last executing test programs: 7.698208714s ago: executing program 1 (id=1869): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xb, 0xf, 0x200cc, 0x6, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)='D', &(0x7f0000000240), 0x4b2, r0}, 0x38) unshare(0x400) r1 = socket$inet6(0xa, 0x80002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f00000001c0)={0x18db8, 0x10000000}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000040)=0x0) write$cgroup_pid(r2, &(0x7f0000000080)=r3, 0x12) sendmmsg$inet6(r1, &(0x7f0000004880)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000080) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x1}]}, 0x10) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, &(0x7f0000000540)=""/245, &(0x7f0000000640), &(0x7f0000001740), 0x2, r0}, 0x38) 7.608173608s ago: executing program 1 (id=1871): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x800448d4, &(0x7f00000002c0)={0x300, 0x4, "00fa00"}) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000011c0)}, {&(0x7f0000000400)="029993440c7a0c95d3bb8cf353fd63c588ffa39f0ff0fced20927ea4b2a247d082247558bef6b2b2cd6a0dffece1b36526e9388c344fb7ac429e434ccb0330483c0604aaf296d8218e240055cb92f17b1b47fd7b1b178ca0d1c470154ed985a179f87c9bc40206c86df9abc5be93ce0d96", 0x71}, {&(0x7f0000000e00)="ec75d081fcb7e79634ec1a1abfdebb6a38b0c57cc77b83d2eea81aad8f73b36abc2019cb08fcaaec9647a07d0a0965f0f1e39afd84e7e2523aaded5e09aa1e36fcc90c269ad6d38d57619327cee4253655c33b71054226c3b00b9ee6ae29f0b07bc6fe7981126ca804c1f64e6c19ba36b2778c5f4a1c58625fe19516af43c9870c5b8191e23778abe7df2280d459b1651686a53ca52dce9570444c153f9c2903ae4c868074e89477bf6ed2ab648b0498ac8c0f90844ed9a26675199d5ff9b391c1dec077b5099cf9aecd1a9d94e235a7", 0xd0}, {&(0x7f0000000f00)="397d5f2edc82d0337ae5ab9ee47dc3e798cf69cfebf169e77257f308227094d569a4326954e50ea185bc6fff0507c5dfd26676de9ddac4fe6db927cd4d03965f42d9c7513eff1631baa83e3daf514c600450374f6d76b8fcf2bc3eca29ce7538f85aa34b2bdcc17ecd080f0850377f771a4e8693703da4e347e0165f00872a21845e17030de0ff47bc869de32ee24ca05e6f805ec0a1d0257e0e6f900e6cfb68e827b515d05bf2cc14e53e04b713a851bd656f209da5", 0xb6}, {&(0x7f0000000480)="4068745fc217775e9fca3477d3c929c1231d710ed7bb68bf2f127cb83703392703f53051ec7ebd4d519a9db1973eaeda928822aaa8d3a9677374a52305e2ad47d5802e40bd678517886e0c9ec482da71", 0x50}], 0x5}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000fc0)="acc841985992b79554acfc02163bb0fb2bb293e68702bb40b6b870bde5700d368744361ae9fce3a4ff6bb3a17ee224ad30bbcd0ea2b6dd407109da01c147d5f427bda72415547909789e2dfe377c48e13c6bdb5431b1a573a1c15ab7327a5a6a06c11bdee69b1f8716f5c4e9fe98d7b8bd3937be5304d16a6af55db8d58fcaafc4c5fa4881488c93166dd7fdab6afd1887f948082aed58d9fbb7e78ba139ba14e0fdfaeb87b1896471ca35277c5d6c51717f956b81c64970f0fd8ed7a8efd4fe8c2a56f0b8ad0aaa7b90aff8e9792bd0753beec4e9f60ea9bfd6dfcec14e753a9a82a303d06756da739c0288c6a257f19678e9342c9350d4db81dc9cfa92ae541664b42d8298cd0ada5bfbbb2f8f3de47ad749cee3dce49b7f83", 0x11a}, {&(0x7f0000000740)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc487553859348d48e6fc49d81c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b95e269169f5f7b51dd5319b8016623d1863d70581691a79a6678db1e5e7fa1c98c5b9e4a87272e9c4a1bde5fbc390c7ccb9d3c1020e80bd0659e82d861dc6fe4c62639134c54e708601eae992000000", 0xd2}, {&(0x7f0000000940)="5be3b011e12323e4ab88c0472f0700000000000000e71ba62334303d2db97401439932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19545f7a1dcf1449fd59eecae5f52fba1e89d6d34b39297bbbc2580600000000000000d6e36e737691a1c6bd2a64b2a85cbaaf648c910000000000000000", 0x7b}, {&(0x7f0000000b80)="bd2f6aa36cea0e4bccda24dc5bd69ad762e998d923018ec9f30d63c7059c3c786069915581888508ff589f82857ff546b23b88d6bd61f1efc982005bf6c9abc4fe2caf32ef3ff105b69346a4d09afd7b0b8bd5f8c25f0eab84d8ad1b65e2acc2ef0a9b0f9964d5b05db134bdd9f261b7349a42b463709b19b5605bd160899eaba704b3b37af409d2c47e808b3767959756c1273617b0b0f42f9caec585a7c463", 0xa0}], 0x4}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000300)="b5d383823677f025217943343e36323daecfa0fdc5beb5a7ac332a11533627b41dbe33a6be0055bf716aa2b23b97d43cc40c632f6b9850f364ba0831ed0d6f7157f204275aa850d992d81ba6ab984bd809254e847b644cf6459a813bc3ebba62168141343c9938965233cdaef85778ce05c77e962fd69eb05654e64f1867398e202b18f20f783d274ab9ff6deff8cc91001fff575cb5ba4920e8ebc08f6e6dc6", 0xa0}, {&(0x7f0000000500)="e47ecfc6ce6d4d9cc5a0fbf98f301803da3adfbec8a1d5324076b744b24bc7cf83120d4819726e827d90219c7100dc54801b32c3a9a69a238db1f4d16464062d870e812ee381b6b3c234824a4a4475f9ee81286836e549", 0x57}], 0x2}}], 0x3, 0xc0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a", 0x3, 0x11, 0x0, 0x0) 7.496287662s ago: executing program 1 (id=1873): r0 = socket$kcm(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWSETELEM={0x1c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x3}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x900, 0x0, 0x0, {0x5, 0x0, 0x8}}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x2}}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x7}}, @NFT_MSG_DELSET={0x14, 0xb, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x3}}, @NFT_MSG_NEWFLOWTABLE={0x24, 0x16, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0xd8}}, 0x20008000) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r2, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600000000"], 0x5b0}, 0x20008001) sendmsg$inet6(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000140)="376cd97cb39285495ddf4bd660c811b4dca74500799dac8f26884d6d4cc781a3b510574bd853ed8eae31de87a5", 0x2d}], 0x1}, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000100)={0x66, 0xfe, 0x4, 0x0, 0x40, 0x0, 0x0, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9}, 0xe) shutdown(r3, 0x1) r4 = socket$inet(0xa, 0x801, 0x84) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b70200"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000040)=0x891c) shutdown(0xffffffffffffffff, 0x0) setsockopt(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000200)="b970f6aa2bfdc9d7afbfe5c81e0b9b00b49015199ee375d7bd1e9a044aead3faf4a0f39154893e76f7c07b1ef464add3dac1272dfb540106eff5d18585394f8978a2a6e597b9479e904e68cfe4474d047fbd2a138da70c600c760ce32fdd162b9866cd8b1d2908ea2599011aba31a4b1193250944e602609300cbbb8f2bd89acef5fd0471e96cd071c31f8", 0x8b) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) shutdown(r4, 0x0) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x4040850) socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$kcm(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x0) ppoll(&(0x7f0000000500)=[{r5}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) recvmmsg(r3, &(0x7f0000005000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_SECURITY(r8, 0x112, 0x4, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90324fc6004001c000a000200053582c137153e37000c0480fc0b10000300", 0x33fe0}], 0x1}, 0x0) 2.813908277s ago: executing program 3 (id=1931): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xe, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='contention_end\x00', r1}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) r4 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r3, 0x4010744d, &(0x7f0000000180)) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x338, 0xffffffff, 0x0, 0x1a8, 0xb0, 0xffffffff, 0xffffffff, 0x2a0, 0x2a0, 0x2a0, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @dev, 0x0, 0x0, 'wg1\x00', 'nr0\x00'}, 0x0, 0x70, 0xb0, 0x1ba, {0x46010000, 0x2c000000000000}}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "6bc128419cfb67daad5b4809088400ed0000006c00000000000100040500"}}}, {{@uncond, 0x287, 0xd0, 0xf8, 0x0, {}, [@common=@unspec=@cpu={{0x28}}, @common=@unspec=@statistic={{0x38}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x98, 0xf8, 0x0, {}, [@common=@inet=@set1={{0x28}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x398) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112080000000000950b"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x8, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x7, &(0x7f00000002c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r5}}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000d00)={'ip6tnl0\x00', &(0x7f0000000c80)={'ip6_vti0\x00', 0x0, 0x2f, 0x9a, 0x0, 0xfffffff9, 0x6a, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, 0x700, 0x7, 0x10, 0x2}}) r7 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r7, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000e00)={0x6, 0x2e, &(0x7f0000000ac0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9b, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@btf_id={0x18, 0x7, 0x3, 0x0, 0x3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @alu={0x7, 0x0, 0x5, 0x4, 0x7, 0x8, 0x1}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @map_fd={0x18, 0xa, 0x1, 0x0, r0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}}}, &(0x7f0000000c40)='syzkaller\x00', 0x100, 0x0, 0x0, 0x41000, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000d40)={0x6, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000d80)=[r0], &(0x7f0000000dc0)=[{0x3, 0x3, 0x9, 0x8}, {0x1, 0x3, 0x0, 0x4}, {0x4, 0x3, 0xa, 0x4}], 0x10, 0x7, @void, @value}, 0x94) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r9, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r10, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.153259725s ago: executing program 2 (id=1939): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, &(0x7f0000000280)}, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[], 0xb8}}, 0x10) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x80800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.052564619s ago: executing program 2 (id=1940): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, &(0x7f0000000280)}, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="b8000000140001000000000000000000ac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000a"], 0xb8}}, 0x10) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x80800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.950164769s ago: executing program 0 (id=1941): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, &(0x7f0000000280)}, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="b8"], 0xb8}}, 0x10) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x80800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0) 1.888999551s ago: executing program 3 (id=1942): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1402005c", @ANYRES16], 0x14}}, 0x2004000) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, &(0x7f0000000280)}, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[@ANYRES32=0x0], 0xb8}}, 0x10) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x80800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.818610691s ago: executing program 0 (id=1943): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="00000000000000181100000000000000d7e6dd1f", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000000000001811", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) 1.774118567s ago: executing program 2 (id=1944): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x814) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1402005c", @ANYRES16=r1], 0x14}}, 0x2004000) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, 0x0}, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xb8}}, 0x10) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x80800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.728530445s ago: executing program 3 (id=1945): r0 = socket(0x2a, 0x2, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_route(0x10, 0x3, 0x0) socket(0x1e, 0x80002, 0x0) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000380)={0x44, 0x1, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x80) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r3, 0x84, 0x7f, &(0x7f0000000040)="420000000980ffff", 0x8) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x20000253) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYRESDEC=r1, @ANYRES64=r0, @ANYBLOB="1d2ec3bdab0821bd9f13cd8db7ca05857979c6c2b9f8e6587606787d524be762859948eff5b4064380b035ca1482091bff394750a3c180a67867125f94468be89823114952caaa0698da95eed251ece7a9a1541f73a4b8942b0b3d125498d2a8d28bcb686030ab240f3757"], 0x50) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000500)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x10000}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa, 0x0, 0x20}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000001140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r6}, &(0x7f00000001c0), &(0x7f0000000300)=r7}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r7, 0x5, 0xe, 0x0, &(0x7f0000000000)="6121eed4cd50bb2b01e841acde1a", 0x0, 0x29d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 1.670200606s ago: executing program 0 (id=1946): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x430, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x360, 0xffffffff, 0xffffffff, 0x360, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x27}, @private1={0xfc, 0x1, '\x00', 0x1}, [0x0, 0xff000000, 0x41000000], [0xffffff00, 0x0, 0xffffffff], 'veth0_virt_wifi\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@mcast2, @mcast1, [0xffffff00, 0x0, 0xffffffff, 0xff0000ff], [0xff, 0xff, 0xff], 'veth0_to_bridge\x00', 'ip6gre0\x00', {0xff}, {}, 0x84, 0x7, 0x4, 0x38}, 0x0, 0x258, 0x290, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x401, 0x0, 0x7, 0x3ff}, {0x100}}}, @common=@inet=@hashlimit3={{0x158}, {'pim6reg\x00', {0x9, 0x0, 0x47, 0x0, 0x0, 0x4698, 0x1, 0x3, 0x40}}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x2, 0x7}, {0x1, 0xfe, 0x3}, {0xffff, 0x1, 0x6}, 0xfff, 0x9}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x490) 1.590016031s ago: executing program 2 (id=1947): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r2 = accept(r0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="12000000040000d4a6e9f500a40800000000000070772e23580a0aa0acd7fdf5eed6cdeff3b12a64756ace810f33a2651676e6305d5b9927302001689c9bdd8033da19b9d41fd98446d210992a3a8128d79588be82b45d0d396b83e5952fb8a9aff39faf37ee1104efbde7eada0f0b4a712eea3194e48a2b22b73ff60f54674cddad8d96764979ed9bde4d7064392caa4bf59e32716943569e580972e76ed254db962957dac02a100ba10f3a5d16e13dea0c1b9e3b67c01980da0f24b90beea81de5d0ffad26610fc92990b56d", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448d7, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000300), &(0x7f00000002c0)=@tcp6=r2}, 0x47) recvmmsg(r2, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000440)}, 0x7}], 0x1, 0x12020, 0x0) recvmsg$can_bcm(r2, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f0000000400)=ANY=[@ANYRES32=r3, @ANYRES8=r3, @ANYRES16], &(0x7f0000000100)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r4}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000840), 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r7, 0x401054d5, &(0x7f0000000480)={0x1, &(0x7f00000004c0)=[{0x6}]}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'netdevsim0\x00'}) r9 = socket(0x1000000000000010, 0x80802, 0x0) bind$netlink(r9, &(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000200000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36b26fb0b71d0e6adfefcf1d8f7faf75e0f226bd99eea7960717142fa9ea4318123741c4a0e168c1886d0d4d94f2f4e345c652fbc16ee988e6e0dc8cedf3ce99fbfbf9b0a4def23d410f6296b32a334388107200759cda9036b4e369a9e152ddcc7f05a5f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c3b35967deabe802f5ab3e89bd6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ececb0cd2b6d357b85a0218ce740068725837074e098ee207d2f73902fbcfcf49822775985bf32d715f5888b24efa000000000000ffffffdf000000000000000000000089a7b9b00000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfb52faf449c3bfd09000000b91ab219efdebb7b3de8f67581cf796a1d4223b9ff7ffcad3f6c962b9f292324b7ab7f91a31cf41ab11f12fb1e0a494034127de7c6592df1a6c64d8f20a67745409e011f1264d43e153b3d34899f40159e800ea2474b544035a30b23bcee46762c2093bcc9eae5dff5adbdee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d337c56abf1128744bab6677fcb78e313841ec309baed0495f06d058a75fa4c81e5c9f42d9383e41d277b10392a912ffaf6f658f3fadd16286744f839c3f128f8f92d0992239eafce5c1b3f97a297c9e49a0c3510ef74080e6d1e0c8a868a353409e34d3e82279637598f37ad380a447483cac394c7bbdcd0e3b1c39b6e00916de48a4e70f03cc4146a77af02c1d4cef5379da860aed8477dfa8ceefb405005c6977c78cdbf37704ec73755539280b064bda154910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06cd58b61799257ab55ff413c86ba9affb12ec757c7234c270246c87a901160e6c07bc6cf8809c3a0d46ff7f008000000000ad1e1f493354b2822b98371d000000167d78e65b90eba0768e825972ea3b774a1467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4c51b3fa00675cd1b66c5fd9c26a54d43fa050645bd9109b7e7131421c0f39113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e3344b155cc20f49e298727340e97cdefb40e56e9cfad973347d0de7ba4754ff231a1b033d8f931ba3442b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2ef79b8d4c2ff030000000000000007b82e6044f643068cd47ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c99220002af8c5e53d52c83ac3fa7c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991a225c120a3c950942fe0bc9f2a1a7506d35e5b439edeb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6648a9dea0b6c91996d65da6c24a702a86c814459f3cdaaf99000000000000000000bfb32c826563c518d0ad23bc83ba3f3757210a057eff7615c868bd7d74233da1a3b56d4e04a7ec4792b1c4cffddbbdcfdd23ab5268f1b3d08ebb8ce498cbaaf5aaab812201d1aba3d70471fcd9b466569f3ef72f39d87fcccab514fc02b70be8629c9b73ce7bc4be7f8be71cb7b2d0a4acff8f6abe7dbad64dfa44966945d93c33b038ce0d890f851811e387723a25dda119f64b35e71c5400000000000000000000000000000034c751ebdf3f20a95b817ea3df3d6c0002a41783058e56c70afe8016b3dd9dc7785b36e609f173cc6b893ecd138289709839747837d6a6283b3452c57a5d44cacd363589845637071320921d22c1663964eddec902fc7cc33158bc306d8c3bdae8108a23d2dc96a5cdb518f58832ec0906aaec43659c79c8ad37b0f961f3beaa3e02f7762c5dd633d13b5e487e996597b2ab42c898b7dd8390e13b395aacce4683e55bcfe8c17615257364365fd48bd77da79e52ce9adfe6dca9c42c4d719347f39ef006c2df747ee6adb7cd04faf05c36de72354c64ebaf28a3de18607ebc4b70f50f71dae565749568a23319232dc213342fb472e98c9a412199ce7976bee5eaf40e60cb3fbe8b92dae5008e92d17d05ce74ffffe74ae71d5b8bd43a4e0bf0390335aa489689f5e3a4ac5adca96caab658b43cd499d95d3876c220d147ad1d0e626621d88f1370982f663793cac52ea0d14e595ff1f56427a0a813bb3b84d31d021eeea8faeff25bb66f5940d08a5509a66fc43962bcb2f7415bc38e355e80ec935aa6fe2d74bd475d89449fb46320fee40faff2fd005549fe6a042bd95decfde5e166971935f4cfd9c9e5bfd2d803644f4e5b7e6dc1a7a35df7134e2fad79269bf24bea4eb0213068e3054d9e4a8d1a9eb032cb390e2016d0ce10549728cb4732dc5adab16fa19ac70780b29e079be27c95d3dd2bd91a584c46d84d430fc6ea31ce0ba62fa27be9f6bc435203da7c3a5d68bf4dd4f81cbfaa1c87a15b9272853c9837db930952dca667194b71815a9eb49b495360dcdf31e0e560857d0541a916d6b5469ac1b36babc5a91e1d58925f20d9d5f8a0da3c30711b0d101cabceffbe072be69613ea0003c6e9bb5cd2413c8ddc17cfa319cf7aaeed0ffb07a08f8fb439f709dfe0732fe42192819870bdd87d5f612ade03540a28be446095269d9ea5a60bba1f2462f9921f2a731dbcf1d03964ea1e4f79514914d37877f57617b60fa2b58aa694fcb023024653c4b73efb12a57ffc6f8943262b77be933051e12bd4d768a422ea652d45b04a9c43b5c97fc3edea7002d51a0a74889334ee"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x29, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) setsockopt$sock_attach_bpf(r9, 0x1, 0x32, &(0x7f0000000000)=r10, 0x4) 1.544938623s ago: executing program 0 (id=1948): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000240)=[@mss, @sack_perm, @timestamp, @mss={0x2, 0x1}, @window={0x3, 0x0, 0xfffc}, @window={0x3, 0x0, 0x3ff}, @timestamp, @timestamp], 0x8) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x4102) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfb54917d4beda7bf) 1.168377961s ago: executing program 4 (id=1950): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, &(0x7f0000000280)}, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[], 0xb8}}, 0x10) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x80800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.055728708s ago: executing program 4 (id=1951): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1402005c", @ANYRES16], 0x14}}, 0x2004000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="b8000000140001000000000000000000ac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000a00b00029"], 0xb8}}, 0x10) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x80800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 942.517758ms ago: executing program 1 (id=1952): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xe, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='contention_end\x00', r1}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) r4 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r3, 0x4010744d, &(0x7f0000000180)) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x338, 0xffffffff, 0x0, 0x1a8, 0xb0, 0xffffffff, 0xffffffff, 0x2a0, 0x2a0, 0x2a0, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @dev, 0x0, 0x0, 'wg1\x00', 'nr0\x00'}, 0x0, 0x70, 0xb0, 0x1ba, {0x46010000, 0x2c000000000000}}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "6bc128419cfb67daad5b4809088400ed0000006c00000000000100040500"}}}, {{@uncond, 0x287, 0xd0, 0xf8, 0x0, {}, [@common=@unspec=@cpu={{0x28}}, @common=@unspec=@statistic={{0x38}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x98, 0xf8, 0x0, {}, [@common=@inet=@set1={{0x28}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x398) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112080000000000950b"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x8, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x7, &(0x7f00000002c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r5}}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000d00)={'ip6tnl0\x00', &(0x7f0000000c80)={'ip6_vti0\x00', 