1b, 0x4, 0x0, 0x6, 0x6c, 0x65, 0x0, 0x5, 0x2f, 0x0, @local, @broadcast, {[@cipso={0x86, 0x1c, 0x0, [{0x5, 0xd, "ba944190a321c27050fcc2"}, {0x6, 0x9, "e814c468e4e5ad"}]}, @ssrr={0x89, 0x7, 0x4a, [@remote]}, @ssrr={0x89, 0x17, 0xee, [@loopback, @rand_addr=0x64010100, @loopback, @remote, @broadcast]}, @noop, @timestamp={0x44, 0x18, 0xae, 0x0, 0x5, [0x1, 0x4, 0x1, 0xe, 0xffffffff]}, @noop, @end]}}}}}) sendmsg$nl_route(r5, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)=@ipv6_deladdr={0x94, 0x15, 0x400, 0x70bd28, 0x25dfdbfc, {0xa, 0x78, 0x19, 0xfd, r6}, [@IFA_ADDRESS={0x14, 0x1, @remote}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x1}, @IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_ADDRESS={0x14, 0x1, @mcast1}, @IFA_FLAGS={0x8}, @IFA_FLAGS={0x8, 0x8, 0x200}, @IFA_CACHEINFO={0x14, 0x6, {0x2, 0x3, 0x80, 0xb}}, @IFA_ADDRESS={0x14, 0x1, @private1}]}, 0x94}}, 0x8001) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000900000048000380050008007f000000060007004e21000014000200626174616476300000000000000000000800010002000000080003"], 0x5c}}, 0x0) 302.212687ms ago: executing program 5 (id=4659): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61122800000000006113140000000000bf1000000000000025000200091b00003d030000000000008701000000000000bc26000018000000bf67000000000000340300000ee600f0670200001400000015030000ffffffffbf050000000000000f650000000000006507f4ff02000400070700006b3128fe1f75000000000000bf540000000000000705000003001500ae430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305863f970eac3590ac99b798f8125f1c322c2a154a8a8d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 44.760137ms ago: executing program 1 (id=4660): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xchacha20-simd,anubis-generic,nhpoly1305-sse2)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a", 0x12) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x33, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, 0x0, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss={0x2, 0x7f}, @mss={0x2, 0x9}, @window, @mss, @window={0x3, 0x80}, @window], 0x6) setsockopt$sock_attach_bpf(r0, 0x1, 0x34, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000580), 0x4) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)=0x2) write$bt_hci(r3, &(0x7f0000000040)=ANY=[], 0x6) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r4, 0x0) 21.21618ms ago: executing program 5 (id=4661): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0xfd13, 0x0}, 0x20008020) recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) r3 = epoll_create(0x1) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x4}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$kcm(0x11, 0x200000000000002, 0x300) ioctl$sock_inet_SIOCSIFPFLAGS(r4, 0x8934, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="160000000000000004000000ffff"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0xa2}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001280)=[r7], 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xc, 0x4, 0x4, 0x7, 0x0, r7, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r8 = epoll_create1(0x0) epoll_wait(r8, &(0x7f0000002a80)=[{}], 0x1, 0xfffeffff) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r5, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x24, r6, 0x331, 0x0, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}}, 0x0) 4.46734ms ago: executing program 6 (id=4662): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000044000000090a0904000000000000810c0700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000031080008400000000114000000110001"], 0x8c}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) preadv(r0, &(0x7f0000000180)=[{&(0x7f0000000240)=""/156, 0x9c}], 0x1, 0x9e4, 0x58e4) sendmsg$NL80211_CMD_NEW_STATION(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000680)={0x40, r3, 0xb97534d5fe9704cf, 0x4, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_STA_WME={0x4}]}, 0x40}}, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), 0xffffffffffffffff) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r6, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0) r7 = syz_init_net_socket$ax25(0x3, 0x2, 0xf0) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$unix(r8, &(0x7f0000000100)=@abs={0x27}, 0x6e) setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd2, &(0x7f0000000000)={{0xa, 0x5, 0x200, @local, 0x9}, {0xa, 0x4e20, 0x6, @remote}, 0x0, {[0x5, 0x9, 0xe, 0xfffffffa, 0x7, 0x1, 0x7fff, 0x3]}}, 0x5c) r9 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r9, 0x0, 0xb, &(0x7f00000000c0)=0x1002, 0x4) sendto$inet(r9, 0x0, 0xffe5, 0x0, &(0x7f0000000000)={0x2, 0x4e20}, 0x10) recvmsg(r9, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x2001) ioctl$SIOCX25CALLACCPTAPPRV(r9, 0x89e8) ioctl$SIOCAX25GETINFOOLD(r7, 0x89e3, &(0x7f0000000100)) 0s ago: executing program 0 (id=4663): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b7000000286c0000bca30000000000002403000040feffff7b0af0ff0000000079a4f0ff000000001f030000000000002e0a0200000000122604fdffffff000e61111800000000001d430000000000007a0a00fe0000001f6114140000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f2440000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c9494963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fbf05b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b60f132a2bf8a858392f34072d99aee0ec70aa6d75096e608d97ac4b7bfa2e0ae3e59718e7a7691a98b1334e34553300"/4140], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0xa7, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x29, 0x0, @void, @value}, 0x48) kernel console output (not intermixed with test programs): 15939] ? __fget_files+0x2a/0x410 [ 489.770855][T15939] __sys_sendmsg+0x269/0x350 [ 489.775492][T15939] ? __pfx_lock_release+0x10/0x10 [ 489.780536][T15939] ? __pfx___sys_sendmsg+0x10/0x10 [ 489.785672][T15939] ? __pfx_vfs_write+0x10/0x10 [ 489.790488][T15939] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 489.796974][T15939] ? do_syscall_64+0x100/0x230 [ 489.801801][T15939] ? do_syscall_64+0xb6/0x230 [ 489.806509][T15939] do_syscall_64+0xf3/0x230 [ 489.811038][T15939] ? clear_bhb_loop+0x35/0x90 [ 489.815851][T15939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 489.821763][T15939] RIP: 0033:0x7f2ed5385d29 [ 489.826192][T15939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 489.845812][T15939] RSP: 002b:00007f2ed6288038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 489.854248][T15939] RAX: ffffffffffffffda RBX: 00007f2ed5575fa0 RCX: 00007f2ed5385d29 [ 489.862234][T15939] RDX: 0000000000000010 RSI: 00000000200010c0 RDI: 0000000000000004 [ 489.870219][T15939] RBP: 00007f2ed6288090 R08: 0000000000000000 R09: 0000000000000000 [ 489.878203][T15939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 489.886187][T15939] R13: 0000000000000000 R14: 00007f2ed5575fa0 R15: 00007fff0abcc378 [ 489.894189][T15939] [ 490.011500][T15940] lo speed is unknown, defaulting to 1000 [ 490.011610][T15832] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 490.089671][T15832] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 490.098319][T15940] lo speed is unknown, defaulting to 1000 [ 490.160864][T15832] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 490.177251][ T5854] Bluetooth: hci4: command tx timeout [ 490.284293][T15832] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 490.439246][T15950] netlink: 132 bytes leftover after parsing attributes in process `syz.6.3413'. [ 490.484572][T15952] netlink: 204 bytes leftover after parsing attributes in process `syz.0.3414'. [ 490.643281][T15940] infiniband syz0: set active [ 490.651405][T15940] infiniband syz0: added lo [ 490.658316][T15940] syz0: rxe_create_cq: returned err = -12 [ 490.690173][T14019] lo speed is unknown, defaulting to 1000 [ 490.707477][T15940] infiniband syz0: Couldn't create ib_mad CQ [ 490.715689][T15940] infiniband syz0: Couldn't open port 1 [ 490.738312][T15832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 490.766934][T15832] 8021q: adding VLAN 0 to HW filter on device team0 [ 490.870663][T15832] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 490.881686][T15832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 490.900705][T15940] RDS/IB: syz0: added [ 490.905478][T15940] smc: adding ib device syz0 with port count 1 [ 490.916404][ T1159] bridge0: port 1(bridge_slave_0) entered blocking state [ 490.923614][ T1159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 490.933949][ T1159] bridge0: port 2(bridge_slave_1) entered blocking state [ 490.941168][ T1159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 490.973323][T15940] smc: ib device syz0 port 1 has pnetid [ 490.984712][T15940] lo speed is unknown, defaulting to 1000 [ 490.998379][ T5889] lo speed is unknown, defaulting to 1000 [ 491.407808][T15940] lo speed is unknown, defaulting to 1000 [ 491.566771][T15832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 491.737387][T15832] veth0_vlan: entered promiscuous mode [ 491.780670][T15832] veth1_vlan: entered promiscuous mode [ 491.915773][T15832] veth0_macvtap: entered promiscuous mode [ 491.928281][T15832] veth1_macvtap: entered promiscuous mode [ 491.963390][T15832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 491.975392][T15832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.986155][T15832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 491.997938][T15832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.008837][T15832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 492.020583][T15832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.031501][T15832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 492.043250][T15832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.053981][T15832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 492.065327][T15832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.076058][T15832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 492.087746][T15832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.107074][T15832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 492.122087][T15832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 492.133752][T15832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.144826][T15832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 492.156459][T15832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.167339][T15832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 492.179412][T15832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.190350][T15832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 492.202146][T15832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.215793][T15832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 492.227300][T15832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.238225][T15832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 492.250012][T15832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.262857][T15832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 492.270769][ T5854] Bluetooth: hci4: command tx timeout [ 492.282515][T15940] lo speed is unknown, defaulting to 1000 [ 492.408546][T15832] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.419784][T15832] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.429508][T15832] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.439213][T15832] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 492.763602][ T1159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 492.783669][ T1159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 492.928286][T15976] lo speed is unknown, defaulting to 1000 [ 492.946659][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 492.981200][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 493.275990][T15988] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 493.294847][T15987] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 493.623666][T15996] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ûÌÌULÙvy¸ÚØ¢…D£øUDŒw˜}z [ 493.675786][T15940] lo speed is unknown, defaulting to 1000 [ 493.905895][T15977] geneve2: entered promiscuous mode [ 493.941219][T15977] geneve2: entered allmulticast mode [ 494.168704][T15940] lo speed is unknown, defaulting to 1000 [ 494.268695][T16013] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3429'. [ 494.347382][ T5854] Bluetooth: hci4: command tx timeout [ 494.670320][T15940] lo speed is unknown, defaulting to 1000 [ 494.785521][T16022] IPVS: stopping backup sync thread 15711 ... [ 494.865366][T16025] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3434'. [ 494.987744][T16026] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3434'. [ 495.000615][T15940] lo speed is unknown, defaulting to 1000 [ 495.142105][T16032] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3436'. [ 495.319694][T16038] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3439'. [ 495.357500][T16038] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3439'. [ 495.368235][T16038] FAULT_INJECTION: forcing a failure. [ 495.368235][T16038] name failslab, interval 1, probability 0, space 0, times 0 [ 495.409961][T16038] CPU: 1 UID: 0 PID: 16038 Comm: syz.5.3439 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 495.420813][T16038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 495.430916][T16038] Call Trace: [ 495.434230][T16038] [ 495.437201][T16038] dump_stack_lvl+0x241/0x360 [ 495.441937][T16038] ? __pfx_dump_stack_lvl+0x10/0x10 [ 495.447194][T16038] ? __pfx__printk+0x10/0x10 [ 495.451848][T16038] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 495.457902][T16038] ? __pfx___might_resched+0x10/0x10 [ 495.463266][T16038] should_fail_ex+0x3b0/0x4e0 [ 495.468058][T16038] should_failslab+0xac/0x100 [ 495.472803][T16038] kmem_cache_alloc_node_noprof+0x77/0x380 [ 495.478669][T16038] ? __alloc_skb+0x1c3/0x440 [ 495.483323][T16038] ? idr_get_next+0x3c6/0x4a0 [ 495.488062][T16038] __alloc_skb+0x1c3/0x440 [ 495.492546][T16038] ? __pfx___alloc_skb+0x10/0x10 [ 495.497551][T16038] ctrl_getfamily+0x48c/0x6b0 [ 495.502298][T16038] ? __pfx_ctrl_getfamily+0x10/0x10 [ 495.506294][T15940] lo speed is unknown, defaulting to 1000 [ 495.507533][T16038] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 495.507587][T16038] genl_rcv_msg+0xb14/0xec0 [ 495.507627][T16038] ? __pfx_genl_rcv_msg+0x10/0x10 [ 495.507695][T16038] ? __pfx_lock_acquire+0x10/0x10 [ 495.507724][T16038] ? __pfx_ctrl_getfamily+0x10/0x10 [ 495.507764][T16038] ? __pfx___might_resched+0x10/0x10 [ 495.507801][T16038] netlink_rcv_skb+0x1e3/0x430 [ 495.507831][T16038] ? __pfx_genl_rcv_msg+0x10/0x10 [ 495.507867][T16038] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 495.507911][T16038] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 495.565885][T16038] genl_rcv+0x28/0x40 [ 495.569943][T16038] netlink_unicast+0x7f6/0x990 [ 495.574787][T16038] ? __pfx_netlink_unicast+0x10/0x10 [ 495.580128][T16038] ? __virt_addr_valid+0x45f/0x530 [ 495.585312][T16038] ? __phys_addr_symbol+0x2f/0x70 [ 495.590401][T16038] ? __check_object_size+0x47a/0x730 [ 495.595756][T16038] netlink_sendmsg+0x8e4/0xcb0 [ 495.600593][T16038] ? __pfx_netlink_sendmsg+0x10/0x10 [ 495.605958][T16038] ? aa_sock_msg_perm+0x91/0x160 [ 495.610967][T16038] ? __pfx_netlink_sendmsg+0x10/0x10 [ 495.616306][T16038] __sock_sendmsg+0x221/0x270 [ 495.621054][T16038] __sys_sendto+0x363/0x4c0 [ 495.625620][T16038] ? __pfx___sys_sendto+0x10/0x10 [ 495.630735][T16038] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 495.636780][T16038] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 495.643184][T16038] __x64_sys_sendto+0xde/0x100 [ 495.648007][T16038] do_syscall_64+0xf3/0x230 [ 495.652556][T16038] ? clear_bhb_loop+0x35/0x90 [ 495.657299][T16038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 495.663245][T16038] RIP: 0033:0x7fd472d87bbc [ 495.667703][T16038] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 495.687365][T16038] RSP: 002b:00007fd470bf4ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 495.695848][T16038] RAX: ffffffffffffffda RBX: 00007fd470bf4fc0 RCX: 00007fd472d87bbc [ 495.703890][T16038] RDX: 0000000000000020 RSI: 00007fd470bf5010 RDI: 0000000000000007 [ 495.711914][T16038] RBP: 0000000000000000 R08: 00007fd470bf4f14 R09: 000000000000000c [ 495.720023][T16038] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000007 [ 495.728043][T16038] R13: 00007fd470bf4f68 R14: 00007fd470bf5010 R15: 0000000000000000 [ 495.736085][T16038] [ 495.782009][T16044] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3442'. [ 495.858160][T15940] lo speed is unknown, defaulting to 1000 [ 