last executing test programs: 2.146040886s ago: executing program 1 (id=1833): socket(0x10, 0x3, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) recvmmsg(r1, &(0x7f0000007580)=[{{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f0000000340)=""/138, 0x8a}], 0x1}, 0x4}, {{0x0, 0x0, 0x0}, 0x2}], 0x2, 0x2, 0x0) recvfrom(r1, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth1_to_bridge\x00', 0x0}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000240)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, @dev={0xfe, 0x80, '\x00', 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r2}) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000008000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="20000000630000000400"/27, @ANYRES32, @ANYBLOB="ff0300"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='consume_skb\x00', r8}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r10, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r9, &(0x7f0000000400)={0x0, 0xffbd, 0x0}, 0x2060) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r11, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="5800000002060500000000000000006ed05e9f2d8c5d9100000000000900020073797a32000000000c0007800800120000000000050005000a000000050001000600000011000300686173683a69702c6d61726b40000000"], 0x58}, 0x1, 0x0, 0x0, 0x844}, 0x4040004) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x0}) r13 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCADDRT(r13, 0x890b, &(0x7f0000000540)={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, r12}) unshare(0x20000400) r14 = socket(0x2000000015, 0x80005, 0x0) bind$inet6(r14, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r14, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) 2.0682501s ago: executing program 0 (id=1835): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x6}]}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="51ccc9c0f4f40fcbe258ddb1a3149890c4bb00e4e889ad5aea38e57c1a80ff3c2b338d09a670dc61455fddad85b90a3c1e37a2bc23036370c216af94ba7492859f67adb9c9533352aaa8e37589b37db2331f2de79164b51eb0fe25343f973f12ad7c988ff0b67ae143e36df7e1433ca55c8fda3cd391dcf0025019fece5f92712aa2eaf8e8e2618e220f7deee83b0019a1cd93e8b64ec10c22f537faed7a"], 0x20}}, 0x0) 1.935512025s ago: executing program 0 (id=1837): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=@mpls_getroute={0x24, 0x1a, 0x801, 0x70bd29, 0x0, {0x1c, 0x14}, [@RTA_OIF={0x8}]}, 0x24}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x36}]}, &(0x7f0000000ac0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000007040)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0xd6}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000700)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d0000000000005f"], 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000ed0759cb47cd90df41fa7a40c72a22dcc53a83731c39b01fceb7"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) sendfile(0xffffffffffffffff, r5, 0x0, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={r4, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000001200)=[{}], 0x8, 0x0, 0x0, 0x0, 0x37, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000180)={'gretap0\x00', &(0x7f0000000680)={'tunl0\x00', 0x0, 0x700, 0x700, 0x1, 0x124c, {{0x2a, 0x4, 0x1, 0x16, 0xa8, 0x66, 0x0, 0x5, 0x0, 0x0, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@noop, @lsrr={0x83, 0x7, 0x6b, [@dev={0xac, 0x14, 0x14, 0x30}]}, @timestamp_addr={0x44, 0x54, 0x2d, 0x1, 0x7, [{@empty, 0x1000}, {@empty, 0x8}, {@rand_addr=0x64010102, 0x200}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x5}, {@loopback, 0x3}, {@loopback, 0x75e}, {@local, 0x1}, {@local, 0x7}, {@local, 0x738}, {@empty, 0x6}]}, @timestamp={0x44, 0x28, 0xb, 0x0, 0x0, [0xc, 0x8001, 0xfffffff9, 0xa7c, 0x7, 0x6, 0x3, 0x5, 0x2]}, @rr={0x7, 0xf, 0x23, [@multicast2, @empty, @private=0xa010102]}]}}}}}) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r8, 0x0) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, r7, 0x0, '\x00', r6, r8, 0x0, 0x0, 0x5, 0x0, @void, @value, @void, @value}, 0x50) socket$kcm(0x29, 0x2, 0x0) r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b2af0ff00000000d609080000000000c39af0ff40000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7050000080000001500000076000000bf9800000000000056020000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r11 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r11, 0x0, 0xca, &(0x7f00000002c0)={0x5, 0x9, 0x0, 0x80000000, @vifc_lcl_ifindex, @loopback}, 0x10) r12 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kvm_userspace_exit\x00', r1, 0x0, 0x7}, 0x18) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0x0, r12, 0x0, 0x1, &(0x7f0000000100)='\x00'}, 0x30) r13 = socket(0x2b, 0x80801, 0x1) connect$inet6(r13, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0xe54}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) 1.934991759s ago: executing program 2 (id=1838): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)=ANY=[@ANYBLOB="9c0000000001050500000000000000000a0000003c0002802c00018014000300fc00000000000000000000000000000014000400ff0200000000170000000000000fc7ed9b00028005000100000000000800f43f0000000008000740000000003c000d8024000380060001004e200000060002004e210000060001004e200000060001004e22000014000400fc0200000000000000000000000000006531fad8bf5edc6b55b1e2357545a4b75e02aa37dfd8e8490874e5afa0cbaaea776cdccc4b4eca4bf9cc37"], 0x9c}, 0xa}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000002565098400000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = socket(0x11, 0x800000003, 0x0) r3 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) socket$tipc(0x1e, 0x6, 0x0) r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$FOU_CMD_DEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a40)=ANY=[@ANYBLOB="2000000001d3db24fbc83613d22ae46d9ea9aab6eaa6572b3a2beff36e621f184303dc821dbf377f9c0142a6cd1524c445d2d61e0bfc5f47153b037a842a270d68e57a5e2c50bbf51eed7f329b73625c473beb4cf51d0b39e243fa2f69b344b685139684667eab4e1904d927adcd2a78d48f16af8411ed8fb1bae9404656d490fd26c0f016f22c8e682ab99e02f18c7f23ad608277387a4f1dd56e6dc96325ac3b9c3b97300f79ae7c38bb9634c16988a851bcfc0f81c9614261d231c3ebee05c9d9ab27637698a8ccb8455b6bc94a764f06cc16000000", @ANYRES16=r6, @ANYBLOB="03002dbd7000fddbdf2502000000050002000200000004000500"], 0x20}, 0x1, 0x0, 0x0, 0x4000110}, 0x4000400) sendmsg$nl_route_sched(r3, 0x0, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000300)={'syztnl0\x00', r4, 0x4, 0xfb, 0x5b, 0x0, 0x8, @ipv4={'\x00', '\xff\xff', @local}, @dev={0xfe, 0x80, '\x00', 0x17}, 0x700, 0x10, 0x10200, 0xff}}) sendmsg$ETHTOOL_MSG_DEBUG_SET(r8, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000380)={&(0x7f0000001480)=ANY=[@ANYBLOB="8eb68b95", @ANYRES16=0x0, @ANYBLOB="00032cbd7000fcdbdf25080000004000028008000200b200000008000200400000002b000500cf20347f273ebad1042ae2c506e3514d9be226931dfb1af5093e2f2979236e96e6bf0189f1c0c700ac02028008000200060000006800038034000180080001000700000004000300040003000f0002005d26402d6d7b262b284000000800010009000000040003000400030020000180060002003a00000008000200666f750008000200726177000400030010000180090002002e257b290000000087000500f1afa60fb0c86675376e2658acfbe7e3b91bd2e656c75982e26a1e105d5b84b9947a32a3a7917b9a24d26a1b69f0d34c92f24bff4f0dc9ca059f420388e7bc8fffa5a7dce58265af022a47cd4d156211c0403bc980a9ee2cae37a8f4843c8d4505b108e5c03b8ac59bebdc32cccc95c71414ea7551eb10c85da4dfc313e06b29394f9a00af000500246f45ca1a29b737e05e03c018b6fc9765cb0401cd07c1ca3731538f895a8f1e1aef6e84a7b4f05de4430624dc76608fc042d1b290c6b2ef1f2afa21e1104846ecdc10155b7c1d2f69524b177f6138a1b863c34d221424e3220d9bf0ca079f15ce9080ee92ecb4d224a624cd56251448f9aaa0e422ac03a4a61e227b60c983199c3c8dbd104c7a3fedbe27d9120bc74769321146b1c5c18fe07f497eff9311c73ed6e75bd3ab8a86ab0de700a7000500f5187b2ac2207ee6bed7115d5347a458a49bfb8050bd741d83e51e883803e030dcf9fd855f270ed61a61250a88c80c8451e70f55eb5c7177a178b1db3cae705c210a3ff5111899b683a1883c79b7cd9f8fe1dedd2431510870cfa2f3237f3daf4f520ad0fe7b04d2c38496dd13d0f2a1a3fb2e7bf07657b0f732dc814a216f88afa73122d75b3c298a792c46e2ee0427e42fce79a9fd090e0f8ca1ce55b51b8974506c00570004004df618b87fee6ab7b645e4c43eed513738c92e2e2b6f95d405996b8d73b09d5d36c304abf0390e7258239be362795a117a1f2d224fe17d627e05011808ff608c6afafb043f191d27a26b8154a17856404c295d003400018014000200766c616e3000000000000000000000000800030000000000140002006970766c616e3100000000000000000034000180080003000300000008000100", @ANYRESOCT=r6, @ANYBLOB="0800030002000000080001", @ANYRES32=r4, @ANYBLOB="080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="239812753e367bd73b1cade1e6439a0f34fd8792ec6dc15a627859e11fff42bddb66e8dbc4e3b57d91637b4dbbac85998d435657ac2e28cbdae2c440fc4fb58273a05e31d45b4c155b1eef135b5b66edb0bfdff1"], 0x368}, 0x1, 0x0, 0x0, 0x4000}, 0x800) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f0, 0x0, 0x5, 0xffffff6a, 0x180, 0x0, 0x320, 0x258, 0x258, 0x320, 0x258, 0x3, 0x0, {[{{@ipv6={@private1, @local, [], [], 'wg2\x00', 'macvlan1\x00'}, 0x0, 0x118, 0x180, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x84}}, @common=@hbh={{0x48}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x160, 0x1a0, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @mcast2, @empty, @private2}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x450) r9 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001100a7cc5a8100ae541d002007000000", @ANYRES32=r10, @ANYBLOB="00000a00100000801c001a"], 0x44}, 0x1, 0x10000000}, 0x0) write(0xffffffffffffffff, &(0x7f0000000140)="fc00000018004b61ab092500090007000a100200000000020000369321000100ff2500000005d0000000001d000398996c92773411419da79bb94b46fe000000bc00050048036c6c256f1a272f2e117c22ebc205214000000000008934d07302ad031720d7d5bbc9", 0x68) r11 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r11, 0x0, 0x60, &(0x7f0000000180)={'filter\x00', 0x4, [{}, {0x0, 0x100000000000000}]}, 0x68) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) socket$pppl2tp(0x18, 0x1, 0x1) 1.882332693s ago: executing program 1 (id=1839): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, 0x0, &(0x7f00000000c0)='\x00', 0x0, 0x2}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0x4, 0x6, 0x1, 0xffffffffffffffff, 0x6da443c8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r2}, 0x38) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r2}, 0x20) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000100)={'syztnl1\x00', 0x0, 0x29, 0x87, 0x7, 0x8, 0x1, @private0, @dev={0xfe, 0x80, '\x00', 0x31}, 0x7800, 0x8, 0x3, 0x4}}) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)={0x2, 0x4, 0x8, 0x1, 0x80, r2, 0x1, '\x00', r3, r4, 0x4, 0x3, 0x3, 0x0, @void, @value, @void, @value}, 0x50) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_PUBL_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a00)=ANY=[@ANYBLOB="44010000", @ANYRES16=r5, @ANYBLOB="130f000000000000000007"], 0x144}}, 0x4010) 1.681782633s ago: executing program 1 (id=1841): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x8, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x5}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @generic={0xa7}, @initr0, @exit]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x85, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x2000}, 0x90) sendmmsg$inet(r4, &(0x7f0000000780)=[{{&(0x7f0000000100)={0x2, 0x0, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000140)="02", 0x1}], 0x1}}], 0x1, 0x20048040) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1e, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00) sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8281160}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, 0x0, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x94) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r5, &(0x7f0000000080)='X', 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r6, 0x0, 0x482, &(0x7f0000000740)=""/60, &(0x7f0000000780)=0x3c) setsockopt$IP_VS_SO_SET_STOPDAEMON(r6, 0x0, 0x48c, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xe) setsockopt$SO_TIMESTAMP(r5, 0x1, 0x4b, &(0x7f0000000040)=0x5, 0x4) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r3, 0x29, 0x37, &(0x7f0000003f80)={0x0, 0x33, '\x00', [@enc_lim={0x4, 0x1, 0xb}, @generic={0x0, 0xf6, "542fd60b9a977945178604f382592c7e1d977e76bd38f6514e6ab2001dd1202666a7e709131b0af162a89d0c7414fc511bc1d65b050c6712af57255d64bfc03ed171645b01dc4279eb3b82cb7df55f4a5282760d3dfdf50ea389e3b09967a1155a9b8e32efdba9bd9e6b325de1dcd3dacca5c96c02206fe395738c6ddf9028dc7e95beff2ace11d267ecdea7cf0858a8b8ea1074c0cd725191b848a08a86a12601a3e0069cde857da6dc49e4230fd78e4c20b33981ac59179e77ad75a5f7b858a0e09d7bd78a5722b9e4c39136055fc8a23ab477e40d0d0412f3922d2370de87ca24c1f511c0e318b3f726199d1d6bec0d1bd546fb07"}, @generic={0xc, 0xa0, "607fe6f6e1f63033b08877d69e759f7f6afe3718f6772583b65ded073bb443d8f856c7cfba2941afb5c576d8c3714b8be7f606cb10958fcd33aa5ad491c3619e039de432417416cd8236cc795887d8bc3282e16c387a053ad254b1b975b2b957e68ab6694c4c1b27fb2e92e65fcbe42b0dc1c40fc952125ad56b0b45b14cf389f597f086bddda2afc710b9e6e3d46b2a30bb11a18e3ba32d1aaa523c1b82fb20"}]}, 0x1a8) shutdown(r5, 0x1) recvmmsg(r5, &(0x7f0000003e80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=""/27, 0x1b}, 0x3}, {{&(0x7f00000008c0)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000000bc0)=""/227, 0xe3}, {&(0x7f0000000700)=""/32, 0x20}, {&(0x7f0000000940)=""/37, 0x25}, {&(0x7f0000000cc0)=""/202, 0xca}, {&(0x7f0000000dc0)=""/84, 0x54}, {&(0x7f0000000e40)=""/194, 0xc2}, {&(0x7f0000000f40)=""/123, 0x7b}], 0x7, &(0x7f0000000980)}, 0xb}, {{&(0x7f0000001040)=@x25, 0x80, &(0x7f0000002740)=[{&(0x7f00000010c0)=""/92, 0x5c}, {&(0x7f0000001140)=""/182, 0xb6}, {&(0x7f0000001200)=""/74, 0x4a}, {&(0x7f0000001280)=""/124, 0x7c}, {&(0x7f0000001480)=""/218, 0xda}, {&(0x7f0000001300)=""/47, 0x2f}, {&(0x7f0000001340)=""/4, 0x4}, {&(0x7f0000001580)=""/203, 0xcb}, {&(0x7f0000001680)=""/4096, 0x1000}, {&(0x7f0000002680)=""/135, 0x87}], 0xa, &(0x7f0000002800)=""/122, 0x7a}, 0x8}, {{&(0x7f0000002880)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000002dc0)=[{&(0x7f0000002900)=""/111, 0x6f}, {&(0x7f0000002980)=""/92, 0x5c}, {&(0x7f0000000980)=""/38, 0x26}, {&(0x7f0000002a00)}, {&(0x7f0000002a40)=""/68, 0x44}, {&(0x7f0000002ac0)=""/140, 0x8c}, {&(0x7f0000002b80)=""/67, 0x43}, {&(0x7f0000002c00)=""/182, 0xb6}, {&(0x7f0000002cc0)=""/167, 0xa7}, {&(0x7f0000002d80)=""/25, 0x19}], 0xa, &(0x7f0000002e80)=""/4096, 0x1000}, 0x40}], 0x4, 0x60, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) sendmsg$inet(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000340)="8aa58a822a99316de9df3d068d9611175596103148b7ebc03fc4", 0x1a}, {&(0x7f00000007c0)="5c1ba9ae819b1f06fed62c346413280a45ffaf18db8766012dfa73b5a315171e41c9dcdb241dd670e2ebbb54c3e43b54137af04033d2615a8192ec4d4aac55bce5bf39de966029889094f709449ec78256bd92fb9fc35a42b9f52a2d05664642bb103e12d762b77323659210c05606dba23b3a9f9fdfe9cee37def9e9b950d3e6e9f19372417f6721ffff839f26859b2376985c8f50d06018d32aae12db8851e3a0f2d275218f6b432", 0xa9}], 0x2, &(0x7f0000000a40)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0xff}}, @ip_retopts={{0x5c, 0x0, 0x7, {[@timestamp={0x44, 0x14, 0xa8, 0x0, 0x2, [0x4, 0x3, 0x8, 0x6b22]}, @end, @rr={0x7, 0x1b, 0xb7, [@remote, @remote, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, @local, @loopback]}, @timestamp={0x44, 0x8, 0xa7, 0x0, 