last executing test programs: 3.211573418s ago: executing program 1 (id=1458): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x101) r1 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), r2) 3.163634106s ago: executing program 0 (id=1459): sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000940)={0x14, 0x2c, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x0, 0x0, 0x1, [@generic]}]}, 0x14}], 0x1}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x0, 0x0, 0x0, 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) socket(0x10, 0x3, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001300)={{0x14}, [@NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xfffc}}, @NFT_MSG_DELRULE={0x2c, 0x8, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0) 3.023208555s ago: executing program 0 (id=1462): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000ac0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000b00)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2611dc98835db557}, 0x8000) sendmsg$NL802154_CMD_GET_INTERFACE(r0, 0x0, 0x4000) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000d80)={0x54, r1, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_LEVEL={0x1c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x6}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x1}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x54}, 0x1, 0x0, 0x0, 0x40000000}, 0x40090) 2.82364866s ago: executing program 0 (id=1465): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0) recvmmsg(r1, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001680)=""/179, 0xb3}], 0x1}, 0xfffffff9}], 0x1, 0x40002020, 0x0) 2.680540005s ago: executing program 0 (id=1467): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0x437, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r3, 0x54583, 0x1}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GENEVE_COLLECT_METADATA={0x4}, @IFLA_GENEVE_UDP_ZERO_CSUM6_RX={0x5}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @empty}}}], 0x20}}], 0x1, 0x80) 2.263531866s ago: executing program 1 (id=1473): sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000480)=ANY=[], 0x114}], 0x1}, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x79, &(0x7f0000000000)=ANY=[], 0x8) 2.1183697s ago: executing program 1 (id=1476): syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, 0x0, 0x88d) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, 0x0, 0x4000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000006c0)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r2, 0x0, 0x40000) bind$inet(r3, &(0x7f0000000400)={0x2, 0x4e23, @empty}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) sendmsg$NL80211_CMD_SET_CQM(r4, &(0x7f0000000b00)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000ac0)={0x0}, 0x1, 0x0, 0x0, 0x200c0}, 0x40010) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0) sendmsg$NFT_MSG_GETRULE(r5, 0x0, 0x0) sendmmsg$inet(r3, &(0x7f00000072c0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000005c0)="b8c4a8", 0x3}], 0x1}}], 0x1, 0x801) 1.9035959s ago: executing program 3 (id=1480): r0 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x2d6) syz_emit_ethernet(0x42, &(0x7f0000000300)={@link_local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0xc, 0x11, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], {0x0, 0xe22, 0xc, 0x0, @gue={{0x1, 0x1, 0x3, 0x8, 0x0, @void}}}}}}}}, 0x0) 1.903415127s ago: executing program 2 (id=1481): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x8e, &(0x7f0000000940)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "01e400", 0x58, 0x6, 0xfe, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x16, 0xc2, 0x0, 0x0, 0x4, {[@mss={0x1e, 0x4, 0xa101}, @mptcp=@ack={0x1e, 0x13, 0x80, 0x1, "8c0cec4ba6136fae926d2232def5fb"}, @exp_fastopen={0xfe, 0xd, 0xf989, "eeb3fef90baf70793c"}, @mptcp=@mp_fclose={0x1e, 0xc, 0x1, 0x0, 0x9}, @md5sig={0x13, 0x12, "7224407c80fe8a3616b4bf3400006cc8"}]}}}}}}}}, 0x0) 1.785978347s ago: executing program 3 (id=1483): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}, 0x3f}, 0x1c) listen(r0, 0x2) 1.777784455s ago: executing program 2 (id=1484): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000200), 0xffffffc1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r0, 0x0) mmap(&(0x7f00003da000/0x400000)=nil, 0x400000, 0x100000c, 0x22051, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 1.583522591s ago: executing program 4 (id=1486): r0 = socket(0x1e, 0x2, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x9c, 0x11, [{@in=@local, @in6=@local, @in6=@empty, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0xff, 0x4, 0x0, 0x3500, 0xa, 0x8}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}]}, 0xec}}, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000480), 0x4) sendmsg$tipc(r0, &(0x7f0000000200)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x8}}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000580)="0087fd9d7106b31b30fb4b62a79a1b5bde", 0x11}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000070c0)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000a40)=""/188, 0xbc}], 0x1, &(0x7f0000000500)=""/87, 0x57}}], 0x1, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5021900000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f000000c300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a14000000020a0103000000000000000000d2a3500793699ebbcb0000002810140000001100010000"], 0x3c}}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x15, r4, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14) sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}, 0x1, 0x0, 0x0, 0x4000091}, 0x0) 1.575433249s ago: executing program 3 (id=1487): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x34, 0x28, 0xd27, 0x1000001, 0x0, {0x0, 0x0, 0x0, r5, {0xd, 0x9}, {0xa}, {0x0, 0xa}}, [@filter_kind_options=@f_flow={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x14}, 0x4000) 1.338936372s ago: executing program 3 (id=1488): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, &(0x7f0000000040)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r1, 0xfffffffc) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r4, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0xc015) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000180)={'ip_vti0\x00', &(0x7f0000000100)={'syztnl1\x00', 0x0, 0x7800, 0x7, 0x1, 0x0, {{0x5, 0x4, 0x2, 0x0, 0x14, 0x66, 0x0, 0xe, 0x4, 0x0, @multicast1, @local}}}}) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r3) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r6, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0) 1.219554535s ago: executing program 4 (id=1489): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x48, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff3, 0x9}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) 1.144342818s ago: executing program 2 (id=1490): r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001300)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_MASK={0x8, 0x5, 0x9}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000010}, 0x2008c014) 1.110816782s ago: executing program 1 (id=1491): r0 = socket$phonet(0x23, 0x2, 0x1) sendmsg(r0, &(0x7f0000000440)={&(0x7f00000000c0)=@phonet, 0x80, 0x0}, 0x0) 1.059409666s ago: executing program 0 (id=1492): setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000280)={@broadcast, @remote, 0x0, "d009000000000000006404000000dc3f0900000000000000d800000000000400", 0x0, 0x0, 0xfffffd, 0xfffffffd}, 0x3c) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000a40)="118db76e8efb27d530b26a8302bad647e35540226c4052b6d573165d39ad8ead67632e8fe108cf55473bc22914286359c3bb3decf99ed04d34d1a73ae48dae0e69ee69fe", 0x44}], 0x4}}], 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e00000004000280080004"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f00000000c0), 0x492492492492627, 0x0) 1.058981607s ago: executing program 3 (id=1493): r0 = socket$inet6(0xa, 0x1, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb0300050000000000"], 0x50}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0xc}, 0x0, 0x0, 0x1}, {{@in=@local, 0xfffffffc, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 916.930227ms ago: executing program 1 (id=1494): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) socket$key(0xf, 0x3, 0x2) recvmmsg(r0, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x10020, 0x0) 822.71789ms ago: executing program 2 (id=1495): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={0xffffffffffffffff, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x7000000}, 0x50) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$kcm(0x2, 0xa, 0x2) write$tun(r1, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef) 813.590497ms ago: executing program 4 (id=1496): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYBLOB="940000001000030526bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="a001000022a000006c00128009000100766c616e000000005c0002800600010002000000100004800c00010007000000010000000c0002000500000014000000340004800c0001000a000000ffffffff0c000100adca0000fdffffff0c000100a5000000000000000c000100010000008100000008000500", @ANYRES32=r1], 0x94}}, 0x0) 703.509645ms ago: executing program 0 (id=1497): r0 = socket$inet6(0xa, 0x806, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r0, 0x3) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a1400"], 0x64}}, 0x0) sendmmsg(r2, &(0x7f0000001500), 0x588, 0x1f8) 647.646863ms ago: executing program 4 (id=1498): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {}, [{0x54, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x1}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_TIOCOUTQ(r0, 0x5411, &(0x7f0000002100)) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x27, 0x25, 0x8, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0}, 0x40) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080)="1acf3ebb5ffa2998e3a605acc559e142b085a0697c88d4f98f2bd093d6c4e0cd34d56bbef491b2f6b8259f85ff84d5bc92c92c504c2776356e4168556097abcec511f9b411bf7cf398331babd99ceceb601c1ef4c82ccc53a73ff48fd98aec6f2b3bf98b5b1d8452b6171c0301e8083c31e621d5569d7d78eb7f301dbb35716010734136bc61e3b5dcb1a6bb9d3658bc772e0b878a14d5789209b88015d754d699480e0f0003539c78c8a5553e45b6434f956fe9cae45eb52b1977ce66a096de85b232cade4120f5af1b07e9b3238e1d6a247b7e4b977f559c1b12187a50771da4fb769dcec98ac3a97a172d56cc54913d62e7d256a26a3ec9d8ed9bc2195dcde8108c9c38dd6c095fa049915dbc9329db0c21372222d0f116b3234dbe53c1d5d7d12aac9fc9ff857b200a5ab728fabf58c3304f392a5c15e3cba7b830fd0cbd4be70e28bf17f3a4eb3f56b86bb3212a642d3e65caf1745a5c7467c18e22ecdf637f83e1591bcdef262f18f93cef3d6ca17da1f9d4c41974bf803797f95b1e126631f8edea317518bac345751d8d16e36e69c55baa7368681bd4ac4f327ab3ff4fa8fe0730cfdd0b4e1cf3cf8fb79cce7d4e235920c1016470f75bd024350d2a8e654693bc7ca8837d3a623ccf050e5e43f3368d75823f5406e86d9d07f5550d5f2e0e34e85ff663c7762e82c708a42ff3772aba0c291da6e338839bc83bdd7f7f50d8d8d51c519af03d3d223e692a5edb56b3eedd64e0e4cd737b27edb92217404d4b7ba284cc4d406cb9266e32e92cfce50317e4974f95a04905ecd851d6aa4f1db85631a8548dca7f98fbd9cc365df3f865ff484a0a23e538f43d14850e3bfaa2e89d60f48a570061212d1b6f659d6503e900692e145c1bf6c2eebd1cbc71420d3c968b87bbd2995e06361ccf17b1dc928144156166e3592218a50dc95cdbf5681ed61b2767009c377f86eb1e65141c6d9dc633fc23854a42abcd597c26c70a76d97e77a514b77b8cfb5cb82d723f11b03b9c313af49402ad571e7240661ed1842af3ef58371b05ada30bd35fb2cd3b6bb59949bed8886d80f6445a1bdf3e7802872bbd5fc5966e888ec2e07f7e2c15ee3aa3bc34d17db3680ba3c2d447af110d219230fe5a8f00d45d2e4a7cd78c3bbccb971322d9686952853477e5508e277283d1e06e5af810b7765bb92ce3140c37ef0ef89ce61e66b81a5b1536991e6d7f959dddb4536ac42fca52f9a7aee9481bda0bc030e6a10b23afdf81dc443c6e90af89c968b3907c25507a17b8db1435735c75c1e79c9e9d40173634288c6298eabb405b09055223b0db83582ef3c10833cde9c88f81c37404f80da8d7fec893a04ef7e200ec49b4623be7bc96e9c845ab70ae439019d338b324f4b7d740d870099d26cda652ae57482374ac8824d58897e0d56757c153f0b2fcd685875f01753972e56826c926a5614f86fbf6ea5c8c9c5ca8ecbfc4368ec959b2f8eea90d925b81f61f64b74fb716a5dba9d0338aa2479b96146f5261786d726524a08937ba4af1b4f60985a1de98d54c3d1b154406522d8ffafe153d3194523f9796ac6265e510c52a4936d75ba4da59c43f957575216e7202bd9921de3f56b70c1cbfef3694977d908c7e260dc44a1d126a08412272a7932019fe54da821229cbee622b32edc98d1e1575671e363cf0026a85805bfeea038a652ceb8a18edef08666aed63f1d12ddd53e682259532137d0e7563cb7da1b825f75d083f7751f90478082bd58142fc35fe63b2323eea41c3ce881c6af24db387348aacd16fed303d0863193da66efbfcce575d8a6f38e7f4ea9b7b6f1200a5e28bac1369502ea90222bef4d3661bd34d017640c3892612e06b2ebbbdcef7b23014f8b9fd0e35171c10ef040fcc3b8aef4c8b570e1c7846c4d76dc4a270e33a72cf91f321d5dc2f681c5a8d478e7deaeec09483c6bf5633be16c3c1509f88ccf9fcc6ea4067479d2e0ceea68296b39f705d4d99f63b6ea033e3a9fbac012baa9f69f5e87993f9c10362f930b3a54388027b120e0c51ddcb55ae026f6321fbc2290534dc1f389151279c89f300f09bc7b8ded0f11a546ae797b750b2093efc925ec4f4f2a6d475b3efc14ae4f37b066b21d888d92d90f168b2e08d3d9e32f703e4d19c00f349741f69503121072632a9bd8d87ad5dadf3465f31c96c4d0a8f368a7e92cc62837de1bff3b32e1bbd09e3a6ced46176a438ea40ebeb04a044145e6466d4aef3e77ddeea20439fc55bf4c55883c34f022083e1a040e5779befa1a3e1b09f7c0a0bf2fecd24d8e3fe15554c613cf53654705cd8255379e629a3366aaab3f6224d20724f226823551cd196a831b14b7e01e542f16e619791ee1d2dc80fc3bfc60768a09241bd1a64459db622b3250bd4804ee036dd18a7ff82e0343e8617b843a25f9074620210675473e7260c60dc8f80fa925690bc11fe146e639e855100ae30710c770357a68646a0bb8c1edcea02b7f0f2871ef8026d569b0e26841f2d625c40b9bd57150bbf2a68bf15195939ba372f3a778aefd08c1ff129bc0fea7812c54b9cfbadc91e2d5e1e376d897100b7629497fbef35567facbc762fda03d614d8c79e3d624817c185e240495cc71906edde2941ac733cae91130f7bfae33094bfef51c1e90459221d09eb9e71390e2aeb43f2e7e8689f47f5ffba37d80d505e87821a5efbe4484d4d4476836b20f3baab743252ba5123e0231484c7bc296b488c36fc5f015e65a65e2aa81c159b1acee280af6569ae82bdd429d829f145182caa5c7d485337a6ee8d00cb23ff1b9b7f03f9934f8b25c36007dd3fe122d34a1df7c898c0627f639495c80ed4fcd3ebf6ea9e12405aac525388714a5af614c56395b0b2f5ea1728b6129a2311a1962e39b3390c0f6b59846fe1262ae91a4d3658f3c980611413e3d07cbbb9e19adfdb9367303234b2fe7b286b5bb095317e63a68bd74887bc3a194afbb228970762dd04a4ca30511df086b6f37de6251bf9c80c4f61fd9291dd9443d4c3bccc0982908d42b236b0f2b370a72dac40751c030670ae6924b2da9c97bb05ffe36106ad6ec603c06c5a4ae7e8e99261a2daea3fcfe7a229521c72fef0e83c18dadd4a80796d690f179c9fe7d50196ffcd8accb41724d9d57e7c89429180d229763965e77c6c9c0635a39ccd1ed091c36a75d7f63de99f7649b5b7ae7be0329d8571926e514b023ab90621f91051b2c2911e97bb99f25f8a3153fd751097f03e94fe7f01e845b275e78f0e9116aa9747d9aa285adad19944ae6e117bc1d9e2c84d3749f7ddb652861f111e2612f73edf5a3e339a8d0c0473a7368b5984c2c927e8cf721b801b977d5e667fbfa870e609d9acb735c539455d87876629afb11fb392ff7e54b4ff3b89d98782616ab335fe80cbb7829456d8deaee47a11e1cec66419cae71dba6804456414e7311c43787b2ebd65ddc1478ea2fdcfa362a96ecbd3abffa10346bcc5cb6bff8fafad82fb4b93d5c07a15395dbbd001a0f90af30b819d3fc4dadf0367ccbc67e5298987808d614e47b64503eeb6653088e41b6b140747d696cab0e95dd2c80406db8f9ff5b764429bfdb7de82ff99bb6487a06e7b5adea6b9b1897c730ef09a017f32e4c1c9678543982e92a230be3bc6b47fa4aa626bd8c5c3daddcb2c943994d5dcc8b622a96f0a9314d47eea46829081baa7c04db356111e9177aa17b302e2ddac0d341481dee4377f16cb4973487ea776ba0a0a1a7b43e56f7973516df3e0eb9890d74a9cac4cb4ada7c9bcebed9b6531e66feedf1baa9215fb860a1361e2f6394c2976fa4b484bc446404dcd214f007b17f6a012362043e16612bef31bbf29189debb1f8c7f86a10961ec35efddd23f28146b8179c57510857eb936cc3b411a037a04bf7ba43ca4b8d6d8c7e96037de58e8763ef67fbb57c49c45b11af1771cdadcdb7e2321665b15213afee3b03f7c4cbb7cf94aec2146a20ed999c38a23a88376e48e5ab5bd1d66351f18b7add9300050e3703cd6cbf04ca98d7d45a08e584116815d842cf03ac7a5315e14be80fb50f653c933cde5bdf160f37f1677ca1d36d6a516c4a12ab11f102db6ab078f3759d4cc81201e0cc7d328bb3d881da95520d02e4b443d61db708bd22c07e6ea2c47b592481e6a32a6b002ee8cd0a13ad5d70c6c92c12b6389e1a6e2e419fba67b8037312466d66c9665bc39eb34ce1f7706221cf4dc96ce67d27c39a4559446fda37507eb1771cac694c20f74ae05e47d7277fc783cf1eeba7e0369a78e6d495e0669cb916ded7fe3250d3d1a165c720c05d0ab6215444bcfd0aebc12bb412c0df998079b784365c21771d7eaf7eeab07ac0164aa45529d74ec7dbbe9b3d32ad2d94b90c88a9863ad53e2f0e5870a3661a80926f854a83b2c3f381fd075c3e24509919afec6e0d7fec0a4c1c19e82777afaac7ca7e2e3a95396215a8f356ef1d104ec849f826fc9b278400f3766c2fabd83767b34e56990e5f1f624aee9f365939fd706ebd7a06b0fb8234515b55534b6a7b9e03948b7ab8fee9eb746b5e8bce551ebe7a1f3d3148b049312131237c6774ec17f5f02aa5e6df31a536e732f457b27b6c3c4b90afdb5ff179318d2645ddffb281ed2afe2cc95433080be4e646902e46155fe22e6234e62eeb49fb5bdc0ee20add96055e299b44739da0f3f1664337b7fe1ced4298262210c9deddeadd2a5dcb4a7840afee46f23f3a7b7b8ca2dd32c0782ee7fca6322e3a5b48814f4ed2e4cde0b0c6cb73d1c842cbaea45ced89f5a2e481d7810000fb874e93ad1fcd0cd11e51fbe102d3bed200ba3a581ce0ec43667a5b794143a4b627fcb1e1969178547f97adf453f7d3ff79768b6d53ff30b0e66e6a81ba169ed9f7f736a4f684bb6ba11348b08c7eb32b4f97169d4464095bd0b7323f73e759ce0d21dcdce7005e3bbf702ac531e94339b2259cd2a917f205c0b429f7d1f722186be47db8c1c74665b55f217f21ae66e31d1339affcc8095858d603d3ce2897c9821bd615f893a401f41042729866014f555d2ce8b6c29511561c24036c288ff7081151edd4e9d7a559864be65928154de6aa0e372159b862ae49fcef5c5c58921336855cdad37905b187fbfd06e74d1264d4d42e56e52f398087f68f9ec9a6219c136d146c7daee6ff5805d61b3efe0ae6497947bfe0ada552970880175ff535f07e69b943cc5aac59b11fb0a218926c92e697ee1343bf0c0d8b20567b8dcc122f87cffc11ba1ab04256f4b5046dd9915bf5ff93e31ad5558451ffb7bd0c6abd776cb1ffc5bc14b4229a3661790820bce4b61533cb0411ad03096850c2cd10c839a69c080254ef296c74028091e056427bb5d21dee1b0143d5231c9b86d2aae9186e6f8e03473385f75c6b8e4d862781b4f68734a1c6e9c2c06f2f80a4e0164a80778e50651d3781294c0d4ea85208c19c3ef983e12c9c521195d1dc95348706c61737347dff596ae49b74fa1b26b08b9b1e1b6ba36b01c01b116a295f3bce7cfeaecf2f0b65c83917178d55b93a0d19bf3d075e7ab0b566e51c45476e41600ed4c5276425ea3e79f0cad8b86f5e5234706cfaf55b20fe1b2488991b57d547ccc8da67e73de6288decbe52ebca4d560edddd2c2cea9ab0bc95c42d75b5046961e0eea31e60efecf4a68033018a7cde6a78b2c4cddfb1ff7a2e7d1377a41ebf48b89697abc443599045b1febb4895cc893ec414f0083204d698d7f6bd9630ba4e39b25ac9a2aa86a2571ed4a91a39fdf9812f0cb3f30ca3033d", 