0x0, 0x2f, 0x9a, 0x0, 0xfffffff9, 0x6a, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, 0x700, 0x7, 0x10, 0x2}}) r7 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r7, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000e00)={0x6, 0x2e, &(0x7f0000000ac0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9b, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@btf_id={0x18, 0x7, 0x3, 0x0, 0x3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @alu={0x7, 0x0, 0x5, 0x4, 0x7, 0x8, 0x1}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @map_fd={0x18, 0xa, 0x1, 0x0, r0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}}}, &(0x7f0000000c40)='syzkaller\x00', 0x100, 0x0, 0x0, 0x41000, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000d40)={0x6, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000d80)=[r0], &(0x7f0000000dc0)=[{0x3, 0x3, 0x9, 0x8}, {0x1, 0x3, 0x0, 0x4}, {0x4, 0x3, 0xa, 0x4}], 0x10, 0x7, @void, @value}, 0x94) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r9, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r10, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 931.854816ms ago: executing program 4 (id=1953): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, &(0x7f0000000280)}, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="b8"], 0xb8}}, 0x10) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x80800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0) 773.247276ms ago: executing program 1 (id=1954): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000000940)=[{{&(0x7f0000000080)={0xa, 0x4e22, 0x4, @dev={0xfe, 0x80, '\x00', 0xa}, 0xa}, 0x1c, &(0x7f0000000280)=[{&(0x7f00000022c0)='t', 0x1}], 0x1}}], 0x1, 0x48081) (fail_nth: 65) 772.253706ms ago: executing program 3 (id=1955): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1402005c", @ANYRES16=r1, @ANYBLOB="020027"], 0x14}}, 0x2004000) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, &(0x7f0000000280)}, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x80800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b000000080003", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 726.153636ms ago: executing program 4 (id=1956): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1402005c", @ANYRES16], 0x14}}, 0x2004000) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, &(0x7f0000000280)}, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[@ANYRES32=0x0], 0xb8}}, 0x10) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x80800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 692.250851ms ago: executing program 2 (id=1957): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x814) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1402005c", @ANYRES16=r1], 0x14}}, 0x2004000) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, 0x0}, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xb8}}, 0x10) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x80800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 654.807024ms ago: executing program 4 (id=1958): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@bridge_getneigh={0x28, 0x1e, 0x3c964e403b131b43, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x7048, 0x77219}, [@IFLA_MASTER={0x8, 0xa, r1}]}, 0x28}}, 0x0) (fail_nth: 7) 226.015602ms ago: executing program 1 (id=1959): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xe8001, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000003700), r1) sendmsg$IEEE802154_START_REQ(r2, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000003bc0)={&(0x7f0000003b80)={0x24, r3, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6}]}, 0x24}}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6) write(0xffffffffffffffff, &(0x7f0000000340)="409b1abd", 0x4) connect$inet6(r4, &(0x7f0000000200)={0xa, 0xfffd, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000001c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, 0x0, 0x0) writev(r4, &(0x7f0000000300)=[{&(0x7f0000000580)="781fd1169bc02decbd902949dd5be7", 0xf}], 0x1) setsockopt$inet6_tcp_int(r4, 0x6, 0x4, &(0x7f0000000140)=0xea6, 0x4) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x20, &(0x7f0000000240)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e23, @local}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000001080)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000010c0)={r5}, &(0x7f0000000340)=0x8) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r7 = accept4(r6, 0x0, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000000)=0x5) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r7, &(0x7f0000000040)={0xe0000014}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000580), r7) 225.710098ms ago: executing program 0 (id=1960): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x814) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0}, 0x2004000) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, &(0x7f0000000280)}, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xb8}}, 0x10) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x80800) sendmmsg$alg(r3, 0x0, 0x0, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 170.32954ms ago: executing program 3 (id=1961): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, &(0x7f0000000280)}, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[], 0xb8}}, 0x10) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x80800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 152.536576ms ago: executing program 4 (id=1962): r0 = socket$kcm(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWSETELEM={0x1c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x3}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x900, 0x0, 0x0, {0x5, 0x0, 0x8}}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x2}}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x7}}, @NFT_MSG_DELSET={0x14, 0xb, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x3}}, @NFT_MSG_NEWFLOWTABLE={0x24, 0x16, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0xd8}}, 0x20008000) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r2, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600000000"], 0x5b0}, 0x20008001) sendmsg$inet6(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000140)="376cd97cb39285495ddf4bd660c811b4dca74500799dac8f26884d6d4cc781a3b510574bd853ed8eae31de87a5", 0x2d}], 0x1}, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000100)={0x66, 0xfe, 0x4, 0x0, 0x40, 0x0, 0x0, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9}, 0xe) shutdown(r3, 0x1) r4 = socket$inet(0xa, 0x801, 0x84) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b70200"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000040)=0x891c) shutdown(0xffffffffffffffff, 0x0) setsockopt(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000200)="b970f6aa2bfdc9d7afbfe5c81e0b9b00b49015199ee375d7bd1e9a044aead3faf4a0f39154893e76f7c07b1ef464add3dac1272dfb540106eff5d18585394f8978a2a6e597b9479e904e68cfe4474d047fbd2a138da70c600c760ce32fdd162b9866cd8b1d2908ea2599011aba31a4b1193250944e602609300cbbb8f2bd89acef5fd0471e96cd071c31f8", 0x8b) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) shutdown(r4, 0x0) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x4040850) socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$kcm(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x0) ppoll(&(0x7f0000000500)=[{r5}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) recvmmsg(r3, &(0x7f0000005000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_SECURITY(r8, 0x112, 0x4, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90324fc6004001c000a000200053582c137153e37000c0480fc0b10000300", 0x33fe0}], 0x1}, 0x0) 77.937589ms ago: executing program 2 (id=1963): r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xcc) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b1a, &(0x7f0000000000)={'wlan1\x00'}) r1 = socket$igmp(0x2, 0x3, 0x2) r2 = socket(0x23, 0x0, 0x7ff) write(r2, &(0x7f0000000000)="d1d0", 0x2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0xd, 0x200cc, 0x6, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)='D', &(0x7f0000000240), 0x4b2, r4}, 0x38) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0xc, 0x0, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xae}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r6}, 0x10) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, &(0x7f0000000540)=""/245, &(0x7f0000000640), &(0x7f0000001740), 0x2, r4}, 0x38) mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) r7 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r7, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7fe}) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x503, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0xc215}, [@IFLA_LINK_NETNSID={0x8, 0x25, 0x3}, @IFLA_LINK={0x8, 0x5, r9}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x38}}, 0x48001) r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000001080), r11) sendmsg$NLBL_CIPSOV4_C_LIST(r11, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000000280)={0x1c, r12, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x4040840) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r13 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r13, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) close(0x4) sendmmsg(r8, &(0x7f00000001c0)=[{{&(0x7f0000000100)=@l2tp={0x2, 0x0, @loopback, 0x1}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000280)="42bd8a104b0f12b0206537cc393cced511a505275611a3940c9ce3f9e9431fe5de3e51d5d1d8041c03e047cfe185bcc47b45aa51fdd198b8d0ebd7145a9a46d04d4f956775c2b0fd99124a20b000e4b8cb1cfc5f6a152a015d86f0f61626a493e92b0b44d0ae88d3e9838c8819db4a3bf57d302d", 0x74}], 0x1}}], 0x1, 0x8000) 71.547269ms ago: executing program 0 (id=1964): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xe, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='contention_end\x00', r1}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r3, 0x4010744d, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x338, 0xffffffff, 0x0, 0x1a8, 0xb0, 0xffffffff, 0xffffffff, 0x2a0, 0x2a0, 0x2a0, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @dev, 0x0, 0x0, 'wg1\x00', 'nr0\x00'}, 0x0, 0x70, 0xb0, 0x1ba, {0x46010000, 0x2c000000000000}}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "6bc128419cfb67daad5b4809088400ed0000006c00000000000100040500"}}}, {{@uncond, 0x287, 0xd0, 0xf8, 0x0, {}, [@common=@unspec=@cpu={{0x28}}, @common=@unspec=@statistic={{0x38}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x98, 0xf8, 0x0, {}, [@common=@inet=@set1={{0x28}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x398) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112080000000000950b"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x8, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x7, &(0x7f00000002c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r5}}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000d00)={'ip6tnl0\x00', &(0x7f0000000c80)={'ip6_vti0\x00', 0x0, 0x2f, 0x9a, 0x0, 0xfffffff9, 0x6a, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, 0x700, 0x7, 0x10, 0x2}}) r7 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r7, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000e00)={0x6, 0x2e, &(0x7f0000000ac0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9b, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@btf_id={0x18, 0x7, 0x3, 0x0, 0x3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @alu={0x7, 0x0, 0x5, 0x4, 0x7, 0x8, 0x1}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @map_fd={0x18, 0xa, 0x1, 0x0, r0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}}}, &(0x7f0000000c40)='syzkaller\x00', 0x100, 0x0, 0x0, 0x41000, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000d40)={0x6, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000d80)=[r0], &(0x7f0000000dc0)=[{0x3, 0x3, 0x9, 0x8}, {0x1, 0x3, 0x0, 0x4}, {0x4, 0x3, 0xa, 0x4}], 0x10, 0x7, @void, @value}, 0x94) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r9, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r10, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 0s ago: executing program 3 (id=1965): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f00000001c0)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000002280)=[{{&(0x7f00000000c0)={0x2, 0x4e20, @loopback}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000040)='o', 0x1}], 0x1}, 0x18}], 0x1, 0x200040c8) kernel console output (not intermixed with test programs): 00 [ 144.378152][ T7463] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 144.378179][ T7463] ? sctp_v6_is_any+0x60/0x70 [ 144.378207][ T7463] ? sctp_copy_one_addr+0x94/0x360 [ 144.378235][ T7463] sctp_bind_addr_copy+0xad/0x3b0 [ 144.378259][ T7463] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 144.378295][ T7463] sctp_connect_new_asoc+0x2f3/0x6c0 [ 144.378329][ T7463] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 144.378357][ T7463] ? sctp_sendmsg+0xf1a/0x35d0 [ 144.378391][ T7463] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 144.378419][ T7463] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 144.378451][ T7463] sctp_sendmsg+0x1f64/0x35d0 [ 144.378497][ T7463] ? __pfx_sctp_sendmsg+0x10/0x10 [ 144.378531][ T7463] ? aa_sk_perm+0x96d/0xab0 [ 144.378573][ T7463] ? inet_sendmsg+0x330/0x390 [ 144.378600][ T7463] __sock_sendmsg+0x1a6/0x270 [ 144.378631][ T7463] ____sys_sendmsg+0x53a/0x860 [ 144.378663][ T7463] ? __pfx_____sys_sendmsg+0x10/0x10 [ 144.378684][ T7463] ? __fget_files+0x2a/0x410 [ 144.378717][ T7463] ? __fget_files+0x2a/0x410 [ 144.378756][ T7463] __sys_sendmmsg+0x36a/0x720 [ 144.378791][ T7463] ? __pfx___sys_sendmmsg+0x10/0x10 [ 144.378827][ T7463] ? __pfx_lock_release+0x10/0x10 [ 144.378855][ T7463] ? kstrtouint_from_user+0x128/0x190 [ 144.378905][ T7463] ? ksys_write+0x22a/0x2b0 [ 144.378937][ T7463] ? __pfx_lock_release+0x10/0x10 [ 144.378975][ T7463] ? sb_end_write+0xe9/0x1c0 [ 144.379005][ T7463] ? vfs_write+0x7fa/0xd10 [ 144.379030][ T7463] ? __mutex_unlock_slowpath+0x227/0x800 [ 144.379088][ T7463] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 144.379123][ T7463] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 144.379156][ T7463] ? do_syscall_64+0x100/0x230 [ 144.379187][ T7463] __x64_sys_sendmmsg+0xa0/0xb0 [ 144.379212][ T7463] do_syscall_64+0xf3/0x230 [ 144.379236][ T7463] ? clear_bhb_loop+0x35/0x90 [ 144.379269][ T7463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.379298][ T7463] RIP: 0033:0x7f03b5d8d169 [ 144.379316][ T7463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.379333][ T7463] RSP: 002b:00007f03b6cd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 144.379353][ T7463] RAX: ffffffffffffffda RBX: 00007f03b5fa5fa0 RCX: 00007f03b5d8d169 [ 144.379366][ T7463] RDX: 0000000000000001 RSI: 0000400000000940 RDI: 0000000000000003 [ 144.379378][ T7463] RBP: 00007f03b6cd1090 R08: 0000000000000000 R09: 0000000000000000 [ 144.379388][ T7463] R10: 0000000000048081 R11: 0000000000000246 R12: 0000000000000002 [ 144.379399][ T7463] R13: 0000000000000000 R14: 00007f03b5fa5fa0 R15: 00007ffdcd9fad98 [ 144.379429][ T7463] [ 145.041892][ T7474] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.160673][ T7474] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.291377][ T7474] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.469834][ T7474] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.635339][ T7474] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.685662][ T7474] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.715748][ T7516] veth1_to_team: entered promiscuous mode [ 147.778962][ T7474] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.835965][ T7474] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.920205][ T7515] netlink: 8 bytes leftover after parsing attributes in process `syz.1.564'. [ 147.938649][ T7515] gtp0: entered promiscuous mode [ 147.943687][ T7515] gtp0: entered allmulticast mode [ 148.113733][ T7514] veth1_to_team: left promiscuous mode [ 151.535093][ T7546] netlink: 24 bytes leftover after parsing attributes in process `syz.1.577'. [ 151.620019][ T7554] netlink: 4 bytes leftover after parsing attributes in process `syz.1.577'. [ 151.916832][ T7568] netlink: 24 bytes leftover after parsing attributes in process `syz.1.586'. [ 152.126168][ T7580] netlink: 24 bytes leftover after parsing attributes in process `syz.1.592'. [ 152.165596][ T7580] netlink: 4 bytes leftover after parsing attributes in process `syz.1.592'. [ 152.397588][ T7590] netlink: 20 bytes leftover after parsing attributes in process `syz.2.596'. [ 152.440562][ T7595] netlink: 36 bytes leftover after parsing attributes in process `syz.1.597'. [ 152.752347][ T7608] netlink: 20 bytes leftover after parsing attributes in process `syz.1.602'. [ 152.777216][ T7610] netlink: 24 bytes leftover after parsing attributes in process `syz.3.603'. [ 153.411456][ T7643] __nla_validate_parse: 3 callbacks suppressed [ 153.411478][ T7643] netlink: 24 bytes leftover after parsing attributes in process `syz.1.618'. [ 153.428865][ T7643] netlink: 4 bytes leftover after parsing attributes in process `syz.1.618'. [ 153.726630][ T7660] FAULT_INJECTION: forcing a failure. [ 153.726630][ T7660] name failslab, interval 1, probability 0, space 0, times 0 [ 153.747804][ T7660] CPU: 0 UID: 0 PID: 7660 Comm: syz.1.624 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 153.747834][ T7660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 153.747847][ T7660] Call Trace: [ 153.747854][ T7660] [ 153.747863][ T7660] dump_stack_lvl+0x241/0x360 [ 153.747894][ T7660] ? __pfx_dump_stack_lvl+0x10/0x10 [ 153.747916][ T7660] ? __pfx__printk+0x10/0x10 [ 153.747939][ T7660] ? __kmalloc_cache_noprof+0x48/0x390 [ 153.747970][ T7660] ? __pfx___might_resched+0x10/0x10 [ 153.747995][ T7660] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 153.748021][ T7660] should_fail_ex+0x40a/0x550 [ 153.748057][ T7660] should_failslab+0xac/0x100 [ 153.748085][ T7660] __kmalloc_cache_noprof+0x70/0x390 [ 153.748112][ T7660] ? ovs_ct_limit_cmd_set+0x2f9/0xaf0 [ 153.748153][ T7660] ovs_ct_limit_cmd_set+0x2f9/0xaf0 [ 153.748194][ T7660] genl_rcv_msg+0xb1f/0xec0 [ 153.748224][ T7660] ? __pfx_genl_rcv_msg+0x10/0x10 [ 153.748272][ T7660] ? __pfx_lock_acquire+0x10/0x10 [ 153.748301][ T7660] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 153.748332][ T7660] ? __pfx___might_resched+0x10/0x10 [ 153.748368][ T7660] netlink_rcv_skb+0x206/0x480 [ 153.748397][ T7660] ? __pfx_genl_rcv_msg+0x10/0x10 [ 153.748420][ T7660] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 153.748460][ T7660] ? __netlink_deliver_tap+0x7b0/0x7f0 [ 153.748501][ T7660] genl_rcv+0x28/0x40 [ 153.748520][ T7660] netlink_unicast+0x7f6/0x990 [ 153.748554][ T7660] ? __pfx_netlink_unicast+0x10/0x10 [ 153.748577][ T7660] ? __virt_addr_valid+0x45f/0x530 [ 153.748599][ T7660] ? __phys_addr_symbol+0x2f/0x70 [ 153.748618][ T7660] ? __check_object_size+0x47a/0x730 [ 153.748649][ T7660] netlink_sendmsg+0x8de/0xcb0 [ 153.748690][ T7660] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.748724][ T7660] ? aa_sock_msg_perm+0x91/0x160 [ 153.748760][ T7660] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.748787][ T7660] __sock_sendmsg+0x221/0x270 [ 153.748818][ T7660] ____sys_sendmsg+0x53a/0x860 [ 153.748849][ T7660] ? __pfx_____sys_sendmsg+0x10/0x10 [ 153.748869][ T7660] ? __fget_files+0x2a/0x410 [ 153.748902][ T7660] ? __fget_files+0x2a/0x410 [ 153.748941][ T7660] __sys_sendmsg+0x269/0x350 [ 153.748968][ T7660] ? __pfx___sys_sendmsg+0x10/0x10 [ 153.749001][ T7660] ? do_sys_openat2+0x17a/0x1d0 [ 153.749051][ T7660] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 153.749083][ T7660] ? do_syscall_64+0x100/0x230 [ 153.749111][ T7660] ? do_syscall_64+0xb6/0x230 [ 153.749148][ T7660] do_syscall_64+0xf3/0x230 [ 153.749172][ T7660] ? clear_bhb_loop+0x35/0x90 [ 153.749204][ T7660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.749231][ T7660] RIP: 0033:0x7f6d9fd8d169 [ 153.749250][ T7660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.749266][ T7660] RSP: 002b:00007f6da0c9a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 153.749288][ T7660] RAX: ffffffffffffffda RBX: 00007f6d9ffa5fa0 RCX: 00007f6d9fd8d169 [ 153.749303][ T7660] RDX: 0000000000000000 RSI: 0000400000000100 RDI: 0000000000000003 [ 153.749315][ T7660] RBP: 00007f6da0c9a090 R08: 0000000000000000 R09: 0000000000000000 [ 153.749327][ T7660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 153.749339][ T7660] R13: 0000000000000000 R14: 00007f6d9ffa5fa0 R15: 00007ffe411764a8 [ 153.749370][ T7660] [ 154.266180][ T7669] netlink: 24 bytes leftover after parsing attributes in process `syz.1.631'. [ 154.398487][ T7669] netlink: 4 bytes leftover after parsing attributes in process `syz.1.631'. [ 154.940901][ T7695] pim6reg0: tun_chr_ioctl cmd 1074025694 [ 155.199697][ T7707] netlink: 24 bytes leftover after parsing attributes in process `syz.2.647'. [ 155.276717][ T7707] netlink: 4 bytes leftover after parsing attributes in process `syz.2.647'. [ 155.310131][ T7713] netlink: 148 bytes leftover after parsing attributes in process `syz.0.649'. [ 155.330168][ T7713] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 157.843637][ T7746] netlink: 24 bytes leftover after parsing attributes in process `syz.0.662'. [ 157.951695][ T7746] netlink: 4 bytes leftover after parsing attributes in process `syz.0.662'. [ 158.215019][ T7759] Bluetooth: MGMT ver 1.23 [ 158.233549][ T7759] team0: left allmulticast mode [ 158.255450][ T7759] team_slave_0: left allmulticast mode [ 158.275085][ T7759] team_slave_1: left allmulticast mode [ 158.292098][ T7759] bond1: left allmulticast mode [ 158.328663][ T7759] bridge0: port 3(team0) entered disabled state [ 158.389284][ T7759] bridge_slave_0: left allmulticast mode [ 158.415084][ T7759] bridge_slave_0: left promiscuous mode [ 158.441479][ T7759] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.465493][ T7759] bridge_slave_1: left allmulticast mode [ 158.478683][ T7759] bridge_slave_1: left promiscuous mode [ 158.484527][ T7759] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.505566][ T7759] bond0: (slave bond_slave_0): Releasing backup interface [ 158.521945][ T7759] bond0: (slave bond_slave_1): Releasing backup interface [ 158.539289][ T7759] team_slave_0: left promiscuous mode [ 158.556962][ T7759] team0: Port device team_slave_0 removed [ 158.563982][ T7759] team_slave_1: left promiscuous mode [ 158.585262][ T7759] team0: Port device team_slave_1 removed [ 158.592557][ T7759] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 158.601715][ T7759] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 158.618830][ T7759] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 158.627687][ T7759] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 158.645460][ T7759] bond1: left promiscuous mode [ 158.661147][ T7759] team0: Port device bond1 removed [ 158.685540][ T7767] team0: Mode changed to "loadbalance" [ 159.716552][ T7835] netlink: 16 bytes leftover after parsing attributes in process `syz.1.696'. [ 159.743040][ T7836] netlink: 16 bytes leftover after parsing attributes in process `syz.1.696'. [ 160.042041][ T7851] netlink: 44 bytes leftover after parsing attributes in process `syz.1.703'. [ 160.162419][ T7858] netlink: 'syz.4.702': attribute type 10 has an invalid length. [ 160.504879][ T7858] team0: Device ipvlan1 failed to register rx_handler [ 160.594633][ T7868] bond1 (unregistering): Released all slaves [ 160.697513][ T7875] team0: Port device gtp0 added [ 160.776167][ T7875] netlink: 40 bytes leftover after parsing attributes in process `syz.3.712'. [ 160.916176][ T7880] can: request_module (can-proto-3) failed. [ 160.961317][ T7890] netlink: 12 bytes leftover after parsing attributes in process `syz.4.714'. [ 163.184689][ T7916] 8021q: adding VLAN 0 to HW filter on device bond2 [ 163.215796][ T7916] bond2: entered promiscuous mode [ 163.222877][ T7916] team0: Port device bond2 added [ 163.471443][ T7927] syzkaller0: entered promiscuous mode [ 163.476956][ T7927] syzkaller0: entered allmulticast mode [ 165.635554][ T7959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.743'. [ 166.448697][ T7989] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.757'. [ 168.701407][ T8012] netlink: 56 bytes leftover after parsing attributes in process `syz.4.764'. [ 168.760214][ T8016] netlink: 32 bytes leftover after parsing attributes in process `syz.0.765'. [ 168.998214][ T8027] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.770'. [ 172.977934][ T8060] FAULT_INJECTION: forcing a failure. [ 172.977934][ T8060] name failslab, interval 1, probability 0, space 0, times 0 [ 173.018126][ T8060] CPU: 0 UID: 0 PID: 8060 Comm: syz.4.779 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 173.018157][ T8060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 173.018168][ T8060] Call Trace: [ 173.018176][ T8060] [ 173.018185][ T8060] dump_stack_lvl+0x241/0x360 [ 173.018226][ T8060] ? __pfx_dump_stack_lvl+0x10/0x10 [ 173.018250][ T8060] ? __pfx__printk+0x10/0x10 [ 173.018272][ T8060] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 173.018303][ T8060] ? __pfx___might_resched+0x10/0x10 [ 173.018346][ T8060] should_fail_ex+0x40a/0x550 [ 173.018398][ T8060] should_failslab+0xac/0x100 [ 173.018427][ T8060] __kmalloc_node_noprof+0xe1/0x4d0 [ 173.018456][ T8060] ? __kvmalloc_node_noprof+0x72/0x190 [ 173.018496][ T8060] __kvmalloc_node_noprof+0x72/0x190 [ 173.018530][ T8060] bpf_test_run_xdp_live+0x21d/0x2220 [ 173.018561][ T8060] ? __pfx_lock_release+0x10/0x10 [ 173.018599][ T8060] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 173.018624][ T8060] ? __pfx___might_resched+0x10/0x10 [ 173.018656][ T8060] ? __mutex_unlock_slowpath+0x227/0x800 [ 173.018698][ T8060] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 173.018726][ T8060] ? synchronize_rcu+0x11b/0x360 [ 173.018750][ T8060] ? __pfx_synchronize_rcu+0x10/0x10 [ 173.018795][ T8060] ? __pfx_bpf_dispatcher_change_prog+0x10/0x10 [ 173.018827][ T8060] ? 0xffffffffa0000ce8 [ 173.018844][ T8060] ? 0xffffffffa0001d5c [ 173.018878][ T8060] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 173.018926][ T8060] ? _copy_from_user+0x95/0xb0 [ 173.018962][ T8060] ? bpf_test_init+0x137/0x160 [ 173.018988][ T8060] ? xdp_convert_md_to_buff+0x5b/0x330 [ 173.019019][ T8060] bpf_prog_test_run_xdp+0x805/0x11e0 [ 173.019066][ T8060] ? __pfx_lock_release+0x10/0x10 [ 173.019121][ T8060] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 173.019155][ T8060] ? __fget_files+0x2a/0x410 [ 173.019188][ T8060] ? __fget_files+0x2a/0x410 [ 173.019228][ T8060] ? fput+0x21b/0x290 [ 173.019256][ T8060] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 173.019288][ T8060] bpf_prog_test_run+0x2e4/0x360 [ 173.019329][ T8060] __sys_bpf+0x487/0x820 [ 173.019361][ T8060] ? __pfx___sys_bpf+0x10/0x10 [ 173.019422][ T8060] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 173.019454][ T8060] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 173.019486][ T8060] ? do_syscall_64+0x100/0x230 [ 173.019516][ T8060] __x64_sys_bpf+0x7c/0x90 [ 173.019543][ T8060] do_syscall_64+0xf3/0x230 [ 173.019569][ T8060] ? clear_bhb_loop+0x35/0x90 [ 173.019602][ T8060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.019630][ T8060] RIP: 0033:0x7f03b5d8d169 [ 173.019650][ T8060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.019667][ T8060] RSP: 002b:00007f03b6cd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 173.019689][ T8060] RAX: ffffffffffffffda RBX: 00007f03b5fa5fa0 RCX: 00007f03b5d8d169 [ 173.019704][ T8060] RDX: 0000000000000050 RSI: 0000400000000280 RDI: 000000000000000a [ 173.019717][ T8060] RBP: 00007f03b6cd1090 R08: 0000000000000000 R09: 0000000000000000 [ 173.019730][ T8060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.019742][ T8060] R13: 0000000000000000 R14: 00007f03b5fa5fa0 R15: 00007ffdcd9fad98 [ 173.019772][ T8060] [ 173.039036][ T8066] FAULT_INJECTION: forcing a failure. [ 173.039036][ T8066] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.371480][ T8066] CPU: 0 UID: 0 PID: 8066 Comm: syz.1.783 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 173.371510][ T8066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 173.371523][ T8066] Call Trace: [ 173.371530][ T8066] [ 173.371539][ T8066] dump_stack_lvl+0x241/0x360 [ 173.371572][ T8066] ? __pfx_dump_stack_lvl+0x10/0x10 [ 173.371595][ T8066] ? __pfx__printk+0x10/0x10 [ 173.371627][ T8066] should_fail_ex+0x40a/0x550 [ 173.371663][ T8066] _copy_to_user+0x31/0xb0 [ 173.371692][ T8066] generic_map_lookup_batch+0x92a/0xf20 [ 173.371719][ T8066] ? __pfx_lock_release+0x10/0x10 [ 173.371764][ T8066] ? __pfx_generic_map_lookup_batch+0x10/0x10 [ 173.371786][ T8066] ? __fget_files+0x395/0x410 [ 173.371813][ T8066] ? __fget_files+0x2a/0x410 [ 173.371846][ T8066] ? __pfx_generic_map_lookup_batch+0x10/0x10 [ 173.371871][ T8066] bpf_map_do_batch+0x288/0x660 [ 173.371906][ T8066] __sys_bpf+0x653/0x820 [ 173.371936][ T8066] ? __pfx___sys_bpf+0x10/0x10 [ 173.371974][ T8066] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 173.372007][ T8066] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 173.372040][ T8066] ? do_syscall_64+0x100/0x230 [ 173.372080][ T8066] __x64_sys_bpf+0x7c/0x90 [ 173.372107][ T8066] do_syscall_64+0xf3/0x230 [ 173.372131][ T8066] ? clear_bhb_loop+0x35/0x90 [ 173.372162][ T8066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.372190][ T8066] RIP: 0033:0x7f6d9fd8d169 [ 173.372207][ T8066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.372223][ T8066] RSP: 002b:00007f6da0c9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 173.372245][ T8066] RAX: ffffffffffffffda RBX: 00007f6d9ffa5fa0 RCX: 00007f6d9fd8d169 [ 173.372260][ T8066] RDX: 0000000000000038 RSI: 0000400000000700 RDI: 0000000000000018 [ 173.372273][ T8066] RBP: 00007f6da0c9a090 R08: 0000000000000000 R09: 0000000000000000 [ 173.372285][ T8066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.372297][ T8066] R13: 0000000000000000 R14: 00007f6d9ffa5fa0 R15: 00007ffe411764a8 [ 173.372324][ T8066] [ 173.726782][ T8080] netlink: 148 bytes leftover after parsing attributes in process `syz.3.789'. [ 173.745860][ T8078] macvlan2: entered promiscuous mode [ 173.762083][ T8080] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 173.772230][ T8078] bond_slave_0: entered promiscuous mode [ 173.778225][ T8078] bond_slave_1: entered promiscuous mode [ 173.794783][ T8078] bond0: entered promiscuous mode [ 173.829749][ T8078] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 173.840529][ T8078] team0: Port device macvlan2 added [ 174.768343][ T8108] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.800'. [ 175.310488][ T8113] netlink: 4 bytes leftover after parsing attributes in process `syz.3.801'. [ 175.330991][ T54] Bluetooth: hci4: command tx timeout [ 175.383706][ T8114] openvswitch: netlink: VXLAN extension 0 has unexpected len 3 expected 0 [ 176.457932][ T8113] hsr_slave_0: left promiscuous mode [ 176.487302][ T8113] hsr_slave_1: left promiscuous mode [ 176.829104][ T8129] netlink: 148 bytes leftover after parsing attributes in process `syz.1.806'. [ 176.858106][ T8129] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 177.114621][ T8136] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.810'. [ 177.408720][ T8148] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.815'. [ 180.330885][ T8174] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.825'. [ 180.480737][ T8180] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.827'. [ 180.589207][ T8184] netlink: 148 bytes leftover after parsing attributes in process `syz.3.829'. [ 180.598617][ T8184] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 180.647032][ T8189] netlink: 20 bytes leftover after parsing attributes in process `syz.2.832'. [ 181.352465][ T8211] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.839'. [ 181.820309][ T8225] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.842'. [ 183.933286][ T8245] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.854'. [ 183.972045][ T8250] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.852'. [ 185.631764][ T8290] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.868'. [ 186.901109][ T8292] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.869'. [ 186.943415][ T8296] sctp: [Deprecated]: syz.1.870 (pid 8296) Use of int in maxseg socket option. [ 186.943415][ T8296] Use struct sctp_assoc_value instead [ 187.051503][ T8302] netlink: 8 bytes leftover after parsing attributes in process `syz.1.870'. [ 187.842668][ T8339] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.887'. [ 188.029448][ T8346] netlink: 24 bytes leftover after parsing attributes in process `syz.2.891'. [ 188.146948][ T8349] netlink: 4 bytes leftover after parsing attributes in process `syz.2.891'. [ 189.765378][ T8357] macvlan0: entered promiscuous mode [ 190.339267][ T8385] netlink: 148 bytes leftover after parsing attributes in process `syz.1.908'. [ 190.359335][ T8385] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 190.392201][ T8388] netlink: 24 bytes leftover after parsing attributes in process `syz.4.909'. [ 192.652785][ T8409] FAULT_INJECTION: forcing a failure. [ 192.652785][ T8409] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 192.718660][ T8409] CPU: 1 UID: 0 PID: 8409 Comm: syz.4.914 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 192.718714][ T8409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 192.718727][ T8409] Call Trace: [ 192.718734][ T8409] [ 192.718743][ T8409] dump_stack_lvl+0x241/0x360 [ 192.718788][ T8409] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.718811][ T8409] ? __pfx__printk+0x10/0x10 [ 192.718843][ T8409] ? __pfx_lock_release+0x10/0x10 [ 192.718883][ T8409] should_fail_ex+0x40a/0x550 [ 192.718917][ T8409] _copy_from_iter+0x1df/0x1c40 [ 192.718948][ T8409] ? __virt_addr_valid+0x183/0x530 [ 192.718968][ T8409] ? __pfx_lock_release+0x10/0x10 [ 192.719005][ T8409] ? __alloc_skb+0x28f/0x440 [ 192.719024][ T8409] ? __pfx__copy_from_iter+0x10/0x10 [ 192.719050][ T8409] ? __virt_addr_valid+0x183/0x530 [ 192.719069][ T8409] ? __virt_addr_valid+0x183/0x530 [ 192.719087][ T8409] ? __virt_addr_valid+0x45f/0x530 [ 192.719107][ T8409] ? __phys_addr_symbol+0x2f/0x70 [ 192.719126][ T8409] ? __check_object_size+0x47a/0x730 [ 192.719165][ T8409] netlink_sendmsg+0x742/0xcb0 [ 192.719207][ T8409] ? __pfx_netlink_sendmsg+0x10/0x10 [ 192.719241][ T8409] ? aa_sock_msg_perm+0x91/0x160 [ 192.719278][ T8409] ? __pfx_netlink_sendmsg+0x10/0x10 [ 192.719305][ T8409] __sock_sendmsg+0x221/0x270 [ 192.719335][ T8409] ____sys_sendmsg+0x53a/0x860 [ 192.719367][ T8409] ? __pfx_____sys_sendmsg+0x10/0x10 [ 192.719387][ T8409] ? __fget_files+0x2a/0x410 [ 192.719419][ T8409] ? __fget_files+0x2a/0x410 [ 192.719458][ T8409] __sys_sendmsg+0x269/0x350 [ 192.719486][ T8409] ? __pfx___sys_sendmsg+0x10/0x10 [ 192.719521][ T8409] ? do_sys_openat2+0x17a/0x1d0 [ 192.719577][ T8409] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 192.719611][ T8409] ? do_syscall_64+0x100/0x230 [ 192.719639][ T8409] ? do_syscall_64+0xb6/0x230 [ 192.719671][ T8409] do_syscall_64+0xf3/0x230 [ 192.719696][ T8409] ? clear_bhb_loop+0x35/0x90 [ 192.719729][ T8409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.719756][ T8409] RIP: 0033:0x7f03b5d8d169 [ 192.719779][ T8409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.719796][ T8409] RSP: 002b:00007f03b6cd1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 192.719825][ T8409] RAX: ffffffffffffffda RBX: 00007f03b5fa5fa0 RCX: 00007f03b5d8d169 [ 192.719840][ T8409] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000005 [ 192.719852][ T8409] RBP: 00007f03b6cd1090 R08: 0000000000000000 R09: 0000000000000000 [ 192.719865][ T8409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 192.719876][ T8409] R13: 0000000000000000 R14: 00007f03b5fa5fa0 R15: 00007ffdcd9fad98 [ 192.719906][ T8409] [ 193.519101][ T8433] netlink: 'syz.4.927': attribute type 13 has an invalid length. [ 193.540739][ T8433] macvtap0: entered promiscuous mode [ 193.574749][ T8433] macvtap0: refused to change device tx_queue_len [ 193.598123][ T8438] netlink: 148 bytes leftover after parsing attributes in process `syz.2.929'. [ 193.614249][ T8438] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 194.194409][ T8458] netlink: 24 bytes leftover after parsing attributes in process `syz.3.937'. [ 194.574399][ T8471] netlink: 104 bytes leftover after parsing attributes in process `syz.4.943'. [ 194.620424][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.033996][ T8489] syz.3.951: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 195.078667][ T8489] CPU: 1 UID: 0 PID: 8489 Comm: syz.3.951 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 195.078700][ T8489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 195.078713][ T8489] Call Trace: [ 195.078720][ T8489] [ 195.078729][ T8489] dump_stack_lvl+0x241/0x360 [ 195.078762][ T8489] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.078786][ T8489] ? __pfx__printk+0x10/0x10 [ 195.078812][ T8489] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 195.078840][ T8489] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 195.078871][ T8489] warn_alloc+0x278/0x410 [ 195.078896][ T8489] ? __vmalloc_node_range_noprof+0x106/0x1380 [ 195.078920][ T8489] ? __pfx_warn_alloc+0x10/0x10 [ 195.078957][ T8489] ? kasan_save_track+0x3f/0x80 [ 195.078978][ T8489] ? __kasan_kmalloc+0x98/0xb0 [ 195.079003][ T8489] ? xsk_setsockopt+0x4aa/0x810 [ 195.079032][ T8489] ? do_sock_setsockopt+0x3af/0x720 [ 195.079052][ T8489] ? __x64_sys_setsockopt+0x1ee/0x280 [ 195.079071][ T8489] ? do_syscall_64+0xf3/0x230 [ 195.079095][ T8489] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.079134][ T8489] __vmalloc_node_range_noprof+0x126/0x1380 [ 195.079182][ T8489] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 195.079208][ T8489] ? __kasan_kmalloc+0x98/0xb0 [ 195.079237][ T8489] vmalloc_user_noprof+0x74/0x80 [ 195.079257][ T8489] ? xskq_create+0xb6/0x170 [ 195.079288][ T8489] xskq_create+0xb6/0x170 [ 195.079322][ T8489] xsk_init_queue+0xa1/0x100 [ 195.079357][ T8489] xsk_setsockopt+0x4aa/0x810 [ 195.079390][ T8489] ? __pfx_xsk_setsockopt+0x10/0x10 [ 195.079421][ T8489] ? __pfx_aa_sk_perm+0x10/0x10 [ 195.079455][ T8489] ? aa_sock_opt_perm+0x79/0x120 [ 195.079493][ T8489] ? __pfx_xsk_setsockopt+0x10/0x10 [ 195.079523][ T8489] do_sock_setsockopt+0x3af/0x720 [ 195.079551][ T8489] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 195.079578][ T8489] ? __fget_files+0x395/0x410 [ 195.079608][ T8489] ? __fget_files+0x2a/0x410 [ 195.079645][ T8489] __x64_sys_setsockopt+0x1ee/0x280 [ 195.079674][ T8489] do_syscall_64+0xf3/0x230 [ 195.079699][ T8489] ? clear_bhb_loop+0x35/0x90 [ 195.079732][ T8489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.079760][ T8489] RIP: 0033:0x7fa03118d169 [ 195.079779][ T8489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.079795][ T8489] RSP: 002b:00007fa0320a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 195.079817][ T8489] RAX: ffffffffffffffda RBX: 00007fa0313a5fa0 RCX: 00007fa03118d169 [ 195.079832][ T8489] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 195.079845][ T8489] RBP: 00007fa03120e2a0 R08: 0000000000000004 R09: 0000000000000000 [ 195.079858][ T8489] R10: 0000400000000000 R11: 0000000000000246 R12: 0000000000000000 [ 195.079871][ T8489] R13: 0000000000000000 R14: 00007fa0313a5fa0 R15: 00007fffcd286738 [ 195.079903][ T8489] [ 195.079911][ T8489] Mem-Info: [ 195.372094][ T8489] active_anon:7943 inactive_anon:0 isolated_anon:0 [ 195.372094][ T8489] active_file:2073 inactive_file:38342 isolated_file:0 [ 195.372094][ T8489] unevictable:768 dirty:213 writeback:0 [ 195.372094][ T8489] slab_reclaimable:10142 slab_unreclaimable:98343 [ 195.372094][ T8489] mapped:30044 shmem:3057 pagetables:785 [ 195.372094][ T8489] sec_pagetables:0 bounce:0 [ 195.372094][ T8489] kernel_misc_reclaimable:0 [ 195.372094][ T8489] free:1340236 free_pcp:2078 free_cma:0 [ 195.417332][ T8489] Node 0 active_anon:31472kB inactive_anon:0kB active_file:8292kB inactive_file:153296kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120176kB dirty:852kB writeback:0kB shmem:10292kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10768kB pagetables:3140kB sec_pagetables:0kB all_unreclaimable? no [ 195.449746][ T8489] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 195.481133][ T8489] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 195.508302][ T8489] lowmem_reserve[]: 0 2489 2490 0 0 [ 195.513640][ T8489] Node 0 DMA32 free:1442404kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:28936kB inactive_anon:0kB active_file:8292kB inactive_file:152980kB unevictable:1536kB writepending:852kB present:3129332kB managed:2549728kB mlocked:0kB bounce:0kB free_pcp:11264kB local_pcp:1716kB free_cma:0kB [ 195.573294][ T8489] lowmem_reserve[]: 0 0 0 0 0 [ 195.595275][ T8489] Node 0 Normal free:4kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:316kB unevictable:0kB writepending:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 195.673472][ T8489] lowmem_reserve[]: 0 0 0 0 0 [ 195.707175][ T8489] Node 1 Normal free:3903176kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 195.743645][ T8489] lowmem_reserve[]: 0 0 0 0 0 [ 195.758116][ T8489] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 195.801393][ T8489] Node 0 DMA32: 684*4kB (UM) 938*8kB (UME) 709*16kB (UME) 168*32kB (UME) 256*64kB (UME) 125*128kB (UM) 123*256kB (UME) 109*512kB (UME) 93*1024kB (UM) 13*2048kB (UME) 290*4096kB (UM) = 1456336kB [ 195.871019][ T8509] netlink: 8 bytes leftover after parsing attributes in process `syz.4.956'. [ 195.889101][ T8489] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 195.931945][ T8509] netlink: 2844 bytes leftover after parsing attributes in process `syz.4.956'. [ 195.952229][ T8489] Node 1 Normal: 204*4kB (UE) 49*8kB (UME) 45*16kB (UME) 188*32kB (UME) 89*64kB (UME) 37*128kB (UME) 13*256kB (UME) 9*512kB (UME) 2*1024kB (UM) 4*2048kB (UE) 944*4096kB (M) = 3903176kB [ 196.014797][ T8489] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 196.074323][ T8489] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 196.089237][ T8489] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 196.099288][ T8489] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 196.108757][ T8489] 41872 total pagecache pages [ 196.113581][ T8489] 0 pages in swap cache [ 196.119132][ T8489] Free swap = 124996kB [ 196.123987][ T8489] Total swap = 124996kB [ 196.128083][ T8516] netlink: 'syz.2.959': attribute type 10 has an invalid length. [ 196.144071][ T8516] batman_adv: batadv0: Adding interface: team0 [ 196.158005][ T8516] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.186645][ T8489] 2097051 pages RAM [ 196.190786][ T8489] 0 pages HighMem/MovableOnly [ 196.195633][ T8489] 427897 pages reserved [ 196.205756][ T8489] 0 pages cma reserved [ 196.230152][ T8524] netlink: 'syz.2.959': attribute type 10 has an invalid length. [ 196.234712][ T8516] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 196.277171][ T8524] netlink: 2 bytes leftover after parsing attributes in process `syz.2.959'. [ 196.348090][ T8524] team0: entered promiscuous mode [ 196.354179][ T8524] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.370688][ T8524] batman_adv: batadv0: Interface activated: team0 [ 196.402271][ T8524] batman_adv: batadv0: Interface deactivated: team0 [ 196.419920][ T8524] batman_adv: batadv0: Removing interface: team0 [ 196.427355][ T8524] bridge0: port 1(team0) entered blocking state [ 196.434298][ T8524] bridge0: port 1(team0) entered disabled state [ 196.441069][ T8524] team0: entered allmulticast mode [ 196.571297][ T8532] syzkaller0: entered promiscuous mode [ 196.586855][ T8534] netlink: 20 bytes leftover after parsing attributes in process `syz.4.965'. [ 196.598738][ T8532] syzkaller0: entered allmulticast mode [ 196.667668][ T8524] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.959'. [ 196.690796][ T5833] Bluetooth: hci1: command 0x0406 tx timeout [ 196.700046][ T5146] Bluetooth: hci2: command 0x0406 tx timeout [ 196.706191][ T5146] Bluetooth: hci3: command 0x0406 tx timeout [ 199.945497][ T8567] netlink: 24 bytes leftover after parsing attributes in process `syz.1.981'. [ 200.336020][ T8579] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 200.864086][ T8586] 8021q: adding VLAN 0 to HW filter on device bond3 [ 200.885038][ T8586] bond0: (slave bond3): Enslaving as an active interface with an up link [ 200.912633][ T8569] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 201.838009][ T8614] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1001'. [ 202.112601][ T8635] netlink: 'syz.4.1007': attribute type 10 has an invalid length. [ 202.163773][ T8627] netlink: 'syz.4.1007': attribute type 10 has an invalid length. [ 202.180579][ T8627] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1007'. [ 202.186574][ T8635] batman_adv: batadv0: Adding interface: team0 [ 202.195873][ T8635] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.225567][ T8635] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 202.288225][ T54] Bluetooth: hci4: command 0x0405 tx timeout [ 202.300443][ T8627] team0: entered promiscuous mode [ 202.305553][ T8627] team_slave_0: entered promiscuous mode [ 202.313745][ T8627] team_slave_1: entered promiscuous mode [ 202.321404][ T8627] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.337214][ T8627] batman_adv: batadv0: Interface activated: team0 [ 202.344093][ T8627] batman_adv: batadv0: Interface deactivated: team0 [ 202.350928][ T8627] batman_adv: batadv0: Removing interface: team0 [ 202.375850][ T8627] bridge0: port 3(team0) entered blocking state [ 202.387332][ T8627] bridge0: port 3(team0) entered disabled state [ 202.394289][ T8627] team0: entered allmulticast mode [ 202.399542][ T8627] team_slave_0: entered allmulticast mode [ 202.405485][ T8627] team_slave_1: entered allmulticast mode [ 202.411483][ T8627] macvlan2: entered allmulticast mode [ 202.417492][ T8627] bond0: entered allmulticast mode [ 202.422809][ T8627] bond_slave_0: entered allmulticast mode [ 202.429903][ T8627] bond_slave_1: entered allmulticast mode [ 202.441973][ T8627] bridge0: port 3(team0) entered blocking state [ 202.448432][ T8627] bridge0: port 3(team0) entered forwarding state [ 202.525140][ T8627] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1007'. [ 204.604761][ T8658] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1017'. [ 204.615046][ T8658] netlink: 'syz.1.1017': attribute type 3 has an invalid length. [ 205.094427][ T8661] Cannot find add_set index 0 as target [ 205.315968][ T8671] macvlan3: entered promiscuous mode [ 205.546311][ T8679] veth4: entered promiscuous mode [ 205.577291][ T8679] veth4: entered allmulticast mode [ 206.205522][ T8709] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1039'. [ 206.292515][ T8709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1039'. [ 206.477893][ T8720] netlink: 'syz.2.1045': attribute type 10 has an invalid length. [ 207.354335][ T8743] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1055'. [ 207.398705][ T8743] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1055'. [ 207.527603][ T8749] bond1 (unregistering): Released all slaves [ 208.023534][ T8770] netlink: 'syz.4.1067': attribute type 10 has an invalid length. [ 208.036063][ T8770] bridge0: port 3(team0) entered disabled state [ 208.046312][ T8770] team0: left allmulticast mode [ 208.057551][ T8777] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1070'. [ 208.083838][ T8770] team_slave_0: left allmulticast mode [ 208.084180][ T8775] netlink: 'syz.4.1067': attribute type 10 has an invalid length. [ 208.093952][ T8770] team_slave_1: left allmulticast mode [ 208.104658][ T8770] macvlan2: left allmulticast mode [ 208.114363][ T8770] bond0: left allmulticast mode [ 208.124136][ T8775] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1067'. [ 208.127697][ T8770] bond_slave_0: left allmulticast mode [ 208.170729][ T8770] bond_slave_1: left allmulticast mode [ 208.183991][ T8770] team0: left promiscuous mode [ 208.193050][ T8770] team_slave_0: left promiscuous mode [ 208.203023][ T8770] team_slave_1: left promiscuous mode [ 208.212408][ T8770] bridge0: port 3(team0) entered disabled state [ 208.246903][ T8770] batman_adv: batadv0: Adding interface: team0 [ 208.258693][ T8770] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.296391][ T8790] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1070'. [ 208.319508][ T8770] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 208.344292][ T8775] team0: entered promiscuous mode [ 208.357866][ T8775] team_slave_0: entered promiscuous mode [ 208.374107][ T8775] team_slave_1: entered promiscuous mode [ 208.375780][ T8770] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1067'. [ 208.391331][ T8775] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.422320][ T8775] batman_adv: batadv0: Interface activated: team0 [ 208.428957][ T8775] batman_adv: batadv0: Interface deactivated: team0 [ 208.435609][ T8775] batman_adv: batadv0: Removing interface: team0 [ 208.463205][ T8775] bridge0: port 3(team0) entered blocking state [ 208.477977][ T8775] bridge0: port 3(team0) entered disabled state [ 208.484436][ T8775] team0: entered allmulticast mode [ 208.507963][ T8775] team_slave_0: entered allmulticast mode [ 208.513774][ T8775] team_slave_1: entered allmulticast mode [ 208.527962][ T8775] macvlan2: entered allmulticast mode [ 208.533430][ T8775] bond0: entered allmulticast mode [ 208.545583][ T8775] bond_slave_0: entered allmulticast mode [ 208.586878][ T8775] bond_slave_1: entered allmulticast mode [ 208.613422][ T8775] bridge0: port 3(team0) entered blocking state [ 208.619854][ T8775] bridge0: port 3(team0) entered forwarding state [ 208.986491][ T8806] bond4 (unregistering): Released all slaves [ 210.391354][ T8821] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1086'. [ 210.596042][ T8824] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1086'. [ 213.776492][ T8862] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1100'. [ 213.966010][ T8865] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1100'. [ 215.376030][ T8885] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1107'. [ 215.528968][ T8892] netlink: 'syz.3.1110': attribute type 10 has an invalid length. [ 215.550951][ T8892] netlink: 'syz.3.1110': attribute type 10 has an invalid length. [ 215.568069][ T8892] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1110'. [ 215.577240][ T8892] team0: entered promiscuous mode [ 215.587992][ T8892] gtp0: entered promiscuous mode [ 215.594802][ T8892] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.644475][ T8906] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1115'. [ 215.666337][ T8906] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1115'. [ 215.867212][ T8913] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1110'. [ 216.462114][ T8931] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1127'. [ 216.473396][ T8929] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1125'. [ 216.484593][ T8931] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1127'. [ 216.723157][ T8941] 8021q: adding VLAN 0 to HW filter on device bond3 [ 216.747017][ T8941] bond0: (slave bond3): Enslaving as an active interface with an up link [ 218.840408][ T8998] __nla_validate_parse: 3 callbacks suppressed [ 218.840432][ T8998] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1157'. [ 220.034046][ T9029] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1170'. [ 220.090768][ T9029] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 220.134871][ T9029] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 220.294069][ T9035] FAULT_INJECTION: forcing a failure. [ 220.294069][ T9035] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 220.332473][ T9035] CPU: 0 UID: 0 PID: 9035 Comm: syz.0.1173 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 220.332518][ T9035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 220.332539][ T9035] Call Trace: [ 220.332553][ T9035] [ 220.332568][ T9035] dump_stack_lvl+0x241/0x360 [ 220.332617][ T9035] ? __pfx_dump_stack_lvl+0x10/0x10 [ 220.332657][ T9035] ? __pfx__printk+0x10/0x10 [ 220.332698][ T9035] ? 0xffffffffa0001d5c [ 220.332748][ T9035] should_fail_ex+0x40a/0x550 [ 220.332811][ T9035] _copy_to_user+0x31/0xb0 [ 220.332843][ T9035] bpf_test_finish+0x2e6/0x890 [ 220.332882][ T9035] ? __pfx_bpf_test_finish+0x10/0x10 [ 220.332917][ T9035] ? bpf_test_init+0x137/0x160 [ 220.332947][ T9035] bpf_prog_test_run_xdp+0x8f4/0x11e0 [ 220.332984][ T9035] ? __pfx_lock_release+0x10/0x10 [ 220.333026][ T9035] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 220.333058][ T9035] ? __fget_files+0x2a/0x410 [ 220.333092][ T9035] ? __fget_files+0x2a/0x410 [ 220.333125][ T9035] ? fput+0x21b/0x290 [ 220.333153][ T9035] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 220.333185][ T9035] bpf_prog_test_run+0x2e4/0x360 [ 220.333220][ T9035] __sys_bpf+0x487/0x820 [ 220.333251][ T9035] ? __pfx___sys_bpf+0x10/0x10 [ 220.333298][ T9035] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 220.333332][ T9035] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 220.333365][ T9035] ? do_syscall_64+0x100/0x230 [ 220.333395][ T9035] __x64_sys_bpf+0x7c/0x90 [ 220.333423][ T9035] do_syscall_64+0xf3/0x230 [ 220.333447][ T9035] ? clear_bhb_loop+0x35/0x90 [ 220.333479][ T9035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.333506][ T9035] RIP: 0033:0x7f463d58d169 [ 220.333523][ T9035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 220.333540][ T9035] RSP: 002b:00007f463e3c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 220.333561][ T9035] RAX: ffffffffffffffda RBX: 00007f463d7a5fa0 RCX: 00007f463d58d169 [ 220.333576][ T9035] RDX: 0000000000000050 RSI: 0000400000000600 RDI: 000000000000000a [ 220.333590][ T9035] RBP: 00007f463e3c1090 R08: 0000000000000000 R09: 0000000000000000 [ 220.333602][ T9035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 220.333614][ T9035] R13: 0000000000000000 R14: 00007f463d7a5fa0 R15: 00007fffa4319d78 [ 220.333645][ T9035] [ 221.436258][ T9060] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.1183'. [ 222.018937][ T9071] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1188'. [ 222.704361][ T9091] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1198'. [ 222.760915][ T9096] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1196'. [ 222.798244][ T9095] netlink: 'syz.0.1199': attribute type 10 has an invalid length. [ 222.809667][ T9095] bridge0: port 3(team0) entered disabled state [ 222.816613][ T9095] team0: left allmulticast mode [ 222.824517][ T9095] team_slave_0: left allmulticast mode [ 222.832474][ T9095] team_slave_1: left allmulticast mode [ 222.845384][ T9095] team0: left promiscuous mode [ 222.851094][ T9095] team_slave_0: left promiscuous mode [ 222.856935][ T9095] team_slave_1: left promiscuous mode [ 222.862781][ T9100] netlink: 'syz.0.1199': attribute type 10 has an invalid length. [ 222.871195][ T9095] bridge0: port 3(team0) entered disabled state [ 222.879861][ T9100] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1199'. [ 222.896913][ T9095] batman_adv: batadv0: Adding interface: team0 [ 222.907620][ T9095] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.938175][ T9095] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 222.991618][ T9100] team0: entered promiscuous mode [ 223.006138][ T9100] team_slave_0: entered promiscuous mode [ 223.016416][ T9100] team_slave_1: entered promiscuous mode [ 223.025109][ T9100] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.032438][ T9100] batman_adv: batadv0: Interface activated: team0 [ 223.039276][ T9100] batman_adv: batadv0: Interface deactivated: team0 [ 223.046036][ T9100] batman_adv: batadv0: Removing interface: team0 [ 223.054475][ T9100] bridge0: port 3(team0) entered blocking state [ 223.061066][ T9100] bridge0: port 3(team0) entered disabled state [ 223.067618][ T9100] team0: entered allmulticast mode [ 223.072993][ T9100] team_slave_0: entered allmulticast mode [ 223.084976][ T9100] team_slave_1: entered allmulticast mode [ 223.094155][ T9100] bridge0: port 3(team0) entered blocking state [ 223.100588][ T9100] bridge0: port 3(team0) entered forwarding state [ 223.150997][ T9100] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1199'. [ 224.193530][ T9136] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1213'. [ 224.637235][ T9144] netlink: 'syz.4.1214': attribute type 3 has an invalid length. [ 224.665645][ T9144] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1214'. [ 224.917763][ T9148] 8021q: adding VLAN 0 to HW filter on device bond4 [ 224.926153][ T9148] bond4: entered promiscuous mode [ 224.935794][ T9148] team0: Port device bond4 added [ 225.419319][ T9169] netlink: 240 bytes leftover after parsing attributes in process `syz.2.1226'. [ 225.458170][ T9165] FAULT_INJECTION: forcing a failure. [ 225.458170][ T9165] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 225.494258][ T9165] CPU: 1 UID: 0 PID: 9165 Comm: syz.2.1226 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 225.494292][ T9165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 225.494305][ T9165] Call Trace: [ 225.494313][ T9165] [ 225.494321][ T9165] dump_stack_lvl+0x241/0x360 [ 225.494355][ T9165] ? __pfx_dump_stack_lvl+0x10/0x10 [ 225.494378][ T9165] ? __pfx__printk+0x10/0x10 [ 225.494406][ T9165] ? snprintf+0xda/0x120 [ 225.494441][ T9165] should_fail_ex+0x40a/0x550 [ 225.494478][ T9165] _copy_to_user+0x31/0xb0 [ 225.494509][ T9165] simple_read_from_buffer+0xca/0x150 [ 225.494542][ T9165] proc_fail_nth_read+0x1e9/0x250 [ 225.494575][ T9165] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 225.494608][ T9165] ? rw_verify_area+0x243/0x630 [ 225.494628][ T9165] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 225.494658][ T9165] vfs_read+0x1f8/0xb40 [ 225.494681][ T9165] ? fdget_pos+0x254/0x320 [ 225.494723][ T9165] ? __pfx___mutex_lock+0x10/0x10 [ 225.494750][ T9165] ? __pfx_vfs_read+0x10/0x10 [ 225.494776][ T9165] ? __fget_files+0x2a/0x410 [ 225.494807][ T9165] ? __fget_files+0x395/0x410 [ 225.494836][ T9165] ? __fget_files+0x2a/0x410 [ 225.494876][ T9165] ksys_read+0x18f/0x2b0 [ 225.494900][ T9165] ? __pfx_ksys_read+0x10/0x10 [ 225.494923][ T9165] ? do_syscall_64+0x100/0x230 [ 225.494952][ T9165] ? do_syscall_64+0xb6/0x230 [ 225.494981][ T9165] do_syscall_64+0xf3/0x230 [ 225.495007][ T9165] ? clear_bhb_loop+0x35/0x90 [ 225.495040][ T9165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.495069][ T9165] RIP: 0033:0x7f9edc18bb7c [ 225.495087][ T9165] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 225.495105][ T9165] RSP: 002b:00007f9ed9fd5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 225.495127][ T9165] RAX: ffffffffffffffda RBX: 00007f9edc3a6080 RCX: 00007f9edc18bb7c [ 225.495143][ T9165] RDX: 000000000000000f RSI: 00007f9ed9fd50a0 RDI: 000000000000000a [ 225.495155][ T9165] RBP: 00007f9ed9fd5090 R08: 0000000000000000 R09: 000000000000000e [ 225.495168][ T9165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 225.495185][ T9165] R13: 0000000000000001 R14: 00007f9edc3a6080 R15: 00007ffe7d8b3c48 [ 225.495218][ T9165] [ 226.442409][ T9181] tipc: Started in network mode [ 226.447678][ T9181] tipc: Node identity e0000002, cluster identity 4711 [ 226.455360][ T9181] tipc: Enabling of bearer rejected, failed to enable media [ 226.924174][ T9195] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1237'. [ 228.100245][ T9226] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1249'. [ 228.168491][ T9228] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1250'. [ 228.177623][ T9228] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 229.139929][ T9256] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1262'. [ 232.250820][ T9283] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1272'. [ 232.566727][ T9294] netlink: 'syz.0.1278': attribute type 10 has an invalid length. [ 232.585101][ T9294] bridge0: port 3(team0) entered disabled state [ 232.594655][ T9294] team0: left allmulticast mode [ 232.603562][ T9294] team_slave_0: left allmulticast mode [ 232.610079][ T9294] team_slave_1: left allmulticast mode [ 232.628210][ T9294] team0: left promiscuous mode [ 232.633050][ T9294] team_slave_0: left promiscuous mode [ 232.650112][ T9298] netlink: 'syz.0.1278': attribute type 10 has an invalid length. [ 232.664053][ T9298] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1278'. [ 232.673374][ T9294] team_slave_1: left promiscuous mode [ 232.684914][ T9294] bridge0: port 3(team0) entered disabled state [ 232.712797][ T9294] batman_adv: batadv0: Adding interface: team0 [ 232.732701][ T9294] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 232.783904][ T9294] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 232.933180][ T9294] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1278'. [ 233.110740][ T9298] team0: entered promiscuous mode [ 233.139747][ T9298] team_slave_0: entered promiscuous mode [ 233.180092][ T9298] team_slave_1: entered promiscuous mode [ 233.187372][ T9298] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.265156][ T9298] batman_adv: batadv0: Interface activated: team0 [ 233.314029][ T9298] batman_adv: batadv0: Interface deactivated: team0 [ 233.347744][ T9298] batman_adv: batadv0: Removing interface: team0 [ 233.370299][ T9298] bridge0: port 3(team0) entered blocking state [ 233.395661][ T9298] bridge0: port 3(team0) entered disabled state [ 233.413170][ T9298] team0: entered allmulticast mode [ 233.432659][ T9298] team_slave_0: entered allmulticast mode [ 233.456264][ T9298] team_slave_1: entered allmulticast mode [ 233.482745][ T9298] bridge0: port 3(team0) entered blocking state [ 233.489230][ T9298] bridge0: port 3(team0) entered forwarding state [ 233.945299][ T9322] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.1285'. [ 234.070674][ T9328] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1288'. [ 235.154652][ T9362] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.1304'. [ 235.249845][ T9364] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1305'. [ 235.486812][ T9374] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1309'. [ 235.687852][ T9379] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.1311'. [ 235.781526][ T9384] FAULT_INJECTION: forcing a failure. [ 235.781526][ T9384] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 235.808327][ T9384] CPU: 1 UID: 0 PID: 9384 Comm: syz.3.1314 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 235.808361][ T9384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 235.808375][ T9384] Call Trace: [ 235.808382][ T9384] [ 235.808391][ T9384] dump_stack_lvl+0x241/0x360 [ 235.808425][ T9384] ? __pfx_dump_stack_lvl+0x10/0x10 [ 235.808449][ T9384] ? __pfx__printk+0x10/0x10 [ 235.808472][ T9384] ? __pfx_lock_release+0x10/0x10 [ 235.808506][ T9384] ? vfs_write+0x7fa/0xd10 [ 235.808532][ T9384] should_fail_ex+0x40a/0x550 [ 235.808569][ T9384] _copy_from_user+0x2d/0xb0 [ 235.808599][ T9384] move_addr_to_kernel+0x82/0x150 [ 235.808629][ T9384] __sys_connect+0xb6/0x2d0 [ 235.808661][ T9384] ? __fget_files+0x2a/0x410 [ 235.808691][ T9384] ? __pfx___sys_connect+0x10/0x10 [ 235.808744][ T9384] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 235.808776][ T9384] ? do_syscall_64+0x100/0x230 [ 235.808806][ T9384] __x64_sys_connect+0x7a/0x90 [ 235.808838][ T9384] do_syscall_64+0xf3/0x230 [ 235.808862][ T9384] ? clear_bhb_loop+0x35/0x90 [ 235.808899][ T9384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.808925][ T9384] RIP: 0033:0x7fa03118d169 [ 235.808944][ T9384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.808962][ T9384] RSP: 002b:00007fa0320a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 235.808984][ T9384] RAX: ffffffffffffffda RBX: 00007fa0313a5fa0 RCX: 00007fa03118d169 [ 235.808999][ T9384] RDX: 0000000000000010 RSI: 00004000000000c0 RDI: 0000000000000003 [ 235.809013][ T9384] RBP: 00007fa0320a7090 R08: 0000000000000000 R09: 0000000000000000 [ 235.809026][ T9384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 235.809038][ T9384] R13: 0000000000000000 R14: 00007fa0313a5fa0 R15: 00007fffcd286738 [ 235.809068][ T9384] [ 236.115467][ T9389] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1317'. [ 236.569736][ T9394] netlink: 'syz.1.1319': attribute type 2 has an invalid length. [ 236.580598][ T9394] netlink: 'syz.1.1319': attribute type 1 has an invalid length. [ 236.960253][ T9411] FAULT_INJECTION: forcing a failure. [ 236.960253][ T9411] name failslab, interval 1, probability 0, space 0, times 0 [ 236.993295][ T9411] CPU: 0 UID: 0 PID: 9411 Comm: syz.1.1327 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 236.993328][ T9411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 236.993342][ T9411] Call Trace: [ 236.993350][ T9411] [ 236.993359][ T9411] dump_stack_lvl+0x241/0x360 [ 236.993392][ T9411] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.993416][ T9411] ? __pfx__printk+0x10/0x10 [ 236.993440][ T9411] ? __kmalloc_noprof+0xb5/0x4c0 [ 236.993470][ T9411] ? __pfx___might_resched+0x10/0x10 [ 236.993503][ T9411] should_fail_ex+0x40a/0x550 [ 236.993558][ T9411] should_failslab+0xac/0x100 [ 236.993589][ T9411] __kmalloc_noprof+0xdd/0x4c0 [ 236.993623][ T9411] ? bpf_test_init+0xc3/0x160 [ 236.993655][ T9411] bpf_test_init+0xc3/0x160 [ 236.993686][ T9411] bpf_prog_test_run_xdp+0x48e/0x11e0 [ 236.993722][ T9411] ? __pfx_lock_release+0x10/0x10 [ 236.993763][ T9411] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 236.993794][ T9411] ? __fget_files+0x2a/0x410 [ 236.993828][ T9411] ? __fget_files+0x2a/0x410 [ 236.993862][ T9411] ? fput+0x21b/0x290 [ 236.993889][ T9411] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 236.993921][ T9411] bpf_prog_test_run+0x2e4/0x360 [ 236.993957][ T9411] __sys_bpf+0x487/0x820 [ 236.993989][ T9411] ? __pfx___sys_bpf+0x10/0x10 [ 236.994031][ T9411] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 236.994066][ T9411] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 236.994100][ T9411] ? do_syscall_64+0x100/0x230 [ 236.994149][ T9411] __x64_sys_bpf+0x7c/0x90 [ 236.994176][ T9411] do_syscall_64+0xf3/0x230 [ 236.994202][ T9411] ? clear_bhb_loop+0x35/0x90 [ 236.994236][ T9411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.994264][ T9411] RIP: 0033:0x7f6d9fd8d169 [ 236.994283][ T9411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.994301][ T9411] RSP: 002b:00007f6da0c9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 236.994329][ T9411] RAX: ffffffffffffffda RBX: 00007f6d9ffa5fa0 RCX: 00007f6d9fd8d169 [ 236.994345][ T9411] RDX: 0000000000000050 RSI: 0000400000000000 RDI: 000000000000000a [ 236.994358][ T9411] RBP: 00007f6da0c9a090 R08: 0000000000000000 R09: 0000000000000000 [ 236.994371][ T9411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 236.994384][ T9411] R13: 0000000000000000 R14: 00007f6d9ffa5fa0 R15: 00007ffe411764a8 [ 236.994414][ T9411] [ 237.524907][ T9415] __nla_validate_parse: 1 callbacks suppressed [ 237.524929][ T9415] netlink: 1688 bytes leftover after parsing attributes in process `syz.2.1329'. [ 237.721361][ T9421] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1332'. [ 237.737590][ T9421] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1332'. [ 237.751109][ T9421] netlink: 'syz.3.1332': attribute type 1 has an invalid length. [ 237.761803][ T9421] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1332'. [ 237.831442][ T5839] block nbd1: Receive control failed (result -107) [ 238.749783][ T9457] netlink: 'syz.2.1344': attribute type 72 has an invalid length. [ 240.563393][ T9465] vlan2: entered promiscuous mode [ 240.581074][ T9465] batadv0: entered promiscuous mode [ 240.591266][ T9471] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1351'. [ 240.642403][ T9465] vlan2: entered allmulticast mode [ 240.654161][ T9465] batadv0: entered allmulticast mode [ 240.661523][ T9465] team0: Port device vlan2 added [ 240.845550][ T9483] netlink: 'syz.3.1355': attribute type 72 has an invalid length. [ 240.894552][ T9480] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode [ 240.915485][ T9480] macvtap1: entered promiscuous mode [ 240.921526][ T9480] macvtap1: entered allmulticast mode [ 240.935327][ T9480] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 240.951731][ T9480] mac80211_hwsim hwsim7 wlan1: left allmulticast mode [ 240.961139][ T9480] mac80211_hwsim hwsim7 wlan1: left promiscuous mode [ 240.980497][ T9488] netlink: 1624 bytes leftover after parsing attributes in process `syz.4.1357'. [ 241.312460][ T9499] FAULT_INJECTION: forcing a failure. [ 241.312460][ T9499] name failslab, interval 1, probability 0, space 0, times 0 [ 241.365020][ T9499] CPU: 0 UID: 0 PID: 9499 Comm: syz.0.1363 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 241.365054][ T9499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 241.365068][ T9499] Call Trace: [ 241.365075][ T9499] [ 241.365084][ T9499] dump_stack_lvl+0x241/0x360 [ 241.365116][ T9499] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.365145][ T9499] ? __pfx__printk+0x10/0x10 [ 241.365181][ T9499] should_fail_ex+0x40a/0x550 [ 241.365218][ T9499] should_failslab+0xac/0x100 [ 241.365248][ T9499] ? skb_clone+0x20c/0x390 [ 241.365270][ T9499] kmem_cache_alloc_noprof+0x70/0x380 [ 241.365306][ T9499] skb_clone+0x20c/0x390 [ 241.365334][ T9499] __netlink_deliver_tap+0x3c4/0x7f0 [ 241.365376][ T9499] ? netlink_deliver_tap+0x2e/0x1b0 [ 241.365404][ T9499] netlink_deliver_tap+0x19d/0x1b0 [ 241.365435][ T9499] netlink_unicast+0x7c4/0x990 [ 241.365470][ T9499] ? __pfx_netlink_unicast+0x10/0x10 [ 241.365494][ T9499] ? __virt_addr_valid+0x45f/0x530 [ 241.365515][ T9499] ? __phys_addr_symbol+0x2f/0x70 [ 241.365535][ T9499] ? __check_object_size+0x47a/0x730 [ 241.365568][ T9499] netlink_sendmsg+0x8de/0xcb0 [ 241.365612][ T9499] ? __pfx_netlink_sendmsg+0x10/0x10 [ 241.365646][ T9499] ? aa_sock_msg_perm+0x91/0x160 [ 241.365685][ T9499] ? __pfx_netlink_sendmsg+0x10/0x10 [ 241.365712][ T9499] __sock_sendmsg+0x221/0x270 [ 241.365745][ T9499] ____sys_sendmsg+0x53a/0x860 [ 241.365778][ T9499] ? __pfx_____sys_sendmsg+0x10/0x10 [ 241.365798][ T9499] ? __fget_files+0x2a/0x410 [ 241.365874][ T9499] ? __fget_files+0x2a/0x410 [ 241.365915][ T9499] __sys_sendmsg+0x269/0x350 [ 241.365944][ T9499] ? __pfx___sys_sendmsg+0x10/0x10 [ 241.365981][ T9499] ? do_sys_openat2+0x17a/0x1d0 [ 241.366041][ T9499] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 241.366075][ T9499] ? do_syscall_64+0x100/0x230 [ 241.366105][ T9499] ? do_syscall_64+0xb6/0x230 [ 241.366134][ T9499] do_syscall_64+0xf3/0x230 [ 241.366160][ T9499] ? clear_bhb_loop+0x35/0x90 [ 241.366193][ T9499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.366222][ T9499] RIP: 0033:0x7f463d58d169 [ 241.366241][ T9499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.366259][ T9499] RSP: 002b:00007f463e3c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 241.366282][ T9499] RAX: ffffffffffffffda RBX: 00007f463d7a5fa0 RCX: 00007f463d58d169 [ 241.366297][ T9499] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000005 [ 241.366310][ T9499] RBP: 00007f463e3c1090 R08: 0000000000000000 R09: 0000000000000000 [ 241.366323][ T9499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 241.366335][ T9499] R13: 0000000000000000 R14: 00007f463d7a5fa0 R15: 00007fffa4319d78 [ 241.366367][ T9499] [ 241.887533][ T9514] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.1369'. [ 242.017967][ T9518] FAULT_INJECTION: forcing a failure. [ 242.017967][ T9518] name failslab, interval 1, probability 0, space 0, times 0 [ 242.053477][ T9518] CPU: 1 UID: 0 PID: 9518 Comm: syz.4.1371 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 242.053510][ T9518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 242.053523][ T9518] Call Trace: [ 242.053531][ T9518] [ 242.053540][ T9518] dump_stack_lvl+0x241/0x360 [ 242.053572][ T9518] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.053615][ T9518] ? __pfx__printk+0x10/0x10 [ 242.053639][ T9518] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 242.053670][ T9518] ? __pfx___might_resched+0x10/0x10 [ 242.053702][ T9518] should_fail_ex+0x40a/0x550 [ 242.053737][ T9518] should_failslab+0xac/0x100 [ 242.053767][ T9518] __kmalloc_node_noprof+0xe1/0x4d0 [ 242.053797][ T9518] ? __kvmalloc_node_noprof+0x72/0x190 [ 242.053835][ T9518] __kvmalloc_node_noprof+0x72/0x190 [ 242.053870][ T9518] bpf_test_run_xdp_live+0x290/0x2220 [ 242.053900][ T9518] ? __pfx_lock_release+0x10/0x10 [ 242.053938][ T9518] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 242.053963][ T9518] ? __pfx___might_resched+0x10/0x10 [ 242.054001][ T9518] ? __mutex_unlock_slowpath+0x227/0x800 [ 242.054038][ T9518] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 242.054066][ T9518] ? synchronize_rcu+0x11b/0x360 [ 242.054091][ T9518] ? __pfx_synchronize_rcu+0x10/0x10 [ 242.054138][ T9518] ? __pfx_bpf_dispatcher_change_prog+0x10/0x10 [ 242.054170][ T9518] ? 0xffffffffa0000cc8 [ 242.054187][ T9518] ? 0xffffffffa0001d5c [ 242.054223][ T9518] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 242.054269][ T9518] ? _copy_from_user+0x95/0xb0 [ 242.054295][ T9518] ? bpf_test_init+0x137/0x160 [ 242.054320][ T9518] ? xdp_convert_md_to_buff+0x5b/0x330 [ 242.054352][ T9518] bpf_prog_test_run_xdp+0x805/0x11e0 [ 242.054385][ T9518] ? __pfx_lock_release+0x10/0x10 [ 242.054425][ T9518] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 242.054455][ T9518] ? __fget_files+0x2a/0x410 [ 242.054487][ T9518] ? __fget_files+0x2a/0x410 [ 242.054520][ T9518] ? fput+0x21b/0x290 [ 242.054546][ T9518] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 242.054577][ T9518] bpf_prog_test_run+0x2e4/0x360 [ 242.054612][ T9518] __sys_bpf+0x487/0x820 [ 242.054641][ T9518] ? __pfx___sys_bpf+0x10/0x10 [ 242.054683][ T9518] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 242.054717][ T9518] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 242.054750][ T9518] ? do_syscall_64+0x100/0x230 [ 242.054780][ T9518] __x64_sys_bpf+0x7c/0x90 [ 242.054807][ T9518] do_syscall_64+0xf3/0x230 [ 242.054831][ T9518] ? clear_bhb_loop+0x35/0x90 [ 242.054863][ T9518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.054890][ T9518] RIP: 0033:0x7f03b5d8d169 [ 242.054906][ T9518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.054921][ T9518] RSP: 002b:00007f03b6cd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 242.054943][ T9518] RAX: ffffffffffffffda RBX: 00007f03b5fa5fa0 RCX: 00007f03b5d8d169 [ 242.054959][ T9518] RDX: 0000000000000048 RSI: 0000400000000600 RDI: 000000000000000a [ 242.054973][ T9518] RBP: 00007f03b6cd1090 R08: 0000000000000000 R09: 0000000000000000 [ 242.054995][ T9518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 242.055008][ T9518] R13: 0000000000000000 R14: 00007f03b5fa5fa0 R15: 00007ffdcd9fad98 [ 242.055037][ T9518] [ 242.517029][ T9529] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1376'. [ 242.547069][ T9529] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 242.597439][ T9532] dccp_close: ABORT with 172 bytes unread [ 242.608031][ T54] Bluetooth: hci4: command 0x0405 tx timeout [ 243.040156][ T9542] macvlan4: entered promiscuous mode [ 243.256203][ T9554] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.1383'. [ 243.430816][ T9561] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1385'. [ 243.760858][ T9571] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1389'. [ 244.137623][ T9582] tipc: Started in network mode [ 244.147673][ T9582] tipc: Node identity ac14142f, cluster identity 4711 [ 244.172362][ T9582] tipc: New replicast peer: 0.0.0.0 [ 244.193790][ T9582] tipc: Enabled bearer , priority 10 [ 244.235858][ T9587] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1392'. [ 244.486204][ T9595] 8021q: adding VLAN 0 to HW filter on device bond4 [ 244.515833][ T9595] bond0: (slave bond4): Enslaving as an active interface with an up link [ 244.547246][ T9598] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1403'. [ 245.082547][ T9632] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1417'. [ 245.094411][ T9634] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1418'. [ 245.196247][ T9636] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1419'. [ 245.240049][ T9636] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1419'. [ 245.300528][ T5881] tipc: Node number set to 2886997039 [ 245.727469][ T9657] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1429'. [ 245.825973][ T9661] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 247.257144][ T9716] netlink: 'syz.4.1453': attribute type 10 has an invalid length. [ 247.274552][ T9716] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 247.295187][ T9716] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 247.653345][ T9732] x_tables: duplicate underflow at hook 3 [ 247.768146][ T9734] netlink: 'syz.4.1462': attribute type 1 has an invalid length. [ 248.390553][ T9770] __nla_validate_parse: 8 callbacks suppressed [ 248.390575][ T9770] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1476'. [ 248.444064][ T9771] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1476'. [ 248.872203][ T9781] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1481'. [ 248.898708][ T9781] team0: left promiscuous mode [ 248.903776][ T9781] bond2: left promiscuous mode [ 248.931927][ T9781] bond4: left promiscuous mode [ 248.954898][ T9785] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1483'. [ 248.973248][ T9781] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 249.181917][ T9792] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1486'. [ 249.203004][ T9792] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1486'. [ 249.241544][ T9792] dummy0: entered promiscuous mode [ 249.264031][ T9792] dummy0: left promiscuous mode [ 249.283326][ T9796] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1488'. [ 249.410451][ T9801] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1490'. [ 249.426327][ T9801] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1490'. [ 249.464530][ T9803] bond0: entered promiscuous mode [ 249.487124][ T9803] bond0: left promiscuous mode [ 249.502895][ T9805] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1492'. [ 250.023258][ T9831] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 251.870044][ T9827] team0: Port device bond2 removed [ 251.876537][ T9827] bond0: (slave bond3): Releasing backup interface [ 251.911621][ T9827] team0: Port device bond4 removed [ 252.055141][ T9823] FAULT_INJECTION: forcing a failure. [ 252.055141][ T9823] name failslab, interval 1, probability 0, space 0, times 0 [ 252.068654][ T9823] CPU: 0 UID: 0 PID: 9823 Comm: syz.3.1497 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 252.068684][ T9823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 252.068698][ T9823] Call Trace: [ 252.068705][ T9823] [ 252.068714][ T9823] dump_stack_lvl+0x241/0x360 [ 252.068746][ T9823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 252.068770][ T9823] ? __pfx__printk+0x10/0x10 [ 252.068806][ T9823] ? __kmalloc_cache_noprof+0x48/0x390 [ 252.068838][ T9823] ? __pfx___might_resched+0x10/0x10 [ 252.068869][ T9823] should_fail_ex+0x40a/0x550 [ 252.068904][ T9823] should_failslab+0xac/0x100 [ 252.068934][ T9823] __kmalloc_cache_noprof+0x70/0x390 [ 252.068961][ T9823] ? kobject_uevent_env+0x28b/0x8e0 [ 252.068995][ T9823] kobject_uevent_env+0x28b/0x8e0 [ 252.069034][ T9823] __kobject_del+0xd3/0x310 [ 252.069057][ T9823] ? kobject_put+0x23d/0x480 [ 252.069085][ T9823] kobject_put+0x245/0x480 [ 252.069117][ T9823] netdev_queue_update_kobjects+0x661/0x720 [ 252.069151][ T9823] netif_set_real_num_tx_queues+0x16f/0x8d0 [ 252.069187][ T9823] __tun_detach+0xdac/0x15d0 [ 252.069226][ T9823] tun_chr_close+0x105/0x1b0 [ 252.069247][ T9823] ? __pfx_tun_chr_close+0x10/0x10 [ 252.069271][ T9823] __fput+0x3e9/0x9f0 [ 252.069312][ T9823] __x64_sys_close+0x7f/0x110 [ 252.069343][ T9823] do_syscall_64+0xf3/0x230 [ 252.069368][ T9823] ? clear_bhb_loop+0x35/0x90 [ 252.069400][ T9823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.069428][ T9823] RIP: 0033:0x7fa03118d169 [ 252.069447][ T9823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.069464][ T9823] RSP: 002b:00007fa032086038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 252.069486][ T9823] RAX: ffffffffffffffda RBX: 00007fa0313a6080 RCX: 00007fa03118d169 [ 252.069501][ T9823] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 252.069512][ T9823] RBP: 00007fa032086090 R08: 0000000000000000 R09: 0000000000000000 [ 252.069524][ T9823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 252.069536][ T9823] R13: 0000000000000000 R14: 00007fa0313a6080 R15: 00007fffcd286738 [ 252.069567][ T9823] [ 254.275283][ T9864] __nla_validate_parse: 1 callbacks suppressed [ 254.275304][ T9864] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.1517'. [ 254.376847][ T9868] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 254.796075][ T9888] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1526'. [ 254.894263][ T9890] 8021q: adding VLAN 0 to HW filter on device bond1 [ 254.902441][ T9890] bond1: entered promiscuous mode [ 254.908217][ T9890] bond1: entered allmulticast mode [ 254.915246][ T9890] team0: Port device bond1 added [ 255.320541][ T9914] netlink: 'syz.1.1535': attribute type 1 has an invalid length. [ 255.340664][ T9915] FAULT_INJECTION: forcing a failure. [ 255.340664][ T9915] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 255.367976][ T9915] CPU: 0 UID: 0 PID: 9915 Comm: syz.4.1538 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 255.368009][ T9915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 255.368022][ T9915] Call Trace: [ 255.368029][ T9915] [ 255.368038][ T9915] dump_stack_lvl+0x241/0x360 [ 255.368070][ T9915] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.368092][ T9915] ? __pfx__printk+0x10/0x10 [ 255.368115][ T9915] ? __pfx_lock_release+0x10/0x10 [ 255.368155][ T9915] should_fail_ex+0x40a/0x550 [ 255.368192][ T9915] _copy_from_user+0x2d/0xb0 [ 255.368220][ T9915] copy_msghdr_from_user+0xae/0x680 [ 255.368248][ T9915] ? __pfx___might_resched+0x10/0x10 [ 255.368280][ T9915] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 255.368314][ T9915] ? do_recvmmsg+0x44e/0xab0 [ 255.368338][ T9915] ? __might_fault+0xaa/0x120 [ 255.368479][ T9915] do_recvmmsg+0x3bd/0xab0 [ 255.368527][ T9915] ? __pfx_do_recvmmsg+0x10/0x10 [ 255.368574][ T9915] ? ksys_write+0x22a/0x2b0 [ 255.368612][ T9915] ? __pfx_lock_release+0x10/0x10 [ 255.368652][ T9915] ? sb_end_write+0xe9/0x1c0 [ 255.368682][ T9915] ? vfs_write+0x7fa/0xd10 [ 255.368707][ T9915] ? __mutex_unlock_slowpath+0x227/0x800 [ 255.368741][ T9915] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 255.368763][ T9915] ? __fget_files+0x2a/0x410 [ 255.368808][ T9915] __x64_sys_recvmmsg+0x199/0x250 [ 255.368836][ T9915] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 255.368869][ T9915] ? do_syscall_64+0x100/0x230 [ 255.368903][ T9915] ? do_syscall_64+0xb6/0x230 [ 255.368936][ T9915] do_syscall_64+0xf3/0x230 [ 255.368962][ T9915] ? clear_bhb_loop+0x35/0x90 [ 255.368995][ T9915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.369025][ T9915] RIP: 0033:0x7f03b5d8d169 [ 255.369044][ T9915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.369062][ T9915] RSP: 002b:00007f03b6cd1038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 255.369085][ T9915] RAX: ffffffffffffffda RBX: 00007f03b5fa5fa0 RCX: 00007f03b5d8d169 [ 255.369101][ T9915] RDX: 03ffffffffffff67 RSI: 0000400000002440 RDI: 0000000000000004 [ 255.369116][ T9915] RBP: 00007f03b6cd1090 R08: 0000000000000000 R09: 0000000000000000 [ 255.369129][ T9915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 255.369141][ T9915] R13: 0000000000000000 R14: 00007f03b5fa5fa0 R15: 00007ffdcd9fad98 [ 255.369173][ T9915] [ 255.637674][ T9918] FAULT_INJECTION: forcing a failure. [ 255.637674][ T9918] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 255.651658][ T9918] CPU: 0 UID: 0 PID: 9918 Comm: syz.2.1539 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 255.651686][ T9918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 255.651700][ T9918] Call Trace: [ 255.651708][ T9918] [ 255.651717][ T9918] dump_stack_lvl+0x241/0x360 [ 255.651750][ T9918] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.651773][ T9918] ? __pfx__printk+0x10/0x10 [ 255.651796][ T9918] ? __lock_acquire+0x1397/0x2100 [ 255.651836][ T9918] should_fail_ex+0x40a/0x550 [ 255.651871][ T9918] prepare_alloc_pages+0x1da/0x5b0 [ 255.651904][ T9918] __alloc_frozen_pages_noprof+0x16f/0x710 [ 255.651933][ T9918] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 255.651979][ T9918] alloc_pages_mpol+0x311/0x660 [ 255.652012][ T9918] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 255.652050][ T9918] vma_alloc_folio_noprof+0x12b/0x260 [ 255.652081][ T9918] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 255.652113][ T9918] ? do_raw_spin_unlock+0x13c/0x8b0 [ 255.652145][ T9918] folio_prealloc+0x2e/0x170 [ 255.652168][ T9918] do_wp_page+0x1253/0x49b0 [ 255.652241][ T9918] ? __pfx_do_wp_page+0x10/0x10 [ 255.652279][ T9918] ? __pfx_lock_acquire+0x10/0x10 [ 255.652307][ T9918] ? rcu_is_watching+0x15/0xb0 [ 255.652333][ T9918] ? do_raw_spin_lock+0x14f/0x370 [ 255.652359][ T9918] ? __pfx____pte_offset_map+0x10/0x10 [ 255.652409][ T9918] __handle_mm_fault+0x24d5/0x70f0 [ 255.652465][ T9918] ? __pfx___handle_mm_fault+0x10/0x10 [ 255.652509][ T9918] ? mt_find+0x2a9/0x920 [ 255.652534][ T9918] ? __pfx_lock_release+0x10/0x10 [ 255.652575][ T9918] ? mt_find+0x2a9/0x920 [ 255.652610][ T9918] ? mt_find+0x6c8/0x920 [ 255.652643][ T9918] ? __pfx_mt_find+0x10/0x10 [ 255.652685][ T9918] ? find_vma+0xf9/0x170 [ 255.652701][ T9918] ? __pfx_find_vma+0x10/0x10 [ 255.652733][ T9918] handle_mm_fault+0x3e5/0x8d0 [ 255.652772][ T9918] exc_page_fault+0x2b9/0x8b0 [ 255.652800][ T9918] asm_exc_page_fault+0x26/0x30 [ 255.652826][ T9918] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 255.652857][ T9918] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 [ 255.652874][ T9918] RSP: 0018:ffffc9000b017b68 EFLAGS: 00050202 [ 255.652893][ T9918] RAX: ffffffff84f57701 RBX: 000040000002180c RCX: 000000000001f80c [ 255.652907][ T9918] RDX: 0000000000000000 RSI: ffff88805b8408cf RDI: 0000400000002000 [ 255.652919][ T9918] RBP: ffffc9000b017d00 R08: 0000000000000002 R09: ffffed100b70c01b [ 255.652932][ T9918] R10: dffffc0000000000 R11: ffffed100b70c01b R12: 00000000000200cc [ 255.652944][ T9918] R13: 