0x0, [0x80000000]}, @ssrr={0x89, 0x13, 0x76, [@multicast2, @multicast1, @loopback, @rand_addr=0x64010101]}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x100}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x7}}, @ip_ttl={{0x14, 0x0, 0x2, 0x2}}, @ip_retopts={{0x7c, 0x0, 0x7, {[@ssrr={0x89, 0x17, 0x15, [@dev={0xac, 0x14, 0x14, 0x28}, @private=0xa010102, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010100]}, @rr={0x7, 0x17, 0x21, [@private=0xa010101, @loopback, @dev={0xac, 0x14, 0x14, 0x38}, @loopback, @empty]}, @ssrr={0x89, 0xf, 0x5d, [@dev={0xac, 0x14, 0x14, 0x16}, @dev={0xac, 0x14, 0x14, 0x24}, @private=0xa010101]}, @ssrr={0x89, 0xb, 0x3c, [@dev={0xac, 0x14, 0x14, 0x13}, @private=0xa010101]}, @rr={0x7, 0x7, 0xe4, [@remote]}, @rr={0x7, 0xb, 0x56, [@remote, @empty]}, @generic={0x44, 0x11, "2d237256678c9908de920ccf3b785e"}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xf0}}], 0x158}, 0x4010) syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r1) 1.681282034s ago: executing program 0 (id=1842): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0xf5}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x3c}}, 0x0) 1.588664952s ago: executing program 0 (id=1843): r0 = socket(0x15, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x2711, &(0x7f0000005ec0)=""/102394, &(0x7f0000000040)=0x18ffa) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f000062d000/0x1000)=nil, 0x7fffdf9d2000, 0x0, 0x28011, r1, 0x0) 1.588023099s ago: executing program 2 (id=1844): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x8, 0x0, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x29) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0xb0ffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 1.424383019s ago: executing program 2 (id=1846): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x2000, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0xfffffffd, 0x0, 0x1, 0x1}}, 0xb8}}, 0x0) 1.403794053s ago: executing program 2 (id=1847): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x29}]}, @NFT_MSG_NEWSETELEM={0x68, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x3c, 0x3, 0x0, 0x1, [{0x38, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x34, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x2d, 0x1, "fefe807eb37bc2a7a6110a370abbe10adf32aa848edc90232d4665de2ae1583b710c20da833679ebe6"}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xec}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000001a0001000000000000000a0080202000", @ANYRES32=0x0, @ANYRESOCT=0x0], 0x38}, 0x1, 0x0, 0x0, 0x4084}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) unshare(0x20000400) epoll_create1(0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_udplite(0xa, 0x2, 0x88) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) sendmmsg(r2, &(0x7f0000002e40)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000280)="d64137f5f65c", 0x6}], 0x1}}], 0x1, 0x4004000) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x304}, "1ea980082618005a", "08e23c66b215aa40bd17d20434f30b04ca265ae2524156cfbcef4e98a5460f32", "d9a50f98", "5fca7c1d20d74129"}, 0x38) socket$inet_smc(0x2b, 0x1, 0x0) pselect6(0x40, &(0x7f0000000440)={0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0xffff}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x2}, 0x0, 0x0) r3 = socket(0x5, 0x2, 0xa) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r4, &(0x7f0000004280)=ANY=[@ANYBLOB="000086dd000411000400000000006eec00be11542f0100000000000000000000ffff64010102ff020000000000000000000000000001870c04064020e32900000000000000000000000000000001fc02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000"], 0x118a) getsockopt$nfc_llcp(r3, 0x110, 0x6, 0x0, 0x20000000) 1.063444032s ago: executing program 3 (id=1850): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_DEL_TX_TS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="080029bd7000fcdbdf256a0000000c009900ab060000250000000a00060008021100000100000a000600ffffffffffff00000a0006000802110000000000344c85dae31c9576df4d5057043e8f1f02b3f7704d9b233ee63f7a0d1185e7678bb682397e9e9261cf7dab489049cfff1c632f050502d37f03572089104e5c4369c34fa6e53fe34a651202c234bd9158ff763cc81be1dc688ab6da029f69fb607396de519707ebe7eecd74b320895e5878b0e839931fc9a8f3da"], 0x44}, 0x1, 0x0, 0x0, 0x20000001}, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) (async) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) r2 = socket$kcm(0xa, 0x3, 0x3a) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x5e, 0xa, 0xa, 0x0, 0x0, 0x61, 0x10, 0xa0}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async) sendmsg$kcm(r2, &(0x7f0000000440)={&(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x0, @dev, 0x7}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="a090", 0x2}], 0x1}, 0xd0a0) (async) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="dc0000000104358e7d824a1dbcbf1bb5c8010200"], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4, @multicast2}, 0x10) (async) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in, 0x0, 0x33}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) 856.124862ms ago: executing program 0 (id=1851): pipe(&(0x7f0000000100)) r0 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$inet_sctp(0x2, 0x1, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48) socket$inet6(0xa, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket(0x10, 0x803, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_COALESCE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f) socket$nl_netfilter(0x10, 0x3, 0xc) socket$pppoe(0x18, 0x1, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) socket$kcm(0x2, 0x3, 0x84) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r2, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r3], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r2, {0xffe0}, {}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x39, 0x1}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4004140}, 0x0) 702.195511ms ago: executing program 4 (id=1852): r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f0000000000), 0x4) ioctl$sock_proto_private(r0, 0x89e0, &(0x7f0000001080)) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x78, 0x20, 0x2, 0x0, 0x0, {0x1d, 0xd601, 0x9}, [@nested={0x3f, 0x12, 0x0, 0x1, [@generic="d09178d2da3477ec73a38ffffcd82caf103bc848e79022290bd6c0375f437b167f431ad2c8e129e835688cf370555aa8c6dffe261622b114299d6f"]}, @nested={0x24, 0x6, 0x0, 0x1, [@nested={0x14, 0x60, 0x0, 0x1, [@generic="0de0ab3cc017e145c924184708e3c7b7"]}, @typed={0xc, 0x6b, 0x0, 0x0, @u64=0x3}]}]}, 0x78}}, 0x0) 701.512644ms ago: executing program 0 (id=1853): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x16a}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x2f, 0x8, 0x6, 0xbce, 0x23, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, 0x8000, 0x8000, 0x1, 0x1ff}}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'syztnl2\x00', &(0x7f0000000240)={'syztnl2\x00', r2, 0x2f, 0x4, 0x21, 0x0, 0x4, @empty, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x8000, 0x8000, 0x4, 0xa4}}) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x68}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$kcm(0xa, 0x2, 0x0) sendmsg$sock(r3, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @remote}, 0x80, 0x0, 0x0, &(0x7f0000000100)=[@txtime={{0x18, 0x1, 0x3d, 0xe}}], 0x18}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@getsa={0x28, 0x12, 0x1, 0x0, 0x0, {@in=@remote, 0x0, 0x0, 0x6c}}, 0x28}}, 0x0) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xb) r9 = socket(0x10, 0x3, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r10, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x68, 0x1, 0x4, 0x301, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x6}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x1}, @NFULA_CFG_CMD={0x5, 0x1, 0x2}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x5}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x3}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x65}, @NFULA_CFG_MODE={0xa, 0x2, {0xd, 0x1}}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0xa40b}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0xa2}]}, 0x68}, 0x1, 0x0, 0x0, 0x4e2dc7bde226db40}, 0x20004000) sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0x6101, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5fd5f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r8}]}, 0x3c}}, 0x0) 576.386085ms ago: executing program 3 (id=1854): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c00000015000100000000000000600005000000", @ANYRES16=r0], 0x1c}, 0x1, 0x0, 0x0, 0x4000810}, 0x0) 576.100327ms ago: executing program 4 (id=1855): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="ff28e14b35030000", @ANYRES16=r1, @ANYBLOB="010028bd7000ffdbdf258100000008000300", @ANYRES32=r3, @ANYBLOB="0c009900e2070000740000000a00060008021100000100000a0006000802110000010000060066006388000022003300a0a801000802110000010802110000010802110000014301100083c02800000034003300a0a80d00ffffffffffff0802110000005050505050504a0000004d011a008c10010fa2f84972c9b770d42aaa6bf93f7404006700"], 0xa4}, 0x1, 0x0, 0x0, 0x40010}, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="1500000001000000", @ANYRESOCT], 0x20) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x58, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x2a, 0x33, @action={{{}, {}, @broadcast, @device_b}, @ext_ch_sw={0x4, 0x4, {{}, @val={0x76, 0x6, {0x4, 0x5, 0x19, 0x3}}}}}}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}]]}, 0x58}}, 0x0) 560.892389ms ago: executing program 1 (id=1856): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x34, r1, 0x1, 0x2000000, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x20, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x34}}, 0x4000000) 487.203711ms ago: executing program 4 (id=1857): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r0, 0x2000012, 0x0, 0x0, 0x0, 0x0, 0x7ffe, 0x0, 0x0, 0xeff, 0x0, 0x0}, 0x50) 404.321826ms ago: executing program 1 (id=1858): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@newtaction={0x98, 0x30, 0xffff, 0x0, 0x0, {}, [{0x84, 0x1, [@m_police={0x38, 0x1, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [[@TCA_POLICE_RESULT={0x8, 0x5, 0x2}]]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x2}}]}, {0x4}, {0xc, 0x3}, {0xc}}}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x14810}, 0x0) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0xb}], 0x1c) sendto$inet6(r4, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) shutdown(r4, 0x1) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000000080)={r6, 0x3}, 0x8) r7 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r7, 0x89f0, &(0x7f00000004c0)={'ip6gre0\x00', &(0x7f0000000280)={'ip6tnl0\x00', 0x0, 0x2f, 0x7, 0x3, 0x89, 0x4f, @private2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x20, 0x7, 0xfffffbb0, 0x4}}) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4ad192745c9744f447ee84c86a7d11b98b08855a6cf14dd71d757c800a606d9cc3bb7c3ed5514c41f0e57b85748a80e1434ed8572afbf7ccad1014", @ANYRES16=r2, @ANYBLOB="230e27bd7000ffdbdf250200000008000100", @ANYRES32=r3, @ANYBLOB="04000280"], 0x20}}, 0x80) 394.927059ms ago: executing program 3 (id=1859): r0 = socket$nl_rdma(0x10, 0x3, 0x14) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x61, 0x10, 0x48}, [@ldst={0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x0, 0x10, &(0x7f0000000080), 0xffffffffffffffb2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="180000001014010000000000000000e407004b"], 0x18}}, 0x0) 385.159452ms ago: executing program 4 (id=1860): r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r1, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000840)={0x18, r0, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x4}]}, 0x18}}, 0x8000) 280.34983ms ago: executing program 3 (id=1861): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff}) splice(r1, &(0x7f0000000040)=0x6a, r0, 0x0, 0x7fffffffffffffff, 0xa) 275.893889ms ago: executing program 2 (id=1862): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)={0x30, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x2}]}, 0x30}}, 0x0) 249.704567ms ago: executing program 4 (id=1863): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000002c0)={0x30, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x30}}, 0x0) 188.341295ms ago: executing program 3 (id=1864): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r4}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) 116.908028ms ago: executing program 2 (id=1865): mmap(&(0x7f0000b75000/0x4000)=nil, 0x4000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000011c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000001200)={0x1d, r3}, 0x18) connect$can_j1939(r2, &(0x7f0000000080)={0x1d, r3}, 0x18) writev(r2, &(0x7f0000000240)=[{&(0x7f0000000000)='h', 0xfdef}], 0x1) setsockopt$SO_J1939_FILTER(r2, 0x6b, 0x1, &(0x7f0000000100)=[{0x0, 0x7, {0x2, 0xff, 0x3}, {0x1, 0x0, 0x1}, 0xff, 0x1}, {0x3, 0x3, {0x1, 0xf0, 0x4}, {0x0, 0x1}, 0xfd, 0xff}, {0x2, 0x0, {0x0, 0xf0, 0x3}, {0x2, 0xff, 0x3}, 0x0, 0xfe}], 0x60) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@getchain={0x24, 0x11, 0x839, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 84.150596ms ago: executing program 1 (id=1866): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001ac0)={0x5c, r2, 0x5, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_b}, 0x0, @random=0x6, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x5c}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x44, r5, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5}, 0x0) 28.47329ms ago: executing program 4 (id=1867): r0 = socket$rds(0x15, 0x5, 0x0) unshare(0x20040600) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f0000000000)=ANY=[@ANYBLOB="030036"], 0x4) 0s ago: executing program 3 (id=1868): socket$alg(0x26, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r1, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x808) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) bind$netlink(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="08002600ad1600004000330010000000080211000000080211000000080211000001000000000000010001002d1a40000b0000000000000000040003000b0000000600500000000304006c"], 0x68}}, 0x0) kernel console output (not intermixed with test programs): ][ T7888] netlink: 12 bytes leftover after parsing attributes in process `syz.2.692'. [ 120.508120][ T7890] netlink: 4 bytes leftover after parsing attributes in process `syz.1.693'. [ 120.570584][ T7892] ip6t_rpfilter: unknown options [ 120.590733][ T7890] team_slave_0: entered promiscuous mode [ 120.596515][ T7890] team_slave_1: entered promiscuous mode [ 120.637539][ T7890] macvtap1: entered promiscuous mode [ 120.642919][ T7890] netpci0: entered promiscuous mode [ 120.672328][ T7890] macvtap1: entered allmulticast mode [ 120.692432][ T7890] netpci0: entered allmulticast mode [ 120.702724][ T7890] team_slave_0: entered allmulticast mode [ 120.716487][ T7890] team_slave_1: entered allmulticast mode [ 120.723584][ T7890] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 120.743797][ T7899] netlink: 12 bytes leftover after parsing attributes in process `syz.4.695'. [ 120.753354][ T7894] netpci0: left allmulticast mode [ 120.765435][ T7894] team_slave_0: left allmulticast mode [ 120.771230][ T7894] team_slave_1: left