0x1000}, {&(0x7f0000001080)="75a75535a391d36e340001a933eb346169e71ac9701d4937675823f8365344df45cb6b73a61af7bb4a289251b23314f38afc18a41a00c733fd8758b240e76f4223b3ef32a7713414ff476df6d15d830390608a24d92a9685f2a0761e563b1bf97d4832152b102adc4852550eec31039f70848f47b8e2fd48bedd4cecc2ecba3414c8f0656bf5c8d4c9d526b0a320869f03a5e7aca09d09becc6c20a815e34ef1b4716ff2224bf199a99981af159a9a49b3b30f50ab5a3663ff0e943e8baf004b6080b2cfe9e16b079a3a5d582b4e2eb690378b522e4f85abee8350671c6507794915a7fc110ec125aa23e3472c8c8cfa2b6fc2164338453de477ff0bf456d592b584f77465332ed26f08c1c59e738a15e796633aebb8c49e7345ae05b29b3bf72f7aaf536f0c254c8c5781906d39d3d5c09c0de6297838e6d74c6c6874cfcf9ac534e63013898fcb7b300c4f0eac75bcc94a34a4292fa5d6dae80a2d6600de27e4a6ab0b9b677bfca32a21a06b638ac44b860ace5425930c08e4a567a3be0d98d4f78b565ff0177a471747318837e7d65ac4538b8487606b40cb9641c20e4ae5dad221e55a70cc142394a637c0a239072cc28b2e3029aa6c495fff67cc5be2098b14c2e315d2be5b4d3d87840963676fa9b3b4223be3d7c628995682e1c46a858bd703542c9636c39117113d266e50d2c69f2385d93d3aabc05be0780c5a0241ff94d1a205e757a62cd06ca68b2758600e94ef6f272a000e836e82f043b2eb2f34a6de1bd0836389e2cdd6f4b6b056848cfc04ee1884fd2e7e902d196763f769057bea46988342da905eeec3864978e9d4c32e685f203d83d81e344979aa8aeb631e80d735fc9ddad7dc913d189b62470ffe701c28e59fe254c72258f3af43cf8fb7f9b0e94be0de349b36579bb7b29895ec9ca55627231401a0ca8818f7790a8a4af7fbfdb99b5fb3adc1679f4611da4665f6fa10f1f5bfb49ab3fc72db9bb74f5ed8b63e5a06f2be9f6dec98cffb538d1a5c7ac6121b7c389a2a4a70c4987b389a18201703b8a09b4e4afaa267646d2a7384a3f13554032fb2bf262074600544359246d0cbd7e444420bf513a6a3b5f50fe47dfc3b4a56b4c00ff7558c72b8e0c163d95192319b49e1c7ae3e71687b66bff80c6a562e520d3334f259be299f9934f815fcd9aaa85162d85aa6f35e22d9c8912d7eddc127529069e3195cdb2e6ecc38949b8ef2ad8b99e3d2bd03bf7181c6596c8ffa9b112085e243d9549291c1be52e0284e312b3ad6579091c684036c9c9d23292232b72aa003ab276a5278cd7c1db02fe6f29f450defd9348db44355bfee212aa38f7648bddb27687e6df681f27091628bed99e9d63a1e60fc9fe73d5a2d2cdcd2670ed7630710aaa568cf4b1971bc6add8c639480cbb381589bf2408b269ca8786ff86b31900c08ec4d3f3f4c59de13be4a7898d6e980c8597b8cc7cf64c2707a38204343a9d751f6b02fcab8f2f94fbb9698943b45185bbdfc1c6b95e39ebd295959349f63a873a8f7f4536a1325a3a119c0691e705a61aa91f03fbcbad25337846a0331dae4b5a8355db6aa6a9615d684edf7be36f50b71bdeac25d3c5fbe9c9c751b0d892784a933f31860e229eff3837edef77998f42fd81f8dc6ad6a64267cafbc68efbef4892f8a7e56e336a66bfcc21519638af4a053263bfbe57dd06c69cbbe79576883bf791762d596231ec87d6652dafbf3c2cac67df4f10e9976026e42610c2e2ecda3cc2e9e360a1678bcb19baa0dbba2c85d3efebbe7bec7e38ef28e035f08e4abfb62253d3887235543d822a62d992f5219c794a5354769d0097dfe124bd25c5b6310cbea9f86a31c766df7bfb02f42a74c493e492632b80c6b38cf33bf86b6ddf33934b684b6fba275c9f4a77e990610d7162268d70d055bf7a44872294491cec1b0d526d1038b9e2a1cc9ad0e27ee8b595e2b6c9b2767d2602c38ae07b68c827e2a9dab26378df1f038e657e3bcc898ed249ab3116d4d7f1e4590b113e9d3571dcf715485dbaa440ecece1194c296b152ab09521084621467934f537ffd7ce6cfcec1f27390800bc319f564a24c156c4330fadebb41261dbada9eec351ed448555b873c47d137e7a72da818b89dc0f452a638cb3c593338aa74dc3badb8e30c1ad50b7ad998eeaed62e389cf3383d715f3eb7e42b59b2c6e5b920e0815501aec010488615c7a9f5bea367d44d6a3359fa4b4e2517cc62758385445bc7c1dae70f1b9457bae39d9699cecd4fff72070e78e67ac0dd205e73116e3526378ba2f35d17566ec1b621c3a5703c1f5ca90deb4a4d78a48a937306d64b600c57e578e53b8828e35f94772268f8c074f32011497e9a96338fc4f4b64a496d85ba8c2f7090e27804c63610ee98dfafaf226d4a7ee80d0e2e0e572fe2c979d100ec79783fe7b062b3bda7993898558a0d897408eea3ba911f2ed24e1da8383503eec9d0bfa036495bc1e5311aa138b89665ce12042074e94ee9b2365d6457e9100876914924dd258faf72009f356d8af59f37ad83604110075f56695b17a1ecb1f45bbbfceb77a18d7b4e787b444c0cfbdc7518cb743d053995af3eac63000474027b38d62529e984302e451f271f2f5216698a37260ed77c1682c62c8927d22c58e31d02709d23b2480076a14b331563bf67ddbcbaf1bc8cb52b862b41a38388f2b80570fc1538182a2db0ea73cd0b113c998dc42e79d24f1618a1e25a382c80faaafd0482b3511ae98a666a803ff1eb1fc19c0787b34a5012cc920892e152d9f3b33c0b2ebe33e03199f559fe9226df27db04d19d121dfedb2579f965d10392c415f686184165b756bcc43e558e8f19bfb662bee33aea5ac80e654f6031eacc7f39252fd492c86e2994f7442c33697ed39e28e4f52d3035131187683284c009f21c1e7d5222348497e0622c750d068efd09c8fe2de6565ccea26c3255e3384119b1bd6d27fc794c0bcd97e5d90c18bc11c3708a7d5ef525de6367f093035bdc0bfa76a50d3189b11504309d5ac1c3c56496557d4128824e0cfac75c5b6c1496b8c0159dcc0378d2535f2044cfa878d0f2251100bb4a3a4fe48da3346fb828d2d217819de0c3d08c32b3af3ab128872bf202b875eafc732e3b47fe77d8b6662977c1b4f91fdd210b06348f3778cf01ae82009e8659a762be73a59fcca45e9f7ec59fc03f59c6f57d925347e2f22645f7b2d55f7520af74f57b4b730f88c2144aa6ee27f2a05c3fb091d8fcfe2e0fe10c39cab70e3de3c0d6c65876c0befd3356f74cdd0f9458e1eddcad4a20bdbd924a7efb0ac237e3416357e6fd0a64ab10f457cec8683577411741ffbc0d6a0e799e0f2bb5dee1104a63fe412bfc3dc31d2033a20c9468a2eea498de039d5d1df9fa14b87dd6e71e39e9077e5f483f4672b821209340f4e2b5fd9d84760ba86867f00cd08c8adad13c0d82910c8444d31d7b4c2bfb372aa5ce6b7e2aacca539e0b3f3c5d4fa7abb840e60ff9df38618454e00e100429130eafbc2eb2e84aabed1a2691547d6febdb69d7368d5fd0dbfb57f36788719a9c91bf8deb238f139ab06fdc175264efb92c150b953336a21a1ea640a1afdae22872ca5d80e2b5f44e79ae330b42f6aea5eaac527d23e08fdf80e8d5bf76d6e6cc71c3f270bcb27553e4dd5a31fb1d7b22b256bc1255a6aff1c14f5760748123039d9a981f1c255399f4c4cfaab98caca31fd20a25a74f1c3f55daf8d7355b8a70a97e73f7f586572fa742f1be5c8702c298d801b61f4736221e27ec173335cff91ba3d1c96aaad55545d570c2e91fc1264a3f849f09b6cbeee0aa80a1ca3db386541d48db1977e5915d902e3ebdb579961fcbadcfe61a40cdaf7b1639b2025cd9346956eb40973af92549b976638e4651965cbbb7f60e44b7bf84d2e7a7f14a7263aebd3757d12e7954cc4a1878882de4d7e1a41b8e57ffcbc38242f498f045b28ab948bf446ee7caa24a99425925c5df9ca006a47e5a8daab5a325f5c03c158cc7f5b3860c5b595ee02f6bd65efc2f8d2f2f3797108857d4f363a3faf13b7741182fe90f5a3899d537b8022cbfeaa1d3789216e3932bae15ad3f6abed2ac2c09e3d063e222a57e2c206114c38f43986e318045cc6eb6445562fd393d9c6c1b5aa386b4ae014004f4b569a5e722f56db33a7efab7c7750f8066392c3f8b525538676181845c1721da687ebaac57a91fc3d0b71c890615b4a9ae7dc4d14b521e1b84c4638cd283785dc7a990ceb789e97b121d71d44b88d6806cdd6ad909a483290794f93f2d01b6ac1eb091a37331cc1baf71304e43db160297cf197514b0b2d3b34260cec758ab9ed602be9f43409bfdf371c8429f7dd06c1f8258a9478339d38e59cfb88dc9057bc4db3479733027f1f59f2c40e5dd3754b6d496f447f899c14cbc1b5b2723220743d07af65fe1f5a45624c51d46fd52b77b7759b206a113139dd512f999877927c4e14badb4805117b6354d87c3b184ff15f5218a9975100a3123f1017ee30a2932bd2f355b178eceb160990a55b031c5440cc9196845f80a4ed39e16dd1a0e044536e4e6cc37f5740a718728d3785776b46156ef07e119c84243af120f5e445ceca03c20584d14b6f3857b83d309a59784b3c0c3048782051ee3e7db7f20de1b56dd9f54f9cacacd688b3403f5f8f097569f515be127b72138f74c4ac6296c7493c50dd62b8d46d29e611146e807265a1aed3c71a2a019cf67495c08d9d976f6b5d8f9bc388ed4cf2f4910c5c7d180c50097c2db6bbda38b9fb2d6831214578b2100ec0f7c75dd70a3f0d7a9b326efe68a86c413e6a4937f5d9fe30a8b2dc8f40114bab3d7cc80b0b4a37a915327322ecbe9d70ceaca0d190c69bb5ae21d0f652e81cb7f87c9033f3969bb018ad6b7fd8cd6b72071d358a7fe9a70f342ee86687e463889040a19709c65b731418b30bc43aff4b692f841d9456d54a9cd51a577d8c824e6339f504b4988101dc853b3a75925ddd98c74a8b83da8347cc3d8fe5a00299ae2b8713abd83189baf518ea04555831c2aa64e03322fe90f901b16d25816104ba90400ea87d95581525f7bd31bf15797592849a9cb9602ede4c96065ee04aabcf4fb8b1b2cedd81ea791af59e3d320b20260bbb7dc6329893dc67e7e9f76913b350d38d852fcd0011a5f2917ee5a3a7501bf2f4991b203bf9f025ec5c6e84826075381a287f025e183875b99e7775abe0236119f0f09835c085a59a2f70aff634b3c12bb02b839a9a1371971c63ac5751378208a50fc54c4e324adddfbcd07cc17026677afcbc3b8b6f194a501e0d7f93f2a171eb646af5e50b9bbb3f49d8f5da937e410f70e93f5185a5251ba6df953bd5c43a9816f3a898e01d37de664885b39f01b435a18d6b2892df59d4266c9430328b17b8990222f79ca5f93e57b3969e8629cc30da4b611e309728d87ba6d00528a1ec92dcb886791b1a4d7bfbb2e78f0a73d009d511285c1ed6ff7eaa1c56ec07b7d903910d5b49dc770cbb0c07374abcd2b891f68972d7e36b715d43ec7ec1c5dc459114a481bc744cc9daab46811a08f0601e7f2c349a7a729b9dfb325bac8a76d510ad14c2ebb5cfe514fbf7016f6900be0ce58194923dadb1fa38fccdbcf08df9d5bb58fbcbbb68ea493c627d4f18956902d41d3fe770a14936781921ab2bc96e6d44fafcd43e4b989a7169b8bd00babc7d25ac141b277ebea7ede759b477444fe1d60c9edd7356ab87f3b3979da865f82e3eb2b3b1465b8d009bc1ca9cd0c49c341f588", 0x1000}, {&(0x7f0000002080)="b35e1b899f53480d422218ee47547104fa1cd69570f0fce1a475087bf960df35aeea6550de5333f2db6912b5dba630e5644b30e59907056550f53d46858e4999ecc9f7143ca82732b63b1452ab84052c67b52033dd9e1bfad15db8097728489509102ce58a70f11c474c3267cc9b7b4218e78f024bc139", 0xffffff9c}, {&(0x7f0000002200)="98e9dfa713080c17bd8a6f1ab554c29a3fe2eff4c06ab6e12570727377b247e744f8e15610a1587a9534ca02e807e1329a2cb6aa1ce5cd7dffcd3b289420d2e74331007300d5cfda7cb0a8996e345e1dd6fa3032559f7ea00101d49dc1e1aabbd056b6c99c0b19e3f57e42c0d75a2f47b6560a6b25f1a730f244b14df1fb11b07e38af0e60c243b49e108833ab3383f98f04ad3fbb891db43ff382df7e5f2cf869c84c980e2db7efba65f21a28e1f19b849c7011ba318669575ea49caf779c5cd94d3f6aa803624ab0b941d2f821a8aa0d13", 0xd2}], 0x4) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, 0x0, &(0x7f0000000400)) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000002340)) 539.132837ms ago: executing program 4 (id=1499): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd05000000df25230000000c000600010000000100000004002d80"], 0x24}, 0x1, 0x0, 0x0, 0x40084}, 0x40010) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x31, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x45833af92e4b39ff, 0x0) 500.866318ms ago: executing program 2 (id=1500): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_mreq(r0, 0x0, 0x20, 0x0, &(0x7f0000000100)) 363.557519ms ago: executing program 2 (id=1501): unshare(0x62040200) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000029c0)=[{&(0x7f0000000080)='X', 0x1}], 0x1}, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r0, &(0x7f0000000080)=ANY=[], 0x6) sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, 0x0, 0x40) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) 363.357155ms ago: executing program 4 (id=1502): syz_emit_ethernet(0x9a, &(0x7f0000000880)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd603000bb00642b00fc020000000000000000000000000000fe800007"], 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) recvmmsg(r0, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x10022, 0x0) 83.635779ms ago: executing program 3 (id=1503): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000040)={'wlan1\x00', @random="01001000"}) 0s ago: executing program 1 (id=1504): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) close(r0) kernel console output (not intermixed with test programs): 00000000000 RSI: 0000400000000540 RDI: 0000000000000010 [ 103.094090][ T6554] RBP: 00007fe6df2c7090 R08: 0000000000000000 R09: 0000000000000000 [ 103.094103][ T6554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.094115][ T6554] R13: 0000000000000000 R14: 00007fe6de5a5fa0 R15: 00007ffd210290b8 [ 103.094145][ T6554] [ 103.824401][ T6575] netlink: 'syz.3.201': attribute type 5 has an invalid length. [ 103.866201][ T6579] batadv_slave_1: entered promiscuous mode [ 103.935236][ T6577] batadv_slave_1: left promiscuous mode [ 103.989353][ T6584] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 104.111251][ T6588] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 104.684158][ T6614] netlink: 'syz.3.209': attribute type 24 has an invalid length. [ 104.962300][ T6620] FAULT_INJECTION: forcing a failure. [ 104.962300][ T6620] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 104.987435][ T6625] FAULT_INJECTION: forcing a failure. [ 104.987435][ T6625] name failslab, interval 1, probability 0, space 0, times 0 [ 105.009514][ T6620] CPU: 0 UID: 0 PID: 6620 Comm: syz.1.211 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 105.009541][ T6620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 105.009552][ T6620] Call Trace: [ 105.009559][ T6620] [ 105.009567][ T6620] dump_stack_lvl+0x241/0x360 [ 105.009598][ T6620] ? __pfx_dump_stack_lvl+0x10/0x10 [ 105.009620][ T6620] ? __pfx__printk+0x10/0x10 [ 105.009647][ T6620] ? stack_trace_save+0x118/0x1d0 [ 105.009675][ T6620] should_fail_ex+0x40a/0x550 [ 105.009710][ T6620] prepare_alloc_pages+0x1da/0x5b0 [ 105.009742][ T6620] __alloc_frozen_pages_noprof+0x16f/0x710 [ 105.009766][ T6620] ? splice_direct_to_actor+0x4fa/0xc80 [ 105.009797][ T6620] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 105.009851][ T6620] alloc_pages_bulk_noprof+0x847/0xae0 [ 105.009888][ T6620] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 105.009917][ T6620] ? rcu_is_watching+0x15/0xb0 [ 105.009942][ T6620] ? trace_kmalloc+0x1f/0xd0 [ 105.009968][ T6620] ? copy_splice_read+0x17f/0xb40 [ 105.009996][ T6620] copy_splice_read+0x1b0/0xb40 [ 105.010031][ T6620] ? __pfx_copy_splice_read+0x10/0x10 [ 105.010062][ T6620] ? __raw_spin_lock_init+0x45/0x100 [ 105.010096][ T6620] ? alloc_pipe_info+0x370/0x4d0 [ 105.010126][ T6620] splice_direct_to_actor+0x4fa/0xc80 [ 105.010169][ T6620] ? __pfx_direct_splice_actor+0x10/0x10 [ 105.010197][ T6620] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 105.010225][ T6620] ? __fget_files+0x2a/0x410 [ 105.010255][ T6620] ? __pfx_lock_release+0x10/0x10 [ 105.010290][ T6620] do_splice_direct+0x289/0x3e0 [ 105.010323][ T6620] ? __pfx_do_splice_direct+0x10/0x10 [ 105.010351][ T6620] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 105.010387][ T6620] ? rw_verify_area+0x243/0x630 [ 105.010413][ T6620] do_sendfile+0x564/0x8a0 [ 105.010452][ T6620] ? __pfx_do_sendfile+0x10/0x10 [ 105.010484][ T6620] ? __fget_files+0x2a/0x410 [ 105.010524][ T6620] __se_sys_sendfile64+0x17c/0x1e0 [ 105.010556][ T6620] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 105.010587][ T6620] ? do_syscall_64+0x100/0x230 [ 105.010618][ T6620] ? do_syscall_64+0xb6/0x230 [ 105.010647][ T6620] do_syscall_64+0xf3/0x230 [ 105.010672][ T6620] ? clear_bhb_loop+0x35/0x90 [ 105.010700][ T6620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.010724][ T6620] RIP: 0033:0x7fe6de38d169 [ 105.010741][ T6620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.010754][ T6620] RSP: 002b:00007fe6df2c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 105.010774][ T6620] RAX: ffffffffffffffda RBX: 00007fe6de5a5fa0 RCX: 00007fe6de38d169 [ 105.010788][ T6620] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 105.010798][ T6620] RBP: 00007fe6df2c7090 R08: 0000000000000000 R09: 0000000000000000 [ 105.010809][ T6620] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000001 [ 105.010820][ T6620] R13: 0000000000000000 R14: 00007fe6de5a5fa0 R15: 00007ffd210290b8 [ 105.010854][ T6620] [ 105.044232][ T6625] CPU: 1 UID: 0 PID: 6625 Comm: syz.0.213 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 105.044264][ T6625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 105.044278][ T6625] Call Trace: [ 105.044286][ T6625] [ 105.044294][ T6625] dump_stack_lvl+0x241/0x360 [ 105.044328][ T6625] ? __pfx_dump_stack_lvl+0x10/0x10 [ 105.044353][ T6625] ? __pfx__printk+0x10/0x10 [ 105.044391][ T6625] should_fail_ex+0x40a/0x550 [ 105.044431][ T6625] should_failslab+0xac/0x100 [ 105.044464][ T6625] __kmalloc_cache_noprof+0x70/0x390 [ 105.044493][ T6625] ? sctp_add_bind_addr+0x89/0x3a0 [ 105.044526][ T6625] sctp_add_bind_addr+0x89/0x3a0 [ 105.044559][ T6625] sctp_copy_local_addr_list+0x311/0x500 [ 105.044592][ T6625] ? sctp_copy_local_addr_list+0xab/0x500 [ 105.044622][ T6625] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 105.044659][ T6625] ? sctp_v6_is_any+0x60/0x70 [ 105.044688][ T6625] ? sctp_copy_one_addr+0x94/0x360 [ 105.044716][ T6625] sctp_bind_addr_copy+0xad/0x3b0 [ 105.044750][ T6625] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 105.044780][ T6625] sctp_connect_new_asoc+0x2f3/0x6c0 [ 105.044804][ T6625] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 105.044838][ T6625] ? sctp_sendmsg+0xf1a/0x35d0 [ 105.044878][ T6625] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 105.044910][ T6625] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 105.044946][ T6625] sctp_sendmsg+0x1f64/0x35d0 [ 105.044999][ T6625] ? __pfx_sctp_sendmsg+0x10/0x10 [ 105.045037][ T6625] ? aa_sk_perm+0x96d/0xab0 [ 105.045096][ T6625] ? inet_sendmsg+0x330/0x390 [ 105.045129][ T6625] __sock_sendmsg+0x1a6/0x270 [ 105.045166][ T6625] ____sys_sendmsg+0x53a/0x860 [ 105.045202][ T6625] ? __pfx_____sys_sendmsg+0x10/0x10 [ 105.045226][ T6625] ? __fget_files+0x2a/0x410 [ 105.045263][ T6625] ? __fget_files+0x2a/0x410 [ 105.045305][ T6625] __sys_sendmmsg+0x36a/0x720 [ 105.045344][ T6625] ? __pfx___sys_sendmmsg+0x10/0x10 [ 105.045385][ T6625] ? __pfx_lock_release+0x10/0x10 [ 105.045417][ T6625] ? kstrtouint_from_user+0x128/0x190 [ 105.045469][ T6625] ? ksys_write+0x22a/0x2b0 [ 105.045494][ T6625] ? __pfx_lock_release+0x10/0x10 [ 105.045534][ T6625] ? sb_end_write+0xe9/0x1c0 [ 105.045566][ T6625] ? vfs_write+0x7fa/0xd10 [ 105.045592][ T6625] ? __mutex_unlock_slowpath+0x227/0x800 [ 105.045655][ T6625] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 105.045690][ T6625] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 105.045725][ T6625] ? do_syscall_64+0x100/0x230 [ 105.045759][ T6625] __x64_sys_sendmmsg+0xa0/0xb0 [ 105.045789][ T6625] do_syscall_64+0xf3/0x230 [ 105.045818][ T6625] ? clear_bhb_loop+0x35/0x90 [ 105.045851][ T6625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.045881][ T6625] RIP: 0033:0x7f97c2b8d169 [ 105.045901][ T6625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.045918][ T6625] RSP: 002b:00007f97c399d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 105.045941][ T6625] RAX: ffffffffffffffda RBX: 00007f97c2da5fa0 RCX: 00007f97c2b8d169 [ 105.045957][ T6625] RDX: 0000000000000002 RSI: 0000400000000880 RDI: 0000000000000003 [ 105.045971][ T6625] RBP: 00007f97c399d090 R08: 0000000000000000 R09: 0000000000000000 [ 105.045984][ T6625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 105.045997][ T6625] R13: 0000000000000000 R14: 00007f97c2da5fa0 R15: 00007ffcc8966658 [ 105.046031][ T6625] [ 105.978684][ T6639] netlink: 'syz.4.217': attribute type 2 has an invalid length. [ 106.048055][ T6643] netlink: 56 bytes leftover after parsing attributes in process `syz.1.219'. [ 106.064263][ T6639] netlink: 'syz.4.217': attribute type 9 has an invalid length. [ 106.071948][ T6639] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.217'. [ 106.464391][ T6655] wg1: entered promiscuous mode [ 106.481500][ T6655] wg1: entered allmulticast mode [ 106.888599][ T6676] netlink: 134788 bytes leftover after parsing attributes in process `syz.2.231'. [ 106.919640][ T6678] FAULT_INJECTION: forcing a failure. [ 106.919640][ T6678] name failslab, interval 1, probability 0, space 0, times 0 [ 106.943579][ T6678] CPU: 0 UID: 0 PID: 6678 Comm: syz.0.232 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 106.943619][ T6678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 106.943631][ T6678] Call Trace: [ 106.943638][ T6678] [ 106.943647][ T6678] dump_stack_lvl+0x241/0x360 [ 106.943679][ T6678] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.943702][ T6678] ? __pfx__printk+0x10/0x10 [ 106.943725][ T6678] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 106.943755][ T6678] ? __pfx___might_resched+0x10/0x10 [ 106.943788][ T6678] should_fail_ex+0x40a/0x550 [ 106.943824][ T6678] should_failslab+0xac/0x100 [ 106.943854][ T6678] __kmalloc_node_noprof+0xe1/0x4d0 [ 106.943882][ T6678] ? __kvmalloc_node_noprof+0x72/0x190 [ 106.943908][ T6678] __kvmalloc_node_noprof+0x72/0x190 [ 106.943930][ T6678] __nf_hook_entries_try_shrink+0x330/0x730 [ 106.943973][ T6678] __nf_unregister_net_hook+0x5cf/0x800 [ 106.944012][ T6678] nf_unregister_net_hooks+0xd0/0x140 [ 106.944045][ T6678] ip_vs_unregister_hooks+0xb9/0x120 [ 106.944077][ T6678] ip_vs_unlink_service+0x3c5/0x9e0 [ 106.944123][ T6678] ip_vs_genl_set_cmd+0x24f/0x1cd0 [ 106.944153][ T6678] ? __pfx_ip_vs_genl_set_cmd+0x10/0x10 [ 106.944218][ T6678] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 106.944254][ T6678] genl_rcv_msg+0xb1f/0xec0 [ 106.944289][ T6678] ? __pfx_genl_rcv_msg+0x10/0x10 [ 106.944345][ T6678] ? __pfx_lock_acquire+0x10/0x10 [ 106.944375][ T6678] ? __pfx_ip_vs_genl_set_cmd+0x10/0x10 [ 106.944400][ T6678] ? __pfx___might_resched+0x10/0x10 [ 106.944438][ T6678] netlink_rcv_skb+0x206/0x480 [ 106.944471][ T6678] ? __pfx_genl_rcv_msg+0x10/0x10 [ 106.944497][ T6678] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 106.944562][ T6678] genl_rcv+0x28/0x40 [ 106.944583][ T6678] netlink_unicast+0x7f6/0x990 [ 106.944628][ T6678] ? __pfx_netlink_unicast+0x10/0x10 [ 106.944654][ T6678] ? __virt_addr_valid+0x45f/0x530 [ 106.944675][ T6678] ? __phys_addr_symbol+0x2f/0x70 [ 106.944693][ T6678] ? __check_object_size+0x47a/0x730 [ 106.944726][ T6678] netlink_sendmsg+0x8de/0xcb0 [ 106.944772][ T6678] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.944808][ T6678] ? aa_sock_msg_perm+0x91/0x160 [ 106.944847][ T6678] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.944877][ T6678] __sock_sendmsg+0x221/0x270 [ 106.944911][ T6678] ____sys_sendmsg+0x53a/0x860 [ 106.944946][ T6678] ? __pfx_____sys_sendmsg+0x10/0x10 [ 106.944969][ T6678] ? __fget_files+0x2a/0x410 [ 106.945003][ T6678] ? __fget_files+0x2a/0x410 [ 106.945043][ T6678] __sys_sendmsg+0x269/0x350 [ 106.945074][ T6678] ? __pfx___sys_sendmsg+0x10/0x10 [ 106.945112][ T6678] ? do_sys_openat2+0x17a/0x1d0 [ 106.945171][ T6678] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 106.945203][ T6678] ? do_syscall_64+0x100/0x230 [ 106.945235][ T6678] ? do_syscall_64+0xb6/0x230 [ 106.945266][ T6678] do_syscall_64+0xf3/0x230 [ 106.945293][ T6678] ? clear_bhb_loop+0x35/0x90 [ 106.945326][ T6678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.945353][ T6678] RIP: 0033:0x7f97c2b8d169 [ 106.945371][ T6678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.945388][ T6678] RSP: 002b:00007f97c399d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 106.945409][ T6678] RAX: ffffffffffffffda RBX: 00007f97c2da5fa0 RCX: 00007f97c2b8d169 [ 106.945424][ T6678] RDX: 0000000020000000 RSI: 0000400000000180 RDI: 0000000000000003 [ 106.945437][ T6678] RBP: 00007f97c399d090 R08: 0000000000000000 R09: 0000000000000000 [ 106.945449][ T6678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.945460][ T6678] R13: 0000000000000000 R14: 00007f97c2da5fa0 R15: 00007ffcc8966658 [ 106.945491][ T6678] [ 107.320338][ T6681] netlink: 56 bytes leftover after parsing attributes in process `syz.2.234'. [ 107.780116][ T6705] Bluetooth: MGMT ver 1.23 [ 108.055104][ T6720] netlink: 8 bytes leftover after parsing attributes in process `syz.3.242'. [ 108.092787][ T6721] netlink: 8 bytes leftover after parsing attributes in process `syz.2.245'. [ 108.107002][ T6723] netlink: 4 bytes leftover after parsing attributes in process `syz.4.244'. [ 108.123039][ T6723] netlink: 6 bytes leftover after parsing attributes in process `syz.4.244'. [ 108.151106][ T6723] tc_dump_action: action bad kind [ 108.278923][ T6731] netlink: 12 bytes leftover after parsing attributes in process `syz.1.246'. [ 108.966043][ T6759] netlink: 16 bytes leftover after parsing attributes in process `syz.1.253'. [ 109.447442][ T6772] netlink: 24 bytes leftover after parsing attributes in process `syz.2.255'. [ 109.698052][ T6778] netlink: 60 bytes leftover after parsing attributes in process `syz.2.260'. [ 109.713893][ T6778] netlink: 'syz.2.260': attribute type 1 has an invalid length. [ 110.040510][ T6795] sctp: [Deprecated]: syz.0.264 (pid 6795) Use of int in max_burst socket option. [ 110.040510][ T6795] Use struct sctp_assoc_value instead [ 110.084001][ T6795] FAULT_INJECTION: forcing a failure. [ 110.084001][ T6795] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 110.121222][ T6795] CPU: 1 UID: 0 PID: 6795 Comm: syz.0.264 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 110.121251][ T6795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 110.121263][ T6795] Call Trace: [ 110.121271][ T6795] [ 110.121280][ T6795] dump_stack_lvl+0x241/0x360 [ 110.121325][ T6795] ? __pfx_dump_stack_lvl+0x10/0x10 [ 110.121348][ T6795] ? __pfx__printk+0x10/0x10 [ 110.121367][ T6795] ? _printk+0xd5/0x120 [ 110.121394][ T6795] should_fail_ex+0x40a/0x550 [ 110.121430][ T6795] _copy_to_user+0x31/0xb0 [ 110.121461][ T6795] sctp_getsockopt_maxburst+0x531/0x760 [ 110.121497][ T6795] ? __pfx_sctp_getsockopt_maxburst+0x10/0x10 [ 110.121535][ T6795] sctp_getsockopt+0xa82/0xbb0 [ 110.121564][ T6795] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 110.121598][ T6795] do_sock_getsockopt+0x38e/0x740 [ 110.121630][ T6795] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 110.121653][ T6795] ? __fget_files+0x2a/0x410 [ 110.121687][ T6795] ? __fget_files+0x395/0x410 [ 110.121716][ T6795] ? __fget_files+0x2a/0x410 [ 110.121756][ T6795] __x64_sys_getsockopt+0x2a1/0x370 [ 110.121789][ T6795] ? __pfx___x64_sys_getsockopt+0x10/0x10 [ 110.121816][ T6795] ? do_syscall_64+0x100/0x230 [ 110.121847][ T6795] ? do_syscall_64+0xb6/0x230 [ 110.121876][ T6795] do_syscall_64+0xf3/0x230 [ 110.121903][ T6795] ? clear_bhb_loop+0x35/0x90 [ 110.121935][ T6795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.121959][ T6795] RIP: 0033:0x7f97c2b8d169 [ 110.121978][ T6795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.121995][ T6795] RSP: 002b:00007f97c397c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 110.122016][ T6795] RAX: ffffffffffffffda RBX: 00007f97c2da6080 RCX: 00007f97c2b8d169 [ 110.122031][ T6795] RDX: 0000000000000014 RSI: 0000000000000084 RDI: 0000000000000003 [ 110.122043][ T6795] RBP: 00007f97c397c090 R08: 0000400000000080 R09: 0000000000000000 [ 110.122056][ T6795] R10: 0000400000000040 R11: 0000000000000246 R12: 0000000000000001 [ 110.122069][ T6795] R13: 0000000000000000 R14: 00007f97c2da6080 R15: 00007ffcc8966658 [ 110.122101][ T6795] [ 110.970174][ T10] IPVS: starting estimator thread 0... [ 111.086066][ T6819] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.093622][ T6819] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.103392][ T6825] IPVS: using max 21 ests per chain, 50400 per kthread [ 111.138331][ T6832] FAULT_INJECTION: forcing a failure. [ 111.138331][ T6832] name failslab, interval 1, probability 0, space 0, times 0 [ 111.180071][ T6832] CPU: 1 UID: 0 PID: 6832 Comm: syz.1.275 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 111.180100][ T6832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 111.180113][ T6832] Call Trace: [ 111.180120][ T6832] [ 111.180129][ T6832] dump_stack_lvl+0x241/0x360 [ 111.180160][ T6832] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.180183][ T6832] ? __pfx__printk+0x10/0x10 [ 111.180206][ T6832] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 111.180247][ T6832] should_fail_ex+0x40a/0x550 [ 111.180282][ T6832] should_failslab+0xac/0x100 [ 111.180312][ T6832] kmem_cache_alloc_node_noprof+0x77/0x380 [ 111.180341][ T6832] ? __alloc_skb+0x1c3/0x440 [ 111.180361][ T6832] ? do_raw_spin_unlock+0x13c/0x8b0 [ 111.180391][ T6832] __alloc_skb+0x1c3/0x440 [ 111.180419][ T6832] ? __pfx___alloc_skb+0x10/0x10 [ 111.180451][ T6832] xfrm_alloc_userspi+0x948/0xe00 [ 111.180507][ T6832] ? __pfx_xfrm_alloc_userspi+0x10/0x10 [ 111.180539][ T6832] ? apparmor_capable+0x13b/0x1b0 [ 111.180568][ T6832] ? __nla_parse+0x40/0x60 [ 111.180595][ T6832] xfrm_user_rcv_msg+0x975/0xc20 [ 111.180629][ T6832] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 111.180706][ T6832] ? __mutex_trylock_common+0x183/0x2e0 [ 111.180728][ T6832] ? __pfx___might_resched+0x10/0x10 [ 111.180757][ T6832] ? __pfx___mutex_trylock_common+0x10/0x10 [ 111.180796][ T6832] netlink_rcv_skb+0x206/0x480 [ 111.180826][ T6832] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 111.180855][ T6832] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 111.180912][ T6832] xfrm_netlink_rcv+0x79/0x90 [ 111.180938][ T6832] netlink_unicast+0x7f6/0x990 [ 111.180990][ T6832] ? __pfx_netlink_unicast+0x10/0x10 [ 111.181015][ T6832] ? __virt_addr_valid+0x45f/0x530 [ 111.181051][ T6832] ? __phys_addr_symbol+0x2f/0x70 [ 111.181070][ T6832] ? __check_object_size+0x47a/0x730 [ 111.181103][ T6832] netlink_sendmsg+0x8de/0xcb0 [ 111.181147][ T6832] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.181183][ T6832] ? aa_sock_msg_perm+0x91/0x160 [ 111.181220][ T6832] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.181250][ T6832] __sock_sendmsg+0x221/0x270 [ 111.181283][ T6832] ____sys_sendmsg+0x53a/0x860 [ 111.181316][ T6832] ? __pfx_____sys_sendmsg+0x10/0x10 [ 111.181339][ T6832] ? __fget_files+0x2a/0x410 [ 111.181372][ T6832] ? __fget_files+0x2a/0x410 [ 111.181412][ T6832] __sys_sendmsg+0x269/0x350 [ 111.181441][ T6832] ? __pfx___sys_sendmsg+0x10/0x10 [ 111.181485][ T6832] ? do_sys_openat2+0x17a/0x1d0 [ 111.181542][ T6832] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 111.181575][ T6832] ? do_syscall_64+0x100/0x230 [ 111.181607][ T6832] ? do_syscall_64+0xb6/0x230 [ 111.181637][ T6832] do_syscall_64+0xf3/0x230 [ 111.181663][ T6832] ? clear_bhb_loop+0x35/0x90 [ 111.181696][ T6832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.181723][ T6832] RIP: 0033:0x7fe6de38d169 [ 111.181740][ T6832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.181756][ T6832] RSP: 002b:00007fe6df2c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.181778][ T6832] RAX: ffffffffffffffda RBX: 00007fe6de5a5fa0 RCX: 00007fe6de38d169 [ 111.181793][ T6832] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000000000000003 [ 111.181805][ T6832] RBP: 00007fe6df2c7090 R08: 0000000000000000 R09: 0000000000000000 [ 111.181817][ T6832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.181828][ T6832] R13: 0000000000000000 R14: 00007fe6de5a5fa0 R15: 00007ffd210290b8 [ 111.181859][ T6832] [ 111.642529][ T6819] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 111.655594][ T6819] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 111.820838][ T6819] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.830917][ T6819] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.839901][ T6819] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.848863][ T6819] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.028859][ T6819] batadv1: left promiscuous mode [ 112.038704][ T6819] batadv1: left allmulticast mode [ 112.110384][ T6840] syzkaller0: entered promiscuous mode [ 112.136766][ T6840] syzkaller0: entered allmulticast mode [ 112.173618][ T6851] syzkaller1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 114.096060][ T6882] __nla_validate_parse: 3 callbacks suppressed [ 114.096082][ T6882] netlink: 20 bytes leftover after parsing attributes in process `syz.0.285'. [ 114.179912][ T6882] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 114.273891][ T6893] netlink: 8 bytes leftover after parsing attributes in process `syz.2.290'. [ 114.324219][ T6893] netlink: 4 bytes leftover after parsing attributes in process `syz.2.290'. [ 114.337961][ T6893] netlink: 'syz.2.290': attribute type 14 has an invalid length. [ 114.407148][ T6893] team0: entered allmulticast mode [ 114.412435][ T6893] team_slave_0: entered allmulticast mode [ 114.414872][ T6896] netlink: 4 bytes leftover after parsing attributes in process `syz.1.292'. [ 114.422571][ T6893] team_slave_1: entered allmulticast mode [ 114.441516][ T6899] netlink: 80 bytes leftover after parsing attributes in process `syz.0.291'. [ 114.956148][ T6923] netlink: 'syz.3.298': attribute type 2 has an invalid length. [ 114.965399][ T6923] netlink: 'syz.3.298': attribute type 1 has an invalid length. [ 114.974413][ T6923] netlink: 224 bytes leftover after parsing attributes in process `syz.3.298'. [ 115.000958][ T6923] netlink: 4 bytes leftover after parsing attributes in process `syz.3.298'. [ 115.081973][ T6927] netlink: 16 bytes leftover after parsing attributes in process `syz.3.298'. [ 115.093195][ T6923] bond0: (slave bond_slave_0): Releasing backup interface [ 115.355721][ T6931] Bluetooth: MGMT ver 1.23 [ 115.638973][ T6937] netlink: 80 bytes leftover after parsing attributes in process `syz.1.302'. [ 115.753597][ T6941] netlink: 4 bytes leftover after parsing attributes in process `syz.2.304'. [ 115.928769][ T6949] netlink: set zone limit has 8 unknown bytes [ 115.973102][ T6949] ieee802154 phy0 wpan0: encryption failed: -22 [ 116.913392][ T6974] pim6reg1: entered promiscuous mode [ 116.918770][ T6974] pim6reg1: entered allmulticast mode [ 117.050872][ T6984] FAULT_INJECTION: forcing a failure. [ 117.050872][ T6984] name failslab, interval 1, probability 0, space 0, times 0 [ 117.168552][ T6984] CPU: 0 UID: 0 PID: 6984 Comm: syz.2.320 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 117.168582][ T6984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 117.168595][ T6984] Call Trace: [ 117.168602][ T6984] [ 117.168610][ T6984] dump_stack_lvl+0x241/0x360 [ 117.168643][ T6984] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.168666][ T6984] ? __pfx__printk+0x10/0x10 [ 117.168688][ T6984] ? __kmalloc_noprof+0xb5/0x4c0 [ 117.168718][ T6984] ? __pfx___might_resched+0x10/0x10 [ 117.168750][ T6984] should_fail_ex+0x40a/0x550 [ 117.168786][ T6984] should_failslab+0xac/0x100 [ 117.168844][ T6984] __kmalloc_noprof+0xdd/0x4c0 [ 117.168873][ T6984] ? rds_message_alloc+0x45/0x1f0 [ 117.168906][ T6984] rds_message_alloc+0x45/0x1f0 [ 117.168934][ T6984] rds_sendmsg+0xecc/0x2340 [ 117.168991][ T6984] ? __pfx_rds_sendmsg+0x10/0x10 [ 117.169022][ T6984] ? aa_sk_perm+0x96d/0xab0 [ 117.169059][ T6984] ? __pfx_aa_sk_perm+0x10/0x10 [ 117.169088][ T6984] ? __fget_files+0x2a/0x410 [ 117.169119][ T6984] ? aa_sock_msg_perm+0x91/0x160 [ 117.169155][ T6984] ? __pfx_rds_sendmsg+0x10/0x10 [ 117.169183][ T6984] __sock_sendmsg+0x221/0x270 [ 117.169216][ T6984] __sys_sendto+0x363/0x4c0 [ 117.169243][ T6984] ? __pfx___sys_sendto+0x10/0x10 [ 117.169278][ T6984] ? __fget_files+0x2a/0x410 [ 117.169316][ T6984] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 117.169350][ T6984] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 117.169387][ T6984] __x64_sys_sendto+0xde/0x100 [ 117.169412][ T6984] do_syscall_64+0xf3/0x230 [ 117.169440][ T6984] ? clear_bhb_loop+0x35/0x90 [ 117.169472][ T6984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.169499][ T6984] RIP: 0033:0x7f31e278d169 [ 117.169517][ T6984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.169533][ T6984] RSP: 002b:00007f31e3520038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 117.169556][ T6984] RAX: ffffffffffffffda RBX: 00007f31e29a6080 RCX: 00007f31e278d169 [ 117.169571][ T6984] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 117.169582][ T6984] RBP: 00007f31e3520090 R08: 0000400000000200 R09: 0000000000000010 [ 117.169595][ T6984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.169611][ T6984] R13: 0000000000000000 R14: 00007f31e29a6080 R15: 00007ffd9e1258d8 [ 117.169640][ T6984] [ 117.867844][ T7005] macsec0: entered allmulticast mode [ 118.137947][ T7013] netlink: 'syz.3.335': attribute type 2 has an invalid length. [ 118.155341][ T7013] FAULT_INJECTION: forcing a failure. [ 118.155341][ T7013] name failslab, interval 1, probability 0, space 0, times 0 [ 118.210599][ T7013] CPU: 0 UID: 0 PID: 7013 Comm: syz.3.335 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 118.210628][ T7013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 118.210641][ T7013] Call Trace: [ 118.210648][ T7013] [ 118.210657][ T7013] dump_stack_lvl+0x241/0x360 [ 118.210689][ T7013] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.210713][ T7013] ? __pfx__printk+0x10/0x10 [ 118.210736][ T7013] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 118.210769][ T7013] ? __pfx___might_resched+0x10/0x10 [ 118.210808][ T7013] should_fail_ex+0x40a/0x550 [ 118.210846][ T7013] should_failslab+0xac/0x100 [ 118.210876][ T7013] kmem_cache_alloc_node_noprof+0x77/0x380 [ 118.210906][ T7013] ? __alloc_skb+0x1c3/0x440 [ 118.210934][ T7013] __alloc_skb+0x1c3/0x440 [ 118.210962][ T7013] ? __pfx___alloc_skb+0x10/0x10 [ 118.210982][ T7013] ? do_raw_spin_unlock+0x13c/0x8b0 [ 118.211020][ T7013] phonet_address_notify+0x32/0xe0 [ 118.211045][ T7013] addr_doit+0x53c/0x600 [ 118.211069][ T7013] ? addr_doit+0x2cd/0x600 [ 118.211089][ T7013] ? __pfx_addr_doit+0x10/0x10 [ 118.211124][ T7013] ? __pfx_addr_doit+0x10/0x10 [ 118.211145][ T7013] rtnetlink_rcv_msg+0x791/0xcf0 [ 118.211176][ T7013] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 118.211209][ T7013] ? __lock_acquire+0x1397/0x2100 [ 118.211240][ T7013] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 118.211288][ T7013] netlink_rcv_skb+0x206/0x480 [ 118.211321][ T7013] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 118.211355][ T7013] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 118.211410][ T7013] ? netlink_deliver_tap+0x2e/0x1b0 [ 118.211445][ T7013] netlink_unicast+0x7f6/0x990 [ 118.211483][ T7013] ? __pfx_netlink_unicast+0x10/0x10 [ 118.211509][ T7013] ? __virt_addr_valid+0x45f/0x530 [ 118.211531][ T7013] ? __phys_addr_symbol+0x2f/0x70 [ 118.211551][ T7013] ? __check_object_size+0x47a/0x730 [ 118.211589][ T7013] netlink_sendmsg+0x8de/0xcb0 [ 118.211634][ T7013] ? __pfx_netlink_sendmsg+0x10/0x10 [ 118.211672][ T7013] ? aa_sock_msg_perm+0x91/0x160 [ 118.211711][ T7013] ? __pfx_netlink_sendmsg+0x10/0x10 [ 118.211741][ T7013] __sock_sendmsg+0x221/0x270 [ 118.211775][ T7013] ____sys_sendmsg+0x53a/0x860 [ 118.211817][ T7013] ? __pfx_____sys_sendmsg+0x10/0x10 [ 118.211840][ T7013] ? __fget_files+0x2a/0x410 [ 118.211874][ T7013] ? __fget_files+0x2a/0x410 [ 118.211914][ T7013] __sys_sendmsg+0x269/0x350 [ 118.211943][ T7013] ? __pfx___sys_sendmsg+0x10/0x10 [ 118.211981][ T7013] ? do_sys_openat2+0x17a/0x1d0 [ 118.212039][ T7013] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 118.212073][ T7013] ? do_syscall_64+0x100/0x230 [ 118.212105][ T7013] ? do_syscall_64+0xb6/0x230 [ 118.212136][ T7013] do_syscall_64+0xf3/0x230 [ 118.212165][ T7013] ? clear_bhb_loop+0x35/0x90 [ 118.212198][ T7013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.212226][ T7013] RIP: 0033:0x7f6642b8d169 [ 118.212244][ T7013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.212261][ T7013] RSP: 002b:00007f6643983038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 118.212284][ T7013] RAX: ffffffffffffffda RBX: 00007f6642da5fa0 RCX: 00007f6642b8d169 [ 118.212299][ T7013] RDX: 0000000000000000 RSI: 0000400000000080 RDI: 0000000000000004 [ 118.212312][ T7013] RBP: 00007f6643983090 R08: 0000000000000000 R09: 0000000000000000 [ 118.212325][ T7013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.212336][ T7013] R13: 0000000000000000 R14: 00007f6642da5fa0 R15: 00007fff3ece65d8 [ 118.212367][ T7013] [ 118.622682][ T7016] bridge_slave_0: left allmulticast mode [ 118.642711][ T7016] bridge_slave_0: left promiscuous mode [ 118.654679][ T7016] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.704405][ T7016] bridge_slave_1: left allmulticast mode [ 118.710177][ T7016] bridge_slave_1: left promiscuous mode [ 118.716140][ T7016] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.834284][ T7016] bond0: (slave bond_slave_0): Releasing backup interface [ 118.912673][ T7016] bond0: (slave bond_slave_1): Releasing backup interface [ 118.940722][ T7016] team0: Port device team_slave_0 removed [ 118.951377][ T7016] team0: Port device team_slave_1 removed [ 118.963446][ T7016] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 118.973773][ T7016] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 119.449024][ T7053] __nla_validate_parse: 6 callbacks suppressed [ 119.449045][ T7053] netlink: 20 bytes leftover after parsing attributes in process `syz.1.345'. [ 119.569115][ T7058] netlink: 'syz.1.345': attribute type 11 has an invalid length. [ 119.643153][ T7058] netlink: 32 bytes leftover after parsing attributes in process `syz.1.345'. [ 119.796531][ T7059] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.823857][ T7064] netlink: 16 bytes leftover after parsing attributes in process `syz.4.348'. [ 120.215914][ T7075] netlink: 'syz.4.353': attribute type 1 has an invalid length. [ 120.693062][ T7090] netlink: 'syz.2.357': attribute type 2 has an invalid length. [ 120.712999][ T7090] netlink: 'syz.2.357': attribute type 1 has an invalid length. [ 120.737567][ T7090] netlink: 224 bytes leftover after parsing attributes in process `syz.2.357'. [ 120.787039][ T7092] netlink: 4 bytes leftover after parsing attributes in process `syz.2.357'. [ 120.910187][ T7090] netlink: 16 bytes leftover after parsing attributes in process `syz.2.357'. [ 121.065615][ T7092] bond0: (slave bond_slave_0): Releasing backup interface [ 121.067732][ T7098] netlink: 24 bytes leftover after parsing attributes in process `syz.4.360'. [ 121.132165][ T7103] netlink: 16 bytes leftover after parsing attributes in process `syz.1.361'. [ 121.142609][ T7104] sctp: [Deprecated]: syz.0.362 (pid 7104) Use of int in max_burst socket option. [ 121.142609][ T7104] Use