00007ffffffff000 R14: ffff88805b84000f R15: 0000400000001740 [ 255.652963][ T9918] ? __pfx__copy_to_user+0x1/0x10 [ 255.652995][ T9918] _copy_to_user+0x8b/0xb0 [ 255.653023][ T9918] generic_map_lookup_batch+0x98a/0xf20 [ 255.653067][ T9918] ? __pfx_generic_map_lookup_batch+0x10/0x10 [ 255.653098][ T9918] ? __pfx_generic_map_lookup_batch+0x10/0x10 [ 255.653123][ T9918] bpf_map_do_batch+0x288/0x660 [ 255.653159][ T9918] __sys_bpf+0x653/0x820 [ 255.653189][ T9918] ? __pfx___sys_bpf+0x10/0x10 [ 255.653228][ T9918] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 255.653260][ T9918] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 255.653292][ T9918] ? do_syscall_64+0x100/0x230 [ 255.653322][ T9918] __x64_sys_bpf+0x7c/0x90 [ 255.653348][ T9918] do_syscall_64+0xf3/0x230 [ 255.653372][ T9918] ? clear_bhb_loop+0x35/0x90 [ 255.653403][ T9918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.653429][ T9918] RIP: 0033:0x7f9edc18d169 [ 255.653446][ T9918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.653462][ T9918] RSP: 002b:00007f9ed9ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 255.653483][ T9918] RAX: ffffffffffffffda RBX: 00007f9edc3a5fa0 RCX: 00007f9edc18d169 [ 255.653497][ T9918] RDX: 0000000000000038 RSI: 0000400000000700 RDI: 0000000000000018 [ 255.653510][ T9918] RBP: 00007f9ed9ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 255.653521][ T9918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 255.653533][ T9918] R13: 0000000000000000 R14: 00007f9edc3a5fa0 R15: 00007ffe7d8b3c48 [ 255.653563][ T9918] [ 256.080198][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.114199][ T9910] FAULT_INJECTION: forcing a failure. [ 256.114199][ T9910] name failslab, interval 1, probability 0, space 0, times 0 [ 256.127118][ T9910] CPU: 1 UID: 0 PID: 9910 Comm: syz.3.1533 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 256.127145][ T9910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 256.127159][ T9910] Call Trace: [ 256.127166][ T9910] [ 256.127173][ T9910] dump_stack_lvl+0x241/0x360 [ 256.127205][ T9910] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.127229][ T9910] ? __pfx__printk+0x10/0x10 [ 256.127252][ T9910] ? __kmalloc_cache_noprof+0x48/0x390 [ 256.127296][ T9910] ? __pfx___might_resched+0x10/0x10 [ 256.127330][ T9910] should_fail_ex+0x40a/0x550 [ 256.127366][ T9910] should_failslab+0xac/0x100 [ 256.127396][ T9910] __kmalloc_cache_noprof+0x70/0x390 [ 256.127423][ T9910] ? kobject_uevent_env+0x28b/0x8e0 [ 256.127459][ T9910] kobject_uevent_env+0x28b/0x8e0 [ 256.127498][ T9910] __kobject_del+0xd3/0x310 [ 256.127522][ T9910] ? kobject_put+0x23d/0x480 [ 256.127551][ T9910] kobject_put+0x245/0x480 [ 256.127583][ T9910] netdev_queue_update_kobjects+0x661/0x720 [ 256.127617][ T9910] netif_set_real_num_tx_queues+0x16f/0x8d0 [ 256.127651][ T9910] __tun_detach+0xdac/0x15d0 [ 256.127691][ T9910] tun_chr_close+0x105/0x1b0 [ 256.127713][ T9910] ? __pfx_tun_chr_close+0x10/0x10 [ 256.127736][ T9910] __fput+0x3e9/0x9f0 [ 256.127782][ T9910] __x64_sys_close+0x7f/0x110 [ 256.127813][ T9910] do_syscall_64+0xf3/0x230 [ 256.127839][ T9910] ? clear_bhb_loop+0x35/0x90 [ 256.127873][ T9910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.127901][ T9910] RIP: 0033:0x7fa03118d169 [ 256.127920][ T9910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.127937][ T9910] RSP: 002b:00007fa032065038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 256.127959][ T9910] RAX: ffffffffffffffda RBX: 00007fa0313a6160 RCX: 00007fa03118d169 [ 256.127975][ T9910] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 256.127987][ T9910] RBP: 00007fa032065090 R08: 0000000000000000 R09: 0000000000000000 [ 256.128000][ T9910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 256.128012][ T9910] R13: 0000000000000001 R14: 00007fa0313a6160 R15: 00007fffcd286738 [ 256.128043][ T9910] [ 256.376178][ T9914] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 256.379925][ T9916] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 256.402795][ T9927] team0: left allmulticast mode [ 256.416299][ T9927] bridge0: port 1(team0) entered disabled state [ 258.288048][ T9933] team0: Unable to change to the same mode the team is in [ 258.907501][ T9969] FAULT_INJECTION: forcing a failure. [ 258.907501][ T9969] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 258.948945][ T9969] CPU: 0 UID: 0 PID: 9969 Comm: syz.4.1558 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 258.948976][ T9969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 258.948988][ T9969] Call Trace: [ 258.948996][ T9969] [ 258.949004][ T9969] dump_stack_lvl+0x241/0x360 [ 258.949045][ T9969] ? __pfx_dump_stack_lvl+0x10/0x10 [ 258.949067][ T9969] ? __pfx__printk+0x10/0x10 [ 258.949089][ T9969] ? __pfx_lock_release+0x10/0x10 [ 258.949127][ T9969] should_fail_ex+0x40a/0x550 [ 258.949162][ T9969] _copy_from_user+0x2d/0xb0 [ 258.949189][ T9969] bpf_test_init+0xfc/0x160 [ 258.949220][ T9969] bpf_prog_test_run_xdp+0x48e/0x11e0 [ 258.949254][ T9969] ? __pfx_lock_release+0x10/0x10 [ 258.949291][ T9969] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 258.949320][ T9969] ? __fget_files+0x2a/0x410 [ 258.949353][ T9969] ? __fget_files+0x2a/0x410 [ 258.949386][ T9969] ? fput+0x21b/0x290 [ 258.949411][ T9969] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 258.949441][ T9969] bpf_prog_test_run+0x2e4/0x360 [ 258.949475][ T9969] __sys_bpf+0x487/0x820 [ 258.949506][ T9969] ? __pfx___sys_bpf+0x10/0x10 [ 258.949548][ T9969] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 258.949581][ T9969] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 258.949613][ T9969] ? do_syscall_64+0x100/0x230 [ 258.949644][ T9969] __x64_sys_bpf+0x7c/0x90 [ 258.949668][ T9969] do_syscall_64+0xf3/0x230 [ 258.949693][ T9969] ? clear_bhb_loop+0x35/0x90 [ 258.949726][ T9969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.949753][ T9969] RIP: 0033:0x7f03b5d8d169 [ 258.949771][ T9969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.949789][ T9969] RSP: 002b:00007f03b6cd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 258.949812][ T9969] RAX: ffffffffffffffda RBX: 00007f03b5fa5fa0 RCX: 00007f03b5d8d169 [ 258.949827][ T9969] RDX: 0000000000000050 RSI: 0000400000000000 RDI: 000000000000000a [ 258.949839][ T9969] RBP: 00007f03b6cd1090 R08: 0000000000000000 R09: 0000000000000000 [ 258.949852][ T9969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 258.949863][ T9969] R13: 0000000000000000 R14: 00007f03b5fa5fa0 R15: 00007ffdcd9fad98 [ 258.949893][ T9969] [ 259.407038][ T9985] xt_l2tp: missing protocol rule (udp|l2tpip) [ 259.440036][ T9985] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1564'. [ 259.458754][ T9985] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1564'. [ 259.474000][ T9988] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1565'. [ 259.483093][ T9988] nbd: must specify an index to disconnect [ 260.030648][T10012] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 260.293895][T10023] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.1580'. [ 260.981406][T10048] Cannot find del_set index 1 as target [ 261.219664][T10058] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.1593'. [ 261.463362][T10069] FAULT_INJECTION: forcing a failure. [ 261.463362][T10069] name failslab, interval 1, probability 0, space 0, times 0 [ 261.486420][T10069] CPU: 0 UID: 0 PID: 10069 Comm: syz.3.1598 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 261.486459][T10069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 261.486473][T10069] Call Trace: [ 261.486480][T10069] [ 261.486489][T10069] dump_stack_lvl+0x241/0x360 [ 261.486521][T10069] ? __pfx_dump_stack_lvl+0x10/0x10 [ 261.486545][T10069] ? __pfx__printk+0x10/0x10 [ 261.486579][T10069] should_fail_ex+0x40a/0x550 [ 261.486616][T10069] should_failslab+0xac/0x100 [ 261.486646][T10069] __kmalloc_cache_noprof+0x70/0x390 [ 261.486676][T10069] ? sctp_add_bind_addr+0x89/0x3a0 [ 261.486703][T10069] sctp_add_bind_addr+0x89/0x3a0 [ 261.486742][T10069] sctp_copy_local_addr_list+0x311/0x500 [ 261.486771][T10069] ? sctp_copy_local_addr_list+0xab/0x500 [ 261.486798][T10069] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 261.486826][T10069] ? sctp_v6_is_any+0x60/0x70 [ 261.486856][T10069] ? sctp_copy_one_addr+0x94/0x360 [ 261.486886][T10069] sctp_bind_addr_copy+0xad/0x3b0 [ 261.486912][T10069] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 261.486950][T10069] sctp_connect_new_asoc+0x2f3/0x6c0 [ 261.486985][T10069] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 261.487012][T10069] ? sctp_sendmsg+0xf1a/0x35d0 [ 261.487046][T10069] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 261.487074][T10069] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 261.487107][T10069] sctp_sendmsg+0x1f64/0x35d0 [ 261.487156][T10069] ? __pfx_sctp_sendmsg+0x10/0x10 [ 261.487200][T10069] ? aa_sk_perm+0x96d/0xab0 [ 261.487250][T10069] ? inet_sendmsg+0x330/0x390 [ 261.487279][T10069] __sock_sendmsg+0x1a6/0x270 [ 261.487310][T10069] ____sys_sendmsg+0x53a/0x860 [ 261.487342][T10069] ? __pfx_____sys_sendmsg+0x10/0x10 [ 261.487362][T10069] ? __fget_files+0x2a/0x410 [ 261.487396][T10069] ? __fget_files+0x2a/0x410 [ 261.487437][T10069] __sys_sendmmsg+0x36a/0x720 [ 261.487473][T10069] ? __pfx___sys_sendmmsg+0x10/0x10 [ 261.487510][T10069] ? __pfx_lock_release+0x10/0x10 [ 261.487540][T10069] ? kstrtouint_from_user+0x128/0x190 [ 261.487590][T10069] ? ksys_write+0x22a/0x2b0 [ 261.487613][T10069] ? __pfx_lock_release+0x10/0x10 [ 261.487651][T10069] ? sb_end_write+0xe9/0x1c0 [ 261.487682][T10069] ? vfs_write+0x7fa/0xd10 [ 261.487706][T10069] ? __mutex_unlock_slowpath+0x227/0x800 [ 261.487773][T10069] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 261.487807][T10069] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 261.487839][T10069] ? do_syscall_64+0x100/0x230 [ 261.487868][T10069] __x64_sys_sendmmsg+0xa0/0xb0 [ 261.487894][T10069] do_syscall_64+0xf3/0x230 [ 261.487918][T10069] ? clear_bhb_loop+0x35/0x90 [ 261.487951][T10069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.487978][T10069] RIP: 0033:0x7fa03118d169 [ 261.487999][T10069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.488015][T10069] RSP: 002b:00007fa0320a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 261.488038][T10069] RAX: ffffffffffffffda RBX: 00007fa0313a5fa0 RCX: 00007fa03118d169 [ 261.488053][T10069] RDX: 0000000000000001 RSI: 0000400000000940 RDI: 0000000000000003 [ 261.488065][T10069] RBP: 00007fa0320a7090 R08: 0000000000000000 R09: 0000000000000000 [ 261.488079][T10069] R10: 0000000000048081 R11: 0000000000000246 R12: 0000000000000002 [ 261.488091][T10069] R13: 0000000000000000 R14: 00007fa0313a5fa0 R15: 00007fffcd286738 [ 261.488122][T10069] [ 262.068542][T10078] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode [ 262.075751][T10078] macvtap1: entered promiscuous mode [ 262.088169][T10078] macvtap1: entered allmulticast mode [ 262.093673][T10078] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 262.102820][T10078] mac80211_hwsim hwsim7 wlan1: left allmulticast mode [ 262.109909][T10078] mac80211_hwsim hwsim7 wlan1: left promiscuous mode [ 262.293547][T10095] FAULT_INJECTION: forcing a failure. [ 262.293547][T10095] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 262.313805][T10095] CPU: 1 UID: 0 PID: 10095 Comm: syz.0.1609 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 262.313837][T10095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 262.313852][T10095] Call Trace: [ 262.313859][T10095] [ 262.313868][T10095] dump_stack_lvl+0x241/0x360 [ 262.313900][T10095] ? __pfx_dump_stack_lvl+0x10/0x10 [ 262.313924][T10095] ? __pfx__printk+0x10/0x10 [ 262.313956][T10095] ? get_sigframe+0x5e2/0x800 [ 262.313991][T10095] should_fail_ex+0x40a/0x550 [ 262.314028][T10095] _copy_to_user+0x31/0xb0 [ 262.314058][T10095] copy_siginfo_to_user+0x24/0xc0 [ 262.314087][T10095] x64_setup_rt_frame+0x7b7/0xd20 [ 262.314112][T10095] ? lockdep_hardirqs_on+0x99/0x150 [ 262.314138][T10095] ? _raw_spin_unlock_irq+0x2e/0x50 [ 262.314175][T10095] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 262.314213][T10095] arch_do_signal_or_restart+0x458/0x860 [ 262.314243][T10095] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 262.314268][T10095] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 262.314313][T10095] ? syscall_exit_to_user_mode+0xa3/0x340 [ 262.314341][T10095] syscall_exit_to_user_mode+0xce/0x340 [ 262.314370][T10095] do_syscall_64+0x100/0x230 [ 262.314396][T10095] ? clear_bhb_loop+0x35/0x90 [ 262.314430][T10095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.314459][T10095] RIP: 0033:0x7f463d58d169 [ 262.314477][T10095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.314495][T10095] RSP: 002b:00007f463e3c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 262.314517][T10095] RAX: fffffffffffffffc RBX: 00007f463d7a5fa0 RCX: 00007f463d58d169 [ 262.314533][T10095] RDX: 0000000000000010 RSI: 0000400000000100 RDI: 0000000000000005 [ 262.314545][T10095] RBP: 00007f463e3c1090 R08: 0000000000000000 R09: 0000000000000000 [ 262.314558][T10095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 262.314571][T10095] R13: 0000000000000000 R14: 00007f463d7a5fa0 R15: 00007fffa4319d78 [ 262.314601][T10095] [ 262.536132][T10099] FAULT_INJECTION: forcing a failure. [ 262.536132][T10099] name failslab, interval 1, probability 0, space 0, times 0 [ 262.549164][T10099] CPU: 0 UID: 0 PID: 10099 Comm: syz.1.1611 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 262.549193][T10099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 262.549207][T10099] Call Trace: [ 262.549215][T10099] [ 262.549224][T10099] dump_stack_lvl+0x241/0x360 [ 262.549256][T10099] ? __pfx_dump_stack_lvl+0x10/0x10 [ 262.549280][T10099] ? __pfx__printk+0x10/0x10 [ 262.549315][T10099] should_fail_ex+0x40a/0x550 [ 262.549353][T10099] should_failslab+0xac/0x100 [ 262.549384][T10099] ? skb_clone+0x20c/0x390 [ 262.549406][T10099] kmem_cache_alloc_noprof+0x70/0x380 [ 262.549442][T10099] skb_clone+0x20c/0x390 [ 262.549464][T10099] ? dev_queue_xmit_nit+0x3fe/0xca0 [ 262.549501][T10099] dev_queue_xmit_nit+0x249/0xca0 [ 262.549537][T10099] ? dev_queue_xmit_nit+0x2b/0xca0 [ 262.549570][T10099] ? validate_xmit_skb+0x9b8/0xff0 [ 262.549600][T10099] dev_hard_start_xmit+0x15f/0x7d0 [ 262.549626][T10099] ? __pfx_validate_xmit_skb+0x10/0x10 [ 262.549692][T10099] __dev_queue_xmit+0x1b73/0x3f40 [ 262.549716][T10099] ? kasan_save_track+0x51/0x80 [ 262.549746][T10099] ? ____sys_sendmsg+0x53a/0x860 [ 262.549774][T10099] ? __dev_queue_xmit+0x2f4/0x3f40 [ 262.549803][T10099] ? __pfx___dev_queue_xmit+0x10/0x10 [ 262.549846][T10099] ? __copy_skb_header+0xa7/0x5a0 [ 262.549872][T10099] ? __asan_memcpy+0x40/0x70 [ 262.549913][T10099] ? skb_clone+0x240/0x390 [ 262.549941][T10099] __netlink_deliver_tap+0x561/0x7f0 [ 262.549984][T10099] ? netlink_deliver_tap+0x2e/0x1b0 [ 262.550013][T10099] netlink_deliver_tap+0x19d/0x1b0 [ 262.550044][T10099] netlink_unicast+0x7c4/0x990 [ 262.550081][T10099] ? __pfx_netlink_unicast+0x10/0x10 [ 262.550105][T10099] ? __virt_addr_valid+0x45f/0x530 [ 262.550127][T10099] ? __phys_addr_symbol+0x2f/0x70 [ 262.550146][T10099] ? __check_object_size+0x47a/0x730 [ 262.550180][T10099] netlink_sendmsg+0x8de/0xcb0 [ 262.550224][T10099] ? __pfx_netlink_sendmsg+0x10/0x10 [ 262.550259][T10099] ? aa_sock_msg_perm+0x91/0x160 [ 262.550298][T10099] ? __pfx_netlink_sendmsg+0x10/0x10 [ 262.550327][T10099] __sock_sendmsg+0x221/0x270 [ 262.550359][T10099] ____sys_sendmsg+0x53a/0x860 [ 262.550392][T10099] ? __pfx_____sys_sendmsg+0x10/0x10 [ 262.550413][T10099] ? __fget_files+0x2a/0x410 [ 262.550446][T10099] ? __fget_files+0x2a/0x410 [ 262.550487][T10099] __sys_sendmsg+0x269/0x350 [ 262.550516][T10099] ? __pfx___sys_sendmsg+0x10/0x10 [ 262.550554][T10099] ? do_sys_openat2+0x17a/0x1d0 [ 262.550616][T10099] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 262.550658][T10099] ? do_syscall_64+0x100/0x230 [ 262.550688][T10099] ? do_syscall_64+0xb6/0x230 [ 262.550717][T10099] do_syscall_64+0xf3/0x230 [ 262.550743][T10099] ? clear_bhb_loop+0x35/0x90 [ 262.550776][T10099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.550805][T10099] RIP: 0033:0x7f6d9fd8d169 [ 262.550826][T10099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.550844][T10099] RSP: 002b:00007f6da0c9a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 262.550866][T10099] RAX: ffffffffffffffda RBX: 00007f6d9ffa5fa0 RCX: 00007f6d9fd8d169 [ 262.550882][T10099] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000005 [ 262.550895][T10099] RBP: 00007f6da0c9a090 R08: 0000000000000000 R09: 0000000000000000 [ 262.550908][T10099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 262.550920][T10099] R13: 0000000000000000 R14: 00007f6d9ffa5fa0 R15: 00007ffe411764a8 [ 262.550954][T10099] [ 262.953879][T10103] netlink: 566 bytes leftover after parsing attributes in process `syz.2.1612'. [ 263.385569][T10126] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1621'. [ 263.494158][T10133] FAULT_INJECTION: forcing a failure. [ 263.494158][T10133] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 263.547947][T10133] CPU: 0 UID: 0 PID: 10133 Comm: syz.0.1625 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 263.547980][T10133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 263.547993][T10133] Call Trace: [ 263.548000][T10133] [ 263.548010][T10133] dump_stack_lvl+0x241/0x360 [ 263.548043][T10133] ? __pfx_dump_stack_lvl+0x10/0x10 [ 263.548066][T10133] ? __pfx__printk+0x10/0x10 [ 263.548098][T10133] should_fail_ex+0x40a/0x550 [ 263.548132][T10133] _copy_to_user+0x31/0xb0 [ 263.548160][T10133] bpf_test_finish+0x59c/0x890 [ 263.548196][T10133] ? __pfx_bpf_test_finish+0x10/0x10 [ 263.548230][T10133] ? bpf_test_init+0x137/0x160 [ 263.548260][T10133] bpf_prog_test_run_xdp+0x8f4/0x11e0 [ 263.548295][T10133] ? __pfx_lock_release+0x10/0x10 [ 263.548335][T10133] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 263.548365][T10133] ? __fget_files+0x2a/0x410 [ 263.548397][T10133] ? __fget_files+0x2a/0x410 [ 263.548430][T10133] ? fput+0x21b/0x290 [ 263.548457][T10133] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 263.548486][T10133] bpf_prog_test_run+0x2e4/0x360 [ 263.548521][T10133] __sys_bpf+0x487/0x820 [ 263.548571][T10133] ? __pfx___sys_bpf+0x10/0x10 [ 263.548736][T10133] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 263.548779][T10133] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 263.548812][T10133] ? do_syscall_64+0x100/0x230 [ 263.548869][T10133] __x64_sys_bpf+0x7c/0x90 [ 263.548897][T10133] do_syscall_64+0xf3/0x230 [ 263.548923][T10133] ? clear_bhb_loop+0x35/0x90 [ 263.548957][T10133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.548985][T10133] RIP: 0033:0x7f463d58d169 [ 263.549005][T10133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.549022][T10133] RSP: 002b:00007f463e3c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 263.549045][T10133] RAX: ffffffffffffffda RBX: 00007f463d7a5fa0 RCX: 00007f463d58d169 [ 263.549061][T10133] RDX: 0000000000000050 RSI: 0000400000000180 RDI: 000000000000000a [ 263.549075][T10133] RBP: 00007f463e3c1090 R08: 0000000000000000 R09: 0000000000000000 [ 263.549089][T10133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 263.549100][T10133] R13: 0000000000000000 R14: 00007f463d7a5fa0 R15: 00007fffa4319d78 [ 263.549129][T10133] [ 264.350195][T10161] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.1637'. [ 264.739373][T10173] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1641'. [ 264.760142][T10173] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 265.363955][T10182] bridge0: entered promiscuous mode [ 265.375112][T10182] macvlan1: entered promiscuous mode [ 265.718773][T10198] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1648'. [ 265.876080][T10205] vlan2: entered promiscuous mode [ 266.308993][T10218] netlink: 'syz.1.1656': attribute type 9 has an invalid length. [ 266.350825][T10218] netlink: 'syz.1.1656': attribute type 6 has an invalid length. [ 266.449747][T10222] netlink: 'syz.0.1658': attribute type 1 has an invalid length. [ 266.483683][T10222] 8021q: adding VLAN 0 to HW filter on device bond3 [ 266.499912][T10222] geneve2: entered promiscuous mode [ 266.505187][T10222] geneve2: entered allmulticast mode [ 266.515817][T10222] bond3: (slave geneve2): making interface the new active one [ 266.524753][T10222] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 266.756790][T10232] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.1661'. [ 267.818149][T10269] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1677'. [ 267.828774][T10269] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1677'. [ 268.089395][T10278] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1681'. [ 268.363009][T10288] netlink: 'syz.0.1684': attribute type 72 has an invalid length. [ 268.535025][T10291] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1687'. [ 268.558937][T10294] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1689'. [ 268.573137][T10293] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.1688'. [ 268.586062][T10291] sctp: [Deprecated]: syz.0.1687 (pid 10291) Use of struct sctp_assoc_value in delayed_ack socket option. [ 268.586062][T10291] Use struct sctp_sack_info instead [ 268.657455][T10295] FAULT_INJECTION: forcing a failure. [ 268.657455][T10295] name failslab, interval 1, probability 0, space 0, times 0 [ 268.695080][T10295] CPU: 0 UID: 0 PID: 10295 Comm: syz.1.1689 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 268.695115][T10295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 268.695130][T10295] Call Trace: [ 268.695137][T10295] [ 