496.088283][T16048] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3443'. [ 496.100706][T15940] lo speed is unknown, defaulting to 1000 [ 496.641500][T16059] bridge0: port 3(gretap0) entered blocking state [ 496.669079][T16059] bridge0: port 3(gretap0) entered disabled state [ 496.676760][T16059] gretap0: entered allmulticast mode [ 496.699140][T16059] gretap0: entered promiscuous mode [ 496.706594][T16059] bridge0: port 3(gretap0) entered blocking state [ 496.713712][T16059] bridge0: port 3(gretap0) entered forwarding state [ 496.786418][T16070] gretap0: left allmulticast mode [ 496.848655][T16070] gretap0: left promiscuous mode [ 496.868144][T16070] bridge0: port 3(gretap0) entered disabled state [ 497.370660][T16092] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3460'. [ 497.384202][T16092] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3460'. [ 498.059030][T16116] FAULT_INJECTION: forcing a failure. [ 498.059030][T16116] name failslab, interval 1, probability 0, space 0, times 0 [ 498.108078][T16116] CPU: 1 UID: 0 PID: 16116 Comm: syz.5.3468 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 498.118966][T16116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 498.129078][T16116] Call Trace: [ 498.132395][T16116] [ 498.135347][T16116] dump_stack_lvl+0x241/0x360 [ 498.140067][T16116] ? __pfx_dump_stack_lvl+0x10/0x10 [ 498.145299][T16116] ? __pfx__printk+0x10/0x10 [ 498.149926][T16116] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 498.155939][T16116] ? __pfx___might_resched+0x10/0x10 [ 498.161342][T16116] should_fail_ex+0x3b0/0x4e0 [ 498.166055][T16116] should_failslab+0xac/0x100 [ 498.170782][T16116] kmem_cache_alloc_node_noprof+0x77/0x380 [ 498.176715][T16116] ? __alloc_skb+0x1c3/0x440 [ 498.181421][T16116] ? genl_rcv_msg+0x88c/0xec0 [ 498.186155][T16116] __alloc_skb+0x1c3/0x440 [ 498.190603][T16116] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.196711][T16116] ? __pfx___alloc_skb+0x10/0x10 [ 498.201685][T16116] netlink_dump+0x239/0xe10 [ 498.206224][T16116] ? __pfx_netlink_dump+0x10/0x10 [ 498.211292][T16116] ? __asan_memset+0x23/0x50 [ 498.215908][T16116] ? genl_start+0x4ae/0x6d0 [ 498.220450][T16116] __netlink_dump_start+0x5a2/0x790 [ 498.225693][T16116] genl_rcv_msg+0x88c/0xec0 [ 498.230237][T16116] ? __pfx_genl_rcv_msg+0x10/0x10 [ 498.235298][T16116] ? __pfx_genl_start+0x10/0x10 [ 498.240178][T16116] ? __pfx_genl_dumpit+0x10/0x10 [ 498.245150][T16116] ? __pfx_genl_done+0x10/0x10 [ 498.249959][T16116] ? __pfx_lock_acquire+0x10/0x10 [ 498.255011][T16116] ? __pfx_batadv_dat_cache_dump+0x10/0x10 [ 498.260857][T16116] ? __pfx___might_resched+0x10/0x10 [ 498.266212][T16116] netlink_rcv_skb+0x1e3/0x430 [ 498.271005][T16116] ? __pfx_genl_rcv_msg+0x10/0x10 [ 498.276076][T16116] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 498.281401][T16116] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 498.286921][T16116] genl_rcv+0x28/0x40 [ 498.290985][T16116] netlink_unicast+0x7f6/0x990 [ 498.295785][T16116] ? __pfx_netlink_unicast+0x10/0x10 [ 498.301114][T16116] ? __virt_addr_valid+0x45f/0x530 [ 498.306256][T16116] ? __phys_addr_symbol+0x2f/0x70 [ 498.311325][T16116] ? __check_object_size+0x47a/0x730 [ 498.316645][T16116] netlink_sendmsg+0x8e4/0xcb0 [ 498.321446][T16116] ? __pfx_netlink_sendmsg+0x10/0x10 [ 498.326769][T16116] ? aa_sock_msg_perm+0x91/0x160 [ 498.331736][T16116] ? __pfx_netlink_sendmsg+0x10/0x10 [ 498.337056][T16116] __sock_sendmsg+0x221/0x270 [ 498.341794][T16116] ____sys_sendmsg+0x52a/0x7e0 [ 498.346597][T16116] ? __pfx_____sys_sendmsg+0x10/0x10 [ 498.351909][T16116] ? __fget_files+0x2a/0x410 [ 498.356530][T16116] ? __fget_files+0x2a/0x410 [ 498.361165][T16116] __sys_sendmsg+0x269/0x350 [ 498.365792][T16116] ? __pfx_lock_release+0x10/0x10 [ 498.370871][T16116] ? __pfx___sys_sendmsg+0x10/0x10 [ 498.376023][T16116] ? __pfx_vfs_write+0x10/0x10 [ 498.380832][T16116] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 498.387187][T16116] ? do_syscall_64+0x100/0x230 [ 498.391989][T16116] ? do_syscall_64+0xb6/0x230 [ 498.396697][T16116] do_syscall_64+0xf3/0x230 [ 498.401234][T16116] ? clear_bhb_loop+0x35/0x90 [ 498.405946][T16116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.411872][T16116] RIP: 0033:0x7fd472d85d29 [ 498.416313][T16116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 498.436040][T16116] RSP: 002b:00007fd470bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 498.444494][T16116] RAX: ffffffffffffffda RBX: 00007fd472f75fa0 RCX: 00007fd472d85d29 [ 498.452501][T16116] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 498.460501][T16116] RBP: 00007fd470bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 498.468498][T16116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 498.476494][T16116] R13: 0000000000000000 R14: 00007fd472f75fa0 R15: 00007ffc35f38498 [ 498.484509][T16116] [ 498.983876][T16138] FAULT_INJECTION: forcing a failure. [ 498.983876][T16138] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 499.047600][T16138] CPU: 1 UID: 0 PID: 16138 Comm: syz.6.3478 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 499.058459][T16138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 499.068572][T16138] Call Trace: [ 499.071893][T16138] [ 499.074856][T16138] dump_stack_lvl+0x241/0x360 [ 499.079597][T16138] ? __pfx_dump_stack_lvl+0x10/0x10 [ 499.084912][T16138] ? __pfx__printk+0x10/0x10 [ 499.089576][T16138] ? snprintf+0xda/0x120 [ 499.093888][T16138] should_fail_ex+0x3b0/0x4e0 [ 499.098623][T16138] _copy_to_user+0x31/0xb0 [ 499.103095][T16138] simple_read_from_buffer+0xca/0x150 [ 499.108524][T16138] proc_fail_nth_read+0x1e9/0x250 [ 499.113596][T16138] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 499.119201][T16138] ? rw_verify_area+0x55e/0x6f0 [ 499.124102][T16138] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 499.129716][T16138] vfs_read+0x1fc/0xb70 [ 499.133932][T16138] ? __pfx___mutex_lock+0x10/0x10 [ 499.139021][T16138] ? __pfx_vfs_read+0x10/0x10 [ 499.143754][T16138] ? __fget_files+0x2a/0x410 [ 499.148398][T16138] ? __fget_files+0x395/0x410 [ 499.153134][T16138] ? __fget_files+0x2a/0x410 [ 499.154880][T16144] netlink: 'syz.1.3477': attribute type 10 has an invalid length. [ 499.157774][T16138] ksys_read+0x18f/0x2b0 [ 499.157814][T16138] ? __pfx_ksys_read+0x10/0x10 [ 499.157841][T16138] ? do_syscall_64+0x100/0x230 [ 499.157874][T16138] ? do_syscall_64+0xb6/0x230 [ 499.157906][T16138] do_syscall_64+0xf3/0x230 [ 499.157934][T16138] ? clear_bhb_loop+0x35/0x90 [ 499.157967][T16138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.157996][T16138] RIP: 0033:0x7f2ed538473c [ 499.158018][T16138] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 499.158040][T16138] RSP: 002b:00007f2ed6288030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 499.158070][T16138] RAX: ffffffffffffffda RBX: 00007f2ed5575fa0 RCX: 00007f2ed538473c [ 499.158089][T16138] RDX: 000000000000000f RSI: 00007f2ed62880a0 RDI: 0000000000000003 [ 499.158105][T16138] RBP: 00007f2ed6288090 R08: 0000000000000000 R09: 0000000000000000 [ 499.158121][T16138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 499.158136][T16138] R13: 0000000000000000 R14: 00007f2ed5575fa0 R15: 00007fff0abcc378 [ 499.158179][T16138] [ 499.980957][T16171] netlink: 'syz.2.3486': attribute type 12 has an invalid length. [ 500.183120][T16178] FAULT_INJECTION: forcing a failure. [ 500.183120][T16178] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 500.235826][T16178] CPU: 1 UID: 0 PID: 16178 Comm: syz.6.3489 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 500.246678][T16178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 500.256782][T16178] Call Trace: [ 500.260111][T16178] [ 500.263099][T16178] dump_stack_lvl+0x241/0x360 [ 500.267867][T16178] ? __pfx_dump_stack_lvl+0x10/0x10 [ 500.273150][T16178] ? __pfx__printk+0x10/0x10 [ 500.277809][T16178] ? __pfx_lock_release+0x10/0x10 [ 500.282902][T16178] should_fail_ex+0x3b0/0x4e0 [ 500.287652][T16178] _copy_from_user+0x2f/0xc0 [ 500.292322][T16178] copy_msghdr_from_user+0xae/0x680 [ 500.297602][T16178] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 500.303484][T16178] ? __fget_files+0x2a/0x410 [ 500.308143][T16178] ? __fget_files+0x2a/0x410 [ 500.312814][T16178] __sys_sendmsg+0x209/0x350 [ 500.317491][T16178] ? __pfx_lock_release+0x10/0x10 [ 500.322602][T16178] ? __pfx___sys_sendmsg+0x10/0x10 [ 500.327788][T16178] ? __pfx_vfs_write+0x10/0x10 [ 500.332634][T16178] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 500.339025][T16178] ? do_syscall_64+0x100/0x230 [ 500.343855][T16178] ? do_syscall_64+0xb6/0x230 [ 500.348597][T16178] do_syscall_64+0xf3/0x230 [ 500.353158][T16178] ? clear_bhb_loop+0x35/0x90 [ 500.357900][T16178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.363851][T16178] RIP: 0033:0x7f2ed5385d29 [ 500.368313][T16178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 500.387992][T16178] RSP: 002b:00007f2ed6288038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 500.396464][T16178] RAX: ffffffffffffffda RBX: 00007f2ed5575fa0 RCX: 00007f2ed5385d29 [ 500.404489][T16178] RDX: 0000000000000010 RSI: 00000000200010c0 RDI: 0000000000000004 [ 500.412519][T16178] RBP: 00007f2ed6288090 R08: 0000000000000000 R09: 0000000000000000 [ 500.420623][T16178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 500.428640][T16178] R13: 0000000000000000 R14: 00007f2ed5575fa0 R15: 00007fff0abcc378 [ 500.436710][T16178] [ 500.578656][T16185] pimreg3: entered allmulticast mode [ 500.618090][T16185] netlink: 'syz.1.3490': attribute type 1 has an invalid length. [ 500.881561][T16185] pimreg3: left allmulticast mode [ 501.998681][T16234] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3509'. [ 502.393849][T16247] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 502.394671][T16245] FAULT_INJECTION: forcing a failure. [ 502.394671][T16245] name failslab, interval 1, probability 0, space 0, times 0 [ 502.430550][T16246] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3512'. [ 502.467170][T16245] CPU: 1 UID: 0 PID: 16245 Comm: syz.5.3513 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 502.478033][T16245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 502.488155][T16245] Call Trace: [ 502.491483][T16245] [ 502.494461][T16245] dump_stack_lvl+0x241/0x360 [ 502.499205][T16245] ? __pfx_dump_stack_lvl+0x10/0x10 [ 502.504465][T16245] ? __pfx__printk+0x10/0x10 [ 502.509118][T16245] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 502.515162][T16245] ? __pfx___might_resched+0x10/0x10 [ 502.520497][T16245] ? aa_label_sk_perm+0x4f3/0x6c0 [ 502.525591][T16245] should_fail_ex+0x3b0/0x4e0 [ 502.530325][T16245] should_failslab+0xac/0x100 [ 502.535076][T16245] kmem_cache_alloc_node_noprof+0x77/0x380 [ 502.540971][T16245] ? __alloc_skb+0x1c3/0x440 [ 502.545633][T16245] __alloc_skb+0x1c3/0x440 [ 502.550120][T16245] ? __pfx___alloc_skb+0x10/0x10 [ 502.555126][T16245] netlink_sendmsg+0x638/0xcb0 [ 502.559968][T16245] ? __pfx_netlink_sendmsg+0x10/0x10 [ 502.565322][T16245] ? aa_sock_msg_perm+0x91/0x160 [ 502.570327][T16245] ? __pfx_netlink_sendmsg+0x10/0x10 [ 502.575669][T16245] __sock_sendmsg+0x221/0x270 [ 502.580429][T16245] ____sys_sendmsg+0x52a/0x7e0 [ 502.585268][T16245] ? __pfx_____sys_sendmsg+0x10/0x10 [ 502.590633][T16245] ? __fget_files+0x2a/0x410 [ 502.595306][T16245] ? __fget_files+0x2a/0x410 [ 502.598198][T16252] FAULT_INJECTION: forcing a failure. [ 502.598198][T16252] name failslab, interval 1, probability 0, space 0, times 0 [ 502.599949][T16245] __sys_sendmsg+0x269/0x350 [ 502.599988][T16245] ? __pfx_lock_release+0x10/0x10 [ 502.600024][T16245] ? __pfx___sys_sendmsg+0x10/0x10 [ 502.600067][T16245] ? __pfx_vfs_write+0x10/0x10 [ 502.600121][T16245] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 502.638686][T16245] ? do_syscall_64+0x100/0x230 [ 502.643510][T16245] ? do_syscall_64+0xb6/0x230 [ 502.648246][T16245] do_syscall_64+0xf3/0x230 [ 502.652810][T16245] ? clear_bhb_loop+0x35/0x90 [ 502.657564][T16245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.663519][T16245] RIP: 0033:0x7fd472d85d29 [ 502.667997][T16245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 502.687656][T16245] RSP: 002b:00007fd470bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 502.696136][T16245] RAX: ffffffffffffffda RBX: 00007fd472f75fa0 RCX: 00007fd472d85d29 [ 502.704137][T16245] RDX: 0000000000000010 RSI: 00000000200010c0 RDI: 0000000000000004 [ 502.712134][T16245] RBP: 00007fd470bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 502.720130][T16245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 502.728136][T16245] R13: 0000000000000000 R14: 00007fd472f75fa0 R15: 00007ffc35f38498 [ 502.736164][T16245] [ 502.745984][T16252] CPU: 1 UID: 0 PID: 16252 Comm: syz.0.3512 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 502.756848][T16252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 502.767000][T16252] Call Trace: [ 502.770323][T16252] [ 502.773298][T16252] dump_stack_lvl+0x241/0x360 [ 502.778045][T16252] ? __pfx_dump_stack_lvl+0x10/0x10 [ 502.783310][T16252] ? __pfx__printk+0x10/0x10 [ 502.787980][T16252] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 502.794034][T16252] ? __pfx___might_resched+0x10/0x10 [ 502.799398][T16252] should_fail_ex+0x3b0/0x4e0 [ 502.804144][T16252] should_failslab+0xac/0x100 [ 502.808924][T16252] kmem_cache_alloc_node_noprof+0x77/0x380 [ 502.814799][T16252] ? __alloc_skb+0x1c3/0x440 [ 502.819454][T16252] __alloc_skb+0x1c3/0x440 [ 502.823931][T16252] ? __pfx___alloc_skb+0x10/0x10 [ 502.828929][T16252] ? netlink_ack_tlv_len+0x6e/0x200 [ 502.834168][T16252] netlink_ack+0x145/0xa50 [ 502.838618][T16252] ? __pfx___might_resched+0x10/0x10 [ 502.843938][T16252] netlink_rcv_skb+0x262/0x430 [ 502.848749][T16252] ? __pfx_genl_rcv_msg+0x10/0x10 [ 502.853810][T16252] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 502.859136][T16252] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 502.864634][T16252] genl_rcv+0x28/0x40 [ 502.868650][T16252] netlink_unicast+0x7f6/0x990 [ 502.873445][T16252] ? __pfx_netlink_unicast+0x10/0x10 [ 502.878757][T16252] ? __virt_addr_valid+0x45f/0x530 [ 502.883898][T16252] ? __phys_addr_symbol+0x2f/0x70 [ 502.888949][T16252] ? __check_object_size+0x47a/0x730 [ 502.894275][T16252] netlink_sendmsg+0x8e4/0xcb0 [ 502.899079][T16252] ? __pfx_netlink_sendmsg+0x10/0x10 [ 502.904393][T16252] ? aa_sock_msg_perm+0x91/0x160 [ 502.909358][T16252] ? __pfx_netlink_sendmsg+0x10/0x10 [ 502.914670][T16252] __sock_sendmsg+0x221/0x270 [ 502.919385][T16252] __sys_sendto+0x363/0x4c0 [ 502.923918][T16252] ? __pfx___sys_sendto+0x10/0x10 [ 502.928964][T16252] ? irqtime_account_irq+0x18e/0x1e0 [ 502.934302][T16252] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 502.940309][T16252] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 502.946662][T16252] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 502.953021][T16252] __x64_sys_sendto+0xde/0x100 [ 502.957814][T16252] do_syscall_64+0xf3/0x230 [ 502.962342][T16252] ? clear_bhb_loop+0x35/0x90 [ 502.967050][T16252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.972968][T16252] RIP: 0033:0x7f0331787bbc [ 502.977401][T16252] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 502.997126][T16252] RSP: 002b:00007f03324d4ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 503.005567][T16252] RAX: ffffffffffffffda RBX: 00007f03324d4fc0 RCX: 00007f0331787bbc [ 503.013560][T16252] RDX: 0000000000000020 RSI: 00007f03324d5010 RDI: 0000000000000007 [ 503.021555][T16252] RBP: 0000000000000000 R08: 00007f03324d4f14 R09: 000000000000000c [ 503.029550][T16252] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000007 [ 503.037543][T16252] R13: 00007f03324d4f68 R14: 00007f03324d5010 R15: 0000000000000000 [ 503.045659][T16252] [ 503.068362][T16247] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 503.147419][T16248] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3512'. [ 503.514490][T16266] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3516'. [ 503.651157][ T8] IPVS: starting estimator thread 0... [ 503.651468][T16271] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 503.778671][T16279] IPVS: using max 21 ests per chain, 50400 per kthread [ 504.416746][T16308] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3529'. [ 504.624212][T16318] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3529'. [ 504.651401][T16318] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3529'. [ 505.262948][T16337] pimreg3: entered allmulticast mode [ 505.275879][T16337] netlink: 'syz.6.3538': attribute type 1 has an invalid length. [ 505.394022][T16337] pimreg3: left allmulticast