allmulticast mode [ 120.776904][ T7894] netpci0: left promiscuous mode [ 120.782751][ T7894] team_slave_0: left promiscuous mode [ 120.788501][ T7894] team_slave_1: left promiscuous mode [ 120.980647][ T7907] netlink: 'syz.1.699': attribute type 2 has an invalid length. [ 121.005357][ T7907] netlink: 'syz.1.699': attribute type 8 has an invalid length. [ 121.027036][ T7907] netlink: 198328 bytes leftover after parsing attributes in process `syz.1.699'. [ 121.239307][ T7914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.700'. [ 121.268005][ T7914] netlink: 152 bytes leftover after parsing attributes in process `syz.0.700'. [ 121.662090][ T7920] delete_channel: no stack [ 121.687415][ T7920] batadv_slave_1: entered promiscuous mode [ 121.708505][ T7920] batadv_slave_1: left promiscuous mode [ 121.744717][ T7922] pim6reg: entered allmulticast mode [ 121.756038][ T7922] pim6reg: left allmulticast mode [ 122.095464][ T7931] netlink: 12 bytes leftover after parsing attributes in process `syz.4.707'. [ 122.266236][ T7943] ip6t_rpfilter: unknown options [ 122.554878][ T7960] netlink: 8 bytes leftover after parsing attributes in process `syz.2.720'. [ 122.567996][ T7960] veth1_to_bridge: entered promiscuous mode [ 122.667163][ T7966] xt_CT: You must specify a L4 protocol and not use inversions on it [ 122.751403][ T7956] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 122.789619][ T7976] netlink: 8 bytes leftover after parsing attributes in process `syz.1.723'. [ 122.802453][ T7978] rdma_op ffff8880615b11f0 conn xmit_rdma 0000000000000000 [ 122.871801][ T7980] rdma_op ffff88805eafb9f0 conn xmit_rdma 0000000000000000 [ 123.024554][ T7987] netlink: 'syz.3.727': attribute type 11 has an invalid length. [ 123.416722][ T8004] delete_channel: no stack [ 123.732964][ T8026] rdma_op ffff88807e9099f0 conn xmit_rdma 0000000000000000 [ 124.027671][ T8050] team0: Device wg2 is of different type [ 124.056144][ T8048] macvtap2: entered promiscuous mode [ 124.061647][ T8048] macvtap2: entered allmulticast mode [ 124.068095][ T8048] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 124.160068][ T8055] FAULT_INJECTION: forcing a failure. [ 124.160068][ T8055] name failslab, interval 1, probability 0, space 0, times 0 [ 124.173745][ T8055] CPU: 1 UID: 0 PID: 8055 Comm: syz.0.751 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 124.184397][ T8055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 124.194505][ T8055] Call Trace: [ 124.197819][ T8055] [ 124.200785][ T8055] dump_stack_lvl+0x241/0x360 [ 124.205514][ T8055] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.210754][ T8055] ? __pfx__printk+0x10/0x10 [ 124.215487][ T8055] should_fail_ex+0x3b0/0x4e0 [ 124.220210][ T8055] should_failslab+0xac/0x100 [ 124.224928][ T8055] ? sctp_add_bind_addr+0x89/0x3a0 [ 124.230083][ T8055] __kmalloc_cache_noprof+0x6c/0x2c0 [ 124.235421][ T8055] sctp_add_bind_addr+0x89/0x3a0 [ 124.240395][ T8055] sctp_copy_local_addr_list+0x311/0x500 [ 124.246084][ T8055] ? sctp_copy_local_addr_list+0xab/0x500 [ 124.251844][ T8055] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 124.258038][ T8055] ? sctp_association_new+0x17c3/0x2400 [ 124.263628][ T8055] ? sctp_v6_is_any+0x60/0x70 [ 124.268358][ T8055] sctp_bind_addr_copy+0xad/0x3b0 [ 124.273433][ T8055] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 124.279826][ T8055] sctp_connect_new_asoc+0x2f3/0x6c0 [ 124.285158][ T8055] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 124.291005][ T8055] ? sctp_inet6_send_verify+0xbe/0x310 [ 124.296484][ T8055] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 124.302353][ T8055] __sctp_connect+0x66d/0xe30 [ 124.307072][ T8055] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 124.313075][ T8055] ? __pfx___sctp_connect+0x10/0x10 [ 124.318302][ T8055] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 124.324686][ T8055] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 124.330272][ T8055] sctp_setsockopt_connectx+0x181/0x2a0 [ 124.335855][ T8055] ? __pfx_sctp_setsockopt_connectx+0x10/0x10 [ 124.341945][ T8055] ? do_raw_spin_unlock+0x13c/0x8b0 [ 124.347175][ T8055] sctp_setsockopt+0x709/0x11c0 [ 124.352050][ T8055] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 124.357958][ T8055] do_sock_setsockopt+0x3af/0x720 [ 124.363012][ T8055] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 124.368596][ T8055] ? __fget_files+0x29/0x470 [ 124.373202][ T8055] ? __fget_files+0x3f3/0x470 [ 124.377895][ T8055] ? __fget_files+0x29/0x470 [ 124.382513][ T8055] __sys_setsockopt+0x1a2/0x250 [ 124.387390][ T8055] __x64_sys_setsockopt+0xb5/0xd0 [ 124.392433][ T8055] do_syscall_64+0xf3/0x230 [ 124.396953][ T8055] ? clear_bhb_loop+0x35/0x90 [ 124.401652][ T8055] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.407560][ T8055] RIP: 0033:0x7fb9fad7e759 [ 124.412002][ T8055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.431647][ T8055] RSP: 002b:00007fb9fbbcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 124.440077][ T8055] RAX: ffffffffffffffda RBX: 00007fb9faf35f80 RCX: 00007fb9fad7e759 [ 124.448068][ T8055] RDX: 000000000000006e RSI: 0000000000000084 RDI: 0000000000000003 [ 124.456047][ T8055] RBP: 00007fb9fbbcf090 R08: 0000000000000038 R09: 0000000000000000 [ 124.464045][ T8055] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000002 [ 124.472047][ T8055] R13: 0000000000000000 R14: 00007fb9faf35f80 R15: 00007fff6e231eb8 [ 124.480042][ T8055] [ 124.871568][ T8061] netlink: 'syz.0.752': attribute type 4 has an invalid length. [ 125.040300][ T8053] __nla_validate_parse: 7 callbacks suppressed [ 125.040320][ T8053] netlink: 8 bytes leftover after parsing attributes in process `syz.1.750'. [ 125.320161][ T8081] netlink: 4 bytes leftover after parsing attributes in process `syz.0.757'. [ 125.421474][ T8085] netlink: 68 bytes leftover after parsing attributes in process `syz.4.756'. [ 125.649515][ T8089] netlink: 'syz.2.760': attribute type 10 has an invalid length. [ 125.686714][ T8089] team0: Device ipvlan1 failed to register rx_handler [ 126.047829][ T8114] netlink: 20 bytes leftover after parsing attributes in process `syz.3.768'. [ 126.151882][ T8121] x_tables: ip6_tables: SNPT target: used from hooks PREROUTING, but only usable from INPUT/POSTROUTING [ 126.175909][ T8120] netlink: 4 bytes leftover after parsing attributes in process `syz.2.771'. [ 126.344883][ T8131] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 126.352664][ T8131] macsec1: entered promiscuous mode [ 126.373074][ T8131] mac80211_hwsim hwsim4 wlan0: left promiscuous mode [ 126.424999][ T8135] netlink: 4 bytes leftover after parsing attributes in process `syz.2.777'. [ 126.443504][ T8135] macvtap3: entered promiscuous mode [ 126.450208][ T8135] macvtap3: entered allmulticast mode [ 126.457178][ T8135] 8021q: adding VLAN 0 to HW filter on device macvtap3 [ 126.474728][ T8091] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 126.666723][ T8142] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 126.701712][ T8146] netlink: 'syz.0.779': attribute type 11 has an invalid length. [ 127.095642][ T8164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.789'. [ 127.126271][ T8166] netlink: 'syz.3.790': attribute type 1 has an invalid length. [ 127.189498][ T8166] 8021q: adding VLAN 0 to HW filter on device bond1 [ 127.221701][ T8166] bond0: (slave bond1): making interface the new active one [ 127.232928][ T8166] bond0: (slave bond1): Enslaving as an active interface with an up link [ 127.392743][ T8180] FAULT_INJECTION: forcing a failure. [ 127.392743][ T8180] name failslab, interval 1, probability 0, space 0, times 0 [ 127.431675][ T8180] CPU: 0 UID: 0 PID: 8180 Comm: syz.3.796 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 127.442446][ T8180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 127.452536][ T8180] Call Trace: [ 127.455842][ T8180] [ 127.458802][ T8180] dump_stack_lvl+0x241/0x360 [ 127.463523][ T8180] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.468769][ T8180] ? __pfx__printk+0x10/0x10 [ 127.473402][ T8180] ? __kmalloc_noprof+0xb0/0x400 [ 127.478397][ T8180] ? __pfx___might_resched+0x10/0x10 [ 127.483745][ T8180] should_fail_ex+0x3b0/0x4e0 [ 127.488465][ T8180] ? sock_kmalloc+0xd7/0x160 [ 127.493093][ T8180] should_failslab+0xac/0x100 [ 127.497817][ T8180] ? sock_kmalloc+0xd7/0x160 [ 127.502441][ T8180] __kmalloc_noprof+0xd8/0x400 [ 127.507238][ T8180] ? __might_fault+0xaa/0x120 [ 127.511963][ T8180] sock_kmalloc+0xd7/0x160 [ 127.516438][ T8180] ____sys_sendmsg+0x216/0x7e0 [ 127.521260][ T8180] ? __pfx_____sys_sendmsg+0x10/0x10 [ 127.526612][ T8180] __sys_sendmmsg+0x3ab/0x730 [ 127.531352][ T8180] ? __pfx___sys_sendmmsg+0x10/0x10 [ 127.536610][ T8180] ? __pfx_lock_release+0x10/0x10 [ 127.541685][ T8180] ? kstrtouint_from_user+0x128/0x190 [ 127.547091][ T8180] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 127.552994][ T8180] ? ksys_write+0x229/0x2b0 [ 127.557503][ T8180] ? __pfx_lock_release+0x10/0x10 [ 127.562549][ T8180] ? vfs_write+0x730/0xd30 [ 127.566971][ T8180] ? __mutex_unlock_slowpath+0x21d/0x750 [ 127.572621][ T8180] ? __fget_files+0x3f3/0x470 [ 127.577315][ T8180] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 127.583318][ T8180] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 127.589672][ T8180] ? do_syscall_64+0x100/0x230 [ 127.594451][ T8180] __x64_sys_sendmmsg+0xa0/0xb0 [ 127.599333][ T8180] do_syscall_64+0xf3/0x230 [ 127.603849][ T8180] ? clear_bhb_loop+0x35/0x90 [ 127.608540][ T8180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.614530][ T8180] RIP: 0033:0x7fd55677e759 [ 127.618956][ T8180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.638579][ T8180] RSP: 002b:00007fd557516038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 127.647020][ T8180] RAX: ffffffffffffffda RBX: 00007fd556935f80 RCX: 00007fd55677e759 [ 127.655016][ T8180] RDX: 0000000000000001 RSI: 0000000020002480 RDI: 0000000000000003 [ 127.662985][ T8180] RBP: 00007fd557516090 R08: 0000000000000000 R09: 0000000000000000 [ 127.671028][ T8180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 127.679109][ T8180] R13: 0000000000000000 R14: 00007fd556935f80 R15: 00007ffe2fc86ed8 [ 127.687107][ T8180] [ 127.731411][ T8174] netlink: 'syz.1.793': attribute type 7 has an invalid length. [ 127.830405][ T8189] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.799'. [ 127.875517][ T8189] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.799'. [ 127.948174][ T8195] pim6reg: entered allmulticast mode [ 127.988749][ T8195] pim6reg: left allmulticast mode [ 128.231563][ T8210] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 128.262144][ T8210] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 128.601518][ T8234] netlink: 8 bytes leftover after parsing attributes in process `syz.2.813'. [ 128.636909][ T8236] tc_dump_action: action bad kind [ 128.883649][ T8250] pim6reg: entered allmulticast mode [ 128.909529][ T8250] pim6reg: left allmulticast mode [ 129.465679][ T8271] netlink: 'syz.2.827': attribute type 11 has an invalid length. [ 129.771149][ T8287] lo: entered allmulticast mode [ 130.043478][ T8293] FAULT_INJECTION: forcing a failure. [ 130.043478][ T8293] name failslab, interval 1, probability 0, space 0, times 0 [ 130.066248][ T8293] CPU: 1 UID: 0 PID: 8293 Comm: syz.1.833 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 130.076944][ T8293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 130.087044][ T8293] Call Trace: [ 130.090354][ T8293] [ 130.093316][ T8293] dump_stack_lvl+0x241/0x360 [ 130.098053][ T8293] ? __pfx_dump_stack_lvl+0x10/0x10 [ 130.103301][ T8293] ? __pfx__printk+0x10/0x10 [ 130.107930][ T8293] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 130.113448][ T8293] ? __pfx___might_resched+0x10/0x10 [ 130.118788][ T8293] should_fail_ex+0x3b0/0x4e0 [ 130.123504][ T8293] should_failslab+0xac/0x100 [ 130.128225][ T8293] ? nf_tables_newtable+0x52c/0x1e40 [ 130.133557][ T8293] __kmalloc_cache_noprof+0x6c/0x2c0 [ 130.138979][ T8293] ? nft_pernet+0x23/0x240 [ 130.143448][ T8293] nf_tables_newtable+0x52c/0x1e40 [ 130.148606][ T8293] ? nfnl_pernet+0x23/0x240 [ 130.153155][ T8293] ? __pfx_nf_tables_newtable+0x10/0x10 [ 130.158765][ T8293] ? __nla_parse+0x40/0x60 [ 130.163247][ T8293] nfnetlink_rcv+0x14e3/0x2ab0 [ 130.168093][ T8293] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 130.173311][ T8293] ? netlink_deliver_tap+0x2e/0x1b0 [ 130.178552][ T8293] ? skb_clone+0x240/0x390 [ 130.182985][ T8293] ? __pfx_lock_release+0x10/0x10 [ 130.188042][ T8293] ? netlink_deliver_tap+0x2e/0x1b0 [ 130.193264][ T8293] netlink_unicast+0x7f6/0x990 [ 130.198055][ T8293] ? __pfx_netlink_unicast+0x10/0x10 [ 130.203359][ T8293] ? __virt_addr_valid+0x183/0x530 [ 130.208486][ T8293] ? __check_object_size+0x48e/0x900 [ 130.213786][ T8293] netlink_sendmsg+0x8e4/0xcb0 [ 130.218578][ T8293] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.223896][ T8293] ? aa_sock_msg_perm+0x91/0x160 [ 130.228889][ T8293] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.234207][ T8293] __sock_sendmsg+0x221/0x270 [ 130.238913][ T8293] ____sys_sendmsg+0x52a/0x7e0 [ 130.243700][ T8293] ? __pfx_____sys_sendmsg+0x10/0x10 [ 130.249029][ T8293] __sys_sendmsg+0x292/0x380 [ 130.253637][ T8293] ? __pfx___sys_sendmsg+0x10/0x10 [ 130.258770][ T8293] ? __pfx_vfs_write+0x10/0x10 [ 130.263568][ T8293] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 130.269904][ T8293] ? do_syscall_64+0x100/0x230 [ 130.274696][ T8293] ? do_syscall_64+0xb6/0x230 [ 130.279384][ T8293] do_syscall_64+0xf3/0x230 [ 130.283900][ T8293] ? clear_bhb_loop+0x35/0x90 [ 130.288591][ T8293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.294495][ T8293] RIP: 0033:0x7f9b0d97e759 [ 130.298914][ T8293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.318538][ T8293] RSP: 002b:00007f9b0e693038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 130.327067][ T8293] RAX: ffffffffffffffda RBX: 00007f9b0db35f80 RCX: 00007f9b0d97e759 [ 130.335055][ T8293] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 130.343031][ T8293] RBP: 00007f9b0e693090 R08: 0000000000000000 R09: 0000000000000000 [ 130.351035][ T8293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.359028][ T8293] R13: 0000000000000000 R14: 00007f9b0db35f80 R15: 00007ffec76166c8 [ 130.368243][ T8293] [ 130.835329][ T8312] netlink: 4 bytes leftover after parsing attributes in process `syz.1.839'. [ 130.979865][ T8318] FAULT_INJECTION: forcing a failure. [ 130.979865][ T8318] name failslab, interval 1, probability 0, space 0, times 0 [ 131.015994][ T8318] CPU: 1 UID: 0 PID: 8318 Comm: syz.2.842 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 131.026664][ T8318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 131.036759][ T8318] Call Trace: [ 131.040073][ T8318] [ 131.043042][ T8318] dump_stack_lvl+0x241/0x360 [ 131.047768][ T8318] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.053012][ T8318] ? __pfx__printk+0x10/0x10 [ 131.057667][ T8318] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 131.063698][ T8318] ? __pfx___might_resched+0x10/0x10 [ 131.069036][ T8318] should_fail_ex+0x3b0/0x4e0 [ 131.073762][ T8318] should_failslab+0xac/0x100 [ 131.078482][ T8318] ? __alloc_skb+0x1c3/0x440 [ 131.083110][ T8318] kmem_cache_alloc_node_noprof+0x71/0x320 [ 131.088953][ T8318] __alloc_skb+0x1c3/0x440 [ 131.093389][ T8318] ? validate_chain+0x11e/0x5920 [ 131.098341][ T8318] ? __pfx___alloc_skb+0x10/0x10 [ 131.103321][ T8318] ? reacquire_held_locks+0x660/0x690 [ 131.109051][ T8318] ? mark_lock+0x9a/0x360 [ 131.113422][ T8318] alloc_skb_with_frags+0xc3/0x820 [ 131.118551][ T8318] ? aa_label_sk_perm+0x4f3/0x6c0 [ 131.123595][ T8318] sock_alloc_send_pskb+0x91a/0xa60 [ 131.129505][ T8318] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 131.135268][ T8318] hci_sock_sendmsg+0x22b/0x11c0 [ 131.140255][ T8318] ? __pfx_aa_sk_perm+0x10/0x10 [ 131.145139][ T8318] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 131.150533][ T8318] ? __pfx_aa_file_perm+0x10/0x10 [ 131.155573][ T8318] ? aa_sock_msg_perm+0x91/0x160 [ 131.160535][ T8318] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 131.165928][ T8318] __sock_sendmsg+0x221/0x270 [ 131.170633][ T8318] sock_write_iter+0x2d7/0x3f0 [ 131.175407][ T8318] ? __pfx_sock_write_iter+0x10/0x10 [ 131.180721][ T8318] ? bpf_lsm_file_permission+0x9/0x10 [ 131.186114][ T8318] ? security_file_permission+0x74/0x280 [ 131.191759][ T8318] vfs_write+0xaeb/0xd30 [ 131.196009][ T8318] ? __pfx_sock_write_iter+0x10/0x10 [ 131.201327][ T8318] ? __pfx_vfs_write+0x10/0x10 [ 131.206127][ T8318] ? fdget_pos+0x19a/0x320 [ 131.210560][ T8318] ksys_write+0x183/0x2b0 [ 131.214902][ T8318] ? __pfx_ksys_write+0x10/0x10 [ 131.219768][ T8318] ? do_syscall_64+0x100/0x230 [ 131.224562][ T8318] ? do_syscall_64+0xb6/0x230 [ 131.229251][ T8318] do_syscall_64+0xf3/0x230 [ 131.233762][ T8318] ? clear_bhb_loop+0x35/0x90 [ 131.238453][ T8318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.244357][ T8318] RIP: 0033:0x7f5c7757e759 [ 131.248777][ T8318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.268406][ T8318] RSP: 002b:00007f5c78426038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 131.276848][ T8318] RAX: ffffffffffffffda RBX: 00007f5c77735f80 RCX: 00007f5c7757e759 [ 131.284840][ T8318] RDX: 0000000000000007 RSI: 0000000020000340 RDI: 0000000000000004 [ 131.292828][ T8318] RBP: 00007f5c78426090 R08: 0000000000000000 R09: 0000000000000000 [ 131.300808][ T8318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.308811][ T8318] R13: 0000000000000000 R14: 00007f5c77735f80 R15: 00007ffcb911f028 [ 131.316806][ T8318] [ 131.356104][ T8321] netlink: 'syz.0.843': attribute type 2 has an invalid length. [ 131.390366][ T8322] ip6t_srh: unknown srh match flags 5294 [ 131.664356][ T8333] tipc: Started in network mode [ 131.693225][ T8333] tipc: Node identity 48c4, cluster identity 4711 [ 131.709821][ T8333] tipc: Node number set to 18628 [ 131.782022][ T8342] netlink: 12 bytes leftover after parsing attributes in process `syz.1.851'. [ 131.804530][ T8344] FAULT_INJECTION: forcing a failure. [ 131.804530][ T8344] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 131.820860][ T8344] CPU: 0 UID: 0 PID: 8344 Comm: syz.3.850 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 131.831515][ T8344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 131.841601][ T8344] Call Trace: [ 131.844913][ T8344] [ 131.847870][ T8344] dump_stack_lvl+0x241/0x360 [ 131.852578][ T8344] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.857799][ T8344] ? __pfx__printk+0x10/0x10 [ 131.862405][ T8344] ? __pfx_lock_release+0x10/0x10 [ 131.867451][ T8344] should_fail_ex+0x3b0/0x4e0 [ 131.872141][ T8344] _copy_from_iter+0x21f/0x1e70 [ 131.877009][ T8344] ? __virt_addr_valid+0x183/0x530 [ 131.882149][ T8344] ? __pfx_lock_release+0x10/0x10 [ 131.887191][ T8344] ? __alloc_skb+0x28f/0x440 [ 131.891812][ T8344] ? __pfx__copy_from_iter+0x10/0x10 [ 131.897220][ T8344] ? __virt_addr_valid+0x183/0x530 [ 131.902338][ T8344] ? __virt_addr_valid+0x183/0x530 [ 131.907457][ T8344] ? __virt_addr_valid+0x45f/0x530 [ 131.912577][ T8344] ? __check_object_size+0x48e/0x900 [ 131.917878][ T8344] netlink_sendmsg+0x73d/0xcb0 [ 131.922664][ T8344] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.927967][ T8344] ? aa_sock_msg_perm+0x91/0x160 [ 131.932919][ T8344] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.938239][ T8344] __sock_sendmsg+0x221/0x270 [ 131.942941][ T8344] ____sys_sendmsg+0x52a/0x7e0 [ 131.947736][ T8344] ? __pfx_____sys_sendmsg+0x10/0x10 [ 131.953056][ T8344] __sys_sendmsg+0x292/0x380 [ 131.957678][ T8344] ? __pfx___sys_sendmsg+0x10/0x10 [ 131.962818][ T8344] ? __pfx_vfs_write+0x10/0x10 [ 131.967644][ T8344] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 131.973990][ T8344] ? do_syscall_64+0x100/0x230 [ 131.978771][ T8344] ? do_syscall_64+0xb6/0x230 [ 131.983480][ T8344] do_syscall_64+0xf3/0x230 [ 131.987996][ T8344] ? clear_bhb_loop+0x35/0x90 [ 131.992687][ T8344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.998589][ T8344] RIP: 0033:0x7fd55677e759 [ 132.003030][ T8344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.022642][ T8344] RSP: 002b:00007fd557516038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 132.031073][ T8344] RAX: ffffffffffffffda RBX: 00007fd556935f80 RCX: 00007fd55677e759 [ 132.039073][ T8344] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 132.047050][ T8344] RBP: 00007fd557516090 R08: 0000000000000000 R09: 0000000000000000 [ 132.055021][ T8344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 132.063015][ T8344] R13: 0000000000000000 R14: 00007fd556935f80 R15: 00007ffe2fc86ed8 [ 132.071000][ T8344] [ 132.136695][ T8351] ip6t_rpfilter: unknown options [ 132.231624][ T8355] netlink: 4 bytes leftover after parsing attributes in process `syz.3.854'. [ 132.347895][ T8362] set match dimension is over the limit! [ 132.356954][ T8358] batman_adv: batadv0: Interface deactivated: dummy0 [ 132.363705][ T8358] batman_adv: batadv0: Removing interface: dummy0 [ 132.408674][ T8358] bond0: (slave netdevsim0): Releasing backup interface [ 132.424875][ T8367] netlink: 'syz.1.859': attribute type 1 has an invalid length. [ 132.453328][ T8369] netlink: 20 bytes leftover after parsing attributes in process `syz.0.855'. [ 132.495893][ T8358] team0: Port device bridge1 removed [ 132.526027][ T8365] netlink: 12 bytes leftover after parsing attributes in process `syz.3.858'. [ 132.559097][ T8365] netlink: 12 bytes leftover after parsing attributes in process `syz.3.858'. [ 132.628158][ T8367] 8021q: adding VLAN 0 to HW filter on device bond2 [ 132.651492][ T8371] pim6reg: entered allmulticast mode [ 132.722414][ T8372] 8021q: adding VLAN 0 to HW filter on device bond2 [ 132.746347][ T8372] bond2: (slave vcan1): The slave device specified does not support setting the MAC address [ 132.789509][ T8372] bond2: (slave vcan1): Error -95 calling set_mac_address [ 132.883831][ T8374] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 132.914625][ T8374] bond2: (slave batadv2): making interface the new active one [ 132.928327][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.934670][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.945060][ T8374] bond2: (slave batadv2): Enslaving as an active interface with an up link [ 132.954603][ T8362] pim6reg: left allmulticast mode [ 133.188912][ T8393] netlink: 'syz.2.865': attribute type 2 has an invalid length. [ 133.307322][ T8393] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.314920][ T8393] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.428794][ T8404] netlink: 12 bytes leftover after parsing attributes in process `syz.4.867'. [ 133.574049][ T8414] ip6t_rpfilter: unknown options [ 133.733281][ T8425] netlink: 60 bytes leftover after parsing attributes in process `syz.1.871'. [ 133.899194][ T8429] set match dimension is over the limit! [ 133.998370][ T8429] pim6reg: entered allmulticast mode [ 134.005071][ T8434] FAULT_INJECTION: forcing a failure. [ 134.005071][ T8434] name failslab, interval 1, probability 0, space 0, times 0 [ 134.047765][ T8434] CPU: 0 UID: 0 PID: 8434 Comm: syz.0.877 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 134.058433][ T8434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 134.068527][ T8434] Call Trace: [ 134.071848][ T8434] [ 134.074809][ T8434] dump_stack_lvl+0x241/0x360 [ 134.079535][ T8434] ? __pfx_dump_stack_lvl+0x10/0x10 [ 134.084773][ T8434] ? __pfx__printk+0x10/0x10 [ 134.089402][ T8434] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 134.095445][ T8434] ? __pfx___might_resched+0x10/0x10 [ 134.100787][ T8434] should_fail_ex+0x3b0/0x4e0 [ 134.105504][ T8434] should_failslab+0xac/0x100 [ 134.110215][ T8434] ? __alloc_skb+0x1c3/0x440 [ 134.114926][ T8434] kmem_cache_alloc_node_noprof+0x71/0x320 [ 134.120865][ T8434] __alloc_skb+0x1c3/0x440 [ 134.125329][ T8434] ? __pfx___alloc_skb+0x10/0x10 [ 134.130305][ T8434] ? netlink_autobind+0xd6/0x2f0 [ 134.135372][ T8434] ? netlink_autobind+0x2b0/0x2f0 [ 134.140443][ T8434] netlink_sendmsg+0x638/0xcb0 [ 134.145270][ T8434] ? __pfx_netlink_sendmsg+0x10/0x10 [ 134.150598][ T8434] ? aa_sock_msg_perm+0x91/0x160 [ 134.155575][ T8434] ? __pfx_netlink_sendmsg+0x10/0x10 [ 134.160908][ T8434] __sock_sendmsg+0x221/0x270 [ 134.165654][ T8434] ____sys_sendmsg+0x52a/0x7e0 [ 134.170531][ T8434] ? __pfx_____sys_sendmsg+0x10/0x10 [ 134.175843][ T8434] __sys_sendmsg+0x292/0x380 [ 134.180447][ T8434] ? __pfx___sys_sendmsg+0x10/0x10 [ 134.185595][ T8434] ? __pfx_vfs_write+0x10/0x10 [ 134.190387][ T8434] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 134.196738][ T8434] ? do_syscall_64+0x100/0x230 [ 134.201536][ T8434] ? do_syscall_64+0xb6/0x230 [ 134.206240][ T8434] do_syscall_64+0xf3/0x230 [ 134.210768][ T8434] ? clear_bhb_loop+0x35/0x90 [ 134.215470][ T8434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.221383][ T8434] RIP: 0033:0x7fb9fad7e759 [ 134.225808][ T8434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.245595][ T8434] RSP: 002b:00007fb9fbbcf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 134.254016][ T8434] RAX: ffffffffffffffda RBX: 00007fb9faf35f80 RCX: 00007fb9fad7e759 [ 134.261991][ T8434] RDX: 0000000000000000 RSI: 0000000020000d40 RDI: 0000000000000003 [ 134.269988][ T8434] RBP: 00007fb9fbbcf090 R08: 0000000000000000 R09: 0000000000000000 [ 134.277967][ T8434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 134.285945][ T8434] R13: 0000000000000000 R14: 00007fb9faf35f80 R15: 00007fff6e231eb8 [ 134.294020][ T8434] [ 134.390170][ T8429] pim6reg: left allmulticast mode [ 134.710042][ T8454] netlink: 12 bytes leftover after parsing attributes in process `syz.0.886'. [ 134.782407][ T8457] macsec1: entered promiscuous mode [ 134.800981][ T8459] netlink: 4 bytes leftover after parsing attributes in process `syz.3.889'. [ 134.823660][ T8461] ip6t_rpfilter: unknown options [ 135.059386][ T8473] set match dimension is over the limit! [ 135.088001][ T8473] pim6reg: entered allmulticast mode [ 135.113909][ T8473] pim6reg: left allmulticast mode [ 135.461049][ T8492] netlink: 'syz.4.900': attribute type 11 has an invalid length. [ 135.658660][ T8503] ip6t_rpfilter: unknown options [ 136.072860][ T8514] netlink: 'syz.4.906': attribute type 2 has an invalid length. [ 136.210895][ T8526] set match dimension is over the limit! [ 136.251182][ T8526] pim6reg: entered allmulticast mode [ 136.285447][ T8526] pim6reg: left allmulticast mode [ 136.419843][ T8542] __nla_validate_parse: 3 callbacks suppressed [ 136.419865][ T8542] netlink: 232 bytes leftover after parsing attributes in process `syz.0.913'. [ 136.476003][ T8542] netlink: 72 bytes leftover after parsing attributes in process `syz.0.913'. [ 136.500356][ T8540] delete_channel: no stack [ 136.524117][ T8548] netlink: 12 bytes leftover after parsing attributes in process `syz.3.916'. [ 136.642709][ T8552] netlink: 8 bytes leftover after parsing attributes in process `syz.1.917'. [ 136.674525][ T8554] ip6t_rpfilter: unknown options [ 136.877853][ T8568] netlink: 8 bytes leftover after parsing attributes in process `syz.0.923'. [ 136.895555][ T8568] netlink: 152 bytes leftover after parsing attributes in process `syz.0.923'. [ 136.997471][ T8572] netlink: 'syz.1.924': attribute type 2 has an invalid length. [ 137.001972][ T8577] set match dimension is over the limit! [ 137.122494][ T8577] pim6reg: entered allmulticast mode [ 137.149826][ T8577] pim6reg: left allmulticast mode [ 137.644620][ T8599] x_tables: duplicate underflow at hook 2 [ 137.860222][ T8613] netlink: 12 bytes leftover after parsing attributes in process `syz.4.935'. [ 137.930658][ T8623] ip6t_rpfilter: unknown options [ 137.998699][ T8625] batadv_slave_1: entered promiscuous mode [ 138.014260][ T8625] netlink: 8 bytes leftover after parsing attributes in process `syz.1.938'. [ 138.065918][ T8630] set match dimension is over the limit! [ 138.088400][ T8630] pim6reg: entered allmulticast mode [ 138.108801][ T8630] pim6reg: left allmulticast mode [ 138.150129][ T8631] netlink: 'syz.0.940': attribute type 2 has an invalid length. [ 138.230306][ T8639] x_tables: duplicate underflow at hook 2 [ 138.444096][ T8655] netlink: 'syz.2.947': attribute type 1 has an invalid length. [ 138.452279][ T8655] netlink: 'syz.2.947': attribute type 4 has an invalid length. [ 138.460337][ T8655] netlink: 15334 bytes leftover after parsing attributes in process `syz.2.947'. [ 138.548306][ T8661] netlink: 8 bytes leftover after parsing attributes in process `syz.0.949'. [ 138.755933][ T8671] batadv1: entered promiscuous mode [ 138.762386][ T8671] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 138.780667][ T8676] ip6t_rpfilter: unknown options [ 138.828049][ T8679] x_tables: duplicate underflow at hook 2 [ 139.209104][ T8690] netlink: 'syz.1.960': attribute type 2 has an invalid length. [ 139.522449][ T8703] netlink: 'syz.3.963': attribute type 2 has an invalid length. [ 139.677531][ T8710] netlink: 'syz.1.965': attribute type 1 has an invalid length. [ 139.941301][ T8725] ip6t_rpfilter: unknown options [ 140.486682][ T8748] rdma_op ffff888062a3a1f0 conn xmit_rdma 0000000000000000 [ 140.717502][ T8754] x_tables: duplicate underflow at hook 2 [ 141.046354][ T8763] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 141.075523][ T8763] bridge0: entered allmulticast mode [ 141.466790][ T8775] set match dimension is over the limit! [ 141.526764][ T8775] pim6reg: entered allmulticast mode [ 141.555803][ T8775] pim6reg: left allmulticast mode [ 142.511277][ T8815] FAULT_INJECTION: forcing a failure. [ 142.511277][ T8815] name failslab, interval 1, probability 0, space 0, times 0 [ 142.553667][ T8815] CPU: 0 UID: 0 PID: 8815 Comm: syz.0.997 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 142.564316][ T8815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 142.574419][ T8815] Call Trace: [ 142.577738][ T8815] [ 142.580696][ T8815] dump_stack_lvl+0x241/0x360 [ 142.585418][ T8815] ? __pfx_dump_stack_lvl+0x10/0x10 [ 142.590735][ T8815] ? __pfx__printk+0x10/0x10 [ 142.595362][ T8815] ? fs_reclaim_acquire+0x93/0x130 [ 142.600502][ T8815] ? __pfx___might_resched+0x10/0x10 [ 142.605884][ T8815] should_fail_ex+0x3b0/0x4e0 [ 142.610618][ T8815] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 142.616379][ T8815] should_failslab+0xac/0x100 [ 142.621117][ T8815] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 142.626871][ T8815] __kmalloc_noprof+0xd8/0x400 [ 142.631675][ T8815] tomoyo_realpath_from_path+0xcf/0x5e0 [ 142.637269][ T8815] tomoyo_path_number_perm+0x23a/0x880 [ 142.642770][ T8815] ? tomoyo_path_number_perm+0x208/0x880 [ 142.648440][ T8815] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 142.654498][ T8815] ? __fget_files+0x29/0x470 [ 142.659128][ T8815] ? __fget_files+0x3f3/0x470 [ 142.663939][ T8815] security_file_ioctl+0xc6/0x2a0 [ 142.669000][ T8815] __se_sys_ioctl+0x47/0x170 [ 142.673624][ T8815] do_syscall_64+0xf3/0x230 [ 142.678167][ T8815] ? clear_bhb_loop+0x35/0x90 [ 142.682885][ T8815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.688826][ T8815] RIP: 0033:0x7fb9fad7e759 [ 142.693275][ T8815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.712929][ T8815] RSP: 002b:00007fb9fbbcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 142.721388][ T8815] RAX: ffffffffffffffda RBX: 00007fb9faf35f80 RCX: 00007fb9fad7e759 [ 142.729398][ T8815] RDX: 0000000020000100 RSI: 00000000400452c9 RDI: 0000000000000004 [ 142.737401][ T8815] RBP: 00007fb9fbbcf090 R08: 0000000000000000 R09: 0000000000000000 [ 142.745409][ T8815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.753413][ T8815] R13: 0000000000000000 R14: 00007fb9faf35f80 R15: 00007fff6e231eb8 [ 142.761439][ T8815] [ 143.065964][ T8820] x_tables: duplicate underflow at hook 2 [ 143.318722][ T8826] __nla_validate_parse: 7 callbacks suppressed [ 143.318745][ T8826] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1002'. [ 143.350322][ T8815] ERROR: Out of memory at tomoyo_realpath_from_path. [ 143.470085][ T8826] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 143.477553][ T8826] IPv6: NLM_F_CREATE should be set when creating new route [ 143.567989][ T8834] lo: entered allmulticast mode [ 143.938582][ T8842] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 143.980207][ T8842] batadv_slave_0: entered promiscuous mode [ 144.194472][ T8855] FAULT_INJECTION: forcing a failure. [ 144.194472][ T8855] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 144.208621][ T8853] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.1013'. [ 144.230347][ T8858] bridge0: entered promiscuous mode [ 144.240550][ T8853] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.1013'. [ 144.270870][ T8858] bridge0: left promiscuous mode [ 144.276551][ T8855] CPU: 1 UID: 0 PID: 8855 Comm: syz.2.1014 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 144.287280][ T8855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 144.297363][ T8855] Call Trace: [ 144.300675][ T8855] [ 144.303638][ T8855] dump_stack_lvl+0x241/0x360 [ 144.308364][ T8855] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.313697][ T8855] ? __pfx__printk+0x10/0x10 [ 144.318358][ T8855] ? __pfx_lock_release+0x10/0x10 [ 144.323459][ T8855] should_fail_ex+0x3b0/0x4e0 [ 144.328191][ T8855] _copy_from_user+0x2f/0xc0 [ 144.332871][ T8855] ____sys_sendmsg+0x2ef/0x7e0 [ 144.337712][ T8855] ? __pfx_____sys_sendmsg+0x10/0x10 [ 144.343066][ T8855] __sys_sendmmsg+0x3ab/0x730 [ 144.347786][ T8855] ? __pfx___sys_sendmmsg+0x10/0x10 [ 144.353032][ T8855] ? __pfx_lock_release+0x10/0x10 [ 144.358091][ T8855] ? kstrtouint_from_user+0x128/0x190 [ 144.363516][ T8855] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 144.369447][ T8855] ? ksys_write+0x229/0x2b0 [ 144.373964][ T8855] ? __pfx_lock_release+0x10/0x10 [ 144.379037][ T8855] ? vfs_write+0x730/0xd30 [ 144.383477][ T8855] ? __mutex_unlock_slowpath+0x21d/0x750 [ 144.389143][ T8855] ? __fget_files+0x3f3/0x470 [ 144.393857][ T8855] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 144.399870][ T8855] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 144.406236][ T8855] ? do_syscall_64+0x100/0x230 [ 144.411025][ T8855] __x64_sys_sendmmsg+0xa0/0xb0 [ 144.415906][ T8855] do_syscall_64+0xf3/0x230 [ 144.420433][ T8855] ? clear_bhb_loop+0x35/0x90 [ 144.425139][ T8855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.431056][ T8855] RIP: 0033:0x7f5c7757e759 [ 144.435497][ T8855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.455140][ T8855] RSP: 002b:00007f5c78426038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 144.463582][ T8855] RAX: ffffffffffffffda RBX: 00007f5c77735f80 RCX: 00007f5c7757e759 [ 144.471747][ T8855] RDX: 0000000000000001 RSI: 0000000020002480 RDI: 0000000000000003 [ 144.479736][ T8855] RBP: 00007f5c78426090 R08: 0000000000000000 R09: 0000000000000000 [ 144.487735][ T8855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.495728][ T8855] R13: 0000000000000000 R14: 00007f5c77735f80 R15: 00007ffcb911f028 [ 144.503729][ T8855] [ 144.646698][ T8866] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1017'. [ 144.738169][ T8866] team0 (unregistering): Port device team_slave_0 removed [ 144.770874][ T8866] team0 (unregistering): Port device team_slave_1 removed [ 144.807242][ T8874] netlink: 'syz.0.1021': attribute type 2 has an invalid length. [ 145.021548][ T8874] bridge0: left allmulticast mode [ 145.114396][ T8899] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 145.123207][ T8900] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1027'. [ 145.132226][ T8899] netlink: 'syz.2.1028': attribute type 1 has an invalid length. [ 145.132249][ T8899] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1028'. [ 145.226899][ T8902] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1029'. [ 145.280739][ T8902] 8021q: adding VLAN 0 to HW filter on device bond2 [ 145.296989][ T8902] bond0: (slave bond2): Enslaving as an active interface with an up link [ 145.643574][ T8927] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1040'. [ 145.719011][ T8928] netlink: 'syz.1.1039': attribute type 2 has an invalid length. [ 146.058723][ T8949] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1043'. [ 147.175333][ T5857] Bluetooth: hci0: command tx timeout [ 147.466847][ T8983] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1057'. [ 147.676662][ T8989] set match dimension is over the limit! [ 147.759933][ T8989] pim6reg: entered allmulticast mode [ 147.826029][ T8989] pim6reg: left allmulticast mode [ 148.185651][ T8994] netlink: 'syz.0.1062': attribute type 2 has an invalid length. [ 148.434999][ T9017] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1069'. [ 148.662493][ T9022] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1071'. [ 148.728924][ T9022] 8021q: adding VLAN 0 to HW filter on device bond1 [ 148.747722][ T9022] bond0: (slave bond1): Enslaving as an active interface with an up link [ 148.956000][ T9031] set match dimension is over the limit! [ 148.966863][ T9033] FAULT_INJECTION: forcing a failure. [ 148.966863][ T9033] name failslab, interval 1, probability 0, space 0, times 0 [ 148.980875][ T9033] CPU: 0 UID: 0 PID: 9033 Comm: syz.2.1077 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 148.991587][ T9033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 149.001686][ T9033] Call Trace: [ 149.004981][ T9033] [ 149.007938][ T9033] dump_stack_lvl+0x241/0x360 [ 149.012658][ T9033] ? __pfx_dump_stack_lvl+0x10/0x10 [ 149.017986][ T9033] ? __pfx__printk+0x10/0x10 [ 149.022650][ T9033] ? __kmalloc_noprof+0xb0/0x400 [ 149.027649][ T9033] ? __pfx___might_resched+0x10/0x10 [ 149.032968][ T9033] should_fail_ex+0x3b0/0x4e0 [ 149.037689][ T9033] ? bpf_test_init+0xe1/0x180 [ 149.042384][ T9033] should_failslab+0xac/0x100 [ 149.047069][ T9033] ? bpf_test_init+0xe1/0x180 [ 149.051787][ T9033] __kmalloc_noprof+0xd8/0x400 [ 149.056568][ T9033] bpf_test_init+0xe1/0x180 [ 149.061102][ T9033] bpf_prog_test_run_xdp+0x48e/0x11e0 [ 149.066497][ T9033] ? __pfx_lock_release+0x10/0x10 [ 149.071541][ T9033] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 149.077360][ T9033] ? __fget_files+0x29/0x470 [ 149.081973][ T9033] ? fput+0x1a8/0x230 [ 149.085970][ T9033] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 149.091795][ T9033] bpf_prog_test_run+0x2e4/0x360 [ 149.096752][ T9033] __sys_bpf+0x48d/0x810 [ 149.101009][ T9033] ? __pfx___sys_bpf+0x10/0x10 [ 149.105791][ T9033] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 149.111830][ T9033] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 149.118178][ T9033] ? do_syscall_64+0x100/0x230 [ 149.122962][ T9033] __x64_sys_bpf+0x7c/0x90 [ 149.127404][ T9033] do_syscall_64+0xf3/0x230 [ 149.131931][ T9033] ? clear_bhb_loop+0x35/0x90 [ 149.136621][ T9033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.142529][ T9033] RIP: 0033:0x7f5c7757e759 [ 149.146950][ T9033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.166565][ T9033] RSP: 002b:00007f5c78426038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 149.175015][ T9033] RAX: ffffffffffffffda RBX: 00007f5c77735f80 RCX: 00007f5c7757e759 [ 149.183003][ T9033] RDX: 0000000000000050 RSI: 0000000020000000 RDI: 000000000000000a [ 149.190985][ T9033] RBP: 00007f5c78426090 R08: 0000000000000000 R09: 0000000000000000 [ 149.198966][ T9033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.206948][ T9033] R13: 0000000000000000 R14: 00007f5c77735f80 R15: 00007ffcb911f028 [ 149.214939][ T9033] [ 149.313030][ T9031] pim6reg: entered allmulticast mode [ 149.428225][ T9031] pim6reg: left allmulticast mode [ 150.141211][ T9049] netlink: 'syz.1.1082': attribute type 2 has an invalid length. [ 150.412493][ T9056] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1083'. [ 150.727704][ T9062] netlink: 'syz.2.1086': attribute type 29 has an invalid length. [ 150.771268][ T9062] netlink: 'syz.2.1086': attribute type 29 has an invalid length. [ 150.810318][ T9068] netlink: 'syz.3.1089': attribute type 1 has an invalid length. [ 150.894199][ T9068] 8021q: adding VLAN 0 to HW filter on device bond2 [ 150.920886][ T9077] 8021q: adding VLAN 0 to HW filter on device bond2 [ 150.938545][ T9077] bond2: (slave vcan1): The slave device specified does not support setting the MAC address [ 150.971350][ T9077] bond2: (slave vcan1): Error -95 calling set_mac_address [ 150.999235][ T9080] vlan0: entered promiscuous mode [ 151.016525][ T9068] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 151.026642][ T9068] bond2: (slave batadv1): making interface the new active one [ 151.035056][ T9068] bond2: (slave batadv1): Enslaving as an active interface with an up link [ 151.110019][ T9080] syzkaller0: create flow: hash 197489732 index 1 [ 151.127125][ T6852] syzkaller0: tun_net_xmit 76 [ 151.132386][ T6852] syzkaller0: tun_net_xmit 48 [ 151.155684][ T8] syzkaller0: tun_net_xmit 76 [ 151.284275][ T9071] syzkaller0: delete flow: hash 197489732 index 1 [ 151.709194][ T9098] netlink: 'syz.0.1097': attribute type 2 has an invalid length. [ 153.033952][ T9109] netlink: 'syz.0.1101': attribute type 10 has an invalid length. [ 153.241546][ T9120] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1106'. [ 153.329922][ T9126] ip6t_srh: unknown srh match flags 5294 [ 153.380614][ T9132] ip6t_rpfilter: unknown options [ 153.394808][ T9131] macsec1: entered promiscuous mode [ 153.674230][ T9145] netlink: 200 bytes leftover after parsing attributes in process `syz.1.1114'. [ 153.687051][ T9137] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1111'. [ 153.791857][ T9150] netlink: 200 bytes leftover after parsing attributes in process `syz.1.1114'. [ 153.839761][ T9158] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1116'. [ 153.963504][ T9160] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1119'. [ 153.988688][ T9164] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1118'. [ 154.001887][ T9166] ip6t_srh: unknown srh match flags 5294 [ 154.019394][ T9160] netlink: 304 bytes leftover after parsing attributes in process `syz.1.1119'. [ 154.142992][ T9171] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1121'. [ 154.290353][ T9184] ip6t_rpfilter: unknown options [ 154.302976][ T9183] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.1125'. [ 154.312675][ T9183] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.1125'. [ 154.537919][ T9197] set match dimension is over the limit! [ 154.630143][ T9197] pim6reg: entered allmulticast mode [ 154.680072][ T9197] pim6reg: left allmulticast mode [ 154.760969][ T9206] set match dimension is over the limit! [ 154.847011][ T9206] pim6reg: entered allmulticast mode [ 154.882570][ T9206] pim6reg: left allmulticast mode [ 155.057389][ T9214] FAULT_INJECTION: forcing a failure. [ 155.057389][ T9214] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 155.072425][ T9214] CPU: 0 UID: 0 PID: 9214 Comm: syz.2.1137 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 155.083153][ T9214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 155.093254][ T9214] Call Trace: [ 155.096614][ T9214] [ 155.099582][ T9214] dump_stack_lvl+0x241/0x360 [ 155.104297][ T9214] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.109526][ T9214] ? __pfx__printk+0x10/0x10 [ 155.114118][ T9214] ? __pfx_lock_release+0x10/0x10 [ 155.119168][ T9214] should_fail_ex+0x3b0/0x4e0 [ 155.123859][ T9214] _copy_from_user+0x2f/0xc0 [ 155.128471][ T9214] copy_msghdr_from_user+0xae/0x680 [ 155.133708][ T9214] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 155.139654][ T9214] __sys_sendmsg+0x22d/0x380 [ 155.144302][ T9214] ? __pfx___sys_sendmsg+0x10/0x10 [ 155.149469][ T9214] ? __pfx_vfs_write+0x10/0x10 [ 155.154270][ T9214] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 155.160611][ T9214] ? do_syscall_64+0x100/0x230 [ 155.165400][ T9214] ? do_syscall_64+0xb6/0x230 [ 155.170207][ T9214] do_syscall_64+0xf3/0x230 [ 155.174726][ T9214] ? clear_bhb_loop+0x35/0x90 [ 155.179429][ T9214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.185357][ T9214] RIP: 0033:0x7f5c7757e759 [ 155.189785][ T9214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.209392][ T9214] RSP: 002b:00007f5c78426038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 155.217815][ T9214] RAX: ffffffffffffffda RBX: 00007f5c77735f80 RCX: 00007f5c7757e759 [ 155.225827][ T9214] RDX: 0000000004000010 RSI: 0000000020000c00 RDI: 0000000000000003 [ 155.233820][ T9214] RBP: 00007f5c78426090 R08: 0000000000000000 R09: 0000000000000000 [ 155.241811][ T9214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.249819][ T9214] R13: 0000000000000000 R14: 00007f5c77735f80 R15: 00007ffcb911f028 [ 155.257828][ T9214] [ 156.098567][ T9261] ip6t_rpfilter: unknown options [ 156.278166][ T9268] x_tables: duplicate underflow at hook 2 [ 156.528017][ T9281] ip6t_srh: unknown srh match flags 5294 [ 156.767826][ T9290] netlink: 'syz.1.1168': attribute type 1 has an invalid length. [ 157.802988][ T9300] ip6t_rpfilter: unknown options [ 157.811517][ T9301] x_tables: duplicate underflow at hook 2 [ 158.092527][ T9318] rdma_op ffff88807f2341f0 conn xmit_rdma 0000000000000000 [ 158.268186][ T9321] team0 (unregistering): left allmulticast mode [ 158.274878][ T9321] team0 (unregistering): left promiscuous mode [ 158.388545][ T9326] delete_channel: no stack [ 158.496620][ T9333] syz_tun: entered promiscuous mode [ 158.567477][ T9339] ax25_connect(): syz.0.1184 uses autobind, please contact jreuter@yaina.de [ 158.815905][ T9352] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 158.901724][ T9357] netlink: 'syz.0.1193': attribute type 1 has an invalid length. [ 158.906398][ T9355] __nla_validate_parse: 30 callbacks suppressed [ 158.906416][ T9355] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.1192'. [ 158.922467][ T9357] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.1193'. [ 158.940456][ T9359] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 158.949221][ T9355] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.1192'. [ 158.950532][ T9359] bridge0: entered allmulticast mode [ 158.974664][ T9357] netlink: 3068 bytes leftover after parsing attributes in process `syz.0.1193'. [ 159.207914][ T9375] x_tables: duplicate underflow at hook 2 [ 159.256186][ T9379] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1202'. [ 159.292189][ T9383] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1203'. [ 159.312356][ T9383] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1203'. [ 159.497654][ T9396] netlink: 'syz.1.1207': attribute type 7 has an invalid length. [ 159.513386][ T9395] netlink: 4268 bytes leftover after parsing attributes in process `syz.3.1206'. [ 159.545843][ T9395] netlink: 4268 bytes leftover after parsing attributes in process `syz.3.1206'. [ 159.645134][ T9401] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1209'. [ 159.843021][ T9413] netlink: 'syz.2.1214': attribute type 1 has an invalid length. [ 160.057926][ T9421] dummy0: entered promiscuous mode [ 160.063218][ T9421] macvtap4: entered promiscuous mode [ 160.086294][ T9423] netlink: 'syz.1.1218': attribute type 2 has an invalid length. [ 160.096400][ T9421] macvtap4: entered allmulticast mode [ 160.140674][ T9421] dummy0: entered allmulticast mode [ 160.197327][ T9424] dummy0: left allmulticast mode [ 160.217291][ T9424] dummy0: left promiscuous mode [ 160.443111][ T9445] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 160.556525][ T9448] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 160.570692][ T9448] macvlan2: entered allmulticast mode [ 160.580866][ T9448] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 160.607218][ T9448] mac80211_hwsim hwsim2 wlan0: left promiscuous mode [ 161.118739][ T9477] ebtables: ebtables: counters copy to user failed while replacing table [ 161.238479][ T9477] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.448171][ T9477] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.523156][ T9501] set match dimension is over the limit! [ 161.594574][ T9477] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.660995][ T9501] pim6reg: entered allmulticast mode [ 161.786288][ T9477] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.842718][ T9501] pim6reg: left allmulticast mode [ 161.978623][ T9477] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.008421][ T9477] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.039382][ T9477] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.097186][ T9477] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.126417][ T9522] netlink: 'syz.0.1251': attribute type 2 has an invalid length. [ 162.154466][ T9527] netlink: 'syz.3.1255': attribute type 11 has an invalid length. [ 162.172809][ T9527] FAULT_INJECTION: forcing a failure. [ 162.172809][ T9527] name failslab, interval 1, probability 0, space 0, times 0 [ 162.204871][ T9527] CPU: 1 UID: 0 PID: 9527 Comm: syz.3.1255 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 162.215609][ T9527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 162.225712][ T9527] Call Trace: [ 162.229035][ T9527] [ 162.232002][ T9527] dump_stack_lvl+0x241/0x360 [ 162.236742][ T9527] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.241994][ T9527] ? __pfx__printk+0x10/0x10 [ 162.246655][ T9527] ? __kmalloc_node_noprof+0xb7/0x440 [ 162.252075][ T9527] ? __pfx___might_resched+0x10/0x10 [ 162.257396][ T9527] ? __asan_memset+0x23/0x50 [ 162.262032][ T9527] should_fail_ex+0x3b0/0x4e0 [ 162.266757][ T9527] should_failslab+0xac/0x100 [ 162.271476][ T9527] __kmalloc_node_noprof+0xdf/0x440 [ 162.276703][ T9527] ? __kvmalloc_node_noprof+0x72/0x190 [ 162.282185][ T9527] __kvmalloc_node_noprof+0x72/0x190 [ 162.287488][ T9527] alloc_netdev_mqs+0xa72/0x1080 [ 162.292457][ T9527] ieee80211_if_add+0x336/0x14f0 [ 162.297405][ T9527] ? __kmalloc_node_track_caller_noprof+0x242/0x440 [ 162.304031][ T9527] ieee80211_add_iface+0xee/0x670 [ 162.309088][ T9527] ? __pfx_nl80211_parse_mon_options+0x10/0x10 [ 162.315349][ T9527] ? __pfx_ieee80211_add_iface+0x10/0x10 [ 162.321024][ T9527] nl80211_new_interface+0x7e7/0x1180 [ 162.326435][ T9527] ? __pfx_nl80211_new_interface+0x10/0x10 [ 162.332259][ T9527] genl_rcv_msg+0xb14/0xec0 [ 162.336775][ T9527] ? __pfx_genl_rcv_msg+0x10/0x10 [ 162.341846][ T9527] ? __pfx_lock_acquire+0x10/0x10 [ 162.346886][ T9527] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 162.352265][ T9527] ? __pfx_nl80211_new_interface+0x10/0x10 [ 162.358095][ T9527] ? __pfx_nl80211_post_doit+0x10/0x10 [ 162.363564][ T9527] ? __pfx___might_resched+0x10/0x10 [ 162.368883][ T9527] netlink_rcv_skb+0x1e3/0x430 [ 162.373653][ T9527] ? __pfx_genl_rcv_msg+0x10/0x10 [ 162.378687][ T9527] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 162.384088][ T9527] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 162.389569][ T9527] genl_rcv+0x28/0x40 [ 162.393553][ T9527] netlink_unicast+0x7f6/0x990 [ 162.398337][ T9527] ? __pfx_netlink_unicast+0x10/0x10 [ 162.403630][ T9527] ? __virt_addr_valid+0x183/0x530 [ 162.408768][ T9527] ? __check_object_size+0x48e/0x900 [ 162.414085][ T9527] netlink_sendmsg+0x8e4/0xcb0 [ 162.418878][ T9527] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.424178][ T9527] ? aa_sock_msg_perm+0x91/0x160 [ 162.429158][ T9527] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.434470][ T9527] __sock_sendmsg+0x221/0x270 [ 162.439203][ T9527] ____sys_sendmsg+0x52a/0x7e0 [ 162.444004][ T9527] ? __pfx_____sys_sendmsg+0x10/0x10 [ 162.449318][ T9527] __sys_sendmsg+0x292/0x380 [ 162.453922][ T9527] ? __pfx___sys_sendmsg+0x10/0x10 [ 162.459064][ T9527] ? __pfx_vfs_write+0x10/0x10 [ 162.463863][ T9527] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 162.470205][ T9527] ? do_syscall_64+0x100/0x230 [ 162.474983][ T9527] ? do_syscall_64+0xb6/0x230 [ 162.479671][ T9527] do_syscall_64+0xf3/0x230 [ 162.484187][ T9527] ? clear_bhb_loop+0x35/0x90 [ 162.488876][ T9527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.494787][ T9527] RIP: 0033:0x7fd55677e759 [ 162.499208][ T9527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.518825][ T9527] RSP: 002b:00007fd557516038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 162.527250][ T9527] RAX: ffffffffffffffda RBX: 00007fd556935f80 RCX: 00007fd55677e759 [ 162.535231][ T9527] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000003 [ 162.543208][ T9527] RBP: 00007fd557516090 R08: 0000000000000000 R09: 0000000000000000 [ 162.551180][ T9527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 162.559171][ T9527] R13: 0000000000000000 R14: 00007fd556935f80 R15: 00007ffe2fc86ed8 [ 162.567168][ T9527] [ 163.015865][ T9554] netlink: 'syz.2.1263': attribute type 2 has an invalid length. [ 163.216235][ T9569] bridge0: left allmulticast mode [ 163.257382][ T9568] netlink: 'syz.1.1270': attribute type 4 has an invalid length. [ 163.367571][ T9577] FAULT_INJECTION: forcing a failure. [ 163.367571][ T9577] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 163.393491][ T9577] CPU: 0 UID: 0 PID: 9577 Comm: syz.2.1275 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 163.404224][ T9577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 163.414294][ T9577] Call Trace: [ 163.417583][ T9577] [ 163.420543][ T9577] dump_stack_lvl+0x241/0x360 [ 163.425242][ T9577] ? __pfx_dump_stack_lvl+0x10/0x10 [ 163.430455][ T9577] ? __pfx__printk+0x10/0x10 [ 163.435054][ T9577] ? __pfx_lock_release+0x10/0x10 [ 163.440099][ T9577] should_fail_ex+0x3b0/0x4e0 [ 163.444786][ T9577] _copy_from_iter+0x21f/0x1e70 [ 163.449675][ T9577] ? __virt_addr_valid+0x183/0x530 [ 163.454804][ T9577] ? __pfx_lock_release+0x10/0x10 [ 163.459846][ T9577] ? __alloc_skb+0x28f/0x440 [ 163.464451][ T9577] ? __pfx__copy_from_iter+0x10/0x10 [ 163.469751][ T9577] ? __virt_addr_valid+0x183/0x530 [ 163.474864][ T9577] ? __virt_addr_valid+0x183/0x530 [ 163.479980][ T9577] ? __virt_addr_valid+0x45f/0x530 [ 163.485109][ T9577] ? __check_object_size+0x48e/0x900 [ 163.490406][ T9577] netlink_sendmsg+0x73d/0xcb0 [ 163.495190][ T9577] ? __pfx_netlink_sendmsg+0x10/0x10 [ 163.500495][ T9577] ? aa_sock_msg_perm+0x91/0x160 [ 163.505448][ T9577] ? __pfx_netlink_sendmsg+0x10/0x10 [ 163.510746][ T9577] __sock_sendmsg+0x221/0x270 [ 163.515447][ T9577] ____sys_sendmsg+0x52a/0x7e0 [ 163.520231][ T9577] ? __pfx_____sys_sendmsg+0x10/0x10 [ 163.525541][ T9577] __sys_sendmsg+0x292/0x380 [ 163.530156][ T9577] ? __pfx___sys_sendmsg+0x10/0x10 [ 163.535294][ T9577] ? __pfx_vfs_write+0x10/0x10 [ 163.540083][ T9577] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 163.546430][ T9577] ? do_syscall_64+0x100/0x230 [ 163.551205][ T9577] ? do_syscall_64+0xb6/0x230 [ 163.555893][ T9577] do_syscall_64+0xf3/0x230 [ 163.560498][ T9577] ? clear_bhb_loop+0x35/0x90 [ 163.565191][ T9577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.571102][ T9577] RIP: 0033:0x7f5c7757e759 [ 163.575531][ T9577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.595146][ T9577] RSP: 002b:00007f5c78426038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 163.603575][ T9577] RAX: ffffffffffffffda RBX: 00007f5c77735f80 RCX: 00007f5c7757e759 [ 163.611555][ T9577] RDX: 0000000010040000 RSI: 0000000020000280 RDI: 0000000000000003 [ 163.619574][ T9577] RBP: 00007f5c78426090 R08: 0000000000000000 R09: 0000000000000000 [ 163.627556][ T9577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 163.635538][ T9577] R13: 0000000000000000 R14: 00007f5c77735f80 R15: 00007ffcb911f028 [ 163.643531][ T9577] [ 163.777011][ T9590] netlink: 'syz.0.1279': attribute type 21 has an invalid length. [ 163.953262][ T9602] __nla_validate_parse: 18 callbacks suppressed [ 163.953282][ T9602] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1283'. [ 163.980961][ T9603] FAULT_INJECTION: forcing a failure. [ 163.980961][ T9603] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 163.987296][ T9602] team_slave_0: entered promiscuous mode [ 164.000055][ T9602] team_slave_1: entered promiscuous mode [ 164.006044][ T9603] CPU: 0 UID: 0 PID: 9603 Comm: syz.4.1280 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 164.016748][ T9603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 164.026808][ T9603] Call Trace: [ 164.030087][ T9603] [ 164.033022][ T9603] dump_stack_lvl+0x241/0x360 [ 164.037749][ T9603] ? __pfx_dump_stack_lvl+0x10/0x10 [ 164.042960][ T9603] ? __pfx__printk+0x10/0x10 [ 164.047567][ T9603] ? snprintf+0xda/0x120 [ 164.051847][ T9603] should_fail_ex+0x3b0/0x4e0 [ 164.056537][ T9603] _copy_to_user+0x31/0xb0 [ 164.060960][ T9603] simple_read_from_buffer+0xca/0x150 [ 164.066380][ T9603] proc_fail_nth_read+0x1e9/0x250 [ 164.071420][ T9603] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 164.076989][ T9603] ? rw_verify_area+0x55e/0x6f0 [ 164.081864][ T9603] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 164.087424][ T9603] vfs_read+0x1fc/0xb70 [ 164.091590][ T9603] ? fdget_pos+0x24e/0x320 [ 164.096023][ T9603] ? __pfx_vfs_read+0x10/0x10 [ 164.100717][ T9603] ? __fget_files+0x3f3/0x470 [ 164.105405][ T9603] ? fdget_pos+0x24e/0x320 [ 164.109826][ T9603] ksys_read+0x183/0x2b0 [ 164.114083][ T9603] ? __pfx_ksys_read+0x10/0x10 [ 164.118869][ T9603] ? do_syscall_64+0x100/0x230 [ 164.123651][ T9603] ? do_syscall_64+0xb6/0x230 [ 164.128339][ T9603] do_syscall_64+0xf3/0x230 [ 164.132870][ T9603] ? clear_bhb_loop+0x35/0x90 [ 164.137557][ T9603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.143495][ T9603] RIP: 0033:0x7fcae837d19c [ 164.147924][ T9603] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 164.167545][ T9603] RSP: 002b:00007fcae9174030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 164.175981][ T9603] RAX: ffffffffffffffda RBX: 00007fcae8536058 RCX: 00007fcae837d19c [ 164.183976][ T9603] RDX: 000000000000000f RSI: 00007fcae91740a0 RDI: 0000000000000006 [ 164.191953][ T9603] RBP: 00007fcae9174090 R08: 0000000000000000 R09: 0000000000000000 [ 164.199931][ T9603] R10: 0000000020000180 R11: 0000000000000246 R12: 0000000000000001 [ 164.207908][ T9603] R13: 0000000000000000 R14: 00007fcae8536058 R15: 00007fff393eb038 [ 164.215901][ T9603] [ 164.220726][ T9602] macvtap2: entered promiscuous mode [ 164.226296][ T9602] netpci0: entered promiscuous mode [ 164.233182][ T9602] macvtap2: entered allmulticast mode [ 164.242823][ T9602] netpci0: entered allmulticast mode [ 164.269814][ T9602] team_slave_0: entered allmulticast mode [ 164.302576][ T9602] team_slave_1: entered allmulticast mode [ 164.316674][ T9602] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 164.431500][ T9604] netpci0: left allmulticast mode [ 164.437264][ T9604] team_slave_0: left allmulticast mode [ 164.443546][ T9604] team_slave_1: left allmulticast mode [ 164.449339][ T9604] netpci0: left promiscuous mode [ 164.454750][ T9604] team_slave_0: left promiscuous mode [ 164.460290][ T9604] team_slave_1: left promiscuous mode [ 164.476790][ T9616] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1291'. [ 164.620071][ T9624] set match dimension is over the limit! [ 164.644697][ T9624] pim6reg: entered allmulticast mode [ 164.658451][ T9624] pim6reg: left allmulticast mode [ 164.828894][ T9631] FAULT_INJECTION: forcing a failure. [ 164.828894][ T9631] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 164.854416][ T9631] CPU: 0 UID: 0 PID: 9631 Comm: syz.3.1297 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 164.865154][ T9631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 164.875245][ T9631] Call Trace: [ 164.878555][ T9631] [ 164.881527][ T9631] dump_stack_lvl+0x241/0x360 [ 164.886310][ T9631] ? __pfx_dump_stack_lvl+0x10/0x10 [ 164.891554][ T9631] ? __pfx__printk+0x10/0x10 [ 164.896201][ T9631] should_fail_ex+0x3b0/0x4e0 [ 164.900923][ T9631] _copy_from_user+0x2f/0xc0 [ 164.905566][ T9631] bpf_test_init+0x11f/0x180 [ 164.910187][ T9631] bpf_prog_test_run_xdp+0x48e/0x11e0 [ 164.915593][ T9631] ? __pfx_lock_release+0x10/0x10 [ 164.920646][ T9631] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 164.926475][ T9631] ? __fget_files+0x29/0x470 [ 164.931079][ T9631] ? fput+0x1a8/0x230 [ 164.935078][ T9631] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 164.940919][ T9631] bpf_prog_test_run+0x2e4/0x360 [ 164.945882][ T9631] __sys_bpf+0x48d/0x810 [ 164.950127][ T9631] ? __pfx___sys_bpf+0x10/0x10 [ 164.954899][ T9631] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 164.960892][ T9631] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 164.967270][ T9631] ? do_syscall_64+0x100/0x230 [ 164.972063][ T9631] __x64_sys_bpf+0x7c/0x90 [ 164.976484][ T9631] do_syscall_64+0xf3/0x230 [ 164.981003][ T9631] ? clear_bhb_loop+0x35/0x90 [ 164.985691][ T9631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.991586][ T9631] RIP: 0033:0x7fd55677e759 [ 164.995997][ T9631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.015619][ T9631] RSP: 002b:00007fd557516038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 165.024070][ T9631] RAX: ffffffffffffffda RBX: 00007fd556935f80 RCX: 00007fd55677e759 [ 165.032082][ T9631] RDX: 0000000000000050 RSI: 0000000020000000 RDI: 000000000000000a [ 165.040055][ T9631] RBP: 00007fd557516090 R08: 0000000000000000 R09: 0000000000000000 [ 165.048027][ T9631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 165.056007][ T9631] R13: 0000000000000000 R14: 00007fd556935f80 R15: 00007ffe2fc86ed8 [ 165.064006][ T9631] [ 165.300107][ T9645] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1299'. [ 165.492354][ T9651] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1304'. [ 165.590608][ T9651] macvtap5: entered promiscuous mode [ 165.618500][ T9651] macvtap5: entered allmulticast mode [ 165.645975][ T9651] 8021q: adding VLAN 0 to HW filter on device macvtap5 [ 165.666277][ T9658] ip6gretap0: entered promiscuous mode [ 165.701200][ T9658] batadv_slave_0: entered promiscuous mode [ 166.132036][ T9684] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1313'. [ 166.250400][ T9691] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1317'. [ 166.397829][ T9697] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1319'. [ 166.456386][ T9701] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1321'. [ 166.656508][ T9710] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.1325'. [ 166.697040][ T9710] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.1325'. [ 166.983368][ T9732] syzkaller1: entered allmulticast mode [ 167.010765][ T9736] macvtap6: entered promiscuous mode [ 167.025510][ T9736] macvtap6: entered allmulticast mode [ 167.042625][ T9736] 8021q: adding VLAN 0 to HW filter on device macvtap6 [ 167.426958][ T9753] netlink: 'syz.0.1345': attribute type 10 has an invalid length. [ 167.438564][ T9755] netlink: 'syz.4.1346': attribute type 2 has an invalid length. [ 167.476305][ T9755] netlink: 'syz.4.1346': attribute type 1 has an invalid length. [ 167.601490][ T9766] xt_l2tp: unknown flags: 10 [ 167.710108][ T9766] tun0: tun_chr_ioctl cmd 1074812118 [ 167.819922][ T9773] vlan2: entered allmulticast mode [ 167.919952][ T9785] set match dimension is over the limit! [ 167.949795][ T9785] pim6reg: entered allmulticast mode [ 167.992645][ T9785] pim6reg: left allmulticast mode [ 168.336717][ T9805] set match dimension is over the limit! [ 168.383313][ T9805] pim6reg: entered allmulticast mode [ 168.453135][ T9805] pim6reg: left allmulticast mode [ 168.548575][ T9815] ip6gre1: entered allmulticast mode [ 168.771103][ T9828] Cannot find del_set index 2 as target [ 168.782082][ T9829] set match dimension is over the limit! [ 168.819370][ T9829] pim6reg: entered allmulticast mode [ 168.860938][ T9829] pim6reg: left allmulticast mode [ 168.904029][ T9833] FAULT_INJECTION: forcing a failure. [ 168.904029][ T9833] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 168.945859][ T9833] CPU: 1 UID: 0 PID: 9833 Comm: syz.3.1377 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 168.956631][ T9833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 168.966726][ T9833] Call Trace: [ 168.970040][ T9833] [ 168.972990][ T9833] dump_stack_lvl+0x241/0x360 [ 168.977698][ T9833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.982942][ T9833] ? __pfx__printk+0x10/0x10 [ 168.987662][ T9833] ? __pfx_lock_release+0x10/0x10 [ 168.990248][ T9835] __nla_validate_parse: 12 callbacks suppressed [ 168.990268][ T9835] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1378'. [ 168.992721][ T9833] should_fail_ex+0x3b0/0x4e0 [ 169.012522][ T9833] _copy_from_iter+0x21f/0x1e70 [ 169.017430][ T9833] ? __virt_addr_valid+0x183/0x530 [ 169.022590][ T9833] ? __pfx_lock_release+0x10/0x10 [ 169.027667][ T9833] ? alloc_pages_mpol_noprof+0x417/0x680 [ 169.033336][ T9833] ? __pfx__copy_from_iter+0x10/0x10 [ 169.038654][ T9833] ? __virt_addr_valid+0x183/0x530 [ 169.043802][ T9833] ? __virt_addr_valid+0x183/0x530 [ 169.048951][ T9833] ? __virt_addr_valid+0x45f/0x530 [ 169.054105][ T9833] ? __check_object_size+0x48e/0x900 [ 169.059503][ T9833] af_alg_sendmsg+0x1519/0x2650 [ 169.064439][ T9833] ? __pfx_af_alg_sendmsg+0x10/0x10 [ 169.069680][ T9833] ? __pfx_aa_sk_perm+0x10/0x10 [ 169.074582][ T9833] ? __pfx_lock_release+0x10/0x10 [ 169.079634][ T9833] ? __import_iovec+0x590/0x870 [ 169.084530][ T9833] ? aa_sock_msg_perm+0x91/0x160 [ 169.089512][ T9833] ? skcipher_sendmsg+0x28/0xf0 [ 169.094418][ T9833] ? __pfx_skcipher_sendmsg+0x10/0x10 [ 169.099807][ T9833] __sock_sendmsg+0x221/0x270 [ 169.104512][ T9833] ____sys_sendmsg+0x52a/0x7e0 [ 169.109320][ T9833] ? __pfx_____sys_sendmsg+0x10/0x10 [ 169.114651][ T9833] __sys_sendmsg+0x292/0x380 [ 169.119487][ T9833] ? __pfx___sys_sendmsg+0x10/0x10 [ 169.124642][ T9833] ? __pfx_vfs_write+0x10/0x10 [ 169.129476][ T9833] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 169.135853][ T9833] ? do_syscall_64+0x100/0x230 [ 169.140674][ T9833] ? do_syscall_64+0xb6/0x230 [ 169.145393][ T9833] do_syscall_64+0xf3/0x230 [ 169.149934][ T9833] ? clear_bhb_loop+0x35/0x90 [ 169.154670][ T9833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.160582][ T9833] RIP: 0033:0x7fd55677e759 [ 169.165459][ T9833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.185092][ T9833] RSP: 002b:00007fd557516038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 169.193530][ T9833] RAX: ffffffffffffffda RBX: 00007fd556935f80 RCX: 00007fd55677e759 [ 169.201526][ T9833] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004 [ 169.209513][ T9833] RBP: 00007fd557516090 R08: 0000000000000000 R09: 0000000000000000 [ 169.217603][ T9833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 169.225606][ T9833] R13: 0000000000000000 R14: 00007fd556935f80 R15: 00007ffe2fc86ed8 [ 169.233600][ T9833] [ 169.244554][ T9835] veth1_macvtap: left promiscuous mode [ 169.252989][ T9835] macsec0: entered promiscuous mode [ 169.571664][ T9855] hsr0: entered promiscuous mode [ 169.604585][ T9855] vlan0: entered promiscuous mode [ 169.796888][ T9872] netlink: 312 bytes leftover after parsing attributes in process `syz.2.1388'. [ 169.820475][ T9869] netlink: 260 bytes leftover after parsing attributes in process `syz.0.1385'. [ 169.871559][ T9884] pimreg3: entered allmulticast mode [ 169.980784][ T9889] FAULT_INJECTION: forcing a failure. [ 169.980784][ T9889] name failslab, interval 1, probability 0, space 0, times 0 [ 170.006037][ T9889] CPU: 1 UID: 0 PID: 9889 Comm: syz.3.1390 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 170.016774][ T9889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 170.026862][ T9889] Call Trace: [ 170.030167][ T9889] [ 170.033128][ T9889] dump_stack_lvl+0x241/0x360 [ 170.037859][ T9889] ? __pfx_dump_stack_lvl+0x10/0x10 [ 170.043101][ T9889] ? __pfx__printk+0x10/0x10 [ 170.047736][ T9889] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 170.053782][ T9889] ? __pfx___might_resched+0x10/0x10 [ 170.059131][ T9889] should_fail_ex+0x3b0/0x4e0 [ 170.063846][ T9889] should_failslab+0xac/0x100 [ 170.068565][ T9889] ? __alloc_skb+0x1c3/0x440 [ 170.073203][ T9889] kmem_cache_alloc_node_noprof+0x71/0x320 [ 170.079065][ T9889] __alloc_skb+0x1c3/0x440 [ 170.083531][ T9889] ? __pfx___alloc_skb+0x10/0x10 [ 170.088518][ T9889] ? netlink_autobind+0xd6/0x2f0 [ 170.093497][ T9889] ? netlink_autobind+0x2b0/0x2f0 [ 170.098565][ T9889] netlink_sendmsg+0x638/0xcb0 [ 170.103387][ T9889] ? __pfx_netlink_sendmsg+0x10/0x10 [ 170.108728][ T9889] ? aa_sock_msg_perm+0x91/0x160 [ 170.113711][ T9889] ? __pfx_netlink_sendmsg+0x10/0x10 [ 170.119035][ T9889] __sock_sendmsg+0x221/0x270 [ 170.123847][ T9889] ____sys_sendmsg+0x52a/0x7e0 [ 170.128681][ T9889] ? __pfx_____sys_sendmsg+0x10/0x10 [ 170.134044][ T9889] __sys_sendmsg+0x292/0x380 [ 170.138690][ T9889] ? __pfx___sys_sendmsg+0x10/0x10 [ 170.143862][ T9889] ? __pfx_vfs_write+0x10/0x10 [ 170.148691][ T9889] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 170.155073][ T9889] ? do_syscall_64+0x100/0x230 [ 170.159883][ T9889] ? do_syscall_64+0xb6/0x230 [ 170.164601][ T9889] do_syscall_64+0xf3/0x230 [ 170.169138][ T9889] ? clear_bhb_loop+0x35/0x90 [ 170.173851][ T9889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.179867][ T9889] RIP: 0033:0x7fd55677e759 [ 170.184314][ T9889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.203953][ T9889] RSP: 002b:00007fd557516038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 170.212405][ T9889] RAX: ffffffffffffffda RBX: 00007fd556935f80 RCX: 00007fd55677e759 [ 170.220406][ T9889] RDX: 0000000004000010 RSI: 0000000020000c00 RDI: 0000000000000003 [ 170.228411][ T9889] RBP: 00007fd557516090 R08: 0000000000000000 R09: 0000000000000000 [ 170.236425][ T9889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.244434][ T9889] R13: 0000000000000000 R14: 00007fd556935f80 R15: 00007ffe2fc86ed8 [ 170.252467][ T9889] [ 170.661077][ T9913] netlink: 'syz.0.1400': attribute type 2 has an invalid length. [ 170.705991][ T9920] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1403'. [ 170.754946][ T9924] hsr0: entered promiscuous mode [ 170.770789][ T9924] macsec1: entered promiscuous mode [ 170.887255][ T9921] xt_CT: No such helper "snmp" [ 171.276639][ T9958] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1416'. [ 171.422469][ T9965] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1420'. [ 171.443086][ T9966] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1419'. [ 172.238778][T10008] FAULT_INJECTION: forcing a failure. [ 172.238778][T10008] name failslab, interval 1, probability 0, space 0, times 0 [ 172.329181][T10008] CPU: 1 UID: 0 PID: 10008 Comm: syz.0.1436 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 172.340010][T10008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 172.350121][T10008] Call Trace: [ 172.353436][T10008] [ 172.356487][T10008] dump_stack_lvl+0x241/0x360 [ 172.361219][T10008] ? __pfx_dump_stack_lvl+0x10/0x10 [ 172.366465][T10008] ? __pfx__printk+0x10/0x10 [ 172.371101][T10008] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 172.377125][T10008] ? __pfx___might_resched+0x10/0x10 [ 172.382458][T10008] should_fail_ex+0x3b0/0x4e0 [ 172.387173][T10008] should_failslab+0xac/0x100 [ 172.391888][T10008] ? __alloc_skb+0x1c3/0x440 [ 172.396519][T10008] kmem_cache_alloc_node_noprof+0x71/0x320 [ 172.402371][T10008] __alloc_skb+0x1c3/0x440 [ 172.406826][T10008] ? validate_chain+0x11e/0x5920 [ 172.411795][T10008] ? __pfx___alloc_skb+0x10/0x10 [ 172.416792][T10008] ? reacquire_held_locks+0x660/0x690 [ 172.422215][T10008] ? mark_lock+0x9a/0x360 [ 172.426610][T10008] alloc_skb_with_frags+0xc3/0x820 [ 172.431764][T10008] ? aa_label_sk_perm+0x4f3/0x6c0 [ 172.436841][T10008] sock_alloc_send_pskb+0x91a/0xa60 [ 172.442084][T10008] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 172.447851][T10008] hci_sock_sendmsg+0x22b/0x11c0 [ 172.452845][T10008] ? __pfx_aa_sk_perm+0x10/0x10 [ 172.457736][T10008] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 172.463157][T10008] ? __pfx_aa_file_perm+0x10/0x10 [ 172.468216][T10008] ? aa_sock_msg_perm+0x91/0x160 [ 172.473200][T10008] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 172.478619][T10008] __sock_sendmsg+0x221/0x270 [ 172.483334][T10008] sock_write_iter+0x2d7/0x3f0 [ 172.488120][T10008] ? __pfx_sock_write_iter+0x10/0x10 [ 172.493439][T10008] ? bpf_lsm_file_permission+0x9/0x10 [ 172.498827][T10008] ? security_file_permission+0x74/0x280 [ 172.504495][T10008] vfs_write+0xaeb/0xd30 [ 172.508783][T10008] ? __pfx_sock_write_iter+0x10/0x10 [ 172.514108][T10008] ? __pfx_vfs_write+0x10/0x10 [ 172.518990][T10008] ? fdget_pos+0x19a/0x320 [ 172.523442][T10008] ksys_write+0x183/0x2b0 [ 172.527810][T10008] ? __pfx_ksys_write+0x10/0x10 [ 172.532693][T10008] ? do_syscall_64+0x100/0x230 [ 172.537579][T10008] ? do_syscall_64+0xb6/0x230 [ 172.542290][T10008] do_syscall_64+0xf3/0x230 [ 172.546851][T10008] ? clear_bhb_loop+0x35/0x90 [ 172.551575][T10008] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.557490][T10008] RIP: 0033:0x7fb9fad7e759 [ 172.561952][T10008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.581588][T10008] RSP: 002b:00007fb9fbbcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 172.590053][T10008] RAX: ffffffffffffffda RBX: 00007fb9faf35f80 RCX: 00007fb9fad7e759 [ 172.598083][T10008] RDX: 0000000000000007 RSI: 0000000020000340 RDI: 0000000000000005 [ 172.606077][T10008] RBP: 00007fb9fbbcf090 R08: 0000000000000000 R09: 0000000000000000 [ 172.614087][T10008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 172.622110][T10008] R13: 0000000000000000 R14: 00007fb9faf35f80 R15: 00007fff6e231eb8 [ 172.630134][T10008] [ 172.885496][T10030] delete_channel: no stack [ 173.025826][T10034] set match dimension is over the limit! [ 173.047552][T10037] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1446'. [ 173.063330][T10039] netlink: 'syz.2.1448': attribute type 2 has an invalid length. [ 173.084246][T10034] pim6reg: entered allmulticast mode [ 173.117346][T10034] pim6reg: left allmulticast mode [ 173.220154][T10051] ip6t_rpfilter: unknown options [ 173.240058][T10053] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 173.250143][T10053] bridge0: entered allmulticast mode [ 173.385493][T10044] netlink: 'syz.4.1450': attribute type 11 has an invalid length. [ 173.559016][T10072] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1458'. [ 173.586826][T10072] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1458'. [ 173.839241][T10087] netlink: 'syz.2.1462': attribute type 23 has an invalid length. [ 173.936756][T10087] vlan2: entered promiscuous mode [ 173.941849][T10087] bond0: entered promiscuous mode [ 173.957916][T10087] bond_slave_0: entered promiscuous mode [ 173.963782][T10087] bond_slave_1: entered promiscuous mode [ 173.983969][T10087] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 173.994034][T10087] vlan2: entered allmulticast mode [ 174.009696][T10087] bond0: entered allmulticast mode [ 174.026968][T10087] bond_slave_0: entered allmulticast mode [ 174.044114][T10087] bond_slave_1: entered allmulticast mode [ 174.053365][T10087] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 174.404233][T10116] x_tables: ip6_tables: SNPT target: used from hooks PREROUTING, but only usable from INPUT/POSTROUTING [ 174.413435][T10109] __nla_validate_parse: 1 callbacks suppressed [ 174.413458][T10109] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1472'. [ 174.444843][T10109] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1472'. [ 174.890622][T10144] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1484'. [ 174.907097][T10144] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1484'. [ 175.222028][T10158] IPVS: set_ctl: invalid protocol: 162 127.0.0.1:20004 [ 175.243889][T10161] netlink: 'syz.0.1491': attribute type 2 has an invalid length. [ 175.485990][T10171] netlink: 'syz.2.1493': attribute type 2 has an invalid length. [ 175.745010][T10186] netlink: 'syz.1.1500': attribute type 5 has an invalid length. [ 175.803808][T10188] netlink: 'syz.3.1499': attribute type 1 has an invalid length. [ 175.937868][T10196] FAULT_INJECTION: forcing a failure. [ 175.937868][T10196] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 176.001702][T10196] CPU: 1 UID: 0 PID: 10196 Comm: syz.3.1504 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 176.012625][T10196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 176.022711][T10196] Call Trace: [ 176.026015][T10196] [ 176.028976][T10196] dump_stack_lvl+0x241/0x360 [ 176.033699][T10196] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.038948][T10196] ? __pfx__printk+0x10/0x10 [ 176.043582][T10196] ? __pfx_lock_release+0x10/0x10 [ 176.048666][T10196] should_fail_ex+0x3b0/0x4e0 [ 176.053393][T10196] _copy_from_user+0x2f/0xc0 [ 176.058044][T10196] rfcomm_dev_ioctl+0x187/0x2220 [ 