struct sctp_assoc_value instead [ 121.172286][ T7098] netlink: 24 bytes leftover after parsing attributes in process `syz.4.360'. [ 121.196263][ T7098] nbd: device at index 64 is going down [ 121.373186][ T7108] netlink: 8 bytes leftover after parsing attributes in process `syz.1.363'. [ 122.060405][ T7136] netlink: 'syz.2.374': attribute type 1 has an invalid length. [ 122.281381][ T7139] batadv2: entered allmulticast mode [ 122.302988][ T7136] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 122.311132][ T7144] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16) [ 122.334684][ T7144] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 122.368890][ T7145] nbd: device at index 64 is going down [ 122.654083][ T7158] warning: `syz.0.379' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 123.842750][ T7201] nbd: device at index 64 is going down [ 123.865444][ T7208] netlink: 'syz.4.396': attribute type 1 has an invalid length. [ 123.907781][ T7208] 8021q: adding VLAN 0 to HW filter on device bond1 [ 124.168784][ T7217] netlink: 'syz.1.398': attribute type 2 has an invalid length. [ 124.571306][ T7237] __nla_validate_parse: 9 callbacks suppressed [ 124.571327][ T7237] netlink: 8 bytes leftover after parsing attributes in process `syz.2.406'. [ 124.592665][ T7235] netlink: 72 bytes leftover after parsing attributes in process `syz.1.404'. [ 124.613880][ T7235] netlink: 12 bytes leftover after parsing attributes in process `syz.1.404'. [ 124.660681][ T7235] netlink: 20 bytes leftover after parsing attributes in process `syz.1.404'. [ 124.713898][ T7228] netlink: 40 bytes leftover after parsing attributes in process `syz.4.399'. [ 124.811984][ T7246] netlink: 44 bytes leftover after parsing attributes in process `syz.0.407'. [ 125.198717][ T7257] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 125.230689][ T7260] netlink: 156 bytes leftover after parsing attributes in process `syz.3.412'. [ 125.429848][ T7271] netlink: 4 bytes leftover after parsing attributes in process `syz.2.415'. [ 125.898713][ T7294] FAULT_INJECTION: forcing a failure. [ 125.898713][ T7294] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 125.965178][ T7294] CPU: 1 UID: 0 PID: 7294 Comm: syz.4.421 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 125.965208][ T7294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 125.965220][ T7294] Call Trace: [ 125.965227][ T7294] [ 125.965236][ T7294] dump_stack_lvl+0x241/0x360 [ 125.965272][ T7294] ? __pfx_dump_stack_lvl+0x10/0x10 [ 125.965299][ T7294] ? __pfx__printk+0x10/0x10 [ 125.965316][ T7294] ? do_vfs_ioctl+0xf18/0x2770 [ 125.965350][ T7294] should_fail_ex+0x40a/0x550 [ 125.965386][ T7294] _copy_from_user+0x2d/0xb0 [ 125.965414][ T7294] get_user_ifreq+0xc3/0x200 [ 125.965443][ T7294] inet_ioctl+0x3a4/0x4f0 [ 125.965469][ T7294] ? __pfx_inet_ioctl+0x10/0x10 [ 125.965498][ T7294] ? tomoyo_path_number_perm+0x5dd/0x770 [ 125.965537][ T7294] ? __lock_acquire+0x1397/0x2100 [ 125.965578][ T7294] sock_do_ioctl+0x158/0x460 [ 125.965631][ T7294] ? __pfx_sock_do_ioctl+0x10/0x10 [ 125.965686][ T7294] sock_ioctl+0x626/0x8e0 [ 125.965718][ T7294] ? __pfx_sock_ioctl+0x10/0x10 [ 125.965746][ T7294] ? __fget_files+0x2a/0x410 [ 125.965779][ T7294] ? __fget_files+0x2a/0x410 [ 125.965813][ T7294] ? __pfx_sock_ioctl+0x10/0x10 [ 125.965843][ T7294] __se_sys_ioctl+0xf5/0x170 [ 125.965870][ T7294] do_syscall_64+0xf3/0x230 [ 125.965899][ T7294] ? clear_bhb_loop+0x35/0x90 [ 125.965937][ T7294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.965965][ T7294] RIP: 0033:0x7f1ae498d169 [ 125.965984][ T7294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.966001][ T7294] RSP: 002b:00007f1ae573b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 125.966023][ T7294] RAX: ffffffffffffffda RBX: 00007f1ae4ba5fa0 RCX: 00007f1ae498d169 [ 125.966038][ T7294] RDX: 0000400000000040 RSI: 0000000000008916 RDI: 0000000000000003 [ 125.966051][ T7294] RBP: 00007f1ae573b090 R08: 0000000000000000 R09: 0000000000000000 [ 125.966064][ T7294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 125.966076][ T7294] R13: 0000000000000000 R14: 00007f1ae4ba5fa0 R15: 00007ffcfb825cf8 [ 125.966105][ T7294] [ 125.966479][ T7297] netlink: 'syz.0.424': attribute type 1 has an invalid length. [ 126.178649][ T7303] netlink: 20 bytes leftover after parsing attributes in process `syz.2.425'. [ 126.332733][ T7309] netlink: 64 bytes leftover after parsing attributes in process `syz.3.427'. [ 126.460260][ T7300] veth5: entered promiscuous mode [ 127.275886][ T7356] bond3: entered promiscuous mode [ 127.276452][ T7360] FAULT_INJECTION: forcing a failure. [ 127.276452][ T7360] name failslab, interval 1, probability 0, space 0, times 0 [ 127.281288][ T7356] 8021q: adding VLAN 0 to HW filter on device bond3 [ 127.379146][ T7360] CPU: 0 UID: 0 PID: 7360 Comm: syz.2.444 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 127.379176][ T7360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 127.379189][ T7360] Call Trace: [ 127.379196][ T7360] [ 127.379204][ T7360] dump_stack_lvl+0x241/0x360 [ 127.379237][ T7360] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.379261][ T7360] ? __pfx__printk+0x10/0x10 [ 127.379284][ T7360] ? __kmalloc_cache_noprof+0x48/0x390 [ 127.379316][ T7360] ? __pfx___might_resched+0x10/0x10 [ 127.379343][ T7360] ? unwind_get_return_address+0x4d/0x90 [ 127.379379][ T7360] should_fail_ex+0x40a/0x550 [ 127.379444][ T7360] should_failslab+0xac/0x100 [ 127.379475][ T7360] __kmalloc_cache_noprof+0x70/0x390 [ 127.379511][ T7360] ? rtnl_newlink+0x13e/0x1d90 [ 127.379556][ T7360] rtnl_newlink+0x13e/0x1d90 [ 127.379586][ T7360] ? stack_depot_save_flags+0x37/0x940 [ 127.379626][ T7360] ? kasan_save_track+0x51/0x80 [ 127.379659][ T7360] ? kasan_save_free_info+0x40/0x50 [ 127.379688][ T7360] ? __kasan_slab_free+0x59/0x70 [ 127.379710][ T7360] ? kmem_cache_free+0x195/0x410 [ 127.379738][ T7360] ? __pfx_rtnl_newlink+0x10/0x10 [ 127.379767][ T7360] ? __netlink_deliver_tap+0x561/0x7f0 [ 127.379805][ T7360] ? __pfx_validate_chain+0x10/0x10 [ 127.379826][ T7360] ? __sock_sendmsg+0x221/0x270 [ 127.379853][ T7360] ? ____sys_sendmsg+0x53a/0x860 [ 127.379874][ T7360] ? __sys_sendmsg+0x269/0x350 [ 127.379894][ T7360] ? do_syscall_64+0xf3/0x230 [ 127.379919][ T7360] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.379971][ T7360] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 127.380004][ T7360] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 127.380044][ T7360] ? mark_lock+0x9a/0x360 [ 127.380067][ T7360] ? __lock_acquire+0x1397/0x2100 [ 127.380125][ T7360] ? __pfx_lock_release+0x10/0x10 [ 127.380169][ T7360] ? __pfx_rtnl_newlink+0x10/0x10 [ 127.380202][ T7360] rtnetlink_rcv_msg+0x791/0xcf0 [ 127.380232][ T7360] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 127.380267][ T7360] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 127.380305][ T7360] ? ref_tracker_free+0x643/0x7e0 [ 127.380331][ T7360] netlink_rcv_skb+0x206/0x480 [ 127.380361][ T7360] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 127.380394][ T7360] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 127.380446][ T7360] ? netlink_deliver_tap+0x2e/0x1b0 [ 127.380476][ T7360] netlink_unicast+0x7f6/0x990 [ 127.380510][ T7360] ? __pfx_netlink_unicast+0x10/0x10 [ 127.380536][ T7360] ? __virt_addr_valid+0x45f/0x530 [ 127.380556][ T7360] ? __phys_addr_symbol+0x2f/0x70 [ 127.380574][ T7360] ? __check_object_size+0x47a/0x730 [ 127.380607][ T7360] netlink_sendmsg+0x8de/0xcb0 [ 127.380650][ T7360] ? __pfx_netlink_sendmsg+0x10/0x10 [ 127.380685][ T7360] ? aa_sock_msg_perm+0x91/0x160 [ 127.380722][ T7360] ? __pfx_netlink_sendmsg+0x10/0x10 [ 127.380751][ T7360] __sock_sendmsg+0x221/0x270 [ 127.380781][ T7360] ____sys_sendmsg+0x53a/0x860 [ 127.380822][ T7360] ? __pfx_____sys_sendmsg+0x10/0x10 [ 127.380845][ T7360] ? __fget_files+0x2a/0x410 [ 127.380877][ T7360] ? __fget_files+0x2a/0x410 [ 127.380914][ T7360] __sys_sendmsg+0x269/0x350 [ 127.380951][ T7360] ? __pfx___sys_sendmsg+0x10/0x10 [ 127.380989][ T7360] ? do_sys_openat2+0x17a/0x1d0 [ 127.381045][ T7360] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 127.381078][ T7360] ? do_syscall_64+0x100/0x230 [ 127.381109][ T7360] ? do_syscall_64+0xb6/0x230 [ 127.381139][ T7360] do_syscall_64+0xf3/0x230 [ 127.381166][ T7360] ? clear_bhb_loop+0x35/0x90 [ 127.381197][ T7360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.381224][ T7360] RIP: 0033:0x7f31e278d169 [ 127.381248][ T7360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.381264][ T7360] RSP: 002b:00007f31e3520038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 127.381286][ T7360] RAX: ffffffffffffffda RBX: 00007f31e29a6080 RCX: 00007f31e278d169 [ 127.381301][ T7360] RDX: 0000000000000000 RSI: 00004000000000c0 RDI: 0000000000000003 [ 127.381313][ T7360] RBP: 00007f31e3520090 R08: 0000000000000000 R09: 0000000000000000 [ 127.381324][ T7360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 127.381335][ T7360] R13: 0000000000000001 R14: 00007f31e29a6080 R15: 00007ffd9e1258d8 [ 127.381364][ T7360] [ 127.918798][ T7368] wg1: left promiscuous mode [ 127.942090][ T7368] wg1: left allmulticast mode [ 128.286320][ T7377] netlink: 'syz.3.451': attribute type 3 has an invalid length. [ 128.592530][ T7397] xt_CT: No such helper "snmp" [ 128.608485][ T7397] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 128.631177][ T7405] netlink: 'syz.4.461': attribute type 1 has an invalid length. [ 128.642695][ T7397] netlink: 'syz.3.459': attribute type 1 has an invalid length. [ 128.672373][ T7397] bond1: entered promiscuous mode [ 128.692988][ T7397] bond1: entered allmulticast mode [ 128.729152][ T7405] bond2: entered promiscuous mode [ 128.734833][ T7405] 8021q: adding VLAN 0 to HW filter on device bond2 [ 128.762644][ T7404] netlink: 'syz.3.459': attribute type 4 has an invalid length. [ 128.776491][ T1213] IPVS: starting estimator thread 0... [ 128.832488][ T7408] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.871376][ T7408] team0: left allmulticast mode [ 128.881588][ T7408] team_slave_0: left allmulticast mode [ 128.887668][ T7416] IPVS: using max 20 ests per chain, 48000 per kthread [ 128.903344][ T7408] team_slave_1: left allmulticast mode [ 128.971759][ T7408] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 128.986568][ T7408] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 129.049703][ T7408] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.062953][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout [ 129.063094][ T55] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 129.077206][ T7408] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.086467][ T7408] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.095755][ T7408] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.132553][ T7408] bond1: left promiscuous mode [ 129.139579][ T7408] batadv1: left promiscuous mode [ 129.145118][ T7408] batadv1: left allmulticast mode [ 129.152223][ T7408] bond3: left promiscuous mode [ 129.171879][ T7397] batadv2: entered allmulticast mode [ 129.181608][ T7397] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 129.194979][ T7397] bond1: (slave batadv2): making interface the new active one [ 129.202521][ T7397] batadv2: entered promiscuous mode [ 129.217806][ T7397] bond1: (slave batadv2): Enslaving as an active interface with an up link [ 129.231836][ T7412] batadv1: entered promiscuous mode [ 129.237753][ T7412] batadv1: entered allmulticast mode [ 129.701532][ T7449] __nla_validate_parse: 17 callbacks suppressed [ 129.701553][ T7449] netlink: 16 bytes leftover after parsing attributes in process `syz.0.477'. [ 129.754900][ T7444] netlink: 44 bytes leftover after parsing attributes in process `syz.3.473'. [ 129.858308][ T7452] netlink: 60 bytes leftover after parsing attributes in process `syz.2.478'. [ 129.996432][ T7457] macsec0: left allmulticast mode [ 130.001849][ T7457] bond1: left promiscuous mode [ 130.008159][ T7460] netlink: 40 bytes leftover after parsing attributes in process `syz.2.478'. [ 130.043101][ T7457] batadv2: left promiscuous mode [ 130.064948][ T7457] bond1: left allmulticast mode [ 130.082420][ T7457] batadv2: left allmulticast mode [ 130.462064][ T7469] netlink: 68 bytes leftover after parsing attributes in process `syz.4.479'. [ 130.594660][ T7475] netlink: 4 bytes leftover after parsing attributes in process `syz.1.486'. [ 130.830755][ T7490] netlink: 16 bytes leftover after parsing attributes in process `syz.1.490'. [ 130.853354][ T7491] netlink: 44 bytes leftover after parsing attributes in process `syz.2.491'. [ 131.147558][ T7502] sctp: [Deprecated]: syz.1.495 (pid 7502) Use of int in maxseg socket option. [ 131.147558][ T7502] Use struct sctp_assoc_value instead [ 131.337929][ T7508] bond2: left promiscuous mode [ 131.343933][ T7508] batadv1: left promiscuous mode [ 131.348931][ T7508] batadv1: left allmulticast mode [ 131.361853][ T7511] netlink: 4 bytes leftover after parsing attributes in process `syz.2.499'. [ 131.372155][ T55] Bluetooth: hci3: link tx timeout [ 131.377789][ T55] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 131.387606][ T55] Bluetooth: hci3: link tx timeout [ 131.392759][ T55] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 131.401713][ T55] Bluetooth: hci3: link tx timeout [ 131.407003][ T55] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 131.414762][ T55] Bluetooth: hci3: link tx timeout [ 131.419914][ T55] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 131.617153][ T7518] netlink: 16 bytes leftover after parsing attributes in process `syz.4.502'. [ 131.664118][ T7514] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 131.785771][ T7530] FAULT_INJECTION: forcing a failure. [ 131.785771][ T7530] name failslab, interval 1, probability 0, space 0, times 0 [ 131.799308][ T7530] CPU: 1 UID: 0 PID: 7530 Comm: syz.3.508 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 131.799337][ T7530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 131.799350][ T7530] Call Trace: [ 131.799357][ T7530] [ 131.799365][ T7530] dump_stack_lvl+0x241/0x360 [ 131.799394][ T7530] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.799417][ T7530] ? __pfx__printk+0x10/0x10 [ 131.799433][ T7530] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.799484][ T7530] should_fail_ex+0x40a/0x550 [ 131.799520][ T7530] should_failslab+0xac/0x100 [ 131.799550][ T7530] kmem_cache_alloc_node_noprof+0x77/0x380 [ 131.799583][ T7530] ? __alloc_skb+0x1c3/0x440 [ 131.799610][ T7530] __alloc_skb+0x1c3/0x440 [ 131.799637][ T7530] ? __pfx___alloc_skb+0x10/0x10 [ 131.799659][ T7530] ? xfrm_get_translator+0x10/0x240 [ 131.799689][ T7530] ? __pfx_lock_release+0x10/0x10 [ 131.799725][ T7530] xfrm_alloc_compat+0x1b6/0x1710 [ 131.799765][ T7530] ? xfrm_get_translator+0x19/0x240 [ 131.799795][ T7530] dump_one_state+0x282/0x3f0 [ 131.799830][ T7530] xfrm_alloc_userspi+0x9bb/0xe00 [ 131.799877][ T7530] ? __pfx_xfrm_alloc_userspi+0x10/0x10 [ 131.799909][ T7530] ? apparmor_capable+0x13b/0x1b0 [ 131.799936][ T7530] ? __nla_parse+0x40/0x60 [ 131.799960][ T7530] xfrm_user_rcv_msg+0x975/0xc20 [ 131.799992][ T7530] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 131.800051][ T7530] ? __mutex_trylock_common+0x183/0x2e0 [ 131.800075][ T7530] ? __pfx___might_resched+0x10/0x10 [ 131.800114][ T7530] ? __pfx___mutex_trylock_common+0x10/0x10 [ 131.800148][ T7530] netlink_rcv_skb+0x206/0x480 [ 131.800180][ T7530] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 131.800211][ T7530] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 131.800271][ T7530] xfrm_netlink_rcv+0x79/0x90 [ 131.800298][ T7530] netlink_unicast+0x7f6/0x990 [ 131.800335][ T7530] ? __pfx_netlink_unicast+0x10/0x10 [ 131.800360][ T7530] ? __virt_addr_valid+0x45f/0x530 [ 131.800381][ T7530] ? __phys_addr_symbol+0x2f/0x70 [ 131.800399][ T7530] ? __check_object_size+0x47a/0x730 [ 131.800432][ T7530] netlink_sendmsg+0x8de/0xcb0 [ 131.800476][ T7530] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.800512][ T7530] ? aa_sock_msg_perm+0x91/0x160 [ 131.800548][ T7530] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.800577][ T7530] __sock_sendmsg+0x221/0x270 [ 131.800610][ T7530] ____sys_sendmsg+0x53a/0x860 [ 131.800644][ T7530] ? __pfx_____sys_sendmsg+0x10/0x10 [ 131.800666][ T7530] ? __fget_files+0x2a/0x410 [ 131.800699][ T7530] ? __fget_files+0x2a/0x410 [ 131.800738][ T7530] __sys_sendmsg+0x269/0x350 [ 131.800767][ T7530] ? __pfx___sys_sendmsg+0x10/0x10 [ 131.800805][ T7530] ? do_sys_openat2+0x17a/0x1d0 [ 131.800862][ T7530] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 131.800894][ T7530] ? do_syscall_64+0x100/0x230 [ 131.800925][ T7530] ? do_syscall_64+0xb6/0x230 [ 131.800955][ T7530] do_syscall_64+0xf3/0x230 [ 131.800981][ T7530] ? clear_bhb_loop+0x35/0x90 [ 131.801012][ T7530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.801039][ T7530] RIP: 0033:0x7f6642b8d169 [ 131.801057][ T7530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.801073][ T7530] RSP: 002b:00007f6643983038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 131.801102][ T7530] RAX: ffffffffffffffda RBX: 00007f6642da5fa0 RCX: 00007f6642b8d169 [ 131.801117][ T7530] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000000000000003 [ 131.801129][ T7530] RBP: 00007f6643983090 R08: 0000000000000000 R09: 0000000000000000 [ 131.801142][ T7530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.801153][ T7530] R13: 0000000000000000 R14: 00007f6642da5fa0 R15: 00007fff3ece65d8 [ 131.801183][ T7530] [ 133.136235][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.142669][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.193607][ T7579] lo speed is unknown, defaulting to 1000 [ 133.206846][ T7579] lo speed is unknown, defaulting to 1000 [ 133.228057][ T7579] lo speed is unknown, defaulting to 1000 [ 133.260748][ T7579] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 133.306920][ T7579] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 133.352742][ T7579] lo speed is unknown, defaulting to 1000 [ 133.361420][ T7579] lo speed is unknown, defaulting to 1000 [ 133.432441][ T7579] lo speed is unknown, defaulting to 1000 [ 133.453922][ T55] Bluetooth: hci3: command 0x0405 tx timeout [ 133.482668][ T7579] lo speed is unknown, defaulting to 1000 [ 133.512507][ T7579] lo speed is unknown, defaulting to 1000 [ 133.831307][ T7593] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.851573][ T7593] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.862672][ T7593] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.885650][ T7593] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.153829][ T7605] netlink: 'syz.4.533': attribute type 32 has an invalid length. [ 134.824513][ T7634] pim6reg1: entered promiscuous mode [ 134.829982][ T7634] pim6reg1: entered allmulticast mode [ 134.953952][ T7591] __nla_validate_parse: 13 callbacks suppressed [ 134.953970][ T7591] netlink: 596 bytes leftover after parsing attributes in process `syz.0.529'. [ 134.985101][ T7638] netlink: 24 bytes leftover after parsing attributes in process `syz.3.543'. [ 135.043315][ T7638] netlink: 24 bytes leftover after parsing attributes in process `syz.3.543'. [ 135.052252][ T7638] nbd: device at index 64 is going down [ 135.302465][ T7649] netlink: 16 bytes leftover after parsing attributes in process `syz.3.546'. [ 135.533178][ T55] Bluetooth: hci3: command 0x0405 tx timeout [ 135.582364][ T7659] netlink: 16 bytes leftover after parsing attributes in process `syz.3.552'. [ 135.678399][ T7661] netlink: 44 bytes leftover after parsing attributes in process `syz.0.551'. [ 135.718535][ T7668] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.740179][ T7668] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.763087][ T7668] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.783019][ T7668] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.797101][ T7671] FAULT_INJECTION: forcing a failure. [ 135.797101][ T7671] name failslab, interval 1, probability 0, space 0, times 0 [ 135.811335][ T7671] CPU: 0 UID: 0 PID: 7671 Comm: syz.1.555 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 135.811362][ T7671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 135.811374][ T7671] Call Trace: [ 135.811382][ T7671] [ 135.811391][ T7671] dump_stack_lvl+0x241/0x360 [ 135.811422][ T7671] ? __pfx_dump_stack_lvl+0x10/0x10 [ 135.811445][ T7671] ? __pfx__printk+0x10/0x10 [ 135.811481][ T7671] should_fail_ex+0x40a/0x550 [ 135.811519][ T7671] should_failslab+0xac/0x100 [ 135.811549][ T7671] __kmalloc_cache_noprof+0x70/0x390 [ 135.811578][ T7671] ? sctp_add_bind_addr+0x89/0x3a0 [ 135.811610][ T7671] sctp_add_bind_addr+0x89/0x3a0 [ 135.811640][ T7671] sctp_copy_local_addr_list+0x311/0x500 [ 135.811671][ T7671] ? sctp_copy_local_addr_list+0xab/0x500 [ 135.811699][ T7671] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 135.811731][ T7671] ? sctp_v6_is_any+0x60/0x70 [ 135.811761][ T7671] ? sctp_copy_one_addr+0x94/0x360 [ 135.811793][ T7671] sctp_bind_addr_copy+0xad/0x3b0 [ 135.811819][ T7671] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 135.811846][ T7671] sctp_connect_new_asoc+0x2f3/0x6c0 [ 135.811869][ T7671] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 135.811900][ T7671] ? sctp_sendmsg+0xf1a/0x35d0 [ 135.811938][ T7671] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 135.811976][ T7671] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 135.812006][ T7671] sctp_sendmsg+0x1f64/0x35d0 [ 135.812058][ T7671] ? __pfx_sctp_sendmsg+0x10/0x10 [ 135.812095][ T7671] ? aa_sk_perm+0x96d/0xab0 [ 135.812141][ T7671] ? inet_sendmsg+0x330/0x390 [ 135.812167][ T7671] __sock_sendmsg+0x1a6/0x270 [ 135.812204][ T7671] __sys_sendto+0x363/0x4c0 [ 135.812232][ T7671] ? __pfx___sys_sendto+0x10/0x10 [ 135.812267][ T7671] ? __fget_files+0x2a/0x410 [ 135.812307][ T7671] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 135.812341][ T7671] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 135.812378][ T7671] __x64_sys_sendto+0xde/0x100 [ 135.812404][ T7671] do_syscall_64+0xf3/0x230 [ 135.812433][ T7671] ? clear_bhb_loop+0x35/0x90 [ 135.812466][ T7671] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.812494][ T7671] RIP: 0033:0x7fe6de38d169 [ 135.812512][ T7671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.812528][ T7671] RSP: 002b:00007fe6df2c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 135.812550][ T7671] RAX: ffffffffffffffda RBX: 00007fe6de5a5fa0 RCX: 00007fe6de38d169 [ 135.812565][ T7671] RDX: 0000000000000001 RSI: 0000400000000040 RDI: 0000000000000006 [ 135.812578][ T7671] RBP: 00007fe6df2c7090 R08: 0000400000000100 R09: 000000000000001c [ 135.812591][ T7671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 135.812603][ T7671] R13: 0000000000000000 R14: 00007fe6de5a5fa0 R15: 00007ffd210290b8 [ 135.812633][ T7671] [ 136.267740][ T7681] netlink: 80 bytes leftover after parsing attributes in process `syz.2.559'. [ 136.552293][ T7692] netlink: 16 bytes leftover after parsing attributes in process `syz.3.563'. [ 136.590827][ T7693] netlink: 8 bytes leftover after parsing attributes in process `syz.1.562'. [ 136.951076][ T7701] netlink: 44 bytes leftover after parsing attributes in process `syz.1.567'. [ 136.977225][ T7707] macsec1: entered promiscuous mode [ 136.982751][ T7707] team0: entered promiscuous mode [ 137.001433][ T7707] team_slave_0: entered promiscuous mode [ 137.014773][ T7707] team_slave_1: entered promiscuous mode [ 137.029423][ T7707] macsec1: entered allmulticast mode [ 137.045080][ T7707] team0: entered allmulticast mode [ 137.062349][ T7707] team_slave_0: entered allmulticast mode [ 137.072665][ T7707] team_slave_1: entered allmulticast mode [ 137.394835][ T7724] netlink: 'syz.3.576': attribute type 10 has an invalid length. [ 137.465698][ T7732] netlink: 'syz.1.578': attribute type 2 has an invalid length. [ 137.480289][ T7732] netlink: 'syz.1.578': attribute type 1 has an invalid length. [ 138.074922][ T7747] bridge_slave_1: left allmulticast mode [ 138.096250][ T7747] bridge_slave_1: left promiscuous mode [ 138.127988][ T7747] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.158598][ T7747] bridge_slave_0: left allmulticast mode [ 138.164828][ T7747] bridge_slave_0: left promiscuous mode [ 138.170762][ T7747] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.297722][ T7753] veth3: left promiscuous mode [ 138.327477][ T7758] bond4: entered promiscuous mode [ 138.340184][ T7758] 8021q: adding VLAN 0 to HW filter on device bond4 [ 138.352659][ T7763] batadv2: entered promiscuous mode [ 138.358602][ T7763] batadv2: entered allmulticast mode [ 138.367502][ T7763] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 138.377394][ T7763] bond4: (slave batadv2): Enslaving as an active interface with an up link [ 138.448675][ T7769] netlink: 'syz.1.589': attribute type 5 has an invalid length. [ 138.637853][ T7773] netlink: 'syz.2.591': attribute type 29 has an invalid length. [ 138.658652][ T7778] netlink: 'syz.2.591': attribute type 29 has an invalid length. [ 138.678616][ T7778] netlink: 'syz.2.591': attribute type 29 has an invalid length. [ 138.727075][ T7778] netlink: 'syz.2.591': attribute type 29 has an invalid length. [ 138.773163][ T7778] netlink: 'syz.2.591': attribute type 29 has an invalid length. [ 138.850882][ T7786] FAULT_INJECTION: forcing a failure. [ 138.850882][ T7786] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 138.967195][ T7786] CPU: 1 UID: 0 PID: 7786 Comm: syz.1.595 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 138.967227][ T7786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 138.967239][ T7786] Call Trace: [ 138.967246][ T7786] [ 138.967255][ T7786] dump_stack_lvl+0x241/0x360 [ 138.967288][ T7786] ? __pfx_dump_stack_lvl+0x10/0x10 [ 138.967310][ T7786] ? __pfx__printk+0x10/0x10 [ 138.967333][ T7786] ? __pfx_lock_release+0x10/0x10 [ 138.967362][ T7786] ? __lock_acquire+0x1397/0x2100 [ 138.967409][ T7786] should_fail_ex+0x40a/0x550 [ 138.967446][ T7786] _copy_from_user+0x2d/0xb0 [ 138.967473][ T7786] kstrtouint_from_user+0xc6/0x190 [ 138.967498][ T7786] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 138.967525][ T7786] ? __pfx_lock_acquire+0x10/0x10 [ 138.967567][ T7786] proc_fail_nth_write+0xaa/0x2d0 [ 138.967597][ T7786] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 138.967624][ T7786] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 138.967661][ T7786] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 138.967693][ T7786] vfs_write+0x29f/0xd10 [ 138.967719][ T7786] ? fdget_pos+0x254/0x320 [ 138.967748][ T7786] ? __mutex_unlock_slowpath+0x227/0x800 [ 138.967781][ T7786] ? __pfx_vfs_write+0x10/0x10 [ 138.967801][ T7786] ? do_sys_openat2+0x17a/0x1d0 [ 138.967836][ T7786] ? __fget_files+0x2a/0x410 [ 138.967868][ T7786] ? __fget_files+0x395/0x410 [ 138.967897][ T7786] ? __fget_files+0x2a/0x410 [ 138.967938][ T7786] ksys_write+0x18f/0x2b0 [ 138.967963][ T7786] ? __pfx_ksys_write+0x10/0x10 [ 138.967987][ T7786] ? do_syscall_64+0x100/0x230 [ 138.968019][ T7786] ? do_syscall_64+0xb6/0x230 [ 138.968051][ T7786] do_syscall_64+0xf3/0x230 [ 138.968079][ T7786] ? clear_bhb_loop+0x35/0x90 [ 138.968115][ T7786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.968143][ T7786] RIP: 0033:0x7fe6de38bc1f [ 138.968162][ T7786] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 138.968178][ T7786] RSP: 002b:00007fe6df2c7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 138.968200][ T7786] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe6de38bc1f [ 138.968214][ T7786] RDX: 0000000000000001 RSI: 00007fe6df2c70a0 RDI: 0000000000000005 [ 138.968227][ T7786] RBP: 00007fe6df2c7090 R08: 0000000000000000 R09: 0000000000000000 [ 138.968239][ T7786] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 138.968251][ T7786] R13: 0000000000000000 R14: 00007fe6de5a5fa0 R15: 00007ffd210290b8 [ 138.968283][ T7786] [ 139.415540][ T7790] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 139.424875][ T7790] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 139.433997][ T7790] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 139.442744][ T7790] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 139.569865][ T7801] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 139.665311][ T7804] batadv_slave_1: entered promiscuous mode [ 139.706737][ T7804] batadv_slave_1: left promiscuous mode [ 140.301788][ T7825] bridge1: entered allmulticast mode [ 141.034865][ T7848] __nla_validate_parse: 7 callbacks suppressed [ 141.034884][ T7848] netlink: 8 bytes leftover after parsing attributes in process `syz.0.615'. [ 141.067120][ T7848] netlink: 8 bytes leftover after parsing attributes in process `syz.0.615'. [ 141.386330][ T7861] netlink: 8 bytes leftover after parsing attributes in process `syz.3.620'. [ 141.399879][ T7862] netlink: 24 bytes leftover after parsing attributes in process `syz.0.619'. [ 141.435179][ T7861] netlink: 128 bytes leftover after parsing attributes in process `syz.3.620'. [ 141.453028][ T55] Bluetooth: hci3: command 0x0405 tx timeout [ 141.533505][ T7866] netlink: 4 bytes leftover after parsing attributes in process `syz.2.621'. [ 142.143091][ T7888] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 142.152560][ T7888] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 142.161640][ T7888] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 142.170667][ T7888] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 142.251108][ T7888] bridge1: left allmulticast mode [ 142.390115][ T7893] netlink: 24 bytes leftover after parsing attributes in process `syz.3.627'. [ 142.535687][ T7895] team0: Mode changed to "broadcast" [ 142.876411][ T30] audit: type=1800 audit(1742374824.161:2): pid=7893 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.627" name="memory.events" dev="tmpfs" ino=680 res=0 errno=0 [ 142.998654][ T7906] netlink: 4 bytes leftover after parsing attributes in process `syz.0.634'. [ 143.015650][ T7908] netlink: 12 bytes leftover after parsing attributes in process `syz.4.635'. [ 143.055932][ T7906] batadv1: entered allmulticast mode [ 143.080477][ T7910] netlink: 4 bytes leftover after parsing attributes in process `syz.3.636'. [ 143.441412][ T7922] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 144.798630][ T7956] batadv1: left allmulticast mode [ 144.814094][ T55] Bluetooth: hci3: command 0x0405 tx timeout [ 144.859867][ T7960] validate_nla: 24 callbacks suppressed [ 144.859890][ T7960] netlink: 'syz.3.655': attribute type 10 has an invalid length. [ 146.157702][ T30] audit: type=1800 audit(1742374827.431:3): pid=7994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.664" name="blkio.bfq.time_recursive" dev="tmpfs" ino=643 res=0 errno=0 [ 146.180453][ T30] audit: type=1800 audit(1742374827.441:4): pid=7994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.664" name="blkio.bfq.time_recursive" dev="tmpfs" ino=643 res=0 errno=0 [ 146.294211][ T7995] netlink: 'syz.1.667': attribute type 2 has an invalid length. [ 146.302081][ T7995] netlink: 'syz.1.667': attribute type 1 has an invalid length. [ 146.310077][ T7995] __nla_validate_parse: 5 callbacks suppressed [ 146.310094][ T7995] netlink: 224 bytes leftover after parsing attributes in process `syz.1.667'. [ 146.387233][ T7999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.667'. [ 146.419959][ T7999] netlink: 16 bytes leftover after parsing attributes in process `syz.1.667'. [ 146.691741][ T8018] netlink: 44 bytes leftover after parsing attributes in process `syz.2.672'. [ 146.806823][ T8021] netlink: 'syz.4.673': attribute type 1 has an invalid length. [ 146.873289][ T8025] netlink: 8 bytes leftover after parsing attributes in process `syz.4.673'. [ 146.909927][ T8025] netlink: 3 bytes leftover after parsing attributes in process `syz.4.673'. [ 146.966557][ T8026] netlink: 40 bytes leftover after parsing attributes in process `syz.4.673'. [ 146.983187][ T8021] bond3: entered promiscuous mode [ 146.985719][ T8026] netlink: 40 bytes leftover after parsing attributes in process `syz.4.673'. [ 146.988767][ T8021] 8021q: adding VLAN 0 to HW filter on device bond3 [ 147.015973][ T8025] batadv2: entered promiscuous mode [ 147.021246][ T8025] batadv2: entered allmulticast mode [ 147.266982][ T8032] pim6reg: entered allmulticast mode [ 147.292092][ T8035] netlink: 24 bytes leftover after parsing attributes in process `syz.3.677'. [ 147.325196][ T8032] netlink: 'syz.0.676': attribute type 4 has an invalid length. [ 147.351915][ T8038] netlink: 56 bytes leftover after parsing attributes in process `syz.1.678'. [ 147.361441][ T8032] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 147.382715][ T8035] nbd: device at index 64 is going down [ 147.399872][ T8040] bond3: left promiscuous mode [ 147.421084][ T8040] batadv2: left promiscuous mode [ 147.443594][ T8040] batadv2: left allmulticast mode [ 147.470597][ T8046] pim6reg: left allmulticast mode [ 147.629885][ T8049] bridge0: port 3(macsec2) entered blocking state [ 147.653101][ T8049] bridge0: port 3(macsec2) entered disabled state [ 147.670448][ T8049] macsec2: entered allmulticast mode [ 147.683497][ T8049] bridge0: entered allmulticast mode [ 147.703887][ T8049] macsec2: left allmulticast mode [ 147.718294][ T8049] bridge0: left allmulticast mode [ 147.743968][ T8053] FAULT_INJECTION: forcing a failure. [ 147.743968][ T8053] name failslab, interval 1, probability 0, space 0, times 0 [ 147.769410][ T8053] CPU: 1 UID: 0 PID: 8053 Comm: syz.3.682 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 147.769440][ T8053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 147.769452][ T8053] Call Trace: [ 147.769460][ T8053] [ 147.769468][ T8053] dump_stack_lvl+0x241/0x360 [ 147.769501][ T8053] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.769525][ T8053] ? __pfx__printk+0x10/0x10 [ 147.769560][ T8053] ? __kmalloc_node_track_caller_noprof+0xb4/0x4c0 [ 147.769593][ T8053] ? __pfx___might_resched+0x10/0x10 [ 147.769625][ T8053] should_fail_ex+0x40a/0x550 [ 147.769662][ T8053] should_failslab+0xac/0x100 [ 147.769693][ T8053] __kmalloc_node_track_caller_noprof+0xdc/0x4c0 [ 147.769724][ T8053] ? ethnl_default_set_doit+0x501/0xb00 [ 147.769751][ T8053] kmemdup_noprof+0x2b/0x70 [ 147.769785][ T8053] ethnl_default_set_doit+0x501/0xb00 [ 147.769818][ T8053] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 147.769844][ T8053] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 147.769879][ T8053] genl_rcv_msg+0xb1f/0xec0 [ 147.769911][ T8053] ? __pfx_genl_rcv_msg+0x10/0x10 [ 147.769970][ T8053] ? __pfx_lock_acquire+0x10/0x10 [ 147.770002][ T8053] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 147.770025][ T8053] ? __pfx___might_resched+0x10/0x10 [ 147.770065][ T8053] netlink_rcv_skb+0x206/0x480 [ 147.770098][ T8053] ? __pfx_genl_rcv_msg+0x10/0x10 [ 147.770125][ T8053] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 147.770190][ T8053] genl_rcv+0x28/0x40 [ 147.770212][ T8053] netlink_unicast+0x7f6/0x990 [ 147.770250][ T8053] ? __pfx_netlink_unicast+0x10/0x10 [ 147.770276][ T8053] ? __virt_addr_valid+0x45f/0x530 [ 147.770298][ T8053] ? __phys_addr_symbol+0x2f/0x70 [ 147.770317][ T8053] ? __check_object_size+0x47a/0x730 [ 147.770352][ T8053] netlink_sendmsg+0x8de/0xcb0 [ 147.770399][ T8053] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.770437][ T8053] ? aa_sock_msg_perm+0x91/0x160 [ 147.770476][ T8053] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.770506][ T8053] __sock_sendmsg+0x221/0x270 [ 147.770550][ T8053] ____sys_sendmsg+0x53a/0x860 [ 147.770585][ T8053] ? __pfx_____sys_sendmsg+0x10/0x10 [ 147.770608][ T8053] ? __fget_files+0x2a/0x410 [ 147.770643][ T8053] ? __fget_files+0x2a/0x410 [ 147.770684][ T8053] __sys_sendmsg+0x269/0x350 [ 147.770716][ T8053] ? __pfx___sys_sendmsg+0x10/0x10 [ 147.770755][ T8053] ? do_sys_openat2+0x17a/0x1d0 [ 147.770817][ T8053] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 147.770852][ T8053] ? do_syscall_64+0x100/0x230 [ 147.770884][ T8053] ? do_syscall_64+0xb6/0x230 [ 147.770916][ T8053] do_syscall_64+0xf3/0x230 [ 147.770944][ T8053] ? clear_bhb_loop+0x35/0x90 [ 147.770976][ T8053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.771005][ T8053] RIP: 0033:0x7f6642b8d169 [ 147.771023][ T8053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.771039][ T8053] RSP: 002b:00007f6643983038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 147.771061][ T8053] RAX: ffffffffffffffda RBX: 00007f6642da5fa0 RCX: 00007f6642b8d169 [ 147.771076][ T8053] RDX: 0000000000000000 RSI: 0000400000000540 RDI: 0000000000000010 [ 147.771089][ T8053] RBP: 00007f6643983090 R08: 0000000000000000 R09: 0000000000000000 [ 147.771101][ T8053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 147.771113][ T8053] R13: 0000000000000000 R14: 00007f6642da5fa0 R15: 00007fff3ece65d8 [ 147.771145][ T8053] [ 147.788819][ T8051] netlink: 'syz.4.681': attribute type 2 has an invalid length. [ 148.143011][ T8051] netlink: 'syz.4.681': attribute type 1 has an invalid length. [ 148.388812][ T8079] netlink: 'syz.3.689': attribute type 1 has an invalid length. [ 148.534998][ T8079] bond2: entered promiscuous mode [ 148.540427][ T8079] 8021q: adding VLAN 0 to HW filter on device bond2 [ 148.608853][ T8085] batadv3: entered promiscuous mode [ 148.640363][ T8085] batadv3: entered allmulticast mode [ 149.453228][ T8113] netlink: 'syz.4.700': attribute type 2 has an invalid length. [ 149.522913][ T8113] netlink: 'syz.4.700': attribute type 1 has an invalid length. [ 149.960888][ T8136] netlink: 'syz.0.707': attribute type 1 has an invalid length. [ 149.994810][ T8136] bond3: entered promiscuous mode [ 150.000277][ T8136] 8021q: adding VLAN 0 to HW filter on device bond3 [ 150.040115][ T8141] batadv2: entered promiscuous mode [ 150.045638][ T8141] batadv2: entered allmulticast mode [ 150.176923][ T8147] netlink: 'syz.2.712': attribute type 2 has an invalid length. [ 150.199558][ T8147] netlink: 'syz.2.712': attribute type 1 has an invalid length. [ 151.426958][ T8204] netlink: 'syz.1.735': attribute type 1 has an invalid length. [ 151.502778][ T8204] bond1: entered promiscuous mode [ 151.509607][ T8204] 8021q: adding VLAN 0 to HW filter on device bond1 [ 151.517599][ T8212] __nla_validate_parse: 28 callbacks suppressed [ 151.517617][ T8212] netlink: 8 bytes leftover after parsing attributes in process `syz.1.735'. [ 151.519116][ T8210] netlink: 116 bytes leftover after parsing attributes in process `syz.4.738'. [ 151.542596][ T8212] netlink: 3 bytes leftover after parsing attributes in process `syz.1.735'. [ 151.545832][ T8207] netlink: 'syz.0.737': attribute type 1 has an invalid length. [ 151.557242][ T8212] batadv1: entered promiscuous mode [ 151.567874][ T8212] batadv1: entered allmulticast mode [ 151.575086][ T8204] netlink: 40 bytes leftover after parsing attributes in process `syz.1.735'. [ 151.587669][ T8204] netlink: 40 bytes leftover after parsing attributes in process `syz.1.735'. [ 151.611185][ T8210] netlink: 12 bytes leftover after parsing attributes in process `syz.4.738'. [ 151.650914][ T8207] veth5: entered promiscuous mode [ 151.687661][ T8215] netlink: 56 bytes leftover after parsing attributes in process `syz.3.739'. [ 151.892778][ T8227] netlink: 8 bytes leftover after parsing attributes in process `syz.0.743'. [ 151.918654][ T8227] netlink: 