mode [ 505.973439][T16353] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 505.978063][T16356] netlink: 'syz.5.3549': attribute type 19 has an invalid length. [ 505.983325][ T8] IPVS: starting estimator thread 0... [ 506.018336][T16356] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3549'. [ 506.078743][T16356] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3549'. [ 506.090485][T16359] IPVS: using max 20 ests per chain, 48000 per kthread [ 506.117412][T16356] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3549'. [ 506.742300][T16376] netlink: 'syz.6.3557': attribute type 1 has an invalid length. [ 507.136830][T16393] tproxy_tg4_check: 55 callbacks suppressed [ 507.136857][T16393] xt_TPROXY: Can be used only with -p tcp or -p udp [ 507.226862][T16393] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3563'. [ 507.239239][T16393] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3563'. [ 507.301298][T16394] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3563'. [ 507.313050][T16394] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3563'. [ 507.436831][T16376] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 507.461415][T16376] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 507.497595][T16376] bond0 (unregistering): (slave vlan3): Releasing backup interface [ 507.520980][T16376] veth1: left promiscuous mode [ 507.536507][T16376] bond0 (unregistering): Released all slaves [ 507.630676][T16393] ipvlan2: entered allmulticast mode [ 507.645843][T16393] erspan0: entered allmulticast mode [ 507.725682][T16390] lo speed is unknown, defaulting to 1000 [ 508.473014][T16426] FAULT_INJECTION: forcing a failure. [ 508.473014][T16426] name failslab, interval 1, probability 0, space 0, times 0 [ 508.486908][T16426] CPU: 0 UID: 0 PID: 16426 Comm: syz.6.3571 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 508.497727][T16426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 508.507796][T16426] Call Trace: [ 508.511076][T16426] [ 508.514011][T16426] dump_stack_lvl+0x241/0x360 [ 508.518710][T16426] ? __pfx_dump_stack_lvl+0x10/0x10 [ 508.523943][T16426] ? __pfx__printk+0x10/0x10 [ 508.528602][T16426] should_fail_ex+0x3b0/0x4e0 [ 508.533328][T16426] should_failslab+0xac/0x100 [ 508.538055][T16426] ? skb_clone+0x20c/0x390 [ 508.542519][T16426] kmem_cache_alloc_noprof+0x70/0x380 [ 508.547968][T16426] skb_clone+0x20c/0x390 [ 508.552264][T16426] ? dev_queue_xmit_nit+0x3fe/0xca0 [ 508.557523][T16426] dev_queue_xmit_nit+0x249/0xca0 [ 508.562608][T16426] ? dev_queue_xmit_nit+0x2b/0xca0 [ 508.567806][T16426] ? validate_xmit_skb+0x9b8/0xff0 [ 508.572981][T16426] dev_hard_start_xmit+0x15f/0x7d0 [ 508.578187][T16426] ? __pfx_validate_xmit_skb+0x10/0x10 [ 508.583724][T16426] __dev_queue_xmit+0x1b73/0x3f50 [ 508.588809][T16426] ? kasan_save_track+0x51/0x80 [ 508.593716][T16426] ? ____sys_sendmsg+0x52a/0x7e0 [ 508.598717][T16426] ? __dev_queue_xmit+0x2f4/0x3f50 [ 508.603899][T16426] ? __pfx___dev_queue_xmit+0x10/0x10 [ 508.609354][T16426] ? __copy_skb_header+0x437/0x5b0 [ 508.614675][T16426] ? __asan_memcpy+0x40/0x70 [ 508.619336][T16426] ? skb_clone+0x240/0x390 [ 508.623812][T16426] __netlink_deliver_tap+0x56b/0x7f0 [ 508.629168][T16426] ? netlink_deliver_tap+0x2e/0x1b0 [ 508.634430][T16426] netlink_deliver_tap+0x19d/0x1b0 [ 508.639592][T16426] netlink_unicast+0x7c4/0x990 [ 508.644414][T16426] ? __pfx_netlink_unicast+0x10/0x10 [ 508.649747][T16426] ? __virt_addr_valid+0x45f/0x530 [ 508.654908][T16426] ? __phys_addr_symbol+0x2f/0x70 [ 508.659983][T16426] ? __check_object_size+0x47a/0x730 [ 508.665326][T16426] netlink_sendmsg+0x8e4/0xcb0 [ 508.670158][T16426] ? __pfx_netlink_sendmsg+0x10/0x10 [ 508.675519][T16426] ? aa_sock_msg_perm+0x91/0x160 [ 508.680527][T16426] ? __pfx_netlink_sendmsg+0x10/0x10 [ 508.685874][T16426] __sock_sendmsg+0x221/0x270 [ 508.690630][T16426] ____sys_sendmsg+0x52a/0x7e0 [ 508.695462][T16426] ? __pfx_____sys_sendmsg+0x10/0x10 [ 508.700804][T16426] ? __fget_files+0x2a/0x410 [ 508.705467][T16426] ? __fget_files+0x2a/0x410 [ 508.710127][T16426] __sys_sendmsg+0x269/0x350 [ 508.714782][T16426] ? __pfx_lock_release+0x10/0x10 [ 508.719862][T16426] ? __pfx___sys_sendmsg+0x10/0x10 [ 508.725048][T16426] ? __pfx_vfs_write+0x10/0x10 [ 508.729894][T16426] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 508.736284][T16426] ? do_syscall_64+0x100/0x230 [ 508.741121][T16426] ? do_syscall_64+0xb6/0x230 [ 508.745867][T16426] do_syscall_64+0xf3/0x230 [ 508.750428][T16426] ? clear_bhb_loop+0x35/0x90 [ 508.755222][T16426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.761182][T16426] RIP: 0033:0x7f2ed5385d29 [ 508.765652][T16426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 508.785334][T16426] RSP: 002b:00007f2ed6288038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 508.793811][T16426] RAX: ffffffffffffffda RBX: 00007f2ed5575fa0 RCX: 00007f2ed5385d29 [ 508.801834][T16426] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 508.809866][T16426] RBP: 00007f2ed6288090 R08: 0000000000000000 R09: 0000000000000000 [ 508.817888][T16426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 508.825960][T16426] R13: 0000000000000000 R14: 00007f2ed5575fa0 R15: 00007fff0abcc378 [ 508.834007][T16426] [ 508.910806][T16440] netlink: 'syz.5.3573': attribute type 8 has an invalid length. [ 509.015082][T16426] bridge_slave_1 (unregistering): left allmulticast mode [ 509.024033][T16426] bridge_slave_1 (unregistering): left promiscuous mode [ 509.031698][T16426] bridge0: port 2(bridge_slave_1) entered disabled state [ 509.649393][T16492] Cannot find set identified by id 0 to match [ 509.771984][T16489] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 509.870411][T16492] pim6reg: entered allmulticast mode [ 509.927524][T16482] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 510.039309][T16500] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3585'. [ 510.054042][T16492] netdevsim netdevsim6 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 510.099620][T16501] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3585'. [ 510.123945][T16492] netdevsim netdevsim6 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 510.151353][T16492] netdevsim netdevsim6 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 510.187441][T16492] netdevsim netdevsim6 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 510.740658][T16506] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 510.846021][T16506] xt_recent: Unsupported userspace flags (00000042) [ 511.699224][T16537] netlink: 'syz.1.3597': attribute type 25 has an invalid length. [ 511.736712][T16537] netlink: 'syz.1.3597': attribute type 7 has an invalid length. [ 512.002786][T16550] lo speed is unknown, defaulting to 1000 [ 512.203136][T16557] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -107 0 [ 512.204226][T16557] xt_bpf: check failed: parse error [ 512.454311][T16564] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3604'. [ 513.095150][T16586] netlink: 'syz.0.3615': attribute type 25 has an invalid length. [ 513.141185][T16586] netlink: 'syz.0.3615': attribute type 7 has an invalid length. [ 513.267559][T16590] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3617'. [ 513.298598][T16592] netlink: 132 bytes leftover after parsing attributes in process `syz.6.3618'. [ 513.317268][T16590] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3617'. [ 513.683218][T16600] FAULT_INJECTION: forcing a failure. [ 513.683218][T16600] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 513.764018][T16600] CPU: 1 UID: 0 PID: 16600 Comm: syz.0.3620 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 513.774882][T16600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 513.784984][T16600] Call Trace: [ 513.788304][T16600] [ 513.791274][T16600] dump_stack_lvl+0x241/0x360 [ 513.796026][T16600] ? __pfx_dump_stack_lvl+0x10/0x10 [ 513.801308][T16600] ? __pfx__printk+0x10/0x10 [ 513.805964][T16600] ? snprintf+0xda/0x120 [ 513.810269][T16600] should_fail_ex+0x3b0/0x4e0 [ 513.814994][T16600] _copy_to_user+0x31/0xb0 [ 513.819467][T16600] simple_read_from_buffer+0xca/0x150 [ 513.824920][T16600] proc_fail_nth_read+0x1e9/0x250 [ 513.830015][T16600] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 513.835619][T16600] ? rw_verify_area+0x55e/0x6f0 [ 513.840514][T16600] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 513.846127][T16600] vfs_read+0x1fc/0xb70 [ 513.850341][T16600] ? __pfx___mutex_lock+0x10/0x10 [ 513.855435][T16600] ? __pfx_vfs_read+0x10/0x10 [ 513.860186][T16600] ? __fget_files+0x2a/0x410 [ 513.864848][T16600] ? __fget_files+0x395/0x410 [ 513.869584][T16600] ? __fget_files+0x2a/0x410 [ 513.874245][T16600] ksys_read+0x18f/0x2b0 [ 513.878553][T16600] ? __pfx_ksys_read+0x10/0x10 [ 513.883402][T16600] ? do_syscall_64+0x100/0x230 [ 513.888233][T16600] ? do_syscall_64+0xb6/0x230 [ 513.892963][T16600] do_syscall_64+0xf3/0x230 [ 513.897515][T16600] ? clear_bhb_loop+0x35/0x90 [ 513.902243][T16600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.908185][T16600] RIP: 0033:0x7f033178473c [ 513.912643][T16600] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 513.932302][T16600] RSP: 002b:00007f03324f7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 513.940774][T16600] RAX: ffffffffffffffda RBX: 00007f0331976080 RCX: 00007f033178473c [ 513.948801][T16600] RDX: 000000000000000f RSI: 00007f03324f70a0 RDI: 0000000000000009 [ 513.956838][T16600] RBP: 00007f03324f7090 R08: 0000000000000000 R09: 0000000000000000 [ 513.964945][T16600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 513.972964][T16600] R13: 0000000000000000 R14: 00007f0331976080 R15: 00007ffdd0e8fd68 [ 513.981004][T16600] [ 514.042587][T16605] netlink: 'syz.6.3624': attribute type 12 has an invalid length. [ 515.117781][T16629] netlink: 'syz.1.3632': attribute type 25 has an invalid length. [ 515.140864][T16629] netlink: 'syz.1.3632': attribute type 7 has an invalid length. [ 515.169237][T16635] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3634'. [ 515.457528][T16641] Cannot find add_set index 32768 as target [ 515.755729][T16651] netlink: 'syz.0.3641': attribute type 3 has an invalid length. [ 515.797840][T16654] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3643'. [ 515.827545][T16651] netlink: 666 bytes leftover after parsing attributes in process `syz.0.3641'. [ 515.840972][T16654] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3643'. [ 515.868555][T16654] FAULT_INJECTION: forcing a failure. [ 515.868555][T16654] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 515.906500][T16651] netlink: 'syz.0.3641': attribute type 1 has an invalid length. [ 515.927107][T16654] CPU: 0 UID: 0 PID: 16654 Comm: syz.5.3643 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 515.937966][T16654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 515.948072][T16654] Call Trace: [ 515.951403][T16654] [ 515.954385][T16654] dump_stack_lvl+0x241/0x360 [ 515.959149][T16654] ? __pfx_dump_stack_lvl+0x10/0x10 [ 515.964421][T16654] ? __pfx__printk+0x10/0x10 [ 515.969085][T16654] ? __check_object_size+0x77/0x730 [ 515.974359][T16654] should_fail_ex+0x3b0/0x4e0 [ 515.979106][T16654] _copy_to_user+0x31/0xb0 [ 515.983601][T16654] simple_read_from_buffer+0xca/0x150 [ 515.989052][T16654] proc_fail_nth_read+0x1e9/0x250 [ 515.994155][T16654] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 515.999791][T16654] ? rw_verify_area+0x55e/0x6f0 [ 516.004709][T16654] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 516.010326][T16654] vfs_read+0x1fc/0xb70 [ 516.014552][T16654] ? __pfx___mutex_lock+0x10/0x10 [ 516.019645][T16654] ? __pfx_vfs_read+0x10/0x10 [ 516.024402][T16654] ? __fget_files+0x2a/0x410 [ 516.029062][T16654] ? __fget_files+0x395/0x410 [ 516.033808][T16654] ? __fget_files+0x2a/0x410 [ 516.038477][T16654] ksys_read+0x18f/0x2b0 [ 516.042775][T16654] ? __pfx_ksys_read+0x10/0x10 [ 516.047566][T16654] ? do_syscall_64+0x100/0x230 [ 516.052373][T16654] ? do_syscall_64+0xb6/0x230 [ 516.057072][T16654] do_syscall_64+0xf3/0x230 [ 516.061597][T16654] ? clear_bhb_loop+0x35/0x90 [ 516.066301][T16654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 516.072257][T16654] RIP: 0033:0x7fd472d8473c [ 516.076694][T16654] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 516.096332][T16654] RSP: 002b:00007fd470bf6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 516.104772][T16654] RAX: ffffffffffffffda RBX: 00007fd472f75fa0 RCX: 00007fd472d8473c [ 516.112809][T16654] RDX: 000000000000000f RSI: 00007fd470bf60a0 RDI: 0000000000000006 [ 516.120803][T16654] RBP: 00007fd470bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 516.128794][T16654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 516.136780][T16654] R13: 0000000000000000 R14: 00007fd472f75fa0 R15: 00007ffc35f38498 [ 516.144796][T16654] [ 516.169915][T16651] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3641'. [ 516.493693][T16662] netlink: 'syz.2.3648': attribute type 25 has an invalid length. [ 516.679263][T16672] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3650'. [ 516.847810][T16674] FAULT_INJECTION: forcing a failure. [ 516.847810][T16674] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 516.865250][T16674] CPU: 0 UID: 0 PID: 16674 Comm: syz.6.3652 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 516.876389][T16674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 516.886594][T16674] Call Trace: [ 516.889928][T16674] [ 516.892903][T16674] dump_stack_lvl+0x241/0x360 [ 516.897652][T16674] ? __pfx_dump_stack_lvl+0x10/0x10 [ 516.902915][T16674] ? __pfx__printk+0x10/0x10 [ 516.907576][T16674] ? snprintf+0xda/0x120 [ 516.911877][T16674] should_fail_ex+0x3b0/0x4e0 [ 516.916607][T16674] _copy_to_user+0x31/0xb0 [ 516.921089][T16674] simple_read_from_buffer+0xca/0x150 [ 516.926527][T16674] proc_fail_nth_read+0x1e9/0x250 [ 516.931612][T16674] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 516.937221][T16674] ? rw_verify_area+0x55e/0x6f0 [ 516.942118][T16674] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 516.947731][T16674] vfs_read+0x1fc/0xb70 [ 516.951936][T16674] ? __pfx___mutex_lock+0x10/0x10 [ 516.957029][T16674] ? __pfx_vfs_read+0x10/0x10 [ 516.961948][T16674] ? __fget_files+0x2a/0x410 [ 516.966616][T16674] ? __fget_files+0x395/0x410 [ 516.971360][T16674] ? __fget_files+0x2a/0x410 [ 516.976019][T16674] ksys_read+0x18f/0x2b0 [ 516.980310][T16674] ? __pfx_ksys_read+0x10/0x10 [ 516.985099][T16674] ? do_syscall_64+0x100/0x230 [ 516.989887][T16674] ? do_syscall_64+0xb6/0x230 [ 516.994585][T16674] do_syscall_64+0xf3/0x230 [ 516.999107][T16674] ? clear_bhb_loop+0x35/0x90 [ 517.003912][T16674] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.009827][T16674] RIP: 0033:0x7f2ed538473c [ 517.014261][T16674] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 517.033895][T16674] RSP: 002b:00007f2ed6288030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 517.042335][T16674] RAX: ffffffffffffffda RBX: 00007f2ed5575fa0 RCX: 00007f2ed538473c [ 517.050323][T16674] RDX: 000000000000000f RSI: 00007f2ed62880a0 RDI: 0000000000000003 [ 517.058311][T16674] RBP: 00007f2ed6288090 R08: 0000000000000000 R09: 0000000000000000 [ 517.066303][T16674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 517.074303][T16674] R13: 0000000000000000 R14: 00007f2ed5575fa0 R15: 00007fff0abcc378 [ 517.082310][T16674] [ 517.172950][T16685] validate_nla: 1 callbacks suppressed [ 517.172997][T16685] netlink: 'syz.2.3656': attribute type 3 has an invalid length. [ 517.489918][T16692] __nla_validate_parse: 1 callbacks suppressed [ 517.489944][T16692] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3658'. [ 517.655985][T16696] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3659'. [ 518.132373][T16705] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3661'. [ 518.153215][T16706] tipc: Started in network mode [ 518.159378][T16706] tipc: Node identity ac14140f, cluster identity 4711 [ 518.188232][T16706] tipc: New replicast peer: 255.255.255.255 [ 518.217230][T16706] tipc: Enabled bearer , priority 10 [ 518.236393][T16710] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3662'. [ 518.283623][T16706] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3662'. [ 518.335611][T16710] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3662'. [ 518.435632][T16714] vcan0: tx drop: invalid sa for name 0xffffffffffffffff [ 518.528350][T16711] lo speed is unknown, defaulting to 1000 [ 518.711213][T16724] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3669'. [ 518.762381][T16727] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3671'. [ 