268.695147][T10295] dump_stack_lvl+0x241/0x360 [ 268.695179][T10295] ? __pfx_dump_stack_lvl+0x10/0x10 [ 268.695204][T10295] ? __pfx__printk+0x10/0x10 [ 268.695227][T10295] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 268.695259][T10295] ? __pfx___might_resched+0x10/0x10 [ 268.695293][T10295] should_fail_ex+0x40a/0x550 [ 268.695338][T10295] should_failslab+0xac/0x100 [ 268.695368][T10295] kmem_cache_alloc_node_noprof+0x77/0x380 [ 268.695397][T10295] ? __alloc_skb+0x1c3/0x440 [ 268.695421][T10295] __alloc_skb+0x1c3/0x440 [ 268.695447][T10295] ? __pfx___alloc_skb+0x10/0x10 [ 268.695468][T10295] ? ima_match_policy+0x114/0x2100 [ 268.695492][T10295] ? __pfx_validate_chain+0x10/0x10 [ 268.695518][T10295] ? __pfx_validate_chain+0x10/0x10 [ 268.695544][T10295] alloc_skb_with_frags+0xc3/0x820 [ 268.695570][T10295] ? ima_get_action+0x75/0xb0 [ 268.695601][T10295] sock_alloc_send_pskb+0x91a/0xa60 [ 268.695646][T10295] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 268.695690][T10295] unix_stream_sendmsg+0x51d/0xf40 [ 268.695727][T10295] ? aa_sk_perm+0x96d/0xab0 [ 268.695762][T10295] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 268.695792][T10295] ? __import_iovec+0x582/0x830 [ 268.695821][T10295] ? aa_sock_msg_perm+0x91/0x160 [ 268.695859][T10295] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 268.695882][T10295] __sock_sendmsg+0x221/0x270 [ 268.695915][T10295] ____sys_sendmsg+0x53a/0x860 [ 268.695946][T10295] ? __pfx_____sys_sendmsg+0x10/0x10 [ 268.695968][T10295] ? __fget_files+0x2a/0x410 [ 268.696001][T10295] ? __fget_files+0x2a/0x410 [ 268.696040][T10295] __sys_sendmmsg+0x36a/0x720 [ 268.696076][T10295] ? __pfx___sys_sendmmsg+0x10/0x10 [ 268.696112][T10295] ? __pfx_lock_release+0x10/0x10 [ 268.696142][T10295] ? kstrtouint_from_user+0x128/0x190 [ 268.696189][T10295] ? ksys_write+0x22a/0x2b0 [ 268.696212][T10295] ? __pfx_lock_release+0x10/0x10 [ 268.696249][T10295] ? sb_end_write+0xe9/0x1c0 [ 268.696280][T10295] ? vfs_write+0x7fa/0xd10 [ 268.696310][T10295] ? __mutex_unlock_slowpath+0x227/0x800 [ 268.696365][T10295] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 268.696401][T10295] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 268.696435][T10295] ? do_syscall_64+0x100/0x230 [ 268.696466][T10295] __x64_sys_sendmmsg+0xa0/0xb0 [ 268.696491][T10295] do_syscall_64+0xf3/0x230 [ 268.696517][T10295] ? clear_bhb_loop+0x35/0x90 [ 268.696551][T10295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.696580][T10295] RIP: 0033:0x7f6d9fd8d169 [ 268.696599][T10295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 268.696617][T10295] RSP: 002b:00007f6da0c79038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 268.696639][T10295] RAX: ffffffffffffffda RBX: 00007f6d9ffa6080 RCX: 00007f6d9fd8d169 [ 268.696655][T10295] RDX: 0000000000000001 RSI: 00004000000007c0 RDI: 000000000000000a [ 268.696668][T10295] RBP: 00007f6da0c79090 R08: 0000000000000000 R09: 0000000000000000 [ 268.696682][T10295] R10: 0000000000040000 R11: 0000000000000246 R12: 0000000000000001 [ 268.696695][T10295] R13: 0000000000000000 R14: 00007f6d9ffa6080 R15: 00007ffe411764a8 [ 268.696725][T10295] [ 269.348592][T10309] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1692'. [ 269.664132][T10326] syz_tun: entered promiscuous mode [ 269.684480][T10326] macvtap1: entered promiscuous mode [ 269.692895][T10326] macvtap1: entered allmulticast mode [ 269.699441][T10326] syz_tun: entered allmulticast mode [ 269.872918][T10336] __nla_validate_parse: 3 callbacks suppressed [ 269.872938][T10336] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1704'. [ 269.894598][T10339] sch_tbf: burst 1127 is lower than device lo mtu (65550) ! [ 269.977695][T10336] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1704'. [ 270.149639][T10347] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1708'. [ 270.231850][T10347] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1708'. [ 270.284656][T10353] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1710'. [ 270.542240][T10357] netlink: 'syz.2.1712': attribute type 1 has an invalid length. [ 270.552106][T10357] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1712'. [ 270.604560][T10360] netlink: 'syz.3.1713': attribute type 10 has an invalid length. [ 270.648962][T10360] team0: left promiscuous mode [ 270.653962][T10360] gtp0: left promiscuous mode [ 270.679881][T10364] netlink: 'syz.3.1713': attribute type 10 has an invalid length. [ 270.697855][T10364] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1713'. [ 270.706916][T10364] team0: entered promiscuous mode [ 270.756799][T10364] gtp0: entered promiscuous mode [ 270.772843][T10369] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.1716'. [ 270.788784][T10364] 8021q: adding VLAN 0 to HW filter on device team0 [ 270.951921][T10373] netlink: 'syz.1.1721': attribute type 3 has an invalid length. [ 270.971707][T10378] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1713'. [ 271.000308][T10375] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1720'. [ 272.162947][T10418] netlink: 'syz.0.1735': attribute type 10 has an invalid length. [ 272.607936][ T5839] Bluetooth: hci4: command 0x0405 tx timeout [ 273.762233][T10470] bond5 (unregistering): Released all slaves [ 274.382816][T10495] netlink: 'syz.0.1768': attribute type 12 has an invalid length. [ 274.702596][T10508] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 274.718169][T10508] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 274.729608][T10508] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 274.769545][T10508] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 275.038799][T10517] __nla_validate_parse: 7 callbacks suppressed [ 275.038821][T10517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1776'. [ 275.079750][T10517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1776'. [ 275.138628][T10517] tipc: Enabling of bearer rejected, failed to enable media [ 275.366549][T10526] xt_CT: No such helper "snmp" [ 275.495395][T10529] IPVS: Error connecting to the multicast addr [ 276.599017][T10558] wireguard0: entered promiscuous mode [ 276.604685][T10558] wireguard0: entered allmulticast mode [ 278.001844][T10578] netlink: 64134 bytes leftover after parsing attributes in process `syz.2.1802'. [ 278.080912][T10578] bond1 (unregistering): Released all slaves [ 279.482993][T10589] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1805'. [ 279.550270][T10604] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1813'. [ 279.861599][T10608] netlink: 'syz.3.1814': attribute type 21 has an invalid length. [ 279.928788][T10608] netlink: 'syz.3.1814': attribute type 1 has an invalid length. [ 280.556005][T10625] FAULT_INJECTION: forcing a failure. [ 280.556005][T10625] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 280.580627][T10625] CPU: 1 UID: 0 PID: 10625 Comm: syz.2.1821 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 280.580658][T10625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 280.580671][T10625] Call Trace: [ 280.580677][T10625] [ 280.580685][T10625] dump_stack_lvl+0x241/0x360 [ 280.580715][T10625] ? __pfx_dump_stack_lvl+0x10/0x10 [ 280.580737][T10625] ? __pfx__printk+0x10/0x10 [ 280.580763][T10625] ? snprintf+0xda/0x120 [ 280.580795][T10625] should_fail_ex+0x40a/0x550 [ 280.580829][T10625] _copy_to_user+0x31/0xb0 [ 280.580855][T10625] simple_read_from_buffer+0xca/0x150 [ 280.580885][T10625] proc_fail_nth_read+0x1e9/0x250 [ 280.580915][T10625] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 280.580945][T10625] ? rw_verify_area+0x243/0x630 [ 280.580963][T10625] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 280.580991][T10625] vfs_read+0x1f8/0xb40 [ 280.581012][T10625] ? fdget_pos+0x254/0x320 [ 280.581040][T10625] ? __pfx___mutex_lock+0x10/0x10 [ 280.581064][T10625] ? __pfx_vfs_read+0x10/0x10 [ 280.581087][T10625] ? __fget_files+0x2a/0x410 [ 280.581121][T10625] ? __fget_files+0x395/0x410 [ 280.581147][T10625] ? __fget_files+0x2a/0x410 [ 280.581183][T10625] ksys_read+0x18f/0x2b0 [ 280.581205][T10625] ? __pfx_ksys_read+0x10/0x10 [ 280.581226][T10625] ? do_syscall_64+0x100/0x230 [ 280.581252][T10625] ? do_syscall_64+0xb6/0x230 [ 280.581277][T10625] do_syscall_64+0xf3/0x230 [ 280.581300][T10625] ? clear_bhb_loop+0x35/0x90 [ 280.581330][T10625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.581356][T10625] RIP: 0033:0x7f9edc18bb7c [ 280.581373][T10625] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 280.581408][T10625] RSP: 002b:00007f9ed9ff6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 280.581430][T10625] RAX: ffffffffffffffda RBX: 00007f9edc3a5fa0 RCX: 00007f9edc18bb7c [ 280.581444][T10625] RDX: 000000000000000f RSI: 00007f9ed9ff60a0 RDI: 0000000000000005 [ 280.581457][T10625] RBP: 00007f9ed9ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 280.581469][T10625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 280.581480][T10625] R13: 0000000000000000 R14: 00007f9edc3a5fa0 R15: 00007ffe7d8b3c48 [ 280.581511][T10625] [ 281.111075][T10629] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.1823'. [ 281.308869][T10635] netlink: 'syz.3.1824': attribute type 10 has an invalid length. [ 281.347005][T10552] Set syz1 is full, maxelem 65536 reached [ 281.351189][T10635] netlink: 1252 bytes leftover after parsing attributes in process `syz.3.1824'. [ 281.416357][T10635] openvswitch: netlink: Message has 5 unknown bytes. [ 281.592389][T10643] 8021q: adding VLAN 0 to HW filter on device bond1 [ 281.616472][T10643] bond1: entered promiscuous mode [ 281.625361][T10643] team0: Port device bond1 added [ 281.978168][T10654] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 282.187409][T10658] netlink: 1624 bytes leftover after parsing attributes in process `syz.4.1835'. [ 282.238950][T10660] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1836'. [ 282.254301][T10662] netlink: 'syz.1.1837': attribute type 27 has an invalid length. [ 282.978131][T10686] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1846'. [ 283.008124][T10688] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1847'. [ 283.017650][T10688] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 283.118968][T10686] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 283.924119][T10701] netlink: 1624 bytes leftover after parsing attributes in process `syz.4.1851'. [ 284.010180][ T3428] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 284.052933][ T3428] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.205550][T10736] netlink: 'syz.1.1864': attribute type 10 has an invalid length. [ 285.240275][T10736] team0: Device veth1_macvtap failed to register rx_handler [ 285.296149][T10736] netlink: 'syz.1.1864': attribute type 1 has an invalid length. [ 285.326792][T10736] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1864'. [ 285.341150][T10738] netlink: 1688 bytes leftover after parsing attributes in process `syz.2.1865'. [ 285.347390][T10741] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1864'. [ 285.818057][T10761] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 285.833061][T10759] netlink: 'syz.1.1873': attribute type 10 has an invalid length. [ 285.874455][T10759] batman_adv: batadv0: Adding interface: team0 [ 285.897351][T10759] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.918481][T10762] netlink: 'syz.1.1873': attribute type 10 has an invalid length. [ 285.940315][T10759] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 285.988820][T10762] team0: entered promiscuous mode [ 285.995079][T10762] 8021q: adding VLAN 0 to HW filter on device team0 [ 286.009655][T10762] batman_adv: batadv0: Interface activated: team0 [ 286.016423][T10762] batman_adv: batadv0: Interface deactivated: team0 [ 286.027152][T10762] batman_adv: batadv0: Removing interface: team0 [ 286.227335][T10771] __nla_validate_parse: 2 callbacks suppressed [ 286.253598][T10771] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1873'. [ 286.329275][T10773] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1877'. [ 286.478828][T10776] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.1878'. [ 286.499239][T10773] netlink: 'syz.0.1877': attribute type 1 has an invalid length. [ 286.508984][T10773] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1877'. [ 286.721752][T10779] netlink: 'syz.3.1879': attribute type 1 has an invalid length. [ 286.791990][T10782] FAULT_INJECTION: forcing a failure. [ 286.791990][T10782] name failslab, interval 1, probability 0, space 0, times 0 [ 286.851209][T10782] CPU: 0 UID: 0 PID: 10782 Comm: syz.3.1879 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 286.851243][T10782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 286.851256][T10782] Call Trace: [ 286.851263][T10782] [ 286.851272][T10782] dump_stack_lvl+0x241/0x360 [ 286.851305][T10782] ? __pfx_dump_stack_lvl+0x10/0x10 [ 286.851329][T10782] ? __pfx__printk+0x10/0x10 [ 286.851370][T10782] should_fail_ex+0x40a/0x550 [ 286.851406][T10782] should_failslab+0xac/0x100 [ 286.851434][T10782] __kmalloc_cache_noprof+0x70/0x390 [ 286.851463][T10782] ? __hw_addr_add_ex+0x1fb/0x760 [ 286.851490][T10782] __hw_addr_add_ex+0x1fb/0x760 [ 286.851520][T10782] dev_addr_init+0x157/0x240 [ 286.851546][T10782] ? __pfx_dev_addr_init+0x10/0x10 [ 286.851581][T10782] alloc_netdev_mqs+0x307/0x1210 [ 286.851604][T10782] ? __pfx_bond_setup+0x10/0x10 [ 286.851634][T10782] rtnl_create_link+0x2f9/0xc90 [ 286.851667][T10782] rtnl_newlink_create+0x2e1/0xbd0 [ 286.851701][T10784] netlink: 'syz.0.1881': attribute type 72 has an invalid length. [ 286.851713][T10782] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 286.851748][T10782] ? __pfx___mutex_lock+0x10/0x10 [ 286.851781][T10782] ? ns_capable+0x8a/0xf0 [ 286.851811][T10782] rtnl_newlink+0x167a/0x1d90 [ 286.851848][T10782] ? stack_depot_save_flags+0x37/0x940 [ 286.851897][T10782] ? __pfx_rtnl_newlink+0x10/0x10 [ 286.851926][T10782] ? __netlink_deliver_tap+0x561/0x7f0 [ 286.851958][T10782] ? __pfx_validate_chain+0x10/0x10 [ 286.851981][T10782] ? __sock_sendmsg+0x221/0x270 [ 286.852008][T10782] ? ____sys_sendmsg+0x53a/0x860 [ 286.852029][T10782] ? __sys_sendmsg+0x269/0x350 [ 286.852049][T10782] ? do_syscall_64+0xf3/0x230 [ 286.852075][T10782] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.852125][T10782] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 286.852162][T10782] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 286.852207][T10782] ? mark_lock+0x9a/0x360 [ 286.852232][T10782] ? __lock_acquire+0x1397/0x2100 [ 286.852303][T10782] ? __pfx_lock_release+0x10/0x10 [ 286.852364][T10782] ? __pfx_rtnl_newlink+0x10/0x10 [ 286.852398][T10782] rtnetlink_rcv_msg+0x791/0xcf0 [ 286.852427][T10782] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 286.852464][T10782] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 286.852503][T10782] ? ref_tracker_free+0x643/0x7e0 [ 286.852533][T10782] netlink_rcv_skb+0x206/0x480 [ 286.852565][T10782] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 286.852598][T10782] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 286.852655][T10782] ? netlink_deliver_tap+0x2e/0x1b0 [ 286.852688][T10782] netlink_unicast+0x7f6/0x990 [ 286.852726][T10782] ? __pfx_netlink_unicast+0x10/0x10 [ 286.852752][T10782] ? __virt_addr_valid+0x45f/0x530 [ 286.852774][T10782] ? __phys_addr_symbol+0x2f/0x70 [ 286.852795][T10782] ? __check_object_size+0x47a/0x730 [ 286.852830][T10782] netlink_sendmsg+0x8de/0xcb0 [ 286.852876][T10782] ? __pfx_netlink_sendmsg+0x10/0x10 [ 286.852913][T10782] ? aa_sock_msg_perm+0x91/0x160 [ 286.852952][T10782] ? __pfx_netlink_sendmsg+0x10/0x10 [ 286.852982][T10782] __sock_sendmsg+0x221/0x270 [ 286.853014][T10782] ____sys_sendmsg+0x53a/0x860 [ 286.853047][T10782] ? __pfx_____sys_sendmsg+0x10/0x10 [ 286.853069][T10782] ? __fget_files+0x2a/0x410 [ 286.853104][T10782] ? __fget_files+0x2a/0x410 [ 286.853145][T10782] __sys_sendmsg+0x269/0x350 [ 286.853176][T10782] ? __pfx___sys_sendmsg+0x10/0x10 [ 286.853215][T10782] ? do_sys_openat2+0x17a/0x1d0 [ 286.853280][T10782] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 286.853316][T10782] ? do_syscall_64+0x100/0x230 [ 286.853358][T10782] ? do_syscall_64+0xb6/0x230 [ 286.853389][T10782] do_syscall_64+0xf3/0x230 [ 286.853415][T10782] ? clear_bhb_loop+0x35/0x90 [ 286.853450][T10782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.853480][T10782] RIP: 0033:0x7fa03118d169 [ 286.853501][T10782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.853519][T10782] RSP: 002b:00007fa032086038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 286.853544][T10782] RAX: ffffffffffffffda RBX: 00007fa0313a6080 RCX: 00007fa03118d169 [ 286.853561][T10782] RDX: 0000000000004000 RSI: 0000400000000280 RDI: 0000000000000004 [ 286.853576][T10782] RBP: 00007fa032086090 R08: 0000000000000000 R09: 0000000000000000 [ 286.853590][T10782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 286.853604][T10782] R13: 0000000000000001 R14: 00007fa0313a6080 R15: 00007fffcd286738 [ 286.853637][T10782] [ 288.157897][ T5879] IPVS: starting estimator thread 0... [ 288.188803][T10818] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.1896'. [ 288.279702][T10817] IPVS: using max 23 ests per chain, 55200 per kthread [ 288.951333][T10844] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1909'. [ 289.803714][T10875] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1923'. [ 291.587161][T10928] Cannot find del_set index 1 as target [ 292.545906][T10954] FAULT_INJECTION: forcing a failure. [ 292.545906][T10954] name failslab, interval 1, probability 0, space 0, times 0 [ 292.563989][T10954] CPU: 0 UID: 0 PID: 10954 Comm: syz.1.1954 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 292.564021][T10954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 292.564034][T10954] Call Trace: [ 292.564042][T10954] [ 292.564051][T10954] dump_stack_lvl+0x241/0x360 [ 292.564084][T10954] ? __pfx_dump_stack_lvl+0x10/0x10 [ 292.564108][T10954] ? __pfx__printk+0x10/0x10 [ 292.564145][T10954] should_fail_ex+0x40a/0x550 [ 292.564182][T10954] should_failslab+0xac/0x100 [ 292.564213][T10954] __kmalloc_cache_noprof+0x70/0x390 [ 292.564242][T10954] ? sctp_add_bind_addr+0x89/0x3a0 [ 292.564272][T10954] sctp_add_bind_addr+0x89/0x3a0 [ 292.564302][T10954] sctp_copy_local_addr_list+0x311/0x500 [ 292.564330][T10954] ? sctp_copy_local_addr_list+0xab/0x500 [ 292.564356][T10954] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 292.564385][T10954] ? sctp_v6_is_any+0x60/0x70 [ 292.564415][T10954] ? sctp_copy_one_addr+0x94/0x360 [ 292.564445][T10954] sctp_bind_addr_copy+0xad/0x3b0 [ 292.564470][T10954] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 292.564509][T10954] sctp_connect_new_asoc+0x2f3/0x6c0 [ 292.564555][T10954] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 292.564583][T10954] ? sctp_sendmsg+0xf1a/0x35d0 [ 292.564619][T10954] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 292.564648][T10954] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 292.564682][T10954] sctp_sendmsg+0x1f64/0x35d0 [ 292.564731][T10954] ? __pfx_sctp_sendmsg+0x10/0x10 [ 292.564764][T10954] ? aa_sk_perm+0x96d/0xab0 [ 292.564813][T10954] ? inet_sendmsg+0x330/0x390 [ 292.564842][T10954] __sock_sendmsg+0x1a6/0x270 [ 292.564875][T10954] ____sys_sendmsg+0x53a/0x860 [ 292.564912][T10954] ? __pfx_____sys_sendmsg+0x10/0x10 [ 292.564933][T10954] ? __fget_files+0x2a/0x410 [ 292.564968][T10954] ? __fget_files+0x2a/0x410 [ 292.565009][T10954] __sys_sendmmsg+0x36a/0x720 [ 292.565046][T10954] ? __pfx___sys_sendmmsg+0x10/0x10 [ 292.565083][T10954] ? __pfx_lock_release+0x10/0x10 [ 292.565114][T10954] ? kstrtouint_from_user+0x128/0x190 [ 292.565162][T10954] ? ksys_write+0x22a/0x2b0 [ 292.565184][T10954] ? __pfx_lock_release+0x10/0x10 [ 292.565222][T10954] ? sb_end_write+0xe9/0x1c0 [ 292.565252][T10954] ? vfs_write+0x7fa/0xd10 [ 292.565277][T10954] ? __mutex_unlock_slowpath+0x227/0x800 [ 292.565336][T10954] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 292.565371][T10954] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 292.565405][T10954] ? do_syscall_64+0x100/0x230 [ 292.565435][T10954] __x64_sys_sendmmsg+0xa0/0xb0 [ 292.565461][T10954] do_syscall_64+0xf3/0x230 [ 292.565486][T10954] ? clear_bhb_loop+0x35/0x90 [ 292.565527][T10954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.565556][T10954] RIP: 0033:0x7f6d9fd8d169 [ 292.565575][T10954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.565593][T10954] RSP: 002b:00007f6da0c9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 292.565616][T10954] RAX: ffffffffffffffda RBX: 00007f6d9ffa5fa0 RCX: 00007f6d9fd8d169 [ 292.565631][T10954] RDX: 0000000000000001 RSI: 0000400000000940 RDI: 0000000000000003 [ 292.565644][T10954] RBP: 00007f6da0c9a090 R08: 0000000000000000 R09: 0000000000000000 [ 292.565657][T10954] R10: 0000000000048081 R11: 0000000000000246 R12: 0000000000000002 [ 292.565669][T10954] R13: 0000000000000000 R14: 00007f6d9ffa5fa0 R15: 00007ffe411764a8 [ 292.565702][T10954] [ 292.900230][T10952] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1955'. [ 293.223017][T10966] netlink: 'syz.4.1962': attribute type 10 has an invalid length. [ 293.244413][T10966] bridge0: port 3(team0) entered disabled state [ 293.253626][T10966] team0: left allmulticast mode [ 293.259437][T10966] team_slave_0: left allmulticast mode [ 293.265230][T10966] team_slave_1: left allmulticast mode [ 293.272014][T10966] macvlan2: left allmulticast mode [ 293.274228][T10972] netlink: 'syz.4.1962': attribute type 10 has an invalid length. [ 293.277468][T10966] bond0: left allmulticast mode [ 293.290916][T10966] bond_slave_0: left allmulticast mode [ 293.296438][T10966] bond_slave_1: left allmulticast mode [ 293.304096][T10966] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562 [ 293.313897][T10966] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 10966, name: syz.4.1962 [ 293.323805][T10966] preempt_count: 0, expected: 0 [ 293.332996][T10966] RCU nest depth: 1, expected: 0 [ 293.338615][T10972] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1962'. [ 293.347693][T10966] 2 locks held by syz.4.1962/10966: [ 293.353383][T10966] #0: ffffffff8fed6908 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xc4c/0x1d90 [ 293.364396][T10966] #1: ffffffff8eb392e0 (rcu_read_lock){....