16 bytes leftover after parsing attributes in process `syz.0.743'. [ 151.991113][ T3544] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 152.003669][ T3544] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 152.015022][ T8233] netlink: 68 bytes leftover after parsing attributes in process `syz.4.741'. [ 152.024307][ T48] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 152.070504][ T8233] lo speed is unknown, defaulting to 1000 [ 152.373057][ T8243] FAULT_INJECTION: forcing a failure. [ 152.373057][ T8243] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 152.386947][ T48] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 152.402982][ T8243] CPU: 1 UID: 0 PID: 8243 Comm: syz.3.746 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 152.403032][ T8243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 152.403046][ T8243] Call Trace: [ 152.403055][ T8243] [ 152.403064][ T8243] dump_stack_lvl+0x241/0x360 [ 152.403097][ T8243] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.403121][ T8243] ? __pfx__printk+0x10/0x10 [ 152.403145][ T8243] ? __pfx_lock_release+0x10/0x10 [ 152.403177][ T8243] ? __lock_acquire+0x1397/0x2100 [ 152.403216][ T8243] should_fail_ex+0x40a/0x550 [ 152.403253][ T8243] _copy_from_user+0x2d/0xb0 [ 152.403283][ T8243] kstrtouint_from_user+0xc6/0x190 [ 152.403311][ T8243] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 152.403339][ T8243] ? __pfx_lock_acquire+0x10/0x10 [ 152.403382][ T8243] proc_fail_nth_write+0xaa/0x2d0 [ 152.403412][ T8243] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 152.403439][ T8243] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 152.403476][ T8243] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 152.403508][ T8243] vfs_write+0x29f/0xd10 [ 152.403534][ T8243] ? fdget_pos+0x254/0x320 [ 152.403564][ T8243] ? __mutex_unlock_slowpath+0x227/0x800 [ 152.403596][ T8243] ? __pfx_vfs_write+0x10/0x10 [ 152.403623][ T8243] ? __fget_files+0x2a/0x410 [ 152.403656][ T8243] ? __fget_files+0x395/0x410 [ 152.403684][ T8243] ? __fget_files+0x2a/0x410 [ 152.403724][ T8243] ksys_write+0x18f/0x2b0 [ 152.403750][ T8243] ? __pfx_ksys_write+0x10/0x10 [ 152.403773][ T8243] ? do_syscall_64+0x100/0x230 [ 152.403805][ T8243] ? do_syscall_64+0xb6/0x230 [ 152.403836][ T8243] do_syscall_64+0xf3/0x230 [ 152.403864][ T8243] ? clear_bhb_loop+0x35/0x90 [ 152.403898][ T8243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.403926][ T8243] RIP: 0033:0x7f6642b8bc1f [ 152.403944][ T8243] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 152.403963][ T8243] RSP: 002b:00007f6643941030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 152.403986][ T8243] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6642b8bc1f [ 152.404009][ T8243] RDX: 0000000000000001 RSI: 00007f66439410a0 RDI: 0000000000000009 [ 152.404022][ T8243] RBP: 00007f6643941090 R08: 0000000000000000 R09: 0000000000000010 [ 152.404035][ T8243] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 152.404047][ T8243] R13: 0000000000000000 R14: 00007f6642da6160 R15: 00007fff3ece65d8 [ 152.404080][ T8243] [ 152.682602][ T48] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 152.951959][ T8256] lo speed is unknown, defaulting to 1000 [ 152.964313][ T8264] macvlan6: entered promiscuous mode [ 152.971171][ T8264] bridge0: entered promiscuous mode [ 152.993456][ T8264] macvlan7: entered promiscuous mode [ 153.134348][ T8269] netlink: 'syz.1.755': attribute type 2 has an invalid length. [ 153.149245][ T8269] netlink: 'syz.1.755': attribute type 1 has an invalid length. [ 154.054624][ T8295] nbd: device at index 64 is going down [ 154.576166][ T8321] team0: Unable to change to the same mode the team is in [ 154.632658][ T8327] FAULT_INJECTION: forcing a failure. [ 154.632658][ T8327] name failslab, interval 1, probability 0, space 0, times 0 [ 154.647550][ T8328] bridge0: entered allmulticast mode [ 154.715367][ T8327] CPU: 1 UID: 0 PID: 8327 Comm: syz.1.779 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 154.715396][ T8327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 154.715409][ T8327] Call Trace: [ 154.715416][ T8327] [ 154.715425][ T8327] dump_stack_lvl+0x241/0x360 [ 154.715457][ T8327] ? __pfx_dump_stack_lvl+0x10/0x10 [ 154.715479][ T8327] ? __pfx__printk+0x10/0x10 [ 154.715506][ T8327] ? rcu_is_watching+0x15/0xb0 [ 154.715535][ T8327] should_fail_ex+0x40a/0x550 [ 154.715571][ T8327] should_failslab+0xac/0x100 [ 154.715601][ T8327] kmem_cache_alloc_node_noprof+0x77/0x380 [ 154.715631][ T8327] ? __alloc_skb+0x1c3/0x440 [ 154.715658][ T8327] __alloc_skb+0x1c3/0x440 [ 154.715684][ T8327] ? __pfx___alloc_skb+0x10/0x10 [ 154.715707][ T8327] ? xfrm_get_translator+0x10/0x240 [ 154.715737][ T8327] ? __pfx_lock_release+0x10/0x10 [ 154.715772][ T8327] xfrm_alloc_compat+0x1b6/0x1710 [ 154.715812][ T8327] ? xfrm_get_translator+0x19/0x240 [ 154.715839][ T8327] ? __pfx_xfrm_alloc_compat+0x10/0x10 [ 154.715871][ T8327] xfrm_alloc_userspi+0xa6b/0xe00 [ 154.715917][ T8327] ? __pfx_xfrm_alloc_userspi+0x10/0x10 [ 154.715949][ T8327] ? apparmor_capable+0x13b/0x1b0 [ 154.715978][ T8327] ? __nla_parse+0x40/0x60 [ 154.716004][ T8327] xfrm_user_rcv_msg+0x975/0xc20 [ 154.716045][ T8327] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 154.716108][ T8327] ? __mutex_trylock_common+0x183/0x2e0 [ 154.716132][ T8327] ? __pfx___might_resched+0x10/0x10 [ 154.716162][ T8327] ? __pfx___mutex_trylock_common+0x10/0x10 [ 154.716198][ T8327] netlink_rcv_skb+0x206/0x480 [ 154.716230][ T8327] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 154.716261][ T8327] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 154.716321][ T8327] xfrm_netlink_rcv+0x79/0x90 [ 154.716349][ T8327] netlink_unicast+0x7f6/0x990 [ 154.716386][ T8327] ? __pfx_netlink_unicast+0x10/0x10 [ 154.716411][ T8327] ? __virt_addr_valid+0x45f/0x530 [ 154.716432][ T8327] ? __phys_addr_symbol+0x2f/0x70 [ 154.716450][ T8327] ? __check_object_size+0x47a/0x730 [ 154.716484][ T8327] netlink_sendmsg+0x8de/0xcb0 [ 154.716528][ T8327] ? __pfx_netlink_sendmsg+0x10/0x10 [ 154.716565][ T8327] ? aa_sock_msg_perm+0x91/0x160 [ 154.716603][ T8327] ? __pfx_netlink_sendmsg+0x10/0x10 [ 154.716652][ T8327] __sock_sendmsg+0x221/0x270 [ 154.716687][ T8327] ____sys_sendmsg+0x53a/0x860 [ 154.716720][ T8327] ? __pfx_____sys_sendmsg+0x10/0x10 [ 154.716740][ T8327] ? __fget_files+0x2a/0x410 [ 154.716773][ T8327] ? __fget_files+0x2a/0x410 [ 154.716808][ T8327] __sys_sendmsg+0x269/0x350 [ 154.716837][ T8327] ? __pfx___sys_sendmsg+0x10/0x10 [ 154.716872][ T8327] ? do_sys_openat2+0x17a/0x1d0 [ 154.716928][ T8327] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 154.716962][ T8327] ? do_syscall_64+0x100/0x230 [ 154.716993][ T8327] ? do_syscall_64+0xb6/0x230 [ 154.717037][ T8327] do_syscall_64+0xf3/0x230 [ 154.717064][ T8327] ? clear_bhb_loop+0x35/0x90 [ 154.717095][ T8327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.717122][ T8327] RIP: 0033:0x7fe6de38d169 [ 154.717140][ T8327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.717156][ T8327] RSP: 002b:00007fe6df2c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 154.717179][ T8327] RAX: ffffffffffffffda RBX: 00007fe6de5a5fa0 RCX: 00007fe6de38d169 [ 154.717194][ T8327] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000000000000003 [ 154.717207][ T8327] RBP: 00007fe6df2c7090 R08: 0000000000000000 R09: 0000000000000000 [ 154.717219][ T8327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 154.717232][ T8327] R13: 0000000000000000 R14: 00007fe6de5a5fa0 R15: 00007ffd210290b8 [ 154.717263][ T8327] [ 155.208714][ T8335] nbd: device at index 64 is going down [ 155.244113][ T8338] netlink: 'syz.1.784': attribute type 1 has an invalid length. [ 155.312305][ T8338] bond2: entered promiscuous mode [ 155.359435][ T8338] 8021q: adding VLAN 0 to HW filter on device bond2 [ 155.396539][ T8343] batadv2: entered promiscuous mode [ 155.443044][ T8343] batadv2: entered allmulticast mode [ 155.933008][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 156.293138][ T8376] nbd: device at index 64 is going down [ 156.790480][ T8394] syz.0.804 uses old SIOCAX25GETINFO [ 157.358910][ T8422] __nla_validate_parse: 15 callbacks suppressed [ 157.358933][ T8422] netlink: 24 bytes leftover after parsing attributes in process `syz.2.813'. [ 157.396915][ T8420] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 157.409295][ T8422] netlink: 24 bytes leftover after parsing attributes in process `syz.2.813'. [ 157.418806][ T8422] nbd: device at index 64 is going down [ 157.459993][ T8418] lo speed is unknown, defaulting to 1000 [ 158.037489][ T8444] netlink: 4 bytes leftover after parsing attributes in process `syz.4.819'. [ 158.748651][ T8469] netlink: 308 bytes leftover after parsing attributes in process `syz.0.824'. [ 158.790833][ T8471] netlink: 'syz.1.825': attribute type 4 has an invalid length. [ 158.826833][ T8471] netlink: 36 bytes leftover after parsing attributes in process `syz.1.825'. [ 158.839691][ T8469] lo speed is unknown, defaulting to 1000 [ 158.858050][ T8471] netlink: 24 bytes leftover after parsing attributes in process `syz.1.825'. [ 158.894150][ T8475] netlink: 36 bytes leftover after parsing attributes in process `syz.0.824'. [ 158.923672][ T8475] netlink: 16 bytes leftover after parsing attributes in process `syz.0.824'. [ 158.932605][ T8475] netlink: 36 bytes leftover after parsing attributes in process `syz.0.824'. [ 158.972368][ T8475] netlink: 36 bytes leftover after parsing attributes in process `syz.0.824'. [ 159.258281][ T8490] netlink: 'syz.2.832': attribute type 1 has an invalid length. [ 159.291984][ T8490] bond5: entered promiscuous mode [ 159.297847][ T8490] 8021q: adding VLAN 0 to HW filter on device bond5 [ 159.315943][ T8490] batadv3: entered promiscuous mode [ 159.321534][ T8490] batadv3: entered allmulticast mode [ 159.511958][ T8496] netlink: 'syz.2.834': attribute type 4 has an invalid length. [ 159.946347][ T8507] nbd: device at index 64 is going down [ 160.179744][ T8517] bridge_slave_1: left allmulticast mode [ 160.198647][ T8517] bridge_slave_1: left promiscuous mode [ 160.218108][ T8517] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.304592][ T8517] bridge_slave_0: left allmulticast mode [ 160.335141][ T8517] bridge_slave_0: left promiscuous mode [ 160.370114][ T8517] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.646627][ T8539] unknown channel width for channel at 909000KHz? [ 161.199304][ T8560] nbd: device at index 64 is going down [ 161.905584][ T8578] netlink: 'syz.1.858': attribute type 4 has an invalid length. [ 161.944863][ T8578] netlink: 'syz.1.858': attribute type 4 has an invalid length. [ 161.975216][ T48] lo speed is unknown, defaulting to 1000 [ 162.088488][ T8585] FAULT_INJECTION: forcing a failure. [ 162.088488][ T8585] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 162.113165][ T8585] CPU: 0 UID: 0 PID: 8585 Comm: syz.2.861 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 162.113195][ T8585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 162.113207][ T8585] Call Trace: [ 162.113214][ T8585] [ 162.113223][ T8585] dump_stack_lvl+0x241/0x360 [ 162.113255][ T8585] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.113288][ T8585] ? __pfx__printk+0x10/0x10 [ 162.113313][ T8585] ? snprintf+0xda/0x120 [ 162.113338][ T8585] should_fail_ex+0x40a/0x550 [ 162.113375][ T8585] _copy_to_user+0x31/0xb0 [ 162.113405][ T8585] simple_read_from_buffer+0xca/0x150 [ 162.113437][ T8585] proc_fail_nth_read+0x1e9/0x250 [ 162.113469][ T8585] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 162.113502][ T8585] ? rw_verify_area+0x243/0x630 [ 162.113522][ T8585] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 162.113553][ T8585] vfs_read+0x1f8/0xb40 [ 162.113576][ T8585] ? fdget_pos+0x254/0x320 [ 162.113608][ T8585] ? __pfx___mutex_lock+0x10/0x10 [ 162.113636][ T8585] ? __pfx_vfs_read+0x10/0x10 [ 162.113655][ T8585] ? do_sys_openat2+0x17a/0x1d0 [ 162.113688][ T8585] ? __fget_files+0x2a/0x410 [ 162.113719][ T8585] ? __fget_files+0x395/0x410 [ 162.113748][ T8585] ? __fget_files+0x2a/0x410 [ 162.113787][ T8585] ksys_read+0x18f/0x2b0 [ 162.113812][ T8585] ? __pfx_ksys_read+0x10/0x10 [ 162.113835][ T8585] ? do_syscall_64+0x100/0x230 [ 162.113865][ T8585] ? do_syscall_64+0xb6/0x230 [ 162.113896][ T8585] do_syscall_64+0xf3/0x230 [ 162.113922][ T8585] ? clear_bhb_loop+0x35/0x90 [ 162.113954][ T8585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.113981][ T8585] RIP: 0033:0x7f31e278bb7c [ 162.113998][ T8585] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 162.114014][ T8585] RSP: 002b:00007f31e3541030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 162.114035][ T8585] RAX: ffffffffffffffda RBX: 00007f31e29a5fa0 RCX: 00007f31e278bb7c [ 162.114050][ T8585] RDX: 000000000000000f RSI: 00007f31e35410a0 RDI: 0000000000000011 [ 162.114062][ T8585] RBP: 00007f31e3541090 R08: 0000000000000000 R09: 0000000000000000 [ 162.114074][ T8585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.114086][ T8585] R13: 0000000000000000 R14: 00007f31e29a5fa0 R15: 00007ffd9e1258d8 [ 162.114116][ T8585] [ 162.413197][ T8592] __nla_validate_parse: 14 callbacks suppressed [ 162.413218][ T8592] netlink: 24 bytes leftover after parsing attributes in process `syz.3.864'. [ 162.461414][ T8592] netlink: 24 bytes leftover after parsing attributes in process `syz.3.864'. [ 162.477989][ T8592] nbd: device at index 64 is going down [ 162.801418][ T8611] netlink: 4 bytes leftover after parsing attributes in process `syz.2.867'. [ 162.983417][ T55] Bluetooth: hci3: command 0x0405 tx timeout [ 163.101965][ T8624] bridge1: entered allmulticast mode [ 163.148233][ T8627] netlink: 'syz.3.875': attribute type 29 has an invalid length. [ 163.171507][ T8627] netlink: 'syz.3.875': attribute type 29 has an invalid length. [ 163.193150][ T8627] netlink: 'syz.3.875': attribute type 29 has an invalid length. [ 163.212689][ T8627] netlink: 'syz.3.875': attribute type 29 has an invalid length. [ 163.243811][ T8627] netlink: 'syz.3.875': attribute type 29 has an invalid length. [ 163.252284][ T8627] netlink: 'syz.3.875': attribute type 29 has an invalid length. [ 163.261167][ T8627] netlink: 'syz.3.875': attribute type 29 has an invalid length. [ 163.273476][ T8627] netlink: 'syz.3.875': attribute type 29 has an invalid length. [ 163.337229][ T8634] netlink: 24 bytes leftover after parsing attributes in process `syz.2.878'. [ 163.413605][ T8634] netlink: 24 bytes leftover after parsing attributes in process `syz.2.878'. [ 163.447812][ T8634] nbd: device at index 64 is going down [ 164.014967][ T8656] netlink: 12 bytes leftover after parsing attributes in process `syz.1.886'. [ 164.074190][ T8656] bond3: entered promiscuous mode [ 164.111716][ T8665] netlink: 3 bytes leftover after parsing attributes in process `syz.1.886'. [ 164.162453][ T8656] 8021q: adding VLAN 0 to HW filter on device bond3 [ 164.211368][ T8664] netlink: 44 bytes leftover after parsing attributes in process `syz.3.888'. [ 164.219423][ T8665] batadv3: entered promiscuous mode [ 164.238213][ T8665] batadv3: entered allmulticast mode [ 164.248937][ T8665] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 164.274454][ T8665] bond3: (slave batadv3): Enslaving as an active interface with an up link [ 164.493097][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 164.580179][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.1.895'. [ 164.601366][ T8674] bond3: entered promiscuous mode [ 164.607017][ T8674] 8021q: adding VLAN 0 to HW filter on device bond3 [ 164.622150][ T8680] netlink: 8 bytes leftover after parsing attributes in process `syz.3.892'. [ 164.655221][ T8680] batadv4: entered promiscuous mode [ 164.667371][ T8680] batadv4: entered allmulticast mode [ 165.016964][ T8697] FAULT_INJECTION: forcing a failure. [ 165.016964][ T8697] name failslab, interval 1, probability 0, space 0, times 0 [ 165.063300][ T8697] CPU: 0 UID: 0 PID: 8697 Comm: syz.0.901 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 165.063334][ T8697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 165.063347][ T8697] Call Trace: [ 165.063354][ T8697] [ 165.063363][ T8697] dump_stack_lvl+0x241/0x360 [ 165.063395][ T8697] ? __pfx_dump_stack_lvl+0x10/0x10 [ 165.063420][ T8697] ? __pfx__printk+0x10/0x10 [ 165.063449][ T8697] ? __kmalloc_cache_noprof+0x48/0x390 [ 165.063481][ T8697] ? __pfx___might_resched+0x10/0x10 [ 165.063513][ T8697] should_fail_ex+0x40a/0x550 [ 165.063549][ T8697] should_failslab+0xac/0x100 [ 165.063580][ T8697] __kmalloc_cache_noprof+0x70/0x390 [ 165.063610][ T8697] ? rtnl_newlink+0x13e/0x1d90 [ 165.063646][ T8697] rtnl_newlink+0x13e/0x1d90 [ 165.063677][ T8697] ? __lock_acquire+0x1397/0x2100 [ 165.063726][ T8697] ? __lock_acquire+0x1397/0x2100 [ 165.063759][ T8697] ? __pfx_rtnl_newlink+0x10/0x10 [ 165.063791][ T8697] ? __pfx_validate_chain+0x10/0x10 [ 165.063832][ T8697] ? validate_chain+0x11e/0x5920 [ 165.063855][ T8697] ? __pfx_lock_acquire+0x10/0x10 [ 165.063889][ T8697] ? __pfx_lock_release+0x10/0x10 [ 165.063924][ T8697] ? __pfx_validate_chain+0x10/0x10 [ 165.063949][ T8697] ? mark_lock+0x9a/0x360 [ 165.063973][ T8697] ? __lock_acquire+0x1397/0x2100 [ 165.064037][ T8697] ? __pfx_lock_release+0x10/0x10 [ 165.064082][ T8697] ? __pfx_rtnl_newlink+0x10/0x10 [ 165.064116][ T8697] rtnetlink_rcv_msg+0x791/0xcf0 [ 165.064147][ T8697] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 165.064180][ T8697] ? __lock_acquire+0x1397/0x2100 [ 165.064213][ T8697] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 165.064274][ T8697] netlink_rcv_skb+0x206/0x480 [ 165.064306][ T8697] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 165.064339][ T8697] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 165.064393][ T8697] ? netlink_deliver_tap+0x2e/0x1b0 [ 165.064426][ T8697] netlink_unicast+0x7f6/0x990 [ 165.064463][ T8697] ? __pfx_netlink_unicast+0x10/0x10 [ 165.064488][ T8697] ? __virt_addr_valid+0x45f/0x530 [ 165.064510][ T8697] ? __phys_addr_symbol+0x2f/0x70 [ 165.064547][ T8697] ? __check_object_size+0x47a/0x730 [ 165.064582][ T8697] netlink_sendmsg+0x8de/0xcb0 [ 165.064627][ T8697] ? __pfx_netlink_sendmsg+0x10/0x10 [ 165.064664][ T8697] ? aa_sock_msg_perm+0x91/0x160 [ 165.064703][ T8697] ? __pfx_netlink_sendmsg+0x10/0x10 [ 165.064743][ T8697] __sock_sendmsg+0x221/0x270 [ 165.064778][ T8697] ____sys_sendmsg+0x53a/0x860 [ 165.064813][ T8697] ? __pfx_____sys_sendmsg+0x10/0x10 [ 165.064837][ T8697] ? __fget_files+0x2a/0x410 [ 165.064871][ T8697] ? __fget_files+0x2a/0x410 [ 165.064912][ T8697] __sys_sendmsg+0x269/0x350 [ 165.064943][ T8697] ? __pfx___sys_sendmsg+0x10/0x10 [ 165.064983][ T8697] ? do_sys_openat2+0x17a/0x1d0 [ 165.065042][ T8697] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 165.065077][ T8697] ? do_syscall_64+0x100/0x230 [ 165.065109][ T8697] ? do_syscall_64+0xb6/0x230 [ 165.065141][ T8697] do_syscall_64+0xf3/0x230 [ 165.065169][ T8697] ? clear_bhb_loop+0x35/0x90 [ 165.065201][ T8697] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.065229][ T8697] RIP: 0033:0x7f97c2b8d169 [ 165.065248][ T8697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.065266][ T8697] RSP: 002b:00007f97c399d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 165.065290][ T8697] RAX: ffffffffffffffda RBX: 00007f97c2da5fa0 RCX: 00007f97c2b8d169 [ 165.065305][ T8697] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000005 [ 165.065319][ T8697] RBP: 00007f97c399d090 R08: 0000000000000000 R09: 0000000000000000 [ 165.065332][ T8697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 165.065346][ T8697] R13: 0000000000000000 R14: 00007f97c2da5fa0 R15: 00007ffcc8966658 [ 165.065376][ T8697] [ 