519.193522][T16738] netlink: 'syz.0.3685': attribute type 25 has an invalid length. [ 519.213905][T16738] netlink: 'syz.0.3685': attribute type 7 has an invalid length. [ 519.336787][T14028] tipc: Node number set to 2886997007 [ 519.608304][T16754] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3690'. [ 519.768768][T16752] vcan0: tx drop: invalid sa for name 0xffffffffffffffff [ 519.900300][T16754] xt_CT: No such helper "pptp" [ 519.973899][T16764] netdevsim netdevsim6 netdevsim0: entered promiscuous mode [ 519.996089][T16763] netdevsim netdevsim6 netdevsim0: left promiscuous mode [ 520.396912][T16773] lo speed is unknown, defaulting to 1000 [ 520.589338][T16777] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3686'. [ 521.356254][T16793] netlink: 'syz.1.3691': attribute type 25 has an invalid length. [ 521.398740][T16793] netlink: 'syz.1.3691': attribute type 7 has an invalid length. [ 521.732325][T16804] netlink: 'syz.5.3693': attribute type 12 has an invalid length. [ 522.336038][T16816] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 522.383441][T16815] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 522.418284][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 522.770438][T16826] netlink: 'syz.1.3706': attribute type 25 has an invalid length. [ 522.792969][T16826] netlink: 'syz.1.3706': attribute type 7 has an invalid length. [ 523.038168][T16834] __nla_validate_parse: 2 callbacks suppressed [ 523.038192][T16834] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3709'. [ 523.118191][T16840] FAULT_INJECTION: forcing a failure. [ 523.118191][T16840] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 523.166909][T16840] CPU: 1 UID: 0 PID: 16840 Comm: syz.2.3712 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 523.177861][T16840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 523.188151][T16840] Call Trace: [ 523.191475][T16840] [ 523.194447][T16840] dump_stack_lvl+0x241/0x360 [ 523.199184][T16840] ? __pfx_dump_stack_lvl+0x10/0x10 [ 523.204437][T16840] ? __pfx__printk+0x10/0x10 [ 523.209088][T16840] ? __pfx_lock_release+0x10/0x10 [ 523.214172][T16840] should_fail_ex+0x3b0/0x4e0 [ 523.218902][T16840] _copy_from_iter+0x424/0x1c20 [ 523.223933][T16840] ? __pfx__copy_from_iter+0x10/0x10 [ 523.229279][T16840] ? __virt_addr_valid+0x183/0x530 [ 523.234451][T16840] ? __virt_addr_valid+0x183/0x530 [ 523.239618][T16840] ? __virt_addr_valid+0x45f/0x530 [ 523.244792][T16840] ? __phys_addr_symbol+0x2f/0x70 [ 523.249877][T16840] ? __check_object_size+0x47a/0x730 [ 523.255235][T16840] netlink_sendmsg+0x73d/0xcb0 [ 523.260067][T16840] ? __pfx_netlink_sendmsg+0x10/0x10 [ 523.265500][T16840] ? aa_sock_msg_perm+0x91/0x160 [ 523.270499][T16840] ? __pfx_netlink_sendmsg+0x10/0x10 [ 523.275840][T16840] __sock_sendmsg+0x221/0x270 [ 523.280584][T16840] sock_write_iter+0x2d7/0x3f0 [ 523.285496][T16840] ? __pfx_sock_write_iter+0x10/0x10 [ 523.290863][T16840] do_iter_readv_writev+0x600/0x880 [ 523.296125][T16840] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 523.301903][T16840] ? bpf_lsm_file_permission+0x9/0x10 [ 523.307343][T16840] ? security_file_permission+0x74/0x280 [ 523.313027][T16840] ? rw_verify_area+0x1c3/0x6f0 [ 523.317928][T16840] vfs_writev+0x376/0xba0 [ 523.322317][T16840] ? __pfx_lock_acquire+0x10/0x10 [ 523.327401][T16840] ? __pfx_vfs_writev+0x10/0x10 [ 523.332407][T16840] ? __pfx_vfs_write+0x10/0x10 [ 523.337212][T16840] ? __fget_files+0x2a/0x410 [ 523.341854][T16840] ? __fget_files+0x395/0x410 [ 523.346583][T16840] ? __fget_files+0x2a/0x410 [ 523.351233][T16840] do_writev+0x1b6/0x360 [ 523.355535][T16840] ? __pfx_do_writev+0x10/0x10 [ 523.360348][T16840] ? do_syscall_64+0x100/0x230 [ 523.365185][T16840] ? do_syscall_64+0xb6/0x230 [ 523.369917][T16840] do_syscall_64+0xf3/0x230 [ 523.374471][T16840] ? clear_bhb_loop+0x35/0x90 [ 523.379245][T16840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.385207][T16840] RIP: 0033:0x7f66e5d85d29 [ 523.389675][T16840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 523.409333][T16840] RSP: 002b:00007f66e6c38038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 523.417812][T16840] RAX: ffffffffffffffda RBX: 00007f66e5f75fa0 RCX: 00007f66e5d85d29 [ 523.425830][T16840] RDX: 0000000000000002 RSI: 00000000200001c0 RDI: 0000000000000004 [ 523.433850][T16840] RBP: 00007f66e6c38090 R08: 0000000000000000 R09: 0000000000000000 [ 523.441962][T16840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 523.449984][T16840] R13: 0000000000000000 R14: 00007f66e5f75fa0 R15: 00007fff04b33b48 [ 523.458026][T16840] [ 523.597492][T16842] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3714'. [ 523.936474][T16856] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3717'. [ 524.349252][T16870] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 524.428504][T16869] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 524.479981][T16876] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3725'. [ 524.703722][T16885] netlink: 'syz.5.3729': attribute type 25 has an invalid length. [ 524.724245][T16885] netlink: 'syz.5.3729': attribute type 7 has an invalid length. [ 524.805478][T16887] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0 [ 524.928125][T16891] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3731'. [ 525.061822][T16894] lo speed is unknown, defaulting to 1000 [ 525.683227][T16905] lo speed is unknown, defaulting to 1000 [ 525.887758][T16911] tipc: Started in network mode [ 525.892714][T16911] tipc: Node identity 002e0000000000000000000000000001, cluster identity 4711 [ 525.932145][T16911] tipc: Enabling of bearer rejected, failed to enable media [ 526.154124][T16916] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.329811][T16916] bridge_slave_1 (unregistering): left allmulticast mode [ 526.358038][T16916] bridge_slave_1 (unregistering): left promiscuous mode [ 526.375686][T16916] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.412229][T16918] netlink: 'syz.5.3741': attribute type 25 has an invalid length. [ 526.421254][ T5843] Bluetooth: hci4: command 0x0405 tx timeout [ 526.429825][T16918] netlink: 'syz.5.3741': attribute type 7 has an invalid length. [ 526.494332][T16894] lo speed is unknown, defaulting to 1000 [ 526.513257][T16923] netlink: 'syz.2.3742': attribute type 27 has an invalid length. [ 526.767417][T16930] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3743'. [ 526.799749][T16926] syzkaller1: entered allmulticast mode [ 526.850036][T16909] geneve2: entered promiscuous mode [ 526.856493][T16909] geneve2: entered allmulticast mode [ 527.110040][T16935] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3745'. [ 527.837426][T16950] netlink: 'syz.1.3750': attribute type 3 has an invalid length. [ 527.838599][T16951] netlink: 'syz.1.3750': attribute type 1 has an invalid length. [ 527.845981][T16950] netlink: 666 bytes leftover after parsing attributes in process `syz.1.3750'. [ 527.853417][T16951] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3750'. [ 528.261138][T16959] netlink: 1280 bytes leftover after parsing attributes in process `syz.2.3755'. [ 528.556342][T16970] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3758'. [ 528.754073][T16964] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3754'. [ 529.176381][T16980] rdma_rxe: rxe_newlink: failed to add lo [ 529.702250][T16986] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3763'. [ 530.275961][T17002] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3770'. [ 530.729942][T17013] netlink: 'syz.2.3776': attribute type 25 has an invalid length. [ 530.766727][T17013] netlink: 'syz.2.3776': attribute type 7 has an invalid length. [ 531.033070][T17021] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3782'. [ 531.046175][T17021] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3782'. [ 531.116210][T17030] netlink: 'syz.0.3780': attribute type 26 has an invalid length. [ 531.243806][T17036] FAULT_INJECTION: forcing a failure. [ 531.243806][T17036] name failslab, interval 1, probability 0, space 0, times 0 [ 531.256642][T17036] CPU: 1 UID: 0 PID: 17036 Comm: syz.0.3784 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 531.267468][T17036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 531.277697][T17036] Call Trace: [ 531.281022][T17036] [ 531.283995][T17036] dump_stack_lvl+0x241/0x360 [ 531.288739][T17036] ? __pfx_dump_stack_lvl+0x10/0x10 [ 531.294003][T17036] ? __pfx__printk+0x10/0x10 [ 531.298659][T17036] ? __kmalloc_cache_node_noprof+0x47/0x3a0 [ 531.304609][T17036] ? __pfx___might_resched+0x10/0x10 [ 531.309943][T17036] should_fail_ex+0x3b0/0x4e0 [ 531.314762][T17036] should_failslab+0xac/0x100 [ 531.319512][T17036] ? __get_vm_area_node+0x132/0x2d0 [ 531.324769][T17036] __kmalloc_cache_node_noprof+0x6f/0x3a0 [ 531.330596][T17036] __get_vm_area_node+0x132/0x2d0 [ 531.335672][T17036] __vmalloc_node_range_noprof+0x344/0x1380 [ 531.341600][T17036] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 531.347179][T17036] ? mark_lock+0x9a/0x360 [ 531.351559][T17036] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 531.357928][T17036] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 531.363610][T17036] __vmalloc_noprof+0x79/0x90 [ 531.368305][T17036] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 531.373876][T17036] bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 531.379287][T17036] ? bpf_prog_alloc+0x28/0x1b0 [ 531.384080][T17036] bpf_prog_alloc+0x3a/0x1b0 [ 531.388694][T17036] bpf_prog_load+0x7f7/0x20f0 [ 531.393405][T17036] ? __pfx_bpf_prog_load+0x10/0x10 [ 531.398541][T17036] ? __pfx___might_resched+0x10/0x10 [ 531.403862][T17036] ? __might_fault+0xc6/0x120 [ 531.408573][T17036] __sys_bpf+0x4ee/0x810 [ 531.412840][T17036] ? __pfx___sys_bpf+0x10/0x10 [ 531.417641][T17036] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 531.423652][T17036] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 531.430008][T17036] ? do_syscall_64+0x100/0x230 [ 531.434802][T17036] __x64_sys_bpf+0x7c/0x90 [ 531.439252][T17036] do_syscall_64+0xf3/0x230 [ 531.443779][T17036] ? clear_bhb_loop+0x35/0x90 [ 531.448489][T17036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.454406][T17036] RIP: 0033:0x7f0331785d29 [ 531.458859][T17036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 531.478506][T17036] RSP: 002b:00007f0332518038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 531.486955][T17036] RAX: ffffffffffffffda RBX: 00007f0331975fa0 RCX: 00007f0331785d29 [ 531.494982][T17036] RDX: 0000000000000090 RSI: 0000000020000880 RDI: 0000000000000005 [ 531.503013][T17036] RBP: 00007f0332518090 R08: 0000000000000000 R09: 0000000000000000 [ 531.511095][T17036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 531.519088][T17036] R13: 0000000000000000 R14: 00007f0331975fa0 R15: 00007ffdd0e8fd68 [ 531.527101][T17036] [ 531.532881][T17036] warn_alloc: 2 callbacks suppressed [ 531.532907][T17036] syz.0.3784: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 531.555715][T17036] CPU: 1 UID: 0 PID: 17036 Comm: syz.0.3784 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 531.566555][T17036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 531.576663][T17036] Call Trace: [ 531.580080][T17036] [ 531.583058][T17036] dump_stack_lvl+0x241/0x360 [ 531.587939][T17036] ? __pfx_dump_stack_lvl+0x10/0x10 [ 531.593238][T17036] ? __pfx__printk+0x10/0x10 [ 531.597922][T17036] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 531.604404][T17036] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 531.611070][T17036] warn_alloc+0x278/0x410 [ 531.615466][T17036] ? __pfx_warn_alloc+0x10/0x10 [ 531.620392][T17036] ? __kasan_kmalloc+0x23/0xb0 [ 531.625188][T17036] ? __kmalloc_cache_node_noprof+0x25d/0x3a0 [ 531.631214][T17036] ? __get_vm_area_node+0x280/0x2d0 [ 531.636453][T17036] __vmalloc_node_range_noprof+0x369/0x1380 [ 531.642390][T17036] ? mark_lock+0x9a/0x360 [ 531.646768][T17036] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 531.653140][T17036] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 531.658715][T17036] __vmalloc_noprof+0x79/0x90 [ 531.663409][T17036] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 531.668989][T17036] bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 531.674390][T17036] ? bpf_prog_alloc+0x28/0x1b0 [ 531.679202][T17036] bpf_prog_alloc+0x3a/0x1b0 [ 531.683822][T17036] bpf_prog_load+0x7f7/0x20f0 [ 531.688554][T17036] ? __pfx_bpf_prog_load+0x10/0x10 [ 531.693689][T17036] ? __pfx___might_resched+0x10/0x10 [ 531.699020][T17036] ? __might_fault+0xc6/0x120 [ 531.703721][T17036] __sys_bpf+0x4ee/0x810 [ 531.708015][T17036] ? __pfx___sys_bpf+0x10/0x10 [ 531.712842][T17036] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 531.718875][T17036] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 531.725239][T17036] ? do_syscall_64+0x100/0x230 [ 531.730035][T17036] __x64_sys_bpf+0x7c/0x90 [ 531.734488][T17036] do_syscall_64+0xf3/0x230 [ 531.739019][T17036] ? clear_bhb_loop+0x35/0x90 [ 531.743732][T17036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.749658][T17036] RIP: 0033:0x7f0331785d29 [ 531.754097][T17036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 531.773759][T17036] RSP: 002b:00007f0332518038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 531.782230][T17036] RAX: ffffffffffffffda RBX: 00007f0331975fa0 RCX: 00007f0331785d29 [ 531.790238][T17036] RDX: 0000000000000090 RSI: 0000000020000880 RDI: 0000000000000005 [ 531.798232][T17036] RBP: 00007f0332518090 R08: 0000000000000000 R09: 0000000000000000 [ 531.806223][T17036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 531.814213][T17036] R13: 0000000000000000 R14: 00007f0331975fa0 R15: 00007ffdd0e8fd68 [ 531.822229][T17036] [ 531.828034][T17036] Mem-Info: [ 531.831315][T17036] active_anon:3713 inactive_anon:0 isolated_anon:0 [ 531.831315][T17036] active_file:1701 inactive_file:38506 isolated_file:0 [ 531.831315][T17036] unevictable:768 dirty:198 writeback:0 [ 531.831315][T17036] slab_reclaimable:12070 slab_unreclaimable:128568 [ 531.831315][T17036] mapped:28732 shmem:1459 pagetables:627 [ 531.831315][T17036] sec_pagetables:0 bounce:0 [ 531.831315][T17036] kernel_misc_reclaimable:0 [ 531.831315][T17036] free:1308668 free_pcp:533 free_cma:0 [ 531.877624][T17036] Node 0 active_anon:14852kB inactive_anon:0kB active_file:6804kB inactive_file:153948kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:114928kB dirty:792kB writeback:0kB shmem:4300kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13636kB pagetables:2508kB sec_pagetables:0kB all_unreclaimable? no [ 531.910644][T17036] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 531.941514][T17036] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 531.969195][T17036] lowmem_reserve[]: 0 2465 2466 0 0 [ 531.974604][T17036] Node 0 DMA32 free:1313912kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:14816kB inactive_anon:0kB active_file:6804kB inactive_file:153108kB unevictable:1536kB writepending:792kB present:3129332kB managed:2552756kB mlocked:0kB bounce:0kB free_pcp:2332kB local_pcp:1172kB free_cma:0kB [ 532.005991][T17036] lowmem_reserve[]: 0 0 0 0 0 [ 532.011507][T17036] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:840kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 532.039385][T17036] lowmem_reserve[]: 0 0 0 0 0 [ 532.044879][T17036] Node 1 Normal free:3904888kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 532.076586][T17036] lowmem_reserve[]: 0 0 0 0 0 [ 532.081946][T17036] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 532.095251][T17036] Node 0 DMA32: 79*4kB (UM) 221*8kB (UME) 197*16kB (UME) 284*32kB (UME) 189*64kB (UME) 71*128kB (UME) 38*256kB (UME) 16*512kB (UME) 89*1024kB (UME) 2*2048kB (U) 285*4096kB (UME) = 1316020kB [ 532.114852][T17036] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 532.126796][T17036] Node 1 Normal: 240*4kB (UE) 69*8kB (UME) 39*16kB (UME) 203*32kB (UME) 103*64kB (UME) 32*128kB (UME) 14*256kB (UM) 8*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 945*4096kB (UM) = 3904888kB [ 532.146083][T17036] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 532.155841][T17036] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 532.165364][T17036] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 532.175373][T17036] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 532.185665][T17036] 41666 total pagecache pages [ 532.190797][T17036] 0 pages in swap cache [ 532.195016][T17036] Free swap = 124996kB [ 532.199636][T17036] Total swap = 124996kB [ 532.203838][T17036] 2097051 pages RAM [ 532.207757][T17036] 0 pages HighMem/MovableOnly [ 532.212572][T17036] 427012 