}-{1:3}, at: team_change_rx_flags+0x29/0x330 [ 293.385806][T10966] CPU: 0 UID: 0 PID: 10966 Comm: syz.4.1962 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 293.385840][T10966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 293.385854][T10966] Call Trace: [ 293.385862][T10966] [ 293.385872][T10966] dump_stack_lvl+0x241/0x360 [ 293.385908][T10966] ? __pfx_dump_stack_lvl+0x10/0x10 [ 293.385934][T10966] ? __pfx__printk+0x10/0x10 [ 293.385972][T10966] __might_resched+0x5d4/0x780 [ 293.386006][T10966] ? dev_set_rx_mode+0x57/0x2e0 [ 293.386042][T10966] ? __pfx___might_resched+0x10/0x10 [ 293.386074][T10966] ? mark_lock+0x9a/0x360 [ 293.386109][T10966] __mutex_lock+0x126/0x1010 [ 293.386143][T10966] ? __pfx___dev_notify_flags+0x10/0x10 [ 293.386182][T10966] ? dev_set_allmulti+0x11c/0x270 [ 293.386215][T10966] ? netif_set_allmulti+0x224/0x380 [ 293.386249][T10966] ? __pfx___mutex_lock+0x10/0x10 [ 293.386299][T10966] dev_set_allmulti+0x11c/0x270 [ 293.386340][T10966] bond_change_rx_flags+0x4e1/0x6b0 [ 293.386369][T10966] ? __pfx_netdev_info+0x10/0x10 [ 293.386392][T10966] ? __pfx_bond_change_rx_flags+0x10/0x10 [ 293.386432][T10966] ? __netdev_printk+0x30d/0x4d0 [ 293.386475][T10966] ? __pfx_bond_change_rx_flags+0x10/0x10 [ 293.386503][T10966] netif_set_allmulti+0x20e/0x380 [ 293.386548][T10966] dev_set_allmulti+0x143/0x270 [ 293.386588][T10966] macvlan_change_rx_flags+0xdb/0x220 [ 293.386625][T10966] ? __pfx_macvlan_change_rx_flags+0x10/0x10 [ 293.386658][T10966] netif_set_allmulti+0x20e/0x380 [ 293.386702][T10966] dev_set_allmulti+0x143/0x270 [ 293.386742][T10966] team_change_rx_flags+0x1a8/0x330 [ 293.386774][T10966] ? team_change_rx_flags+0x29/0x330 [ 293.386804][T10966] ? __pfx_team_change_rx_flags+0x10/0x10 [ 293.386831][T10966] netif_set_allmulti+0x20e/0x380 [ 293.386874][T10966] dev_set_allmulti+0x143/0x270 [ 293.386914][T10966] del_nbp+0xce/0xb40 [ 293.386946][T10966] br_del_if+0x145/0x320 [ 293.386965][T10966] ? br_del_slave+0x12/0x30 [ 293.386996][T10966] do_set_master+0x349/0x730 [ 293.387040][T10966] do_setlink+0xfee/0x40f0 [ 293.387074][T10966] ? dev_map_lookup_elem+0xf4/0x1a0 [ 293.387112][T10966] ? bpf_trace_run2+0x36e/0x540 [ 293.387159][T10966] ? __pfx_do_setlink+0x10/0x10 [ 293.387196][T10966] ? __bpf_trace_contention_end+0x170/0x230 [ 293.387228][T10966] ? __pfx___might_resched+0x10/0x10 [ 293.387269][T10966] ? rcu_is_watching+0x15/0xb0 [ 293.387294][T10966] ? trace_contention_end+0x3c/0x120 [ 293.387320][T10966] ? __mutex_lock+0x397/0x1010 [ 293.387349][T10966] ? __pfx_aa_get_newest_label+0x10/0x10 [ 293.387388][T10966] ? rtnl_newlink+0xc4c/0x1d90 [ 293.387429][T10966] ? __pfx___mutex_lock+0x10/0x10 [ 293.387465][T10966] ? ns_capable+0x8a/0xf0 [ 293.387492][T10966] ? rtnl_link_get_net_capable+0x168/0x340 [ 293.387528][T10966] rtnl_newlink+0x15a6/0x1d90 [ 293.387557][T10966] ? stack_depot_save_flags+0x37/0x940 [ 293.387605][T10966] ? __pfx_rtnl_newlink+0x10/0x10 [ 293.387633][T10966] ? __netlink_deliver_tap+0x561/0x7f0 [ 293.387663][T10966] ? __pfx_validate_chain+0x10/0x10 [ 293.387685][T10966] ? __sock_sendmsg+0x221/0x270 [ 293.387710][T10966] ? ____sys_sendmsg+0x53a/0x860 [ 293.387730][T10966] ? __sys_sendmsg+0x269/0x350 [ 293.387749][T10966] ? do_syscall_64+0xf3/0x230 [ 293.387771][T10966] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.387820][T10966] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 293.387856][T10966] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 293.387898][T10966] ? mark_lock+0x9a/0x360 [ 293.387923][T10966] ? __lock_acquire+0x1397/0x2100 [ 293.387992][T10966] ? __pfx_lock_release+0x10/0x10 [ 293.388041][T10966] ? __pfx_rtnl_newlink+0x10/0x10 [ 293.388074][T10966] rtnetlink_rcv_msg+0x791/0xcf0 [ 293.388102][T10966] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 293.388136][T10966] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 293.388172][T10966] ? ref_tracker_free+0x643/0x7e0 [ 293.388199][T10966] netlink_rcv_skb+0x206/0x480 [ 293.388228][T10966] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 293.388261][T10966] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 293.388345][T10966] ? netlink_deliver_tap+0x2e/0x1b0 [ 293.388378][T10966] netlink_unicast+0x7f6/0x990 [ 293.388423][T10966] ? __pfx_netlink_unicast+0x10/0x10 [ 293.388448][T10966] ? __virt_addr_valid+0x45f/0x530 [ 293.388472][T10966] ? __phys_addr_symbol+0x2f/0x70 [ 293.388492][T10966] ? __check_object_size+0x47a/0x730 [ 293.388528][T10966] netlink_sendmsg+0x8de/0xcb0 [ 293.388569][T10966] ? __pfx_netlink_sendmsg+0x10/0x10 [ 293.388597][T10966] ? aa_sock_msg_perm+0x91/0x160 [ 293.388629][T10966] ? __pfx_netlink_sendmsg+0x10/0x10 [ 293.388652][T10966] __sock_sendmsg+0x221/0x270 [ 293.388680][T10966] ____sys_sendmsg+0x53a/0x860 [ 293.388707][T10966] ? __pfx_____sys_sendmsg+0x10/0x10 [ 293.388725][T10966] ? __fget_files+0x2a/0x410 [ 293.388754][T10966] ? __fget_files+0x2a/0x410 [ 293.388787][T10966] __sys_sendmsg+0x269/0x350 [ 293.388805][T10966] ? __pfx_futex_wake+0x10/0x10 [ 293.388835][T10966] ? __pfx___sys_sendmsg+0x10/0x10 [ 293.388893][T10966] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 293.388921][T10966] ? do_syscall_64+0x100/0x230 [ 293.388948][T10966] ? do_syscall_64+0xb6/0x230 [ 293.388972][T10966] do_syscall_64+0xf3/0x230 [ 293.388994][T10966] ? clear_bhb_loop+0x35/0x90 [ 293.389023][T10966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.389047][T10966] RIP: 0033:0x7f03b5d8d169 [ 293.389066][T10966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 293.389083][T10966] RSP: 002b:00007f03b6cd1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 293.389106][T10966] RAX: ffffffffffffffda RBX: 00007f03b5fa5fa0 RCX: 00007f03b5d8d169 [ 293.389120][T10966] RDX: 0000000004040850 RSI: 0000400000000000 RDI: 0000000000000009 [ 293.389132][T10966] RBP: 00007f03b5e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 293.389144][T10966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 293.389157][T10966] R13: 0000000000000000 R14: 00007f03b5fa5fa0 R15: 00007ffdcd9fad98 [ 293.389189][T10966] [ 293.984787][T10966] [ 293.987184][T10966] ============================= [ 293.992054][T10966] [ BUG: Invalid wait context ] [ 293.996918][T10966] 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 Tainted: G W [ 294.005510][T10966] ----------------------------- [ 294.010404][T10966] syz.4.1962/10966 is trying to lock: [ 294.015866][T10966] ffff88805f628d28 (&dev->lock){+.+.}-{4:4}, at: dev_set_allmulti+0x11c/0x270 [ 294.024859][T10966] other info that might help us debug this: [ 294.030767][T10966] context-{5:5} [ 294.034250][T10966] 2 locks held by syz.4.1962/10966: [ 294.039452][T10966] #0: ffffffff8fed6908 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xc4c/0x1d90 [ 294.048548][T10966] #1: ffffffff8eb392e0 (rcu_read_lock){....}-{1:3}, at: team_change_rx_flags+0x29/0x330 [ 294.058459][T10966] stack backtrace: [ 294.062186][T10966] CPU: 0 UID: 0 PID: 10966 Comm: syz.4.1962 Tainted: G W 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 294.062210][T10966] Tainted: [W]=WARN [ 294.062215][T10966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 294.062225][T10966] Call Trace: [ 294.062231][T10966] [ 294.062239][T10966] dump_stack_lvl+0x241/0x360 [ 294.062260][T10966] ? __pfx_dump_stack_lvl+0x10/0x10 [ 294.062277][T10966] ? __pfx__printk+0x10/0x10 [ 294.062298][T10966] __lock_acquire+0x15a8/0x2100 [ 294.062328][T10966] lock_acquire+0x1ed/0x550 [ 294.062358][T10966] ? dev_set_allmulti+0x11c/0x270 [ 294.062387][T10966] ? __pfx_lock_acquire+0x10/0x10 [ 294.062411][T10966] ? dev_set_rx_mode+0x57/0x2e0 [ 294.062436][T10966] ? __pfx___might_resched+0x10/0x10 [ 294.062458][T10966] ? mark_lock+0x9a/0x360 [ 294.062476][T10966] __mutex_lock+0x19c/0x1010 [ 294.062495][T10966] ? dev_set_allmulti+0x11c/0x270 [ 294.062521][T10966] ? __pfx___dev_notify_flags+0x10/0x10 [ 294.062547][T10966] ? dev_set_allmulti+0x11c/0x270 [ 294.062571][T10966] ? netif_set_allmulti+0x224/0x380 [ 294.062597][T10966] ? __pfx___mutex_lock+0x10/0x10 [ 294.062623][T10966] dev_set_allmulti+0x11c/0x270 [ 294.062659][T10966] bond_change_rx_flags+0x4e1/0x6b0 [ 294.062684][T10966] ? __pfx_netdev_info+0x10/0x10 [ 294.062703][T10966] ? __pfx_bond_change_rx_flags+0x10/0x10 [ 294.062729][T10966] ? __netdev_printk+0x30d/0x4d0 [ 294.062758][T10966] ? __pfx_bond_change_rx_flags+0x10/0x10 [ 294.062784][T10966] netif_set_allmulti+0x20e/0x380 [ 294.062819][T10966] dev_set_allmulti+0x143/0x270 [ 294.062851][T10966] macvlan_change_rx_flags+0xdb/0x220 [ 294.062885][T10966] ? __pfx_macvlan_change_rx_flags+0x10/0x10 [ 294.062916][T10966] netif_set_allmulti+0x20e/0x380 [ 294.062951][T10966] dev_set_allmulti+0x143/0x270 [ 294.062986][T10966] team_change_rx_flags+0x1a8/0x330 [ 294.063012][T10966] ? team_change_rx_flags+0x29/0x330 [ 294.063039][T10966] ? __pfx_team_change_rx_flags+0x10/0x10 [ 294.063066][T10966] netif_set_allmulti+0x20e/0x380 [ 294.063105][T10966] dev_set_allmulti+0x143/0x270 [ 294.063142][T10966] del_nbp+0xce/0xb40 [ 294.063168][T10966] br_del_if+0x145/0x320 [ 294.063187][T10966] ? br_del_slave+0x12/0x30 [ 294.063217][T10966] do_set_master+0x349/0x730 [ 294.063256][T10966] do_setlink+0xfee/0x40f0 [ 294.063289][T10966] ? dev_map_lookup_elem+0xf4/0x1a0 [ 294.063325][T10966] ? bpf_trace_run2+0x36e/0x540 [ 294.063408][T10966] ? __pfx_do_setlink+0x10/0x10 [ 294.063444][T10966] ? __bpf_trace_contention_end+0x170/0x230 [ 294.063472][T10966] ? __pfx___might_resched+0x10/0x10 [ 294.063505][T10966] ? rcu_is_watching+0x15/0xb0 [ 294.063529][T10966] ? trace_contention_end+0x3c/0x120 [ 294.063554][T10966] ? __mutex_lock+0x397/0x1010 [ 294.063581][T10966] ? __pfx_aa_get_newest_label+0x10/0x10 [ 294.063615][T10966] ? rtnl_newlink+0xc4c/0x1d90 [ 294.063644][T10966] ? __pfx___mutex_lock+0x10/0x10 [ 294.063674][T10966] ? ns_capable+0x8a/0xf0 [ 294.063700][T10966] ? rtnl_link_get_net_capable+0x168/0x340 [ 294.063734][T10966] rtnl_newlink+0x15a6/0x1d90 [ 294.063761][T10966] ? stack_depot_save_flags+0x37/0x940 [ 294.063800][T10966] ? __pfx_rtnl_newlink+0x10/0x10 [ 294.063827][T10966] ? __netlink_deliver_tap+0x561/0x7f0 [ 294.063856][T10966] ? __pfx_validate_chain+0x10/0x10 [ 294.063873][T10966] ? __sock_sendmsg+0x221/0x270 [ 294.063892][T10966] ? ____sys_sendmsg+0x53a/0x860 [ 294.063907][T10966] ? __sys_sendmsg+0x269/0x350 [ 294.063922][T10966] ? do_syscall_64+0xf3/0x230 [ 294.063940][T10966] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.063970][T10966] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 294.063995][T10966] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 294.064022][T10966] ? mark_lock+0x9a/0x360 [ 294.064038][T10966] ? __lock_acquire+0x1397/0x2100 [ 294.064073][T10966] ? __pfx_lock_release+0x10/0x10 [ 294.064102][T10966] ? __pfx_rtnl_newlink+0x10/0x10 [ 294.064125][T10966] rtnetlink_rcv_msg+0x791/0xcf0 [ 294.064146][T10966] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 294.064169][T10966] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 294.064194][T10966] ? ref_tracker_free+0x643/0x7e0 [ 294.064211][T10966] netlink_rcv_skb+0x206/0x480 [ 294.064233][T10966] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 294.064255][T10966] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 294.064285][T10966] ? netlink_deliver_tap+0x2e/0x1b0 [ 294.064307][T10966] netlink_unicast+0x7f6/0x990 [ 294.064330][T10966] ? __pfx_netlink_unicast+0x10/0x10 [ 294.064360][T10966] ? __virt_addr_valid+0x45f/0x530 [ 294.064380][T10966] ? __phys_addr_symbol+0x2f/0x70 [ 294.064398][T10966] ? __check_object_size+0x47a/0x730 [ 294.064428][T10966] netlink_sendmsg+0x8de/0xcb0 [ 294.064463][T10966] ? __pfx_netlink_sendmsg+0x10/0x10 [ 294.064496][T10966] ? aa_sock_msg_perm+0x91/0x160 [ 294.064522][T10966] ? __pfx_netlink_sendmsg+0x10/0x10 [ 294.064543][T10966] __sock_sendmsg+0x221/0x270 [ 294.064577][T10966] ____sys_sendmsg+0x53a/0x860 [ 294.064598][T10966] ? __pfx_____sys_sendmsg+0x10/0x10 [ 294.064613][T10966] ? __fget_files+0x2a/0x410 [ 294.064636][T10966] ? __fget_files+0x2a/0x410 [ 294.064660][T10966] __sys_sendmsg+0x269/0x350 [ 294.064693][T10966] ? __pfx_futex_wake+0x10/0x10 [ 294.064718][T10966] ? __pfx___sys_sendmsg+0x10/0x10 [ 294.064762][T10966] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 294.064796][T10966] ? do_syscall_64+0x100/0x230 [ 294.064823][T10966] ? do_syscall_64+0xb6/0x230 [ 294.064851][T10966] do_syscall_64+0xf3/0x230 [ 294.064879][T10966] ? clear_bhb_loop+0x35/0x90 [ 294.064908][T10966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.064934][T10966] RIP: 0033:0x7f03b5d8d169 [ 294.064952][T10966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.064969][T10966] RSP: 002b:00007f03b6cd1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 294.064991][T10966] RAX: ffffffffffffffda RBX: 00007f03b5fa5fa0 RCX: 00007f03b5d8d169 [ 294.065006][T10966] RDX: 0000000004040850 RSI: 0000400000000000 RDI: 0000000000000009 [ 294.065020][T10966] RBP: 00007f03b5e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 294.065034][T10966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 294.065047][T10966] R13: 0000000000000000 R14: 00007f03b5fa5fa0 R15: 00007ffdcd9fad98 [ 294.065070][T10966] [ 294.677285][T10966] netdevsim netdevsim4 netdevsim0: left allmulticast mode [ 294.684602][T10966] team0: left promiscuous mode [ 294.691351][T10966] team_slave_0: left promiscuous mode [ 294.696931][T10966] team_slave_1: left promiscuous mode [ 294.702790][T10966] bridge0: port 3(team0) entered disabled state [ 294.719299][T10972] team0: entered promiscuous mode [ 294.724426][T10972] team_slave_0: entered promiscuous mode [ 294.738583][T10972] team_slave_1: entered promiscuous mode [ 294.745685][T10966] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1962'. [ 294.746682][T10972] 8021q: adding VLAN 0 to HW filter on device team0 [ 294.762861][T10972] bridge0: port 3(team0) entered blocking state [ 294.769624][T10972] bridge0: port 3(team0) entered disabled state [ 294.776293][T10972] team0: entered allmulticast mode [ 294.781691][T10972] team_slave_0: entered allmulticast mode [ 294.787510][T10972] team_slave_1: entered allmulticast mode [ 294.793911][T10972] macvlan2: entered allmulticast mode [ 294.799706][T10972] bond0: entered allmulticast mode [ 294.804898][T10972] bond_slave_0: entered allmulticast mode [ 294.810724][T10972] bond_slave_1: entered allmulticast mode [ 294.816523][T10972] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562 [ 294.825930][T10972] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 10972, name: syz.4.1962 [ 294.835461][T10972] preempt_count: 0, expected: 0 [ 294.840463][T10972] RCU nest depth: 1, expected: 0 [ 294.845489][T10972] INFO: lockdep is turned off. [ 294.850434][T10972] CPU: 0 UID: 0 PID: 10972 Comm: syz.4.1962 Tainted: G W 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 294.850468][T10972] Tainted: [W]=WARN [ 294.850475][T10972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 294.850489][T10972] Call Trace: [ 294.850497][T10972] [ 294.850506][T10972] dump_stack_lvl+0x241/0x360 [ 294.850538][T10972] ? __pfx_dump_stack_lvl+0x10/0x10 [ 294.850563][T10972] ? __pfx__printk+0x10/0x10 [ 294.850585][T10972] ? preempt_schedule_common+0x84/0xd0 [ 294.850609][T10972] ? preempt_schedule+0xe1/0xf0 [ 294.850633][T10972] __might_resched+0x5d4/0x780 [ 294.850664][T10972] ? dev_set_rx_mode+0x57/0x2e0 [ 294.850698][T10972] ? __pfx___might_resched+0x10/0x10 [ 294.850726][T10972] ? rcu_is_watching+0x15/0xb0 [ 294.850750][T10972] ? lock_acquire+0xe3/0x550 [ 294.850782][T10972] ? netif_set_allmulti+0x224/0x380 [ 294.850818][T10972] __mutex_lock+0x126/0x1010 [ 294.850847][T10972] ? __pfx___dev_notify_flags+0x10/0x10 [ 294.850883][T10972] ? dev_set_allmulti+0x11c/0x270 [ 294.850914][T10972] ? netif_set_allmulti+0x224/0x380 [ 294.850947][T10972] ? __pfx___mutex_lock+0x10/0x10 [ 294.850984][T10972] dev_set_allmulti+0x11c/0x270 [ 294.851019][T10972] bond_change_rx_flags+0x4e1/0x6b0 [ 294.851047][T10972] ? __pfx_netdev_info+0x10/0x10 [ 294.851067][T10972] ? __pfx_bond_change_rx_flags+0x10/0x10 [ 294.851093][T10972] ? __netdev_printk+0x30d/0x4d0 [ 294.851126][T10972] ? __pfx_bond_change_rx_flags+0x10/0x10 [ 294.851152][T10972] netif_set_allmulti+0x20e/0x380 [ 294.851190][T10972] dev_set_allmulti+0x143/0x270 [ 294.851225][T10972] macvlan_change_rx_flags+0xdb/0x220 [ 294.851258][T10972] ? __pfx_macvlan_change_rx_flags+0x10/0x10 [ 294.851289][T10972] netif_set_allmulti+0x20e/0x380 [ 294.851327][T10972] dev_set_allmulti+0x143/0x270 [ 294.851363][T10972] team_change_rx_flags+0x1a8/0x330 [ 294.851399][T10972] ? team_change_rx_flags+0x29/0x330 [ 294.851427][T10972] ? __pfx_team_change_rx_flags+0x10/0x10 [ 294.851452][T10972] netif_set_allmulti+0x20e/0x380 [ 294.851495][T10972] dev_set_allmulti+0x143/0x270 [ 294.851531][T10972] br_add_if+0x317/0xef0 [ 294.851561][T10972] do_set_master+0x579/0x730 [ 294.851598][T10972] do_setlink+0xfee/0x40f0 [ 294.851629][T10972] ? dev_map_lookup_elem+0xd9/0x1a0 [ 294.851665][T10972] ? rcu_is_watching+0x15/0xb0 [ 294.851693][T10972] ? do_raw_spin_lock+0x14f/0x370 [ 294.851720][T10972] ? __pfx_do_setlink+0x10/0x10 [ 294.851754][T10972] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 294.851790][T10972] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 294.851811][T10972] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 294.851833][T10972] ? rcu_is_watching+0x15/0xb0 [ 294.851858][T10972] ? __mutex_lock+0xba3/0x1010 [ 294.851884][T10972] ? __mutex_lock+0x602/0x1010 [ 294.851912][T10972] ? rtnl_newlink+0xc4c/0x1d90 [ 294.851943][T10972] ? __pfx___mutex_lock+0x10/0x10 [ 294.851973][T10972] ? ns_capable+0x8a/0xf0 [ 294.851999][T10972] ? rtnl_link_get_net_capable+0x168/0x340 [ 294.852035][T10972] rtnl_newlink+0x15a6/0x1d90 [ 294.852065][T10972] ? stack_depot_save_flags+0x37/0x940 [ 294.852105][T10972] ? __pfx_rtnl_newlink+0x10/0x10 [ 294.852134][T10972] ? __netlink_deliver_tap+0x561/0x7f0 [ 294.852163][T10972] ? __pfx_validate_chain+0x10/0x10 [ 294.852184][T10972] ? __sock_sendmsg+0x221/0x270 [ 294.852207][T10972] ? ____sys_sendmsg+0x53a/0x860 [ 294.852223][T10972] ? __sys_sendmsg+0x269/0x350 [ 294.852240][T10972] ? do_syscall_64+0xf3/0x230 [ 294.852259][T10972] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.852292][T10972] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 294.852318][T10972] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 294.852348][T10972] ? mark_lock+0x9a/0x360 [ 294.852364][T10972] ? __lock_acquire+0x1397/0x2100 [ 294.852413][T10972] ? __pfx_lock_release+0x10/0x10 [ 294.852445][T10972] ? __pfx_rtnl_newlink+0x10/0x10 [ 294.852470][T10972] rtnetlink_rcv_msg+0x791/0xcf0 [ 294.852493][T10972] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 294.852520][T10972] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 294.852547][T10972] ? ref_tracker_free+0x643/0x7e0 [ 294.852566][T10972] netlink_rcv_skb+0x206/0x480 [ 294.852589][T10972] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 294.852614][T10972] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 294.852648][T10972] ? netlink_deliver_tap+0x2e/0x1b0 [ 294.852672][T10972] netlink_unicast+0x7f6/0x990 [ 294.852696][T10972] ? __pfx_netlink_unicast+0x10/0x10 [ 294.852716][T10972] ? __virt_addr_valid+0x45f/0x530 [ 294.852732][T10972] ? __phys_addr_symbol+0x2f/0x70 [ 294.852747][T10972] ? __check_object_size+0x47a/0x730 [ 294.852771][T10972] netlink_sendmsg+0x8de/0xcb0 [ 294.852800][T10972] ? __pfx_netlink_sendmsg+0x10/0x10 [ 294.852829][T10972] ? aa_sock_msg_perm+0x91/0x160 [ 294.852869][T10972] ? __pfx_netlink_sendmsg+0x10/0x10 [ 294.852891][T10972] __sock_sendmsg+0x221/0x270 [ 294.852913][T10972] ____sys_sendmsg+0x53a/0x860 [ 294.852933][T10972] ? __pfx_____sys_sendmsg+0x10/0x10 [ 294.852949][T10972] ? __fget_files+0x2a/0x410 [ 294.852975][T10972] ? __fget_files+0x2a/0x410 [ 294.853001][T10972] __sys_sendmsg+0x269/0x350 [ 294.853020][T10972] ? __pfx___sys_sendmsg+0x10/0x10 [ 294.853055][T10972] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 294.853080][T10972] ? do_syscall_64+0x100/0x230 [ 294.853101][T10972] ? do_syscall_64+0xb6/0x230 [ 294.853120][T10972] do_syscall_64+0xf3/0x230 [ 294.853140][T10972] ? clear_bhb_loop+0x35/0x90 [ 294.853183][T10972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.853206][T10972] RIP: 0033:0x7f03b5d8d169 [ 294.853221][T10972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.853237][T10972] RSP: 002b:00007f03b6cb0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 294.853256][T10972] RAX: ffffffffffffffda RBX: 00007f03b5fa6080 RCX: 00007f03b5d8d169 [ 294.853269][T10972] RDX: 0000000000000000 RSI: 0000400000000100 RDI: 0000000000000009 [ 294.853280][T10972] RBP: 00007f03b5e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 294.853291][T10972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 294.853301][T10972] R13: 0000000000000000 R14: 00007f03b5fa6080 R15: 00007ffdcd9fad98 [ 294.853320][T10972] [ 294.853403][T10972] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 295.474942][T10972] bridge0: port 3(team0) entered blocking state [ 295.481321][T10972] bridge0: port 3(team0) entered forwarding state