165.539140][ T8702] veth5: entered promiscuous mode [ 166.211660][ T8730] FAULT_INJECTION: forcing a failure. [ 166.211660][ T8730] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 166.226094][ T8730] CPU: 0 UID: 0 PID: 8730 Comm: syz.3.912 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 166.226123][ T8730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 166.226137][ T8730] Call Trace: [ 166.226145][ T8730] [ 166.226153][ T8730] dump_stack_lvl+0x241/0x360 [ 166.226185][ T8730] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.226209][ T8730] ? __pfx__printk+0x10/0x10 [ 166.226243][ T8730] should_fail_ex+0x40a/0x550 [ 166.226281][ T8730] _copy_to_user+0x31/0xb0 [ 166.226312][ T8730] map_get_next_key+0x4a5/0x5e0 [ 166.226345][ T8730] ? map_get_next_key+0x271/0x5e0 [ 166.226379][ T8730] __sys_bpf+0x732/0x820 [ 166.226411][ T8730] ? __pfx___sys_bpf+0x10/0x10 [ 166.226454][ T8730] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 166.226489][ T8730] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 166.226535][ T8730] ? do_syscall_64+0x100/0x230 [ 166.226585][ T8730] __x64_sys_bpf+0x7c/0x90 [ 166.226612][ T8730] do_syscall_64+0xf3/0x230 [ 166.226640][ T8730] ? clear_bhb_loop+0x35/0x90 [ 166.226673][ T8730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.226700][ T8730] RIP: 0033:0x7f6642b8d169 [ 166.226719][ T8730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.226737][ T8730] RSP: 002b:00007f6643983038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 166.226759][ T8730] RAX: ffffffffffffffda RBX: 00007f6642da5fa0 RCX: 00007f6642b8d169 [ 166.226774][ T8730] RDX: 0000000000000020 RSI: 0000400000000800 RDI: 0000000000000004 [ 166.226788][ T8730] RBP: 00007f6643983090 R08: 0000000000000000 R09: 0000000000000000 [ 166.226801][ T8730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 166.226812][ T8730] R13: 0000000000000000 R14: 00007f6642da5fa0 R15: 00007fff3ece65d8 [ 166.226841][ T8730] [ 166.518357][ T8734] bond1: left promiscuous mode [ 166.532060][ T8734] batadv1: left promiscuous mode [ 166.548485][ T8734] batadv1: left allmulticast mode [ 166.577442][ T8734] bridge0: left promiscuous mode [ 166.605694][ T8734] macvlan6: left promiscuous mode [ 166.618923][ T8734] bond2: left promiscuous mode [ 166.633996][ T8734] batadv2: left promiscuous mode [ 166.639115][ T8734] batadv2: left allmulticast mode [ 166.674724][ T8734] bond3: left promiscuous mode [ 166.701397][ T8734] batadv3: left promiscuous mode [ 166.722964][ T8734] batadv3: left allmulticast mode [ 166.746148][ T5891] lo speed is unknown, defaulting to 1000 [ 167.321012][ T8761] FAULT_INJECTION: forcing a failure. [ 167.321012][ T8761] name failslab, interval 1, probability 0, space 0, times 0 [ 167.357889][ T8761] CPU: 1 UID: 0 PID: 8761 Comm: syz.1.926 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 167.357921][ T8761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 167.357934][ T8761] Call Trace: [ 167.357942][ T8761] [ 167.357951][ T8761] dump_stack_lvl+0x241/0x360 [ 167.357982][ T8761] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.358007][ T8761] ? __pfx__printk+0x10/0x10 [ 167.358031][ T8761] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 167.358065][ T8761] ? __pfx___might_resched+0x10/0x10 [ 167.358098][ T8761] should_fail_ex+0x40a/0x550 [ 167.358137][ T8761] should_failslab+0xac/0x100 [ 167.358168][ T8761] kmem_cache_alloc_node_noprof+0x77/0x380 [ 167.358197][ T8761] ? __alloc_skb+0x1c3/0x440 [ 167.358225][ T8761] __alloc_skb+0x1c3/0x440 [ 167.358253][ T8761] ? __pfx___alloc_skb+0x10/0x10 [ 167.358283][ T8761] ? netlink_ack_tlv_len+0x6e/0x200 [ 167.358318][ T8761] netlink_ack+0x145/0xa60 [ 167.358346][ T8761] ? __pfx_lock_acquire+0x10/0x10 [ 167.358377][ T8761] ? __pfx_netlbl_cipsov4_add+0x10/0x10 [ 167.358410][ T8761] ? __pfx___might_resched+0x10/0x10 [ 167.358448][ T8761] netlink_rcv_skb+0x294/0x480 [ 167.358481][ T8761] ? __pfx_genl_rcv_msg+0x10/0x10 [ 167.358514][ T8761] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 167.358578][ T8761] genl_rcv+0x28/0x40 [ 167.358600][ T8761] netlink_unicast+0x7f6/0x990 [ 167.358638][ T8761] ? __pfx_netlink_unicast+0x10/0x10 [ 167.358664][ T8761] ? __virt_addr_valid+0x45f/0x530 [ 167.358686][ T8761] ? __phys_addr_symbol+0x2f/0x70 [ 167.358716][ T8761] ? __check_object_size+0x47a/0x730 [ 167.358749][ T8761] netlink_sendmsg+0x8de/0xcb0 [ 167.358811][ T8761] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.358848][ T8761] ? aa_sock_msg_perm+0x91/0x160 [ 167.358887][ T8761] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.358917][ T8761] __sock_sendmsg+0x221/0x270 [ 167.358952][ T8761] ____sys_sendmsg+0x53a/0x860 [ 167.358987][ T8761] ? __pfx_____sys_sendmsg+0x10/0x10 [ 167.359010][ T8761] ? __fget_files+0x2a/0x410 [ 167.359045][ T8761] ? __fget_files+0x2a/0x410 [ 167.359086][ T8761] __sys_sendmsg+0x269/0x350 [ 167.359117][ T8761] ? __pfx___sys_sendmsg+0x10/0x10 [ 167.359156][ T8761] ? do_sys_openat2+0x17a/0x1d0 [ 167.359215][ T8761] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 167.359248][ T8761] ? do_syscall_64+0x100/0x230 [ 167.359281][ T8761] ? do_syscall_64+0xb6/0x230 [ 167.359311][ T8761] do_syscall_64+0xf3/0x230 [ 167.359350][ T8761] ? clear_bhb_loop+0x35/0x90 [ 167.359382][ T8761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.359409][ T8761] RIP: 0033:0x7fe6de38d169 [ 167.359427][ T8761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.359444][ T8761] RSP: 002b:00007fe6df2c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 167.359467][ T8761] RAX: ffffffffffffffda RBX: 00007fe6de5a5fa0 RCX: 00007fe6de38d169 [ 167.359482][ T8761] RDX: 0000000000000000 RSI: 0000400000000580 RDI: 0000000000000004 [ 167.359495][ T8761] RBP: 00007fe6df2c7090 R08: 0000000000000000 R09: 0000000000000000 [ 167.359516][ T8761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 167.359528][ T8761] R13: 0000000000000000 R14: 00007fe6de5a5fa0 R15: 00007ffd210290b8 [ 167.359559][ T8761] [ 167.821503][ T8768] __nla_validate_parse: 10 callbacks suppressed [ 167.821524][ T8768] netlink: 8 bytes leftover after parsing attributes in process `syz.4.928'. [ 167.957890][ T8771] netlink: 4 bytes leftover after parsing attributes in process `syz.2.927'. [ 168.083846][ T8771] bridge_slave_1: left allmulticast mode [ 168.100915][ T8771] bridge_slave_1: left promiscuous mode [ 168.107763][ T8771] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.124566][ T8771] bridge_slave_0: left allmulticast mode [ 168.130840][ T8771] bridge_slave_0: left promiscuous mode [ 168.136838][ T8771] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.183014][ T8783] netlink: 44 bytes leftover after parsing attributes in process `syz.4.931'. [ 168.233955][ T8777] netlink: 12 bytes leftover after parsing attributes in process `syz.1.933'. [ 168.394539][ T8789] netlink: 128 bytes leftover after parsing attributes in process `syz.1.934'. [ 168.586859][ T8798] netlink: 24 bytes leftover after parsing attributes in process `syz.3.940'. [ 168.944854][ T8813] validate_nla: 52 callbacks suppressed [ 168.944877][ T8813] netlink: 'syz.2.944': attribute type 1 has an invalid length. [ 169.067054][ T8819] netlink: 8 bytes leftover after parsing attributes in process `syz.2.944'. [ 169.135916][ T8813] bond6: entered promiscuous mode [ 169.141345][ T8813] 8021q: adding VLAN 0 to HW filter on device bond6 [ 169.201710][ T8819] netlink: 3 bytes leftover after parsing attributes in process `syz.2.944'. [ 169.324734][ T8819] batadv4: entered promiscuous mode [ 169.331362][ T8819] batadv4: entered allmulticast mode [ 169.337044][ T8813] netlink: 48 bytes leftover after parsing attributes in process `syz.2.944'. [ 169.367072][ T8813] netlink: 40 bytes leftover after parsing attributes in process `syz.2.944'. [ 169.845453][ T8845] syzkaller1: entered promiscuous mode [ 169.851056][ T8845] syzkaller1: entered allmulticast mode [ 169.977520][ T8856] bridge0: entered allmulticast mode [ 170.236759][ T8866] netlink: 'syz.4.963': attribute type 29 has an invalid length. [ 170.257031][ T8866] netlink: 'syz.4.963': attribute type 29 has an invalid length. [ 170.283356][ T8866] netlink: 'syz.4.963': attribute type 29 has an invalid length. [ 170.301690][ T8866] netlink: 'syz.4.963': attribute type 29 has an invalid length. [ 170.313997][ T8866] netlink: 'syz.4.963': attribute type 29 has an invalid length. [ 170.343486][ T8866] netlink: 'syz.4.963': attribute type 29 has an invalid length. [ 170.371673][ T8866] netlink: 'syz.4.963': attribute type 29 has an invalid length. [ 170.393170][ T8866] netlink: 'syz.4.963': attribute type 29 has an invalid length. [ 170.432006][ T8866] netlink: 'syz.4.963': attribute type 29 has an invalid length. [ 170.880580][ T8886] openvswitch: netlink: Message has 1 unknown bytes. [ 170.906957][ T8886] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 170.984961][ T8894] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 171.876727][ T8929] bond4: entered promiscuous mode [ 171.926879][ T8929] 8021q: adding VLAN 0 to HW filter on device bond4 [ 172.026388][ T8931] batadv3: entered promiscuous mode [ 172.031678][ T8931] batadv3: entered allmulticast mode [ 172.736619][ T8970] nbd: device at index 64 is going down [ 173.129576][ T8990] __nla_validate_parse: 21 callbacks suppressed [ 173.129595][ T8990] netlink: 8 bytes leftover after parsing attributes in process `syz.2.999'. [ 173.188658][ T8987] bond7: entered promiscuous mode [ 173.220750][ T8987] 8021q: adding VLAN 0 to HW filter on device bond7 [ 173.234928][ T8990] netlink: 3 bytes leftover after parsing attributes in process `syz.2.999'. [ 173.245712][ T8996] netlink: 48 bytes leftover after parsing attributes in process `syz.2.999'. [ 173.269863][ T8990] batadv5: entered promiscuous mode [ 173.283168][ T8990] batadv5: entered allmulticast mode [ 173.314561][ T8987] netlink: 40 bytes leftover after parsing attributes in process `syz.2.999'. [ 173.379482][ T8987] netlink: 40 bytes leftover after parsing attributes in process `syz.2.999'. [ 173.632261][ T9012] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1007'. [ 173.750942][ T9023] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1010'. [ 173.764853][ T9012] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1007'. [ 173.984830][ T9029] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1011'. [ 174.005830][ T9029] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 174.177172][ T9032] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1014'. [ 174.409487][ T9033] lo speed is unknown, defaulting to 1000 [ 174.970801][ T9057] vlan2: entered allmulticast mode [ 175.160268][ T9067] 8021q: VLANs not supported on syzkaller1 [ 175.511094][ T9081] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 20001 - 0 [ 175.520386][ T9081] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 20001 - 0 [ 175.529841][ T9081] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 20001 - 0 [ 175.539218][ T9081] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 20001 - 0 [ 176.437712][ T9113] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 176.461762][ T9113] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 176.722103][ T9127] veth1_virt_wifi: entered promiscuous mode [ 176.734570][ T9127] veth1_virt_wifi: entered allmulticast mode [ 176.775768][ T9127] validate_nla: 55 callbacks suppressed [ 176.775787][ T9127] netlink: 'syz.0.1050': attribute type 3 has an invalid length. [ 177.390940][ T68] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 177.400521][ T9151] netlink: 'syz.0.1059': attribute type 1 has an invalid length. [ 177.556717][ T9151] veth5: entered promiscuous mode [ 177.585370][ T9151] bond5: (slave veth5): Enslaving as a backup interface with a down link [ 177.926139][ T9171] nbd: device at index 64 is going down [ 178.245886][ T9189] __nla_validate_parse: 15 callbacks suppressed [ 178.245908][ T9189] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1071'. [ 178.362735][ T9197] tipc: Started in network mode [ 178.371571][ T9197] tipc: Node identity aaaaaaaaaaaa, cluster identity 4711 [ 178.385096][ T9197] tipc: Enabled bearer , priority 10 [ 178.415558][ T9197] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 178.550097][ T9206] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1077'. [ 178.726764][ T9206] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1077'. [ 178.836853][ T9218] netlink: 'syz.2.1081': attribute type 12 has an invalid length. [ 178.853256][ T9217] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1080'. [ 178.926133][ T9223] netlink: 'syz.3.1082': attribute type 10 has an invalid length. [ 179.012291][ T9220] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1080'. [ 179.068514][ T9227] netlink: 'syz.2.1083': attribute type 10 has an invalid length. [ 179.365159][ T9236] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1087'. [ 179.411423][ T9236] bond0: option arp_interval: invalid value (18446744072034198015) [ 179.436476][ T9236] bond0: option arp_interval: allowed values 0 - 2147483647 [ 179.504868][ T5849] tipc: Node number set to 43690 [ 179.528698][ T9244] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1089'. [ 179.842304][ T9258] netlink: 'syz.4.1094': attribute type 10 has an invalid length. [ 179.854330][ T9258] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.872754][ T9258] bond0: (slave team0): Enslaving as an active interface with an up link [ 180.074511][ T9270] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1099'. [ 180.141873][ T9270] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1099'. [ 180.160452][ T9273] lo speed is unknown, defaulting to 1000 [ 180.227151][ T9276] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1100'. [ 180.503078][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 181.213112][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 182.123292][ T9345] FAULT_INJECTION: forcing a failure. [ 182.123292][ T9345] name failslab, interval 1, probability 0, space 0, times 0 [ 182.154183][ T9345] CPU: 1 UID: 0 PID: 9345 Comm: syz.1.1124 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 182.154213][ T9345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 182.154225][ T9345] Call Trace: [ 182.154232][ T9345] [ 182.154240][ T9345] dump_stack_lvl+0x241/0x360 [ 182.154281][ T9345] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.154303][ T9345] ? __pfx__printk+0x10/0x10 [ 182.154324][ T9345] ? fs_reclaim_acquire+0x93/0x130 [ 182.154346][ T9345] ? __pfx___might_resched+0x10/0x10 [ 182.154370][ T9345] ? dynamic_dname+0x144/0x1b0 [ 182.154393][ T9345] should_fail_ex+0x40a/0x550 [ 182.154427][ T9345] should_failslab+0xac/0x100 [ 182.154455][ T9345] __kmalloc_noprof+0xdd/0x4c0 [ 182.154481][ T9345] ? tomoyo_encode+0x26f/0x540 [ 182.154506][ T9345] tomoyo_encode+0x26f/0x540 [ 182.154526][ T9345] ? __pfx_sockfs_dname+0x10/0x10 [ 182.154557][ T9345] tomoyo_realpath_from_path+0x59e/0x5e0 [ 182.154590][ T9345] tomoyo_path_number_perm+0x239/0x770 [ 182.154617][ T9345] ? __lock_acquire+0x1397/0x2100 [ 182.154667][ T9345] ? tomoyo_path_number_perm+0x209/0x770 [ 182.154699][ T9345] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 182.154771][ T9345] ? __fget_files+0x2a/0x410 [ 182.154805][ T9345] ? __fget_files+0x2a/0x410 [ 182.154842][ T9345] security_file_ioctl+0xc6/0x2a0 [ 182.154872][ T9345] __se_sys_ioctl+0x46/0x170 [ 182.154898][ T9345] do_syscall_64+0xf3/0x230 [ 182.154926][ T9345] ? clear_bhb_loop+0x35/0x90 [ 182.154958][ T9345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.154986][ T9345] RIP: 0033:0x7fe6de38d169 [ 182.155013][ T9345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.155031][ T9345] RSP: 002b:00007fe6df2c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 182.155061][ T9345] RAX: ffffffffffffffda RBX: 00007fe6de5a5fa0 RCX: 00007fe6de38d169 [ 182.155076][ T9345] RDX: 0000400000000080 RSI: 000000000000891c RDI: 0000000000000003 [ 182.155090][ T9345] RBP: 00007fe6df2c7090 R08: 0000000000000000 R09: 0000000000000000 [ 182.155106][ T9345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 182.155118][ T9345] R13: 0000000000000000 R14: 00007fe6de5a5fa0 R15: 00007ffd210290b8 [ 182.155149][ T9345] [ 182.156347][ T9345] ERROR: Out of memory at tomoyo_realpath_from_path. [ 184.325093][ T9360] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -107 0 [ 184.427073][ T9365] __nla_validate_parse: 4 callbacks suppressed [ 184.427097][ T9365] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1134'. [ 184.490261][ T9376] @ÿ: renamed from bond_slave_0 [ 184.511636][ T9378] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1132'. [ 184.522719][ T9379] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1130'. [ 184.644752][ T9381] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1135'. [ 184.752591][ T9388] lo speed is unknown, defaulting to 1000 [ 184.786470][ T9388] lo speed is unknown, defaulting to 1000 [ 184.799613][ T9388] lo speed is unknown, defaulting to 1000 [ 185.025825][ T5849] lo speed is unknown, defaulting to 1000 [ 185.030301][ T9388] infiniband syz0: set down [ 185.037365][ T9388] infiniband syz0: added lo [ 185.073778][ T9388] RDS/IB: syz0: added [ 185.078450][ T9388] smc: adding ib device syz0 with port count 1 [ 185.085248][ T9388] smc: ib device syz0 port 1 has pnetid [ 185.093902][ T48] lo speed is unknown, defaulting to 1000 [ 185.102150][ T9388] lo speed is unknown, defaulting to 1000 [ 185.217772][ T9388] lo speed is unknown, defaulting to 1000 [ 185.346693][ T9388] lo speed is unknown, defaulting to 1000 [ 185.468929][ T9388] lo speed is unknown, defaulting to 1000 [ 185.605581][ T9388] lo speed is unknown, defaulting to 1000 [ 186.140831][ T9401] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1140'. [ 186.193047][ T9405] netlink: 'syz.3.1142': attribute type 4 has an invalid length. [ 186.203440][ T9406] netlink: 'syz.0.1139': attribute type 10 has an invalid length. [ 186.214551][ T9406] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.223513][ T9406] bond0: (slave team0): Enslaving as an active interface with an up link [ 186.247340][ T9411] netlink: 'syz.3.1142': attribute type 4 has an invalid length. [ 186.495984][ T9422] netlink: 436 bytes leftover after parsing attributes in process `syz.4.1146'. [ 186.667777][ T9430] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1149'. [ 186.810739][ T9435] tipc: Started in network mode [ 186.825307][ T9435] tipc: Node identity 5627177d1bc9, cluster identity 4711 [ 186.842270][ T9435] tipc: Enabled bearer , priority 0 [ 187.006755][ T9431] tipc: Resetting bearer [ 187.566672][ T9448] netlink: 'syz.0.1157': attribute type 10 has an invalid length. [ 187.607406][ T9450] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1158'. [ 187.853697][ T5891] tipc: Node number set to 1307449213 [ 188.812977][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 189.489876][ T9431] tipc: Disabling bearer [ 189.934045][ T9496] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1164'. [ 190.223672][ T9505] bond0: (slave team0): Releasing backup interface [ 190.245554][ T9507] netlink: 'syz.2.1170': attribute type 1 has an invalid length. [ 190.257937][ T9505] bond0: (slave batadv0): Releasing backup interface [ 190.286554][ T9505] bond0: (slave bond_slave_1): Releasing backup interface [ 190.306256][ T9511] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1170'. [ 190.328836][ T9505] team0: Port device team_slave_0 removed [ 190.345299][ T9505] team0: Port device team_slave_1 removed [ 190.352699][ T9505] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 190.358638][ T9511] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1170'. [ 