pages reserved [ 532.216762][T17036] 0 pages cma reserved [ 532.342918][T17047] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3787'. [ 532.737489][T17064] netlink: 'syz.6.3793': attribute type 21 has an invalid length. [ 532.748118][T17064] netlink: 152 bytes leftover after parsing attributes in process `syz.6.3793'. [ 533.051382][T17071] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 533.082297][T17070] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 533.125954][T17075] netlink: 'syz.6.3798': attribute type 3 has an invalid length. [ 533.166646][T17075] netlink: 666 bytes leftover after parsing attributes in process `syz.6.3798'. [ 533.269113][T17075] netlink: 'syz.6.3798': attribute type 1 has an invalid length. [ 533.277572][T17075] netlink: 224 bytes leftover after parsing attributes in process `syz.6.3798'. [ 533.535106][T17090] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3802'. [ 533.704452][T17094] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3803'. [ 534.173436][T17108] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3812'. [ 534.223930][T17108] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3812'. [ 534.284103][T17112] netlink: 'syz.0.3814': attribute type 25 has an invalid length. [ 534.317219][T17112] netlink: 'syz.0.3814': attribute type 7 has an invalid length. [ 534.523623][T17119] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3817'. [ 535.297959][T17147] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3826'. [ 536.000906][T17174] netlink: 'syz.6.3838': attribute type 12 has an invalid length. [ 536.166263][T17180] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3841'. [ 536.180799][T17178] netlink: 'syz.2.3840': attribute type 25 has an invalid length. [ 536.204762][T17178] netlink: 'syz.2.3840': attribute type 7 has an invalid length. [ 536.260939][T17183] netlink: 'syz.0.3842': attribute type 12 has an invalid length. [ 536.493198][T17187] nicvf0: tun_chr_ioctl cmd 1074025676 [ 536.507769][T17187] nicvf0: owner set to 0 [ 536.570791][T17188] netlink: 'syz.6.3844': attribute type 3 has an invalid length. [ 536.579463][T17191] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3845'. [ 536.613613][T17188] netlink: 666 bytes leftover after parsing attributes in process `syz.6.3844'. [ 536.703413][T17188] netlink: 'syz.6.3844': attribute type 1 has an invalid length. [ 536.807526][T17202] FAULT_INJECTION: forcing a failure. [ 536.807526][T17202] name failslab, interval 1, probability 0, space 0, times 0 [ 536.857952][T17202] CPU: 1 UID: 0 PID: 17202 Comm: syz.2.3849 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 536.868816][T17202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 536.878935][T17202] Call Trace: [ 536.882249][T17202] [ 536.885230][T17202] dump_stack_lvl+0x241/0x360 [ 536.889977][T17202] ? __pfx_dump_stack_lvl+0x10/0x10 [ 536.895239][T17202] ? __pfx__printk+0x10/0x10 [ 536.899897][T17202] ? fs_reclaim_acquire+0x93/0x130 [ 536.905063][T17202] ? __pfx___might_resched+0x10/0x10 [ 536.910407][T17202] should_fail_ex+0x3b0/0x4e0 [ 536.915158][T17202] should_failslab+0xac/0x100 [ 536.919915][T17202] __kmalloc_noprof+0xdd/0x4c0 [ 536.924743][T17202] ? kstrtouint_from_user+0x128/0x190 [ 536.930177][T17202] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 536.935972][T17202] tomoyo_realpath_from_path+0xcf/0x5e0 [ 536.941595][T17202] tomoyo_path_number_perm+0x236/0x860 [ 536.947124][T17202] ? __lock_acquire+0x1397/0x2100 [ 536.952217][T17202] ? tomoyo_path_number_perm+0x206/0x860 [ 536.957925][T17202] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 536.964029][T17202] ? __fget_files+0x2a/0x410 [ 536.968695][T17202] ? __fget_files+0x2a/0x410 [ 536.973366][T17202] security_file_ioctl+0xc6/0x2a0 [ 536.978460][T17202] __se_sys_ioctl+0x46/0x170 [ 536.983110][T17202] do_syscall_64+0xf3/0x230 [ 536.987673][T17202] ? clear_bhb_loop+0x35/0x90 [ 536.992415][T17202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.998551][T17202] RIP: 0033:0x7f66e5d85d29 [ 537.003019][T17202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 537.022682][T17202] RSP: 002b:00007f66e6c38038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 537.031163][T17202] RAX: ffffffffffffffda RBX: 00007f66e5f75fa0 RCX: 00007f66e5d85d29 [ 537.039276][T17202] RDX: 0000000020000000 RSI: 0000000000008b34 RDI: 0000000000000003 [ 537.047317][T17202] RBP: 00007f66e6c38090 R08: 0000000000000000 R09: 0000000000000000 [ 537.055346][T17202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 537.063366][T17202] R13: 0000000000000000 R14: 00007f66e5f75fa0 R15: 00007fff04b33b48 [ 537.071494][T17202] [ 537.117042][T17202] ERROR: Out of memory at tomoyo_realpath_from_path. [ 538.131580][T17239] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 538.142856][T17237] netdevsim netdevsim5 netdevsim0: left promiscuous mode [ 538.745641][T17265] validate_nla: 4 callbacks suppressed [ 538.745666][T17265] netlink: 'syz.5.3874': attribute type 3 has an invalid length. [ 538.797196][T17265] __nla_validate_parse: 4 callbacks suppressed [ 538.797224][T17265] netlink: 666 bytes leftover after parsing attributes in process `syz.5.3874'. [ 538.847998][T17265] netlink: 'syz.5.3874': attribute type 1 has an invalid length. [ 538.855868][T17265] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3874'. [ 539.001460][T17270] netlink: 'syz.0.3876': attribute type 12 has an invalid length. [ 539.752228][T17302] netlink: 'syz.6.3887': attribute type 12 has an invalid length. [ 539.769530][T17298] FAULT_INJECTION: forcing a failure. [ 539.769530][T17298] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 539.805041][T17298] CPU: 1 UID: 0 PID: 17298 Comm: syz.5.3886 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 539.815947][T17298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 539.826072][T17298] Call Trace: [ 539.829407][T17298] [ 539.832386][T17298] dump_stack_lvl+0x241/0x360 [ 539.837126][T17298] ? __pfx_dump_stack_lvl+0x10/0x10 [ 539.842380][T17298] ? __pfx__printk+0x10/0x10 [ 539.847030][T17298] ? __pfx_lock_release+0x10/0x10 [ 539.852114][T17298] ? tomoyo_path_number_perm+0x6f9/0x860 [ 539.857808][T17298] ? __lock_acquire+0x1397/0x2100 [ 539.862892][T17298] should_fail_ex+0x3b0/0x4e0 [ 539.867624][T17298] _copy_from_user+0x2f/0xc0 [ 539.872277][T17298] wext_handle_ioctl+0xef/0x280 [ 539.877182][T17298] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 539.882691][T17298] sock_ioctl+0x17c/0x8e0 [ 539.887068][T17298] ? __pfx_sock_ioctl+0x10/0x10 [ 539.891959][T17298] ? __fget_files+0x2a/0x410 [ 539.896586][T17298] ? __fget_files+0x2a/0x410 [ 539.901211][T17298] ? __pfx_sock_ioctl+0x10/0x10 [ 539.906101][T17298] __se_sys_ioctl+0xf5/0x170 [ 539.910806][T17298] do_syscall_64+0xf3/0x230 [ 539.915343][T17298] ? clear_bhb_loop+0x35/0x90 [ 539.920060][T17298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.925985][T17298] RIP: 0033:0x7fd472d85d29 [ 539.930434][T17298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 539.950078][T17298] RSP: 002b:00007fd470bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 539.958558][T17298] RAX: ffffffffffffffda RBX: 00007fd472f75fa0 RCX: 00007fd472d85d29 [ 539.966553][T17298] RDX: 0000000020000000 RSI: 0000000000008b34 RDI: 0000000000000003 [ 539.974566][T17298] RBP: 00007fd470bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 539.982555][T17298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 539.990547][T17298] R13: 0000000000000000 R14: 00007fd472f75fa0 R15: 00007ffc35f38498 [ 539.998558][T17298] [ 540.201554][T17305] netlink: 'syz.6.3888': attribute type 3 has an invalid length. [ 540.214221][T17305] netlink: 666 bytes leftover after parsing attributes in process `syz.6.3888'. [ 540.274688][T17305] netlink: 'syz.6.3888': attribute type 1 has an invalid length. [ 540.296187][T17305] netlink: 224 bytes leftover after parsing attributes in process `syz.6.3888'. [ 540.376282][T17310] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3890'. [ 540.450062][T17310] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 541.282562][T17332] bridge0: port 3(vlan2) entered blocking state [ 541.312215][T17332] bridge0: port 3(vlan2) entered disabled state [ 541.334932][T17332] vlan2: entered allmulticast mode [ 541.355900][T17332] bond0: entered allmulticast mode [ 541.375430][T17332] bond_slave_0: entered allmulticast mode [ 541.396785][T17332] bond_slave_1: entered allmulticast mode [ 541.419638][T17332] vlan2: entered promiscuous mode [ 541.439643][T17332] bond0: entered promiscuous mode [ 541.457446][T17332] bond_slave_0: entered promiscuous mode [ 541.475835][T17332] bond_slave_1: entered promiscuous mode [ 541.499778][T17332] bridge0: port 3(vlan2) entered blocking state [ 541.506244][T17332] bridge0: port 3(vlan2) entered forwarding state [ 541.644897][T17348] netlink: 'syz.5.3902': attribute type 3 has an invalid length. [ 541.677281][T17348] netlink: 666 bytes leftover after parsing attributes in process `syz.5.3902'. [ 541.790127][T17348] netlink: 'syz.5.3902': attribute type 1 has an invalid length. [ 541.837266][T17348] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3902'. [ 542.190105][T17362] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3910'. [ 542.653530][T17373] bridge0: port 3(vlan1) entered blocking state [ 542.680468][T17373] bridge0: port 3(vlan1) entered disabled state [ 542.704188][T17373] vlan1: entered allmulticast mode [ 542.720494][T17373] bond0: entered allmulticast mode [ 542.762494][T17373] bond_slave_0: entered allmulticast mode [ 542.779917][T17373] bond_slave_1: entered allmulticast mode [ 542.804378][T17373] vlan1: entered promiscuous mode [ 542.821098][T17373] bond0: entered promiscuous mode [ 542.854380][T17373] bond_slave_0: entered promiscuous mode [ 542.899742][T17373] bond_slave_1: entered promiscuous mode [ 542.929144][T17373] bridge0: port 3(vlan1) entered blocking state [ 542.936231][T17373] bridge0: port 3(vlan1) entered forwarding state [ 543.099232][T17393] netlink: 'syz.5.3917': attribute type 3 has an invalid length. [ 543.128868][T17393] netlink: 666 bytes leftover after parsing attributes in process `syz.5.3917'. [ 543.240084][T17393] netlink: 'syz.5.3917': attribute type 1 has an invalid length. [ 543.259796][T17393] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3917'. [ 543.458778][T17403] FAULT_INJECTION: forcing a failure. [ 543.458778][T17403] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 543.481983][T17403] CPU: 0 UID: 0 PID: 17403 Comm: syz.0.3920 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 543.492831][T17403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 543.502941][T17403] Call Trace: [ 543.506262][T17403] [ 543.509231][T17403] dump_stack_lvl+0x241/0x360 [ 543.513963][T17403] ? __pfx_dump_stack_lvl+0x10/0x10 [ 543.519211][T17403] ? __pfx__printk+0x10/0x10 [ 543.523861][T17403] ? snprintf+0xda/0x120 [ 543.528160][T17403] should_fail_ex+0x3b0/0x4e0 [ 543.532888][T17403] _copy_to_user+0x31/0xb0 [ 543.537362][T17403] simple_read_from_buffer+0xca/0x150 [ 543.542776][T17403] proc_fail_nth_read+0x1e9/0x250 [ 543.547847][T17403] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 543.553421][T17403] ? rw_verify_area+0x55e/0x6f0 [ 543.558300][T17403] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 543.563866][T17403] vfs_read+0x1fc/0xb70 [ 543.568042][T17403] ? __pfx___mutex_lock+0x10/0x10 [ 543.573083][T17403] ? __pfx_vfs_read+0x10/0x10 [ 543.577789][T17403] ? __fget_files+0x2a/0x410 [ 543.582421][T17403] ? __fget_files+0x395/0x410 [ 543.587125][T17403] ? __fget_files+0x2a/0x410 [ 543.591743][T17403] ksys_read+0x18f/0x2b0 [ 543.596001][T17403] ? __pfx_ksys_read+0x10/0x10 [ 543.600867][T17403] ? do_syscall_64+0x100/0x230 [ 543.605651][T17403] ? do_syscall_64+0xb6/0x230 [ 543.610346][T17403] do_syscall_64+0xf3/0x230 [ 543.614993][T17403] ? clear_bhb_loop+0x35/0x90 [ 543.619718][T17403] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.625641][T17403] RIP: 0033:0x7f033178473c [ 543.630253][T17403] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 543.649883][T17403] RSP: 002b:00007f0332518030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 543.658320][T17403] RAX: ffffffffffffffda RBX: 00007f0331975fa0 RCX: 00007f033178473c [ 543.666306][T17403] RDX: 000000000000000f RSI: 00007f03325180a0 RDI: 0000000000000004 [ 543.674287][T17403] RBP: 00007f0332518090 R08: 0000000000000000 R09: 0000000000000000 [ 543.682275][T17403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 543.690260][T17403] R13: 0000000000000000 R14: 00007f0331975fa0 R15: 00007ffdd0e8fd68 [ 543.698259][T17403] [ 543.740094][T17407] FAULT_INJECTION: forcing a failure. [ 543.740094][T17407] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 543.787544][T17407] CPU: 1 UID: 0 PID: 17407 Comm: syz.6.3923 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 543.798396][T17407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 543.808597][T17407] Call Trace: [ 543.811913][T17407] [ 543.814878][T17407] dump_stack_lvl+0x241/0x360 [ 543.819597][T17407] ? __pfx_dump_stack_lvl+0x10/0x10 [ 543.824831][T17407] ? __pfx__printk+0x10/0x10 [ 543.829487][T17407] ? __pfx_lock_release+0x10/0x10 [ 543.834542][T17407] should_fail_ex+0x3b0/0x4e0 [ 543.839250][T17407] _copy_from_user+0x2f/0xc0 [ 543.843880][T17407] copy_msghdr_from_user+0xae/0x680 [ 543.849119][T17407] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 543.854961][T17407] ? __fget_files+0x2a/0x410 [ 543.859582][T17407] ? __fget_files+0x2a/0x410 [ 543.864211][T17407] __sys_sendmsg+0x209/0x350 [ 543.868825][T17407] ? __pfx_lock_release+0x10/0x10 [ 543.873891][T17407] ? __pfx___sys_sendmsg+0x10/0x10 [ 543.879036][T17407] ? __pfx_vfs_write+0x10/0x10 [ 543.883843][T17407] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 543.890198][T17407] ? do_syscall_64+0x100/0x230 [ 543.894986][T17407] ? do_syscall_64+0xb6/0x230 [ 543.899692][T17407] do_syscall_64+0xf3/0x230 [ 543.904223][T17407] ? clear_bhb_loop+0x35/0x90 [ 543.908929][T17407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.914854][T17407] RIP: 0033:0x7f2ed5385d29 [ 543.919287][T17407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 543.938919][T17407] RSP: 002b:00007f2ed6288038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 543.947359][T17407] RAX: ffffffffffffffda RBX: 00007f2ed5575fa0 RCX: 00007f2ed5385d29 [ 543.955353][T17407] RDX: 0000000000000000 RSI: 00000000200014c0 RDI: 0000000000000003 [ 543.963370][T17407] RBP: 00007f2ed6288090 R08: 0000000000000000 R09: 0000000000000000 [ 543.971385][T17407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 543.979379][T17407] R13: 0000000000000000 R14: 00007f2ed5575fa0 R15: 00007fff0abcc378 [ 543.987386][T17407] [ 544.087425][T17411] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3924'. [ 544.297628][T17417] FAULT_INJECTION: forcing a failure. [ 544.297628][T17417] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 544.323786][T17417] CPU: 1 UID: 0 PID: 17417 Comm: syz.6.3926 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 544.334635][T17417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 544.344741][T17417] Call Trace: [ 544.348056][T17417] [ 544.351019][T17417] dump_stack_lvl+0x241/0x360 [ 544.355749][T17417] ? __pfx_dump_stack_lvl+0x10/0x10 [ 544.361004][T17417] ? __pfx__printk+0x10/0x10 [ 544.365643][T17417] ? __pfx_lock_release+0x10/0x10 [ 544.370726][T17417] should_fail_ex+0x3b0/0x4e0 [ 544.375452][T17417] _copy_from_user+0x2f/0xc0 [ 544.380113][T17417] ioctl_standard_iw_point+0x588/0xcb0 [ 544.385640][T17417] ? __pfx_cfg80211_wext_siwencodeext+0x10/0x10 [ 544.391921][T17417] ? __pfx_ioctl_standard_iw_point+0x10/0x10 [ 544.397948][T17417] ? wext_ioctl_dispatch+0x102/0x530 [ 544.403284][T17417] ? __pfx___mutex_lock+0x10/0x10 [ 544.408363][T17417] ? full_name_hash+0x93/0xe0 [ 544.413097][T17417] ioctl_standard_call+0xbd/0x190 [ 544.418174][T17417] ? __pfx_cfg80211_wext_siwencodeext+0x10/0x10 [ 544.424461][T17417] ? __pfx_cfg80211_wext_siwencodeext+0x10/0x10 [ 544.430753][T17417] wext_ioctl_dispatch+0x14f/0x530 [ 544.435919][T17417] ? __lock_acquire+0x1397/0x2100 [ 544.440996][T17417] ? __pfx_ioctl_standard_call+0x10/0x10 [ 544.446673][T17417] ? __pfx_wext_ioctl_dispatch+0x10/0x10 [ 544.452355][T17417] ? __might_fault+0xc6/0x120 [ 544.457082][T17417] wext_handle_ioctl+0x166/0x280 [ 544.462068][T17417] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 544.467592][T17417] sock_ioctl+0x17c/0x8e0 [ 544.471977][T17417] ? __pfx_sock_ioctl+0x10/0x10 [ 544.476878][T17417] ? __fget_files+0x2a/0x410 [ 544.481526][T17417] ? __fget_files+0x2a/0x410 [ 544.486168][T17417] ? __pfx_sock_ioctl+0x10/0x10 [ 544.491085][T17417] __se_sys_ioctl+0xf5/0x170 [ 544.495736][T17417] do_syscall_64+0xf3/0x230 [ 544.500292][T17417] ? clear_bhb_loop+0x35/0x90 [ 544.505021][T17417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.510990][T17417] RIP: 0033:0x7f2ed5385d29 [ 544.515443][T17417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 544.535099][T17417] RSP: 002b:00007f2ed6288038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 544.543591][T17417] RAX: ffffffffffffffda RBX: 00007f2ed5575fa0 RCX: 00007f2ed5385d29 [ 544.551620][T17417] RDX: 0000000020000000 RSI: 0000000000008b34 RDI: 0000000000000003 [ 544.559651][T17417] RBP: 00007f2ed6288090 R08: 0000000000000000 R09: 0000000000000000 [ 544.567666][T17417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 544.575691][T17417] R13: 0000000000000000 R14: 00007f2ed5575fa0 R15: 00007fff0abcc378 [ 544.583750][T17417] [ 544.712476][T17422] infiniband syz0: set active [ 544.743589][T17422] bridge_slave_0: left allmulticast mode [ 544.794221][T17422] bridge_slave_0: left promiscuous mode [ 544.832682][T17422] bridge0: port 1(bridge_slave_0) entered disabled state [ 544.898372][T17422] bond0: (slave bond_slave_0): Releasing backup interface [ 544.975612][T17422] bond_slave_0: left promiscuous mode [ 545.000738][T17422] bond_slave_0: left allmulticast mode [ 545.029965][T17422] bond0: (slave bond_slave_1): Releasing backup interface [ 545.145581][T17422] bond_slave_1: left promiscuous mode [ 545.175947][T17422] bond_slave_1: left allmulticast mode [ 545.229268][T17422] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 545.246858][T17422] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 545.274178][T17422] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 545.295608][T17422] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 545.375798][T17422] vlan2: left allmulticast mode [ 545.403011][T17422] bond0: left allmulticast mode [ 545.423208][T17422] vlan2: left promiscuous mode [ 545.438214][T17422] bond0: left promiscuous mode [ 545.453166][T17422] bridge0: port 3(vlan2) entered disabled state [ 545.502058][T14031] lo speed is unknown, defaulting to 1000 [ 545.534529][T17426] lo speed is unknown, defaulting to 1000 [ 545.878590][T17459] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3935'. [ 545.937597][T17461] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3935'. [ 546.585334][T17487] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3938'. [ 547.324665][T17475] netlink: 132 bytes leftover after parsing attributes in process `syz.6.3939'. [ 548.240488][T17515] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3951'. [ 548.277351][T17515] bond0: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 549.358874][T17553] lo speed is unknown, defaulting to 1000 [ 549.806431][T17580] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3973'. [ 550.432699][T17599] validate_nla: 1 callbacks suppressed [ 550.432749][T17599] netlink: 'syz.1.3978': attribute type 12 has an invalid length. [ 550.548437][T17596] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.642664][T17604] ebt_among: dst integrity fail: 101 [ 550.831016][T17596] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.071802][T17596] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.300048][T17611] FAULT_INJECTION: forcing a failure. [ 551.300048][T17611] name failslab, interval 1, probability 0, space 0, times 0 [ 551.357792][T17611] CPU: 1 UID: 0 PID: 17611 Comm: syz.6.3981 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 551.368737][T17611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 551.378933][T17611] Call Trace: [ 551.382250][T17611] [ 551.385214][T17611] dump_stack_lvl+0x241/0x360 [ 551.389960][T17611] ? __pfx_dump_stack_lvl+0x10/0x10 [ 551.395222][T17611] ? __pfx__printk+0x10/0x10 [ 551.399880][T17611] ? kmem_cache_alloc_noprof+0x48/0x380 [ 551.405962][T17611] ? __pfx___might_resched+0x10/0x10 [ 551.411308][T17611] should_fail_ex+0x3b0/0x4e0 [ 551.416044][T17611] should_failslab+0xac/0x100 [ 551.420802][T17611] ? skb_clone+0x20c/0x390 [ 551.425272][T17611] kmem_cache_alloc_noprof+0x70/0x380 [ 551.430703][T17611] ? __virt_addr_valid+0x45f/0x530 [ 551.435873][T17611] skb_clone+0x20c/0x390 [ 551.440180][T17611] pfkey_sendmsg+0x43d/0x1050 [ 551.444917][T17611] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 551.450102][T17611] ? aa_sk_perm+0x96d/0xab0 [ 551.454673][T17611] ? __pfx_aa_sk_perm+0x10/0x10 [ 551.459583][T17611] ? __pfx_lock_release+0x10/0x10 [ 551.464658][T17611] ? __import_iovec+0x590/0x870 [ 551.469576][T17611] ? aa_sock_msg_perm+0x91/0x160 [ 551.474575][T17611] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 551.479743][T17611] __sock_sendmsg+0x221/0x270 [ 551.484488][T17611] ____sys_sendmsg+0x52a/0x7e0 [ 551.489320][T17611] ? __pfx_____sys_sendmsg+0x10/0x10 [ 551.494658][T17611] ? __fget_files+0x2a/0x410 [ 551.499360][T17611] ? __fget_files+0x2a/0x410 [ 551.504024][T17611] __sys_sendmsg+0x269/0x350 [ 551.508690][T17611] ? __pfx_lock_release+0x10/0x10 [ 551.513776][T17611] ? __pfx___sys_sendmsg+0x10/0x10 [ 551.518957][T17611] ? __pfx_vfs_write+0x10/0x10 [ 551.523805][T17611] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 551.530208][T17611] ? do_syscall_64+0x100/0x230 [ 551.535123][T17611] ? do_syscall_64+0xb6/0x230 [ 551.539864][T17611] do_syscall_64+0xf3/0x230 [ 551.544426][T17611] ? clear_bhb_loop+0x35/0x90 [ 551.549171][T17611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.555134][T17611] RIP: 0033:0x7f2ed5385d29 [ 551.559693][T17611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 551.579355][T17611] RSP: 002b:00007f2ed6288038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 551.587846][T17611] RAX: ffffffffffffffda RBX: 00007f2ed5575fa0 RCX: 00007f2ed5385d29 [ 551.595882][T17611] RDX: 0000000000000000 RSI: 00000000200014c0 RDI: 0000000000000003 [ 551.603904][T17611] RBP: 00007f2ed6288090 R08: 0000000000000000 R09: 0000000000000000 [ 551.611926][T17611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 551.619947][T17611] R13: 0000000000000000 R14: 00007f2ed5575fa0 R15: 00007fff0abcc378 [ 551.627989][T17611] [ 551.649191][T17596] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.651002][T17613] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3982'. [ 551.882420][T17596] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.904245][T17596] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.928549][T17596] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.972256][T17596] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.309074][T17623] bridge0: port 3(vlan2) entered blocking state [ 552.324521][T17623] bridge0: port 3(vlan2) entered disabled state [ 552.343674][T17623] vlan2: entered allmulticast mode [ 552.356050][T17623] bond0: entered allmulticast mode [ 552.362519][T17623] bond_slave_0: entered allmulticast mode [ 552.369161][T17623] bond_slave_1: entered allmulticast mode [ 552.377283][T17623] syz_tun: entered allmulticast mode [ 552.386645][T17623] vlan2: entered promiscuous mode [ 552.392864][T17623] bond0: entered promiscuous mode [ 552.423381][T17623] bond_slave_0: entered promiscuous mode [ 552.444081][T17623] bond_slave_1: entered promiscuous mode [ 552.469156][T17623] bridge0: port 3(vlan2) entered blocking state [ 552.476244][T17623] bridge0: port 3(vlan2) entered forwarding state [ 552.741035][ T5843] Bluetooth: hci4: command 0x0405 tx timeout [ 552.806096][T17641] Cannot find add_set index 0 as target [ 553.045325][T17654] batadv0: entered promiscuous mode [ 553.134298][T17651] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3994'. [ 553.144544][T17654] batadv0: left promiscuous mode [ 553.534635][T17672] xt_l2tp: missing protocol rule (udp|l2tpip) [ 553.538670][T17676] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.4001'. [ 553.551416][T17676] netlink: zone id is out of range [ 553.556603][T17676] netlink: zone id is out of range [ 553.562079][T17676] netlink: zone id is out of range [ 553.567642][T17676] netlink: get zone limit has 8 unknown bytes [ 553.576611][T17676] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4001'. [ 554.008437][T17679] netlink: 'syz.6.4004': attribute type 12 has an invalid length. [ 554.681155][T17700] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4013'. [ 555.038290][T17711] Cannot find add_set index 0 as target [ 555.095176][T17713] tap0: tun_chr_ioctl cmd 1074025677 [ 555.135599][T17713] tap0: linktype set to 804 [ 555.240725][T17714] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4014'. [ 555.439304][T17714] macsec1: entered promiscuous mode [ 555.468570][T17714] team_slave_0: entered promiscuous mode [ 555.678183][T17714] team_slave_0: left promiscuous mode [ 555.898675][T17731] netlink: 'syz.0.4022': attribute type 12 has an invalid length. [ 556.160589][T17738] netlink: 148 bytes leftover after parsing attributes in process `syz.1.4025'. [ 556.219323][T17736] netlink: 1284 bytes leftover after parsing attributes in process `syz.2.4024'. [ 556.257785][T17736] openvswitch: netlink: Missing key (keys=40, expected=80) [ 556.395934][T17741] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4026'. [ 557.090880][T17769] netlink: 'syz.6.4038': attribute type 3 has an invalid length. [ 557.123379][T17773] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4042'. [ 557.141416][T17769] netlink: 666 bytes leftover after parsing attributes in process `syz.6.4038'. [ 557.854620][T17785] infiniband syz0: set active [ 557.940851][T14019] lo speed is unknown, defaulting to 1000 [ 558.892821][T17836] netlink: 'syz.2.4065': attribute type 5 has an invalid length. [ 558.907153][T17836] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.4065'. [ 559.091510][T17847] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4068'. [ 559.170452][T17849] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4069'. [ 559.458791][T17860] Unsupported ieee802154 address type: 0 [ 559.714251][T17866] netlink: 'syz.0.4078': attribute type 12 has an invalid length. [ 559.915900][T17871] lo speed is unknown, defaulting to 1000 [ 559.994613][T17876] netlink: 1284 bytes leftover after parsing attributes in process `syz.6.4081'. [ 560.027353][T17876] openvswitch: netlink: Missing key (keys=40, expected=80) [ 560.483306][T17890] netlink: 'syz.1.4086': attribute type 3 has an invalid length. [ 560.497178][T17890] __nla_validate_parse: 3 callbacks suppressed [ 560.497201][T17890] netlink: 666 bytes leftover after parsing attributes in process `syz.1.4086'. [ 560.585131][T17890] netlink: 'syz.1.4086': attribute type 1 has an invalid length. [ 560.605362][T17890] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4086'. [ 561.551250][T17915] macsec1: entered allmulticast mode [ 561.596634][T17919] netlink: 'syz.5.4094': attribute type 33 has an invalid length. [ 562.060108][T17913] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4095'. [ 562.070448][T17926] netlink: 'syz.0.4099': attribute type 3 has an invalid length. [ 562.084805][T17927] netlink: 'syz.0.4099': attribute type 1 has an invalid length. [ 562.094283][T17926] netlink: 666 bytes leftover after parsing attributes in process `syz.0.4099'. [ 562.104710][T17927] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4099'. [ 562.492938][T17945] netlink: 'syz.1.4106': attribute type 1 has an invalid length. [ 562.648152][T17949] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4107'. [ 562.718938][T17949] netlink: 'syz.5.4107': attribute type 10 has an invalid length. [ 562.758822][T17949] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4107'. [ 562.849197][T17949] batman_adv: batadv0: Adding interface: virt_wifi0 [ 562.871852][T17949] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 562.939880][T17949] batman_adv: batadv0: Interface activated: virt_wifi0 [ 563.049927][T17964] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4112'. [ 563.135458][T17966] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4113'. [ 563.245211][T17969] netlink: 'syz.5.4115': attribute type 3 has an invalid length. [ 563.253260][T17969] netlink: 666 bytes leftover after parsing attributes in process `syz.5.4115'. [ 563.392144][T17973] lo speed is unknown, defaulting to 1000 [ 563.399242][T17969] netlink: 'syz.5.4115': attribute type 1 has an invalid length. [ 564.972129][T17976] geneve2: entered promiscuous mode [ 564.998829][T17976] geneve2: entered allmulticast mode [ 565.800654][T18037] __nla_validate_parse: 2 callbacks suppressed [ 565.800692][T18037] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4139'. [ 566.158821][T18049] netlink: 132 bytes leftover after parsing attributes in process `syz.5.4143'. [ 566.618640][T18062] xt_CT: You must specify a L4 protocol and not use inversions on it [ 566.621662][T18062] infiniband syz0: set active [ 566.745328][ T8] lo speed is unknown, defaulting to 1000 [ 566.813749][T18079] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:65535 [ 566.848429][T18084] netlink: 'syz.2.4149': attribute type 21 has an invalid length. [ 567.176135][T18091] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4153'. [ 567.186911][T18088] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 567.372717][T18088] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 567.534887][T18088] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 567.612513][T18102] netlink: 132 bytes leftover after parsing attributes in process `syz.5.4157'. [ 567.754833][T18088] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 567.779885][T18106] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4159'. [ 567.898017][T18106] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 568.123738][T18088] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.173089][T18088] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.195965][T18088] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.217444][T18088] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.310110][T18124] netlink: 'syz.5.4163': attribute type 5 has an invalid length. [ 568.324012][T18126] netlink: 'syz.0.4165': attribute type 32 has an invalid length. [ 568.333801][T18126] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4165'. [ 568.346061][T18126] (unnamed net_device) (uninitialized): Setting coupled_control to off (0) [ 568.399066][T18132] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4164'. [ 568.889568][T18148] tun0: tun_chr_ioctl cmd 1074025677 [ 568.895234][T18148] tun0: linktype set to 270 [ 568.914580][T18148] tun0: tun_chr_ioctl cmd 35094 [ 568.952913][T18154] netlink: 132 bytes leftover after parsing attributes in process `syz.6.4173'. [ 569.450823][T18169] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4179'. [ 569.467442][T18172] netlink: 'syz.1.4177': attribute type 9 has an invalid length. [ 569.529454][T18172] netlink: 'syz.1.4177': attribute type 7 has an invalid length. [ 569.585811][T18172] netlink: 'syz.1.4177': attribute type 8 has an invalid length. [ 569.853601][T18187] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4182'. [ 569.888125][T18190] netlink: 'syz.2.4183': attribute type 8 has an invalid length. [ 569.898910][T18191] netlink: 'syz.2.4183': attribute type 8 has an invalid length. [ 570.743618][T18217] openvswitch: netlink: Missing key (keys=40, expected=80) [ 571.227099][T18235] __nla_validate_parse: 1 callbacks suppressed [ 571.227124][T18235] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4198'. [ 571.332847][T18239] netlink: 'syz.5.4196': attribute type 1 has an invalid length. [ 571.369206][T18239] bond2: entered promiscuous mode [ 571.376631][T18239] 8021q: adding VLAN 0 to HW filter on device bond2 [ 571.425705][T18239] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4196'. [ 572.183553][T18256] team0 (unregistering): Port device team_slave_0 removed [ 572.260723][T18256] team0 (unregistering): Port device team_slave_1 removed [ 573.032123][T18295] netlink: 'syz.2.4215': attribute type 9 has an invalid length. [ 573.087690][T18295] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4215'. [ 573.928211][T18321] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4224'. [ 574.024547][T18331] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4227'. [ 574.138621][ T8] IPVS: starting estimator thread 0... [ 574.240999][T18334] IPVS: using max 21 ests per chain, 50400 per kthread [ 574.582072][T18350] lo speed is unknown, defaulting to 1000 [ 575.109374][T18370] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4239'. [ 575.481666][T18381] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4244'. [ 