190.375168][ T9513] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1170'. [ 190.395979][ T9505] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 190.405080][ T9505] bond1: (slave batadv2): Releasing active interface [ 190.438953][ T9507] bond8: entered promiscuous mode [ 190.475770][ T9507] 8021q: adding VLAN 0 to HW filter on device bond8 [ 190.485730][ T9518] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1170'. [ 190.538971][ T9510] team0: Mode changed to "loadbalance" [ 190.609319][ T9507] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1170'. [ 190.658042][ T9511] batadv6: entered promiscuous mode [ 190.667098][ T9511] batadv6: entered allmulticast mode [ 190.866620][ T9536] tipc: Started in network mode [ 190.871573][ T9536] tipc: Node identity da8cfe5cad5b, cluster identity 4711 [ 190.879615][ T9536] tipc: Enabled bearer , priority 0 [ 190.937751][ T9527] tipc: Resetting bearer [ 191.863925][ T9561] netlink: 300 bytes leftover after parsing attributes in process `syz.3.1182'. [ 191.889304][ T9561] netlink: 'syz.3.1182': attribute type 10 has an invalid length. [ 191.903653][ T9561] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1182'. [ 191.923203][ T5891] tipc: Node number set to 2010644060 [ 193.498033][ T9527] tipc: Disabling bearer [ 193.518535][ T9561] team0: entered promiscuous mode [ 193.524764][ T9561] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.717010][ T9574] netlink: 'syz.1.1187': attribute type 1 has an invalid length. [ 193.761251][ T9574] bond4: entered promiscuous mode [ 193.767877][ T9574] 8021q: adding VLAN 0 to HW filter on device bond4 [ 193.778912][ T9574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1187'. [ 193.788376][ T9574] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1187'. [ 193.804282][ T9574] batadv4: entered promiscuous mode [ 193.809691][ T9574] batadv4: entered allmulticast mode [ 194.107437][ T9595] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 194.130585][ T9595] sctp: [Deprecated]: syz.4.1190 (pid 9595) Use of int in max_burst socket option deprecated. [ 194.130585][ T9595] Use struct sctp_assoc_value instead [ 194.194370][ T9598] nbd: device at index 64 is going down [ 194.319340][ T9588] lo speed is unknown, defaulting to 1000 [ 194.385864][ T9588] lo speed is unknown, defaulting to 1000 [ 194.585947][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.592445][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.853948][ T9611] FAULT_INJECTION: forcing a failure. [ 194.853948][ T9611] name failslab, interval 1, probability 0, space 0, times 0 [ 194.875156][ T9613] tipc: Started in network mode [ 194.883048][ T9613] tipc: Node identity 124d6affb8c, cluster identity 4711 [ 194.887391][ T9611] CPU: 0 UID: 0 PID: 9611 Comm: syz.1.1196 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 194.887422][ T9611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 194.887437][ T9611] Call Trace: [ 194.887447][ T9611] [ 194.887457][ T9611] dump_stack_lvl+0x241/0x360 [ 194.887493][ T9611] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.887519][ T9611] ? __pfx__printk+0x10/0x10 [ 194.887557][ T9611] should_fail_ex+0x40a/0x550 [ 194.887597][ T9611] should_failslab+0xac/0x100 [ 194.887629][ T9611] __kmalloc_cache_noprof+0x70/0x390 [ 194.887660][ T9611] ? sctp_add_bind_addr+0x89/0x3a0 [ 194.887694][ T9611] sctp_add_bind_addr+0x89/0x3a0 [ 194.887739][ T9611] sctp_copy_local_addr_list+0x311/0x500 [ 194.887771][ T9611] ? sctp_copy_local_addr_list+0xab/0x500 [ 194.887802][ T9611] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 194.887835][ T9611] ? sctp_v6_is_any+0x60/0x70 [ 194.887868][ T9611] ? sctp_copy_one_addr+0x94/0x360 [ 194.887902][ T9611] sctp_bind_addr_copy+0xad/0x3b0 [ 194.887931][ T9611] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 194.887961][ T9611] sctp_connect_new_asoc+0x2f3/0x6c0 [ 194.887988][ T9611] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 194.888021][ T9611] ? sctp_sendmsg+0xf1a/0x35d0 [ 194.888062][ T9611] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 194.888094][ T9611] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 194.888129][ T9611] sctp_sendmsg+0x1f64/0x35d0 [ 194.888189][ T9611] ? __pfx_sctp_sendmsg+0x10/0x10 [ 194.888229][ T9611] ? aa_sk_perm+0x96d/0xab0 [ 194.888278][ T9611] ? inet_sendmsg+0x330/0x390 [ 194.888312][ T9611] __sock_sendmsg+0x1a6/0x270 [ 194.888349][ T9611] __sys_sendto+0x363/0x4c0 [ 194.888380][ T9611] ? __pfx___sys_sendto+0x10/0x10 [ 194.888423][ T9611] ? __fget_files+0x2a/0x410 [ 194.888466][ T9611] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 194.888504][ T9611] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 194.888545][ T9611] __x64_sys_sendto+0xde/0x100 [ 194.888573][ T9611] do_syscall_64+0xf3/0x230 [ 194.888604][ T9611] ? clear_bhb_loop+0x35/0x90 [ 194.888637][ T9611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.888667][ T9611] RIP: 0033:0x7fe6de38d169 [ 194.888687][ T9611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 194.888705][ T9611] RSP: 002b:00007fe6df2c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 194.888736][ T9611] RAX: ffffffffffffffda RBX: 00007fe6de5a5fa0 RCX: 00007fe6de38d169 [ 194.888753][ T9611] RDX: 0000000000000001 RSI: 0000400000000040 RDI: 0000000000000006 [ 194.888768][ T9611] RBP: 00007fe6df2c7090 R08: 0000400000000100 R09: 000000000000001c [ 194.888782][ T9611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 194.888796][ T9611] R13: 0000000000000000 R14: 00007fe6de5a5fa0 R15: 00007ffd210290b8 [ 194.888831][ T9611] [ 195.214341][ T9613] tipc: Enabled bearer , priority 0 [ 195.583436][ T9630] netlink: 'syz.4.1201': attribute type 1 has an invalid length. [ 195.612594][ T9630] bond5: entered promiscuous mode [ 195.618584][ T9630] 8021q: adding VLAN 0 to HW filter on device bond5 [ 195.649611][ T9630] __nla_validate_parse: 4 callbacks suppressed [ 195.649632][ T9630] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1201'. [ 195.665267][ T9630] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1201'. [ 195.809097][ T9640] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1201'. [ 195.825148][ T9640] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1201'. [ 195.928160][ T9630] batadv4: entered promiscuous mode [ 195.944500][ T9630] batadv4: entered allmulticast mode [ 196.011083][ T9646] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1207'. [ 196.353262][ T5891] tipc: Node number set to 2861394687 [ 196.443989][ T9660] sch_tbf: burst 3298 is lower than device lo mtu (11337746) ! [ 196.601572][ T9657] tipc: Enabled bearer , priority 0 [ 196.637055][ T9655] tipc: Resetting bearer [ 198.294184][ T9690] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 198.628744][ T9702] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1225'. [ 199.255703][ T9655] tipc: Disabling bearer [ 199.276524][ T9687] lo speed is unknown, defaulting to 1000 [ 199.314117][ T9687] lo speed is unknown, defaulting to 1000 [ 199.517309][ T9708] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 199.533005][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout [ 200.266912][ T9741] xt_CT: You must specify a L4 protocol and not use inversions on it [ 200.488475][ T9752] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1249'. [ 200.513063][ T9752] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1249'. [ 200.923292][ T9770] bridge3: entered promiscuous mode [ 201.591319][ T9810] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1274'. [ 201.777548][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 201.777548][ T5856] Bluetooth: hci2: command 0x0406 tx timeout [ 201.777602][ T5841] Bluetooth: hci1: command 0x0406 tx timeout [ 201.795926][ T5850] Bluetooth: hci4: command 0x0406 tx timeout [ 203.061252][ T9884] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 203.502198][ T9902] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1317'. [ 203.532953][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 203.813744][ T9914] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 204.526582][ T9941] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1335'. [ 204.580368][ T9943] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1337'. [ 204.745633][ T9949] netem: change failed [ 205.273606][ T9974] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 205.282455][ T9974] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 205.291311][ T9974] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 205.300599][ T9974] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 205.336978][ T9974] vxlan0: entered promiscuous mode [ 205.348010][ T9974] vxlan0: entered allmulticast mode [ 205.372937][ T9974] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 205.382023][ T9974] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 205.391141][ T9974] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 205.400134][ T9974] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 205.937801][ T9992] netlink: 'syz.2.1360': attribute type 1 has an invalid length. [ 206.004960][ T9994] veth0_vlan: entered allmulticast mode [ 206.023960][ T9994] ªªªªªª: renamed from vlan0 [ 206.192631][T10004] xt_hashlimit: size too large, truncated to 1048576 [ 206.311840][T10010] lo speed is unknown, defaulting to 1000 [ 206.344008][T10010] lo speed is unknown, defaulting to 1000 [ 206.934172][T10041] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1379'. [ 207.333100][T10054] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1384'. [ 207.383722][T10056] syz_tun: entered allmulticast mode [ 207.394089][T10055] syz_tun: left allmulticast mode [ 207.528650][T10064] xt_CT: You must specify a L4 protocol and not use inversions on it [ 207.563689][T10066] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1390'. [ 207.801083][T10072] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1394'. [ 208.032140][T10084] syzkaller1: entered promiscuous mode [ 208.049241][T10084] syzkaller1: entered allmulticast mode [ 208.066437][T10084] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 348 [ 208.138969][T10088] syzkaller1: entered promiscuous mode [ 208.169050][T10088] syzkaller1: entered allmulticast mode [ 208.442606][T10098] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1404'. [ 208.452340][T10098] netlink: 'syz.3.1404': attribute type 1 has an invalid length. [ 208.467626][T10097] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 208.476480][T10097] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 208.485392][T10097] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 208.494308][T10097] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 208.634417][T10100] lo speed is unknown, defaulting to 1000 [ 208.694032][T10100] lo speed is unknown, defaulting to 1000 [ 209.292363][T10132] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1417'. [ 210.204565][T10163] pimreg: entered allmulticast mode [ 210.226160][T10164] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1430'. [ 210.592499][T10179] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 211.482380][ T5849] IPVS: starting estimator thread 0... [ 211.489623][T10208] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 211.500317][T10219] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1453'. [ 211.593292][T10218] IPVS: using max 22 ests per chain, 52800 per kthread [ 212.404014][T10264] lo speed is unknown, defaulting to 1000 [ 212.426888][T10264] lo speed is unknown, defaulting to 1000 [ 213.133036][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 213.384571][T10302] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1486'. [ 213.437528][T10306] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1487'. [ 214.000827][T10316] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 214.009925][T10316] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 214.018870][T10316] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 214.027679][T10316] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 214.072999][T10316] vxlan0: entered promiscuous mode [ 214.078305][T10316] vxlan0: entered allmulticast mode [ 214.321347][T10331] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1497'. [ 214.599940][T10339] lo speed is unknown, defaulting to 1000 [ 214.607818][T10339] lo speed is unknown, defaulting to 1000 [ 214.941534][T10344] [ 214.943933][T10344] ====================================================== [ 214.950976][T10344] WARNING: possible circular locking dependency detected [ 214.958022][T10344] 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 Not tainted [ 214.965155][T10344] ------------------------------------------------------ [ 214.972204][T10344] syz.3.1503/10344 is trying to acquire lock: [ 214.978286][T10344] ffff88805de28768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_change_mac+0xc6/0x1160 [ 214.988096][T10344] [ 214.988096][T10344] but task is already holding lock: [ 214.995494][T10344] ffff88802b9b4d28 (&dev->lock){+.+.}-{4:4}, at: dev_set_mac_address+0x2a/0x50 [ 215.004517][T10344] [ 215.004517][T10344] which lock already depends on the new lock. [ 215.004517][T10344] [ 215.014942][T10344] [ 215.014942][T10344] the existing dependency chain (in reverse order) is: [ 215.023987][T10344] [ 215.023987][T10344] -> #1 (&dev->lock){+.+.}-{4:4}: [ 215.031257][T10344] lock_acquire+0x1ed/0x550 [ 215.036328][T10344] __mutex_lock+0x19c/0x1010 [ 215.041481][T10344] register_netdevice+0x12d8/0x1b70 [ 215.047253][T10344] cfg80211_register_netdevice+0x149/0x2f0 [ 215.053623][T10344] ieee80211_if_add+0x119d/0x1780 [ 215.059204][T10344] ieee80211_register_hw+0x3708/0x42e0 [ 215.065217][T10344] mac80211_hwsim_new_radio+0x2a89/0x49f0 [ 215.071520][T10344] init_mac80211_hwsim+0x87a/0xb00 [ 215.077200][T10344] do_one_initcall+0x248/0x930 [ 215.082521][T10344] do_initcall_level+0x157/0x210 [ 215.088025][T10344] do_initcalls+0x71/0xd0 [ 215.092912][T10344] kernel_init_freeable+0x435/0x5d0 [ 215.098677][T10344] kernel_init+0x1d/0x2b0 [ 215.103563][T10344] ret_from_fork+0x4b/0x80 [ 215.108531][T10344] ret_from_fork_asm+0x1a/0x30 [ 215.113851][T10344] [ 215.113851][T10344] -> #0 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 215.121636][T10344] validate_chain+0x18ef/0x5920 [ 215.127059][T10344] __lock_acquire+0x1397/0x2100 [ 215.132485][T10344] lock_acquire+0x1ed/0x550 [ 215.137565][T10344] __mutex_lock+0x19c/0x1010 [ 215.142717][T10344] ieee80211_change_mac+0xc6/0x1160 [ 215.148480][T10344] netif_set_mac_address+0x327/0x510 [ 215.154333][T10344] dev_set_mac_address+0x38/0x50 [ 215.159833][T10344] dev_ifsioc+0xdf4/0x1130 [ 215.164821][T10344] dev_ioctl+0x719/0x1340 [ 215.169713][T10344] sock_do_ioctl+0x240/0x460 [ 215.174862][T10344] sock_ioctl+0x626/0x8e0 [ 215.179748][T10344] __se_sys_ioctl+0xf5/0x170 [ 215.184896][T10344] do_syscall_64+0xf3/0x230 [ 215.189962][T10344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.196421][T10344] [ 215.196421][T10344] other info that might help us debug this: [ 215.196421][T10344] [ 215.206690][T10344] Possible unsafe locking scenario: [ 215.206690][T10344] [ 215.214147][T10344] CPU0 CPU1 [ 215.219517][T10344] ---- ---- [ 215.224884][T10344] lock(&dev->lock); [ 215.228879][T10344] lock(&rdev->wiphy.mtx); [ 215.235916][T10344] lock(&dev->lock); [ 215.242429][T10344] lock(&rdev->wiphy.mtx); [ 215.246938][T10344] [ 215.246938][T10344] *** DEADLOCK *** [ 215.246938][T10344] [ 215.255110][T10344] 2 locks held by syz.3.1503/10344: [ 215.260306][T10344] #0: ffffffff8fed6e08 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x706/0x1340 [ 215.269125][T10344] #1: ffff88802b9b4d28 (&dev->lock){+.+.}-{4:4}, at: dev_set_mac_address+0x2a/0x50 [ 215.278544][T10344] [ 215.278544][T10344] stack backtrace: [ 215.284465][T10344] CPU: 0 UID: 0 PID: 10344 Comm: syz.3.1503 Not tainted 6.14.0-rc6-syzkaller-01313-g23c9ff659140 #0 [ 215.284487][T10344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 215.284498][T10344] Call Trace: [ 215.284505][T10344] [ 215.284512][T10344] dump_stack_lvl+0x241/0x360 [ 215.284535][T10344] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.284554][T10344] ? __pfx__printk+0x10/0x10 [ 215.284575][T10344] print_circular_bug+0x13a/0x1b0 [ 215.284598][T10344] check_noncircular+0x36a/0x4a0 [ 215.284616][T10344] ? preempt_count_add+0x93/0x190 [ 215.284645][T10344] ? __pfx_check_noncircular+0x10/0x10 [ 215.284665][T10344] ? lockdep_lock+0x123/0x2b0 [ 215.284692][T10344] ? __pfx_validate_chain+0x10/0x10 [ 215.284711][T10344] validate_chain+0x18ef/0x5920 [ 215.284738][T10344] ? __pfx_validate_chain+0x10/0x10 [ 215.284760][T10344] ? __pfx_validate_chain+0x10/0x10 [ 215.284779][T10344] ? __pfx_validate_chain+0x10/0x10 [ 215.284798][T10344] ? __pfx_validate_chain+0x10/0x10 [ 215.284816][T10344] ? __pfx_validate_chain+0x10/0x10 [ 215.284839][T10344] ? __pfx_validate_chain+0x10/0x10 [ 215.284858][T10344] ? mark_lock+0x9a/0x360 [ 215.284874][T10344] __lock_acquire+0x1397/0x2100 [ 215.284907][T10344] lock_acquire+0x1ed/0x550 [ 215.284931][T10344] ? ieee80211_change_mac+0xc6/0x1160 [ 215.284957][T10344] ? __pfx_lock_acquire+0x10/0x10 [ 215.284983][T10344] ? __pfx___might_resched+0x10/0x10 [ 215.285010][T10344] __mutex_lock+0x19c/0x1010 [ 215.285033][T10344] ? ieee80211_change_mac+0xc6/0x1160 [ 215.285056][T10344] ? __pfx_lock_release+0x10/0x10 [ 215.285083][T10344] ? ieee80211_change_mac+0xc6/0x1160 [ 215.285105][T10344] ? __pfx___mutex_lock+0x10/0x10 [ 215.285129][T10344] ? __pfx_vxlan_netdevice_event+0x10/0x10 [ 215.285147][T10344] ? ib_device_get_by_netdev+0x85/0x5e0 [ 215.285175][T10344] ? __pfx_ib_device_get_by_netdev+0x10/0x10 [ 215.285200][T10344] ? hsr_netdev_notify+0x295/0xb50 [ 215.285226][T10344] ieee80211_change_mac+0xc6/0x1160 [ 215.285249][T10344] ? ip6_route_dev_notify+0x99/0x600 [ 215.285268][T10344] ? notifier_call_chain+0x15a/0x3f0 [ 215.285293][T10344] ? notifier_call_chain+0x3cc/0x3f0 [ 215.285318][T10344] netif_set_mac_address+0x327/0x510 [ 215.285341][T10344] ? __pfx_netif_set_mac_address+0x10/0x10 [ 215.285360][T10344] ? rcu_is_watching+0x15/0xb0 [ 215.285379][T10344] ? __mutex_lock+0x397/0x1010 [ 215.285402][T10344] ? full_name_hash+0x93/0xe0 [ 215.285428][T10344] dev_set_mac_address+0x38/0x50 [ 215.285446][T10344] dev_ifsioc+0xdf4/0x1130 [ 215.285471][T10344] ? __pfx___mutex_lock+0x10/0x10 [ 215.285495][T10344] ? __pfx_dev_ifsioc+0x10/0x10 [ 215.285521][T10344] ? dev_load+0x21/0x1f0 [ 215.285545][T10344] dev_ioctl+0x719/0x1340 [ 215.285570][T10344] sock_do_ioctl+0x240/0x460 [ 215.285595][T10344] ? __pfx_sock_do_ioctl+0x10/0x10 [ 215.285625][T10344] sock_ioctl+0x626/0x8e0 [ 215.285655][T10344] ? __pfx_sock_ioctl+0x10/0x10 [ 215.285678][T10344] ? __fget_files+0x2a/0x410 [ 215.285704][T10344] ? __fget_files+0x2a/0x410 [ 215.285730][T10344] ? __pfx_sock_ioctl+0x10/0x10 [ 215.285753][T10344] __se_sys_ioctl+0xf5/0x170 [ 215.285774][T10344] do_syscall_64+0xf3/0x230 [ 215.285796][T10344] ? clear_bhb_loop+0x35/0x90 [ 215.285823][T10344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.285849][T10344] RIP: 0033:0x7f6642b8d169 [ 215.285865][T10344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.285881][T10344] RSP: 002b:00007f6643983038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 215.285900][T10344] RAX: ffffffffffffffda RBX: 00007f6642da5fa0 RCX: 00007f6642b8d169 [ 215.285914][T10344] RDX: 0000400000000040 RSI: 0000000000008924 RDI: 0000000000000004 [ 215.285925][T10344] RBP: 00007f6642c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 215.285936][T10344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 215.285947][T10344] R13: 0000000000000000 R14: 00007f6642da5fa0 R15: 00007fff3ece65d8 [ 215.285964][T10344]