575.697456][ T5854] Bluetooth: hci1: command 0x0406 tx timeout [ 576.195154][T18407] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4252'. [ 576.335703][T18350] netlink: 104 bytes leftover after parsing attributes in process `syz.2.4232'. [ 576.807448][T18424] xt_TCPMSS: Only works on TCP SYN packets [ 576.930282][T18423] lo speed is unknown, defaulting to 1000 [ 577.015482][T18432] pimreg: entered allmulticast mode [ 577.027733][T18435] pimreg: left allmulticast mode [ 577.311183][T18440] netlink: 64 bytes leftover after parsing attributes in process `syz.5.4264'. [ 577.332779][T18448] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4265'. [ 578.039219][T18465] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4270'. [ 578.082079][T18465] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4270'. [ 578.106336][T18465] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4270'. [ 578.436522][T18478] netlink: 68 bytes leftover after parsing attributes in process `syz.5.4274'. [ 578.734386][T18489] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4278'. [ 579.173193][T18504] lo speed is unknown, defaulting to 1000 [ 579.640111][T18519] netlink: 112 bytes leftover after parsing attributes in process `syz.0.4287'. [ 579.676166][T18519] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4287'. [ 580.096034][T18530] macsec2: entered allmulticast mode [ 580.710233][T18550] dccp_invalid_packet: P.Data Offset(0) too small [ 581.518510][T18569] lo speed is unknown, defaulting to 1000 [ 581.877745][T18579] __nla_validate_parse: 3 callbacks suppressed [ 581.877781][T18579] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4308'. [ 581.926797][T18579] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 581.988857][T18579] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 582.018804][T18579] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 582.026369][T18579] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 582.032970][T18582] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4309'. [ 582.082166][T18583] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4308'. [ 582.137770][T18586] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4311'. [ 582.203975][T18586] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4311'. [ 582.478004][T18595] IPVS: set_ctl: invalid protocol: 8 127.0.0.1:20001 [ 582.692656][T18604] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4317'. [ 583.212601][T18623] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4322'. [ 584.117645][T18650] netlink: 404 bytes leftover after parsing attributes in process `syz.5.4330'. [ 584.128583][T18650] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4330'. [ 584.138297][T18650] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4330'. [ 584.914929][T18675] lo speed is unknown, defaulting to 1000 [ 585.424052][T18695] netlink: 'syz.5.4347': attribute type 3 has an invalid length. [ 585.724841][T18695] x_tables: eb_tables: snat.0 target: invalid size 16 (kernel) != (user) 0 [ 586.462009][T18722] lo speed is unknown, defaulting to 1000 [ 586.927452][T18734] macsec1: entered allmulticast mode [ 587.227218][T18743] netlink: 'syz.5.4360': attribute type 1 has an invalid length. [ 587.253385][T18743] __nla_validate_parse: 4 callbacks suppressed [ 587.253435][T18743] netlink: 224 bytes leftover after parsing attributes in process `syz.5.4360'. [ 587.426192][T18742] netlink: 'syz.5.4360': attribute type 3 has an invalid length. [ 587.447647][T18742] netlink: 666 bytes leftover after parsing attributes in process `syz.5.4360'. [ 587.548771][T18737] lo speed is unknown, defaulting to 1000 [ 587.837657][T18751] netlink: 'syz.5.4363': attribute type 11 has an invalid length. [ 588.251057][T18760] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4367'. [ 589.172926][T18783] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4375'. [ 589.283971][T18781] netlink: 'syz.5.4373': attribute type 1 has an invalid length. [ 589.292674][T18781] netlink: 224 bytes leftover after parsing attributes in process `syz.5.4373'. [ 589.312533][T18787] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4376'. [ 589.488432][T18790] netlink: 1284 bytes leftover after parsing attributes in process `syz.6.4377'. [ 589.517510][T18790] openvswitch: netlink: Missing key (keys=40, expected=80) [ 589.905954][T18808] netlink: 116 bytes leftover after parsing attributes in process `syz.0.4383'. [ 589.954188][T18808] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 590.277510][T18825] netlink: 'syz.2.4389': attribute type 3 has an invalid length. [ 590.286102][T18825] netlink: 666 bytes leftover after parsing attributes in process `syz.2.4389'. [ 590.344025][T18825] netlink: 'syz.2.4389': attribute type 1 has an invalid length. [ 590.373384][T18825] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4389'. [ 590.446758][T18834] openvswitch: netlink: Missing valid actions attribute. [ 590.519104][T18834] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 590.804472][T18840] lo speed is unknown, defaulting to 1000 [ 590.858483][T18850] netlink: 'syz.2.4393': attribute type 1 has an invalid length. [ 591.059704][T15028] Bluetooth: hci5: command 0x0406 tx timeout [ 591.066065][T15028] Bluetooth: hci2: command 0x0406 tx timeout [ 591.099936][T18850] 8021q: adding VLAN 0 to HW filter on device bond1 [ 591.338742][T18856] 8021q: adding VLAN 0 to HW filter on device bond1 [ 591.363302][T18856] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 591.412236][T18856] bond1: (slave vcan1): Error -95 calling set_mac_address [ 591.737617][T18875] netlink: 'syz.0.4403': attribute type 3 has an invalid length. [ 591.787606][T18875] netlink: 'syz.0.4403': attribute type 1 has an invalid length. [ 592.428504][T18896] lo speed is unknown, defaulting to 1000 [ 592.634551][T18901] __nla_validate_parse: 7 callbacks suppressed [ 592.634576][T18901] netlink: 132 bytes leftover after parsing attributes in process `syz.5.4412'. [ 593.349896][T18896] geneve0: entered promiscuous mode [ 593.355189][T18896] geneve0: entered allmulticast mode [ 593.504239][T14019] IPVS: starting estimator thread 0... [ 593.597102][T18923] IPVS: using max 19 ests per chain, 45600 per kthread [ 594.431371][T18941] netlink: 132 bytes leftover after parsing attributes in process `syz.6.4424'. [ 594.665007][T18952] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4426'. [ 594.687176][T18952] bond0: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 594.915865][T18951] xt_nfacct: accounting object `sy' does not exists [ 595.626489][T18986] vlan3: entered promiscuous mode [ 595.639380][T18983] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4434'. [ 595.673213][T18986] bridge0: entered promiscuous mode [ 595.688139][T18994] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 595.699297][T18993] dccp_invalid_packet: P.Data Offset(127) too large [ 595.707303][T18986] bridge0: port 1(vlan3) entered blocking state [ 595.745235][T18986] bridge0: port 1(vlan3) entered disabled state [ 595.778018][T18986] vlan3: entered allmulticast mode [ 595.783672][T18986] bridge0: entered allmulticast mode [ 595.832685][T18986] vlan3: left allmulticast mode [ 595.851793][T18986] bridge0: left allmulticast mode [ 595.885848][T18986] bridge0: left promiscuous mode [ 595.972093][T16461] IPVS: stop unused estimator thread 0... [ 596.064551][T19005] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4441'. [ 596.139039][T19005] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4441'. [ 596.155051][T19005] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4441'. [ 596.166514][T19005] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4441'. [ 596.415834][T19017] netlink: 'syz.2.4444': attribute type 11 has an invalid length. [ 596.808830][T19031] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4446'. [ 596.859132][T19033] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4446'. [ 597.227571][T19044] netlink: 'syz.2.4451': attribute type 27 has an invalid length. [ 597.736039][T19054] lo speed is unknown, defaulting to 1000 [ 598.080585][T19061] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input8 [ 598.218338][T19064] __nla_validate_parse: 2 callbacks suppressed [ 598.218392][T19064] netlink: 176 bytes leftover after parsing attributes in process `syz.5.4460'. [ 598.317530][T19064] ip6gretap0: entered promiscuous mode [ 598.324216][T19064] netlink: 176 bytes leftover after parsing attributes in process `syz.5.4460'. [ 598.342447][T19068] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4460'. [ 598.377729][T19066] vlan2: left allmulticast mode [ 598.382975][T19066] bond0: left allmulticast mode [ 598.405499][T19066] bond_slave_0: left allmulticast mode [ 598.437396][T19066] bond_slave_1: left allmulticast mode [ 598.460448][T19066] vlan2: left promiscuous mode [ 598.495185][T19066] bond0: left promiscuous mode [ 598.514358][T19066] bond_slave_0: left promiscuous mode [ 598.557557][T19066] bond_slave_1: left promiscuous mode [ 598.564224][T19066] bridge0: port 3(vlan2) entered disabled state [ 598.638475][T19066] bridge_slave_1: left allmulticast mode [ 598.654943][T19066] bridge_slave_1: left promiscuous mode [ 598.663456][T19066] bridge0: port 2(bridge_slave_1) entered disabled state [ 598.701763][T19066] bridge_slave_0: left allmulticast mode [ 598.708075][T19066] bridge_slave_0: left promiscuous mode [ 598.720866][T19066] bridge0: port 1(bridge_slave_0) entered disabled state [ 598.912162][T19068] mac80211_hwsim hwsim102 wlan0: entered promiscuous mode [ 598.947885][T19068] macvlan2: entered allmulticast mode [ 598.976677][T19068] mac80211_hwsim hwsim102 wlan0: entered allmulticast mode [ 599.085808][T19072] netlink: 'syz.1.4463': attribute type 2 has an invalid length. [ 600.858905][T19129] lo speed is unknown, defaulting to 1000 [ 601.050047][T19138] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4486'. [ 601.304820][ T5854] Bluetooth: hci3: command 0x0406 tx timeout [ 601.382768][T19149] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4488'. [ 601.451999][T19151] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4490'. [ 601.484396][T19151] bridge_slave_0: left allmulticast mode [ 601.511971][T19151] bridge_slave_0: left promiscuous mode [ 601.535218][T19151] bridge0: port 1(bridge_slave_0) entered disabled state [ 601.760878][T19164] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4494'. [ 602.236279][T19177] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4497'. [ 602.387728][T19185] nbd: must specify an index to disconnect [ 602.438722][T19185] netlink: 'syz.1.4500': attribute type 5 has an invalid length. [ 602.916620][T19204] netlink: 112 bytes leftover after parsing attributes in process `syz.5.4507'. [ 602.947629][T19205] netlink: 'syz.1.4506': attribute type 10 has an invalid length. [ 604.248596][T19238] netlink: 112 bytes leftover after parsing attributes in process `syz.6.4520'. [ 604.855885][T19261] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4525'. [ 604.883636][T19261] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4525'. [ 604.916419][T19260] netlink: 60 bytes leftover after parsing attributes in process `syz.6.4529'. [ 604.932351][T19260] netlink: 60 bytes leftover after parsing attributes in process `syz.6.4529'. [ 605.145855][T19266] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.154071][T19275] Cannot find add_set index 32768 as target [ 605.278497][T19277] ip_vti0: entered promiscuous mode [ 605.308828][T19277] vlan2: entered promiscuous mode [ 605.339918][T19277] ip_vti0: left promiscuous mode [ 605.460857][T19261] lo speed is unknown, defaulting to 1000 [ 605.584835][T19266] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.839108][T19266] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.949670][T19283] netlink: 112 bytes leftover after parsing attributes in process `syz.0.4533'. [ 606.002030][T19266] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.210424][T19266] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.244730][T19287] lo speed is unknown, defaulting to 1000 [ 606.289718][T19266] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.338934][T19266] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.387686][T19266] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.498515][T19295] netlink: 3620 bytes leftover after parsing attributes in process `syz.0.4537'. [ 606.895586][T19308] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4541'. [ 607.316875][T19323] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4544'. [ 607.383869][T19325] netlink: 112 bytes leftover after parsing attributes in process `syz.6.4545'. [ 607.706667][T19334] netlink: 'syz.0.4547': attribute type 46 has an invalid length. [ 608.205590][T19356] netlink: 'syz.1.4549': attribute type 9 has an invalid length. [ 608.388632][T19356] macvlan1: entered promiscuous mode [ 608.513015][T19360] ip6gretap0: entered promiscuous mode [ 608.688588][T19360] batadv_slave_0: entered promiscuous mode [ 608.696479][T19360] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 608.706749][T19360] Cannot create hsr debugfs directory [ 609.080927][T19381] team0: Port device team_slave_0 removed [ 609.130014][T19381] team0: Port device team_slave_1 removed [ 609.168744][T19381] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 609.176836][T19381] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 609.200466][T19381] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 609.217475][T19381] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 609.959732][T19399] __nla_validate_parse: 2 callbacks suppressed [ 609.959760][T19399] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4563'. [ 609.983892][T19401] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4564'. [ 609.996726][T19401] FAULT_INJECTION: forcing a failure. [ 609.996726][T19401] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 610.057071][T19401] CPU: 0 UID: 0 PID: 19401 Comm: syz.1.4564 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 610.067924][T19401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 610.078034][T19401] Call Trace: [ 610.081359][T19401] [ 610.084330][T19401] dump_stack_lvl+0x241/0x360 [ 610.089076][T19401] ? __pfx_dump_stack_lvl+0x10/0x10 [ 610.094340][T19401] ? __pfx__printk+0x10/0x10 [ 610.098992][T19401] ? snprintf+0xda/0x120 [ 610.103322][T19401] should_fail_ex+0x3b0/0x4e0 [ 610.108052][T19401] _copy_to_user+0x31/0xb0 [ 610.112533][T19401] simple_read_from_buffer+0xca/0x150 [ 610.118054][T19401] proc_fail_nth_read+0x1e9/0x250 [ 610.123156][T19401] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 610.128771][T19401] ? rw_verify_area+0x55e/0x6f0 [ 610.133705][T19401] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 610.139301][T19401] vfs_read+0x1fc/0xb70 [ 610.143497][T19401] ? __pfx___mutex_lock+0x10/0x10 [ 610.148569][T19401] ? __pfx_vfs_read+0x10/0x10 [ 610.153295][T19401] ? __fget_files+0x2a/0x410 [ 610.157936][T19401] ? __fget_files+0x395/0x410 [ 610.162666][T19401] ? __fget_files+0x2a/0x410 [ 610.167314][T19401] ksys_read+0x18f/0x2b0 [ 610.171603][T19401] ? __pfx_ksys_read+0x10/0x10 [ 610.176416][T19401] ? do_syscall_64+0x100/0x230 [ 610.181234][T19401] ? do_syscall_64+0xb6/0x230 [ 610.185966][T19401] do_syscall_64+0xf3/0x230 [ 610.190522][T19401] ? clear_bhb_loop+0x35/0x90 [ 610.195254][T19401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.201219][T19401] RIP: 0033:0x7f9c6778473c [ 610.205679][T19401] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 610.225344][T19401] RSP: 002b:00007f9c6852a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 610.233823][T19401] RAX: ffffffffffffffda RBX: 00007f9c67975fa0 RCX: 00007f9c6778473c [ 610.241850][T19401] RDX: 000000000000000f RSI: 00007f9c6852a0a0 RDI: 0000000000000004 [ 610.249880][T19401] RBP: 00007f9c6852a090 R08: 0000000000000000 R09: 0000000000000000 [ 610.257909][T19401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 610.265929][T19401] R13: 0000000000000000 R14: 00007f9c67975fa0 R15: 00007ffc3ffb9d68 [ 610.273967][T19401] [ 611.104784][T19434] netlink: 112 bytes leftover after parsing attributes in process `syz.5.4573'. [ 611.293021][T19441] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4576'. [ 611.945157][T19466] netlink: 'syz.5.4587': attribute type 1 has an invalid length. [ 612.340021][T19480] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4589'. [ 613.291081][T19508] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4598'. [ 613.325669][ T5843] Bluetooth: hci4: link tx timeout [ 613.331492][ T5843] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 613.344143][ T5843] Bluetooth: hci4: link tx timeout [ 613.349648][ T5843] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 613.359371][T19508] bond2: entered promiscuous mode [ 613.365514][T19508] 8021q: adding VLAN 0 to HW filter on device bond2 [ 613.366711][ T5843] Bluetooth: hci4: link tx timeout [ 613.378871][ T5843] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 613.398431][ T5843] Bluetooth: hci4: link tx timeout [ 613.403674][ T5843] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 613.411854][ T5843] Bluetooth: hci4: link tx timeout [ 613.417160][ T5843] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 613.471365][ T5843] Bluetooth: hci4: link tx timeout [ 613.478351][ T5843] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 613.486283][ T5843] Bluetooth: hci4: link tx timeout [ 613.491507][ T5843] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 613.774729][T19518] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4602'. [ 614.083449][T19508] bond2 (unregistering): Released all slaves [ 614.201753][T19513] hsr_slave_0: left promiscuous mode [ 614.208579][T19513] hsr_slave_1: left promiscuous mode [ 614.452379][T19537] netlink: 188 bytes leftover after parsing attributes in process `syz.1.4605'. [ 614.477694][T19537] netlink: 'syz.1.4605': attribute type 1 has an invalid length. [ 614.598705][T19539] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4607'. [ 614.653552][T19539] ax25_connect(): syz.0.4607 uses autobind, please contact jreuter@yaina.de [ 614.801731][T19549] xt_ecn: cannot match TCP bits for non-tcp packets [ 614.818815][T19539] lo speed is unknown, defaulting to 1000 [ 615.377811][ T5843] Bluetooth: hci4: command 0x0405 tx timeout [ 615.410617][T19565] netlink: 'syz.6.4612': attribute type 2 has an invalid length. [ 615.841578][T19539] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4607'. [ 616.063760][T19584] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input9 [ 616.499581][T19596] tipc: Started in network mode [ 616.510217][T19596] tipc: Node identity ea789298e7eb, cluster identity 4711 [ 616.528017][T19596] tipc: Enabled bearer , priority 0 [ 616.549056][T19596] syzkaller0: MTU too low for tipc bearer [ 616.563360][T19596] tipc: Disabling bearer [ 616.850391][T19615] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4625'. [ 616.893467][T19615] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4625'. [ 617.749268][T19645] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.823801][T19645] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.916549][T19645] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 618.026510][T19645] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 618.052242][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 618.066431][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 618.077836][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 618.087256][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 618.098543][ T5843] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 618.109145][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 618.199927][T19653] lo speed is unknown, defaulting to 1000 [ 618.228832][T19645] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.274267][T19658] wlan1: mtu less than device minimum [ 618.304774][T19645] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.358114][T19645] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.421243][T19645] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.888130][T19653] chnl_net:caif_netlink_parms(): no params data found [ 618.964596][T19686] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4643'. [ 619.103381][T19692] netlink: 'syz.6.4646': attribute type 12 has an invalid length. [ 619.198116][T19693] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4644'. [ 619.311255][T19653] bridge0: port 1(bridge_slave_0) entered blocking state [ 619.326099][T19653] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.334712][T19653] bridge_slave_0: entered allmulticast mode [ 619.345131][T19653] bridge_slave_0: entered promiscuous mode [ 619.373182][T19653] bridge0: port 2(bridge_slave_1) entered blocking state [ 619.397382][T19653] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.418822][T19653] bridge_slave_1: entered allmulticast mode [ 619.428832][T19653] bridge_slave_1: entered promiscuous mode [ 619.453209][T19699] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4647'. [ 619.546429][T19653] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 619.593157][T19653] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 619.767728][T19653] team0: Port device team_slave_0 added [ 619.797107][T19706] netlink: 58 bytes leftover after parsing attributes in process `syz.0.4649'. [ 619.815053][T19693] syz.5.4644 (19693) used greatest stack depth: 17272 bytes left [ 620.211608][T19653] team0: Port device team_slave_1 added [ 620.245891][ T5854] Bluetooth: hci0: command tx timeout [ 620.340825][T19653] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 620.349172][T19653] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 620.477418][T19653] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 620.517315][T19653] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 620.537419][T19653] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 620.639024][T19653] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 620.798409][T19653] hsr_slave_0: entered promiscuous mode [ 620.819761][T19653] hsr_slave_1: entered promiscuous mode [ 620.847978][T19653] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 620.855711][T19653] Cannot create hsr debugfs directory [ 621.158521][T19732] ip6gre1: entered promiscuous mode [ 621.174701][T19732] ip6gre1: entered allmulticast mode [ 621.286478][T19734] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4658'. [ 621.351519][T19736] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4658'. [ 621.429967][T19736] IPVS: Unknown mcast interface: batadv0 [ 621.743763][T19653] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 621.777477][T19746] ------------[ cut here ]------------ [ 621.784179][T19746] WARNING: CPU: 1 PID: 19746 at net/mac80211/rate.c:53 rate_control_rate_init+0x5ec/0x680 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 621.794560][T19746] Modules linked in: [ 621.799047][T19746] CPU: 1 UID: 0 PID: 19746 Comm: syz.6.4662 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 621.810034][T19746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 621.820487][T19746] RIP: 0010:rate_control_rate_init+0x5ec/0x680 [ 621.826717][T19746] Code: 8b 82 01 00 00 20 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 40 b7 62 f6 90 0f 0b 90 eb e2 e8 35 b7 62 f6 90 <0f> 0b 90 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d e9 8e 00 00 00 [ 621.847284][T19746] RSP: 0018:ffffc9000efb6fd0 EFLAGS: 00010283 [ 621.853436][T19746] RAX: ffffffff8b3cbcbb RBX: 0000000000000001 RCX: 0000000000080000 [ 621.861789][T19746] RDX: ffffc9000cbe4000 RSI: 0000000000000425 RDI: 0000000000000426 [ 621.870272][T19746] RBP: ffffffff8b3cb805 R08: ffffffff8b3cb8f0 R09: 1ffffffff2857510 [ 621.878453][T19746] R10: dffffc0000000000 R11: fffffbfff2857511 R12: ffff88806f730e40 [ 621.887563][T19746] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff1100e8a000a [ 621.895959][T19746] FS: 00007f2ed62886c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 621.905358][T19746] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 621.912092][T19746] CR2: 000000002000b5f8 CR3: 0000000056556000 CR4: 00000000003526f0 [ 621.920241][T19746] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 621.928203][T19653] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 621.935342][T19746] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 621.943766][T19746] Call Trace: [ 621.947224][T19746] [ 621.950194][T19746] ? __warn+0x165/0x4d0 [ 621.954399][T19746] ? rate_control_rate_init+0x5ec/0x680 [ 621.960389][T19746] ? report_bug+0x2b3/0x500 [ 621.964948][T19746] ? rate_control_rate_init+0x5ec/0x680 [ 621.970659][T19746] ? handle_bug+0x60/0x90 [ 621.975045][T19746] ? exc_invalid_op+0x1a/0x50 [ 621.979957][T19746] ? asm_exc_invalid_op+0x1a/0x20 [ 621.985249][T19746] ? rate_control_rate_init+0x135/0x680 [ 621.991301][T19746] ? rate_control_rate_init+0x220/0x680 [ 621.996974][T19746] ? rate_control_rate_init+0x5eb/0x680 [ 622.002584][T19746] ? rate_control_rate_init+0x5ec/0x680 [ 622.008287][T19746] rate_control_rate_init_all_links+0xfc/0x190 [ 622.014502][T19746] sta_apply_auth_flags+0x1b6/0x410 [ 622.020190][T19746] sta_apply_parameters+0xe23/0x1550 [ 622.025558][T19746] ieee80211_add_station+0x3da/0x630 [ 622.030997][T19746] rdev_add_station+0x11b/0x2b0 [ 622.035925][T19746] nl80211_new_station+0x1d53/0x2550 [ 622.041420][T19746] ? __pfx_nl80211_new_station+0x10/0x10 [ 622.047541][T19746] ? netdev_run_todo+0xf88/0x1000 [ 622.052664][T19746] genl_rcv_msg+0xb14/0xec0 [ 622.057351][T19746] ? __pfx_genl_rcv_msg+0x10/0x10 [ 622.062473][T19746] ? __pfx_lock_acquire+0x10/0x10 [ 622.067656][T19746] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 622.073094][T19746] ? __pfx_nl80211_new_station+0x10/0x10 [ 622.079213][T19746] ? __pfx_nl80211_post_doit+0x10/0x10 [ 622.084739][T19746] ? __pfx___might_resched+0x10/0x10 [ 622.090346][T19746] netlink_rcv_skb+0x1e3/0x430 [ 622.095183][T19746] ? __pfx_genl_rcv_msg+0x10/0x10 [ 622.100509][T19746] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 622.105870][T19746] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 622.111776][T19746] genl_rcv+0x28/0x40 [ 622.115827][T19746] netlink_unicast+0x7f6/0x990 [ 622.120749][T19746] ? __pfx_netlink_unicast+0x10/0x10 [ 622.126083][T19746] ? __virt_addr_valid+0x45f/0x530 [ 622.131519][T19746] ? __phys_addr_symbol+0x2f/0x70 [ 622.136612][T19746] ? __check_object_size+0x47a/0x730 [ 622.142365][T19746] netlink_sendmsg+0x8e4/0xcb0 [ 622.147271][T19746] ? __pfx_netlink_sendmsg+0x10/0x10 [ 622.152615][T19746] ? aa_sock_msg_perm+0x91/0x160 [ 622.157715][T19746] ? __pfx_netlink_sendmsg+0x10/0x10 [ 622.163067][T19746] __sock_sendmsg+0x221/0x270 [ 622.168232][T19746] ____sys_sendmsg+0x52a/0x7e0 [ 622.173072][T19746] ? __pfx_____sys_sendmsg+0x10/0x10 [ 622.178570][T19746] ? __fget_files+0x2a/0x410 [ 622.183228][T19746] ? __fget_files+0x2a/0x410 [ 622.188024][T19746] __sys_sendmsg+0x269/0x350 [ 622.192867][T19746] ? __pfx_futex_wake+0x10/0x10 [ 622.198197][T19746] ? __pfx___sys_sendmsg+0x10/0x10 [ 622.203430][T19746] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 622.209898][T19746] ? do_syscall_64+0x100/0x230 [ 622.214734][T19746] ? do_syscall_64+0xb6/0x230 [ 622.219589][T19746] do_syscall_64+0xf3/0x230 [ 622.224151][T19746] ? clear_bhb_loop+0x35/0x90 [ 622.229306][T19746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.235262][T19746] RIP: 0033:0x7f2ed5385d29 [ 622.239819][T19746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 622.260157][T19746] RSP: 002b:00007f2ed6288038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 622.268753][T19746] RAX: ffffffffffffffda RBX: 00007f2ed5575fa0 RCX: 00007f2ed5385d29 [ 622.276778][T19746] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000006 [ 622.285039][T19746] RBP: 00007f2ed5401aa8 R08: 0000000000000000 R09: 0000000000000000 [ 622.293644][T19746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 622.301800][T19746] R13: 0000000000000000 R14: 00007f2ed5575fa0 R15: 00007fff0abcc378 [ 622.309971][T19746] [ 622.313042][T19746] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 622.320358][T19746] CPU: 1 UID: 0 PID: 19746 Comm: syz.6.4662 Not tainted 6.13.0-rc3-syzkaller-00672-gb73e56f16250 #0 [ 622.331163][T19746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 622.341272][T19746] Call Trace: [ 622.344585][T19746] [ 622.347551][T19746] dump_stack_lvl+0x241/0x360 [ 622.352285][T19746] ? __pfx_dump_stack_lvl+0x10/0x10 [ 622.357535][T19746] ? __pfx__printk+0x10/0x10 [ 622.362190][T19746] ? vscnprintf+0x5d/0x90 [ 622.366570][T19746] panic+0x349/0x880 [ 622.370522][T19746] ? __warn+0x174/0x4d0 [ 622.374740][T19746] ? __pfx_panic+0x10/0x10 [ 622.379227][T19746] __warn+0x344/0x4d0 [ 622.383247][T19746] ? rate_control_rate_init+0x5ec/0x680 [ 622.388826][T19746] report_bug+0x2b3/0x500 [ 622.393206][T19746] ? rate_control_rate_init+0x5ec/0x680 [ 622.398793][T19746] handle_bug+0x60/0x90 [ 622.402989][T19746] exc_invalid_op+0x1a/0x50 [ 622.407522][T19746] asm_exc_invalid_op+0x1a/0x20 [ 622.412401][T19746] RIP: 0010:rate_control_rate_init+0x5ec/0x680 [ 622.418585][T19746] Code: 8b 82 01 00 00 20 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 40 b7 62 f6 90 0f 0b 90 eb e2 e8 35 b7 62 f6 90 <0f> 0b 90 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d e9 8e 00 00 00 [ 622.438308][T19746] RSP: 0018:ffffc9000efb6fd0 EFLAGS: 00010283 [ 622.444442][T19746] RAX: ffffffff8b3cbcbb RBX: 0000000000000001 RCX: 0000000000080000 [ 622.452438][T19746] RDX: ffffc9000cbe4000 RSI: 0000000000000425 RDI: 0000000000000426 [ 622.460712][T19746] RBP: ffffffff8b3cb805 R08: ffffffff8b3cb8f0 R09: 1ffffffff2857510 [ 622.468713][T19746] R10: dffffc0000000000 R11: fffffbfff2857511 R12: ffff88806f730e40 [ 622.476714][T19746] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff1100e8a000a [ 622.484722][T19746] ? rate_control_rate_init+0x135/0x680 [ 622.490352][T19746] ? rate_control_rate_init+0x220/0x680 [ 622.495932][T19746] ? rate_control_rate_init+0x5eb/0x680 [ 622.501531][T19746] rate_control_rate_init_all_links+0xfc/0x190 [ 622.507722][T19746] sta_apply_auth_flags+0x1b6/0x410 [ 622.512961][T19746] sta_apply_parameters+0xe23/0x1550 [ 622.518285][T19746] ieee80211_add_station+0x3da/0x630 [ 622.523609][T19746] rdev_add_station+0x11b/0x2b0 [ 622.528496][T19746] nl80211_new_station+0x1d53/0x2550 [ 622.533830][T19746] ? __pfx_nl80211_new_station+0x10/0x10 [ 622.539498][T19746] ? netdev_run_todo+0xf88/0x1000 [ 622.544674][T19746] genl_rcv_msg+0xb14/0xec0 [ 622.549222][T19746] ? __pfx_genl_rcv_msg+0x10/0x10 [ 622.554308][T19746] ? __pfx_lock_acquire+0x10/0x10 [ 622.559359][T19746] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 622.564760][T19746] ? __pfx_nl80211_new_station+0x10/0x10 [ 622.570422][T19746] ? __pfx_nl80211_post_doit+0x10/0x10 [ 622.575918][T19746] ? __pfx___might_resched+0x10/0x10 [ 622.581264][T19746] netlink_rcv_skb+0x1e3/0x430 [ 622.586088][T19746] ? __pfx_genl_rcv_msg+0x10/0x10 [ 622.591172][T19746] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 622.596531][T19746] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 622.602039][T19746] genl_rcv+0x28/0x40 [ 622.606060][T19746] netlink_unicast+0x7f6/0x990 [ 622.610858][T19746] ? __pfx_netlink_unicast+0x10/0x10 [ 622.616173][T19746] ? __virt_addr_valid+0x45f/0x530 [ 622.621314][T19746] ? __phys_addr_symbol+0x2f/0x70 [ 622.626362][T19746] ? __check_object_size+0x47a/0x730 [ 622.631686][T19746] netlink_sendmsg+0x8e4/0xcb0 [ 622.636489][T19746] ? __pfx_netlink_sendmsg+0x10/0x10 [ 622.641806][T19746] ? aa_sock_msg_perm+0x91/0x160 [ 622.646777][T19746] ? __pfx_netlink_sendmsg+0x10/0x10 [ 622.652091][T19746] __sock_sendmsg+0x221/0x270 [ 622.656805][T19746] ____sys_sendmsg+0x52a/0x7e0 [ 622.661612][T19746] ? __pfx_____sys_sendmsg+0x10/0x10 [ 622.666927][T19746] ? __fget_files+0x2a/0x410 [ 622.671559][T19746] ? __fget_files+0x2a/0x410 [ 622.676211][T19746] __sys_sendmsg+0x269/0x350 [ 622.680845][T19746] ? __pfx_futex_wake+0x10/0x10 [ 622.685723][T19746] ? __pfx___sys_sendmsg+0x10/0x10 [ 622.690901][T19746] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 622.697278][T19746] ? do_syscall_64+0x100/0x230 [ 622.702074][T19746] ? do_syscall_64+0xb6/0x230 [ 622.706778][T19746] do_syscall_64+0xf3/0x230 [ 622.711323][T19746] ? clear_bhb_loop+0x35/0x90 [ 622.716068][T19746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.721992][T19746] RIP: 0033:0x7f2ed5385d29 [ 622.726425][T19746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 622.746059][T19746] RSP: 002b:00007f2ed6288038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 622.754508][T19746] RAX: ffffffffffffffda RBX: 00007f2ed5575fa0 RCX: 00007f2ed5385d29 [ 622.762504][T19746] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000006 [ 622.770535][T19746] RBP: 00007f2ed5401aa8 R08: 0000000000000000 R09: 0000000000000000 [ 622.778544][T19746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 622.786551][T19746] R13: 0000000000000000 R14: 00007f2ed5575fa0 R15: 00007fff0abcc378 [ 622.794601][T19746] [ 622.798006][T19746] Kernel Offset: disabled [ 622.802432][T19746] Rebooting in 86400 seconds..