176.063024][T10196] ? tomoyo_path_number_perm+0x208/0x880 [ 176.068692][T10196] ? __pfx_lock_release+0x10/0x10 [ 176.073758][T10196] ? lockdep_hardirqs_on+0x99/0x150 [ 176.078975][T10196] ? __pfx_rfcomm_dev_ioctl+0x10/0x10 [ 176.084376][T10196] ? kfree+0x1a0/0x440 [ 176.088463][T10196] ? tomoyo_path_number_perm+0x71a/0x880 [ 176.094119][T10196] ? bt_sock_ioctl+0xe9/0x2c0 [ 176.098835][T10196] sock_do_ioctl+0x158/0x460 [ 176.103440][T10196] ? __pfx_sock_do_ioctl+0x10/0x10 [ 176.108598][T10196] sock_ioctl+0x626/0x8e0 [ 176.112939][T10196] ? __pfx_sock_ioctl+0x10/0x10 [ 176.117894][T10196] ? __fget_files+0x29/0x470 [ 176.122498][T10196] ? __fget_files+0x3f3/0x470 [ 176.127195][T10196] ? __pfx_sock_ioctl+0x10/0x10 [ 176.132061][T10196] __se_sys_ioctl+0xf9/0x170 [ 176.136841][T10196] do_syscall_64+0xf3/0x230 [ 176.141358][T10196] ? clear_bhb_loop+0x35/0x90 [ 176.146048][T10196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.152386][T10196] RIP: 0033:0x7fd55677e759 [ 176.156814][T10196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.176431][T10196] RSP: 002b:00007fd557516038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 176.184952][T10196] RAX: ffffffffffffffda RBX: 00007fd556935f80 RCX: 00007fd55677e759 [ 176.193022][T10196] RDX: 0000000020000100 RSI: 00000000400452c9 RDI: 0000000000000004 [ 176.201005][T10196] RBP: 00007fd557516090 R08: 0000000000000000 R09: 0000000000000000 [ 176.208982][T10196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 176.216955][T10196] R13: 0000000000000000 R14: 00007fd556935f80 R15: 00007ffe2fc86ed8 [ 176.224948][T10196] [ 176.408157][T10214] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1509'. [ 176.459110][T10217] x_tables: duplicate underflow at hook 2 [ 176.941574][T10245] netlink: 'syz.1.1519': attribute type 2 has an invalid length. [ 177.486573][T10267] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1529'. [ 177.558484][T10267] dummy0: entered promiscuous mode [ 177.573920][T10267] macvtap2: entered promiscuous mode [ 177.588213][T10267] macvtap2: entered allmulticast mode [ 177.599533][T10267] dummy0: entered allmulticast mode [ 177.696093][T10276] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1533'. [ 177.779544][T10283] FAULT_INJECTION: forcing a failure. [ 177.779544][T10283] name failslab, interval 1, probability 0, space 0, times 0 [ 177.805671][T10282] netlink: 'syz.4.1535': attribute type 2 has an invalid length. [ 177.814003][T10283] CPU: 0 UID: 0 PID: 10283 Comm: syz.0.1534 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 177.824881][T10283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 177.835138][T10283] Call Trace: [ 177.838447][T10283] [ 177.841405][T10283] dump_stack_lvl+0x241/0x360 [ 177.846160][T10283] ? __pfx_dump_stack_lvl+0x10/0x10 [ 177.851400][T10283] ? __pfx__printk+0x10/0x10 [ 177.856039][T10283] ? ref_tracker_alloc+0x332/0x490 [ 177.861195][T10283] should_fail_ex+0x3b0/0x4e0 [ 177.865921][T10283] ? skb_clone+0x20c/0x390 [ 177.870371][T10283] should_failslab+0xac/0x100 [ 177.875103][T10283] ? skb_clone+0x20c/0x390 [ 177.879551][T10283] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 177.884971][T10283] skb_clone+0x20c/0x390 [ 177.889248][T10283] __netlink_deliver_tap+0x3cc/0x7f0 [ 177.894586][T10283] ? netlink_deliver_tap+0x2e/0x1b0 [ 177.899833][T10283] netlink_deliver_tap+0x19d/0x1b0 [ 177.904996][T10283] netlink_unicast+0x7c4/0x990 [ 177.909811][T10283] ? __pfx_netlink_unicast+0x10/0x10 [ 177.915132][T10283] ? __virt_addr_valid+0x183/0x530 [ 177.920285][T10283] ? __check_object_size+0x48e/0x900 [ 177.925626][T10283] netlink_sendmsg+0x8e4/0xcb0 [ 177.930456][T10283] ? __pfx_netlink_sendmsg+0x10/0x10 [ 177.935789][T10283] ? __pfx_aa_file_perm+0x10/0x10 [ 177.940853][T10283] ? aa_sock_msg_perm+0x91/0x160 [ 177.945834][T10283] ? __pfx_netlink_sendmsg+0x10/0x10 [ 177.951155][T10283] __sock_sendmsg+0x221/0x270 [ 177.955867][T10283] sock_write_iter+0x2d7/0x3f0 [ 177.960691][T10283] ? __pfx_sock_write_iter+0x10/0x10 [ 177.966022][T10283] ? bpf_lsm_file_permission+0x9/0x10 [ 177.971420][T10283] ? security_file_permission+0x74/0x280 [ 177.977093][T10283] vfs_write+0xaeb/0xd30 [ 177.981372][T10283] ? __pfx_sock_write_iter+0x10/0x10 [ 177.986697][T10283] ? __pfx_vfs_write+0x10/0x10 [ 177.991507][T10283] ? fdget_pos+0x19a/0x320 [ 177.995963][T10283] ksys_write+0x183/0x2b0 [ 178.000507][T10283] ? __pfx_ksys_write+0x10/0x10 [ 178.005398][T10283] ? do_syscall_64+0x100/0x230 [ 178.010210][T10283] ? do_syscall_64+0xb6/0x230 [ 178.014932][T10283] do_syscall_64+0xf3/0x230 [ 178.019472][T10283] ? clear_bhb_loop+0x35/0x90 [ 178.024194][T10283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.030124][T10283] RIP: 0033:0x7fb9fad7e759 [ 178.034572][T10283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.054221][T10283] RSP: 002b:00007fb9fbbcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 178.062686][T10283] RAX: ffffffffffffffda RBX: 00007fb9faf35f80 RCX: 00007fb9fad7e759 [ 178.070700][T10283] RDX: 000000000000006a RSI: 0000000020000580 RDI: 0000000000000005 [ 178.078709][T10283] RBP: 00007fb9fbbcf090 R08: 0000000000000000 R09: 0000000000000000 [ 178.086733][T10283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.094767][T10283] R13: 0000000000000000 R14: 00007fb9faf35f80 R15: 00007fff6e231eb8 [ 178.102785][T10283] [ 178.127903][T10283] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1534'. [ 178.324100][T10295] x_tables: duplicate underflow at hook 2 [ 178.368070][T10297] netlink: 4268 bytes leftover after parsing attributes in process `syz.2.1539'. [ 178.391559][T10297] netlink: 4268 bytes leftover after parsing attributes in process `syz.2.1539'. [ 178.875259][T10310] IPVS: Error joining to the multicast group [ 179.151471][T10322] netlink: 'syz.4.1550': attribute type 11 has an invalid length. [ 179.407709][T10328] macvtap3: entered promiscuous mode [ 179.432658][T10328] batman_adv: batadv0: Adding interface: macvtap3 [ 179.456445][T10328] batman_adv: batadv0: The MTU of interface macvtap3 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.540865][T10328] batman_adv: batadv0: Interface activated: macvtap3 [ 179.578209][T10337] __nla_validate_parse: 3 callbacks suppressed [ 179.578229][T10337] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1559'. [ 179.830205][T10347] x_tables: duplicate underflow at hook 2 [ 179.888326][T10341] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1560'. [ 179.915326][T10341] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1560'. [ 180.052674][T10355] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1565'. [ 180.484086][T10366] set match dimension is over the limit! [ 180.918771][T10368] pim6reg: entered allmulticast mode [ 181.219380][T10374] set match dimension is over the limit! [ 181.271098][T10375] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1571'. [ 182.852128][T10366] pim6reg: left allmulticast mode [ 182.884744][T10374] pim6reg: entered allmulticast mode [ 182.891043][T10377] netlink: 'syz.0.1573': attribute type 21 has an invalid length. [ 182.905439][T10378] pim6reg: left allmulticast mode [ 182.934556][T10383] netem: unknown loss type 0 [ 182.945518][T10383] netem: change failed [ 183.671281][T10420] FAULT_INJECTION: forcing a failure. [ 183.671281][T10420] name failslab, interval 1, probability 0, space 0, times 0 [ 183.726460][T10420] CPU: 1 UID: 0 PID: 10420 Comm: syz.1.1588 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 183.730437][T10424] set match dimension is over the limit! [ 183.737279][T10420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 183.737300][T10420] Call Trace: [ 183.737309][T10420] [ 183.737319][T10420] dump_stack_lvl+0x241/0x360 [ 183.737354][T10420] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.737379][T10420] ? __pfx__printk+0x10/0x10 [ 183.737408][T10420] ? ref_tracker_alloc+0x332/0x490 [ 183.737434][T10420] should_fail_ex+0x3b0/0x4e0 [ 183.737459][T10420] ? skb_clone+0x20c/0x390 [ 183.737478][T10420] should_failslab+0xac/0x100 [ 183.737509][T10420] ? skb_clone+0x20c/0x390 [ 183.737528][T10420] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 183.737558][T10420] skb_clone+0x20c/0x390 [ 183.737581][T10420] __netlink_deliver_tap+0x3cc/0x7f0 [ 183.737618][T10420] ? netlink_deliver_tap+0x2e/0x1b0 [ 183.737646][T10420] netlink_deliver_tap+0x19d/0x1b0 [ 183.737678][T10420] netlink_unicast+0x7c4/0x990 [ 183.737716][T10420] ? __pfx_netlink_unicast+0x10/0x10 [ 183.737743][T10420] ? __virt_addr_valid+0x183/0x530 [ 183.737771][T10420] ? __check_object_size+0x48e/0x900 [ 183.737804][T10420] netlink_sendmsg+0x8e4/0xcb0 [ 183.737849][T10420] ? __pfx_netlink_sendmsg+0x10/0x10 [ 183.737887][T10420] ? aa_sock_msg_perm+0x91/0x160 [ 183.737923][T10420] ? __pfx_netlink_sendmsg+0x10/0x10 [ 183.770427][T10424] pim6reg: entered allmulticast mode [ 183.774329][T10420] __sock_sendmsg+0x221/0x270 [ 183.774368][T10420] ____sys_sendmsg+0x52a/0x7e0 [ 183.774410][T10420] ? __pfx_____sys_sendmsg+0x10/0x10 [ 183.799640][T10424] pim6reg: left allmulticast mode [ 183.803113][T10420] __sys_sendmsg+0x292/0x380 [ 183.803161][T10420] ? __pfx___sys_sendmsg+0x10/0x10 [ 183.803207][T10420] ? __pfx_vfs_write+0x10/0x10 [ 183.903850][T10420] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 183.910251][T10420] ? do_syscall_64+0x100/0x230 [ 183.915050][T10420] ? do_syscall_64+0xb6/0x230 [ 183.919766][T10420] do_syscall_64+0xf3/0x230 [ 183.924304][T10420] ? clear_bhb_loop+0x35/0x90 [ 183.929001][T10420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.934923][T10420] RIP: 0033:0x7f9b0d97e759 [ 183.939365][T10420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.958998][T10420] RSP: 002b:00007f9b0e693038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 183.967453][T10420] RAX: ffffffffffffffda RBX: 00007f9b0db35f80 RCX: 00007f9b0d97e759 [ 183.975467][T10420] RDX: 0000000000000000 RSI: 0000000020000d40 RDI: 0000000000000003 [ 183.983476][T10420] RBP: 00007f9b0e693090 R08: 0000000000000000 R09: 0000000000000000 [ 183.991496][T10420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.999549][T10420] R13: 0000000000000000 R14: 00007f9b0db35f80 R15: 00007ffec76166c8 [ 184.007595][T10420] [ 184.326154][ T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.334020][ T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.449980][T10439] set match dimension is over the limit! [ 184.579735][T10439] pim6reg: entered allmulticast mode [ 184.616006][T10445] netlink: 'syz.2.1596': attribute type 2 has an invalid length. [ 184.760678][T10439] pim6reg: left allmulticast mode [ 185.118821][T10471] Cannot find del_set index 2 as target [ 185.223098][T10480] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1604'. [ 185.235010][T10480] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1604'. [ 185.267507][T10482] set match dimension is over the limit! [ 185.300407][T10482] pim6reg: entered allmulticast mode [ 185.312553][T10482] pim6reg: left allmulticast mode [ 185.424998][T10489] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1608'. [ 185.498034][T10489] bond_slave_0: entered promiscuous mode [ 185.504068][T10489] bond_slave_1: entered promiscuous mode [ 185.515664][T10489] macvtap3: entered promiscuous mode [ 185.520996][T10489] bond0: entered promiscuous mode [ 185.526680][T10489] macvtap3: entered allmulticast mode [ 185.532224][T10489] bond0: entered allmulticast mode [ 185.537552][T10489] bond_slave_0: entered allmulticast mode [ 185.543438][T10489] bond_slave_1: entered allmulticast mode [ 185.566313][T10489] 8021q: adding VLAN 0 to HW filter on device macvtap3 [ 185.626251][T10490] bond0: left allmulticast mode [ 185.631167][T10490] bond_slave_0: left allmulticast mode [ 185.651367][T10490] bond_slave_1: left allmulticast mode [ 185.664479][T10490] bond0: left promiscuous mode [ 185.675318][T10490] bond_slave_0: left promiscuous mode [ 185.681145][T10490] bond_slave_1: left promiscuous mode [ 185.803006][T10492] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1609'. [ 185.839021][T10494] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 186.191208][T10504] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 186.330452][T10514] set match dimension is over the limit! [ 186.499093][T10514] pim6reg: entered allmulticast mode [ 186.542181][T10514] pim6reg: left allmulticast mode [ 186.572227][T10525] set match dimension is over the limit! [ 186.624306][T10525] pim6reg: entered allmulticast mode [ 186.727442][T10525] pim6reg: left allmulticast mode [ 187.693757][T10552] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1627'. [ 188.817240][T10545] netlink: 10096 bytes leftover after parsing attributes in process `syz.3.1625'. [ 189.012517][T10571] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1631'. [ 189.110932][T10580] set match dimension is over the limit! [ 189.141839][T10580] pim6reg: entered allmulticast mode [ 189.319129][T10580] pim6reg: left allmulticast mode [ 189.549406][T10597] IPVS: Scheduler module ip_vs_sip not found [ 189.617912][T10605] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1642'. [ 189.705732][T10612] netlink: 'syz.1.1643': attribute type 29 has an invalid length. [ 189.731169][T10609] netlink: 'syz.1.1643': attribute type 29 has an invalid length. [ 190.009882][T10627] set match dimension is over the limit! [ 190.022322][T10629] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1651'. [ 190.036831][T10627] pim6reg: entered allmulticast mode [ 190.046591][T10629] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1651'. [ 190.058560][T10627] pim6reg: left allmulticast mode [ 190.194857][T10636] netlink: 'syz.4.1653': attribute type 10 has an invalid length. [ 190.337216][T10636] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1653'. [ 190.446673][T10636] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1653'. [ 190.757387][T10677] FAULT_INJECTION: forcing a failure. [ 190.757387][T10677] name failslab, interval 1, probability 0, space 0, times 0 [ 190.788552][T10677] CPU: 1 UID: 0 PID: 10677 Comm: syz.0.1664 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 190.799730][T10677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 190.809820][T10677] Call Trace: [ 190.813102][T10677] [ 190.816142][T10677] dump_stack_lvl+0x241/0x360 [ 190.820850][T10677] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.826061][T10677] ? __pfx__printk+0x10/0x10 [ 190.830668][T10677] should_fail_ex+0x3b0/0x4e0 [ 190.835360][T10677] should_failslab+0xac/0x100 [ 190.840068][T10677] ? sctp_add_bind_addr+0x89/0x3a0 [ 190.845211][T10677] __kmalloc_cache_noprof+0x6c/0x2c0 [ 190.850545][T10677] sctp_add_bind_addr+0x89/0x3a0 [ 190.855508][T10677] sctp_copy_local_addr_list+0x311/0x500 [ 190.861186][T10677] ? sctp_copy_local_addr_list+0xab/0x500 [ 190.866912][T10677] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 190.873064][T10677] ? sctp_association_new+0x17c3/0x2400 [ 190.878622][T10677] ? sctp_v6_is_any+0x60/0x70 [ 190.883313][T10677] sctp_bind_addr_copy+0xad/0x3b0 [ 190.888344][T10677] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 190.894678][T10677] sctp_connect_new_asoc+0x2f3/0x6c0 [ 190.899975][T10677] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 190.905809][T10677] ? sctp_inet6_send_verify+0xbe/0x310 [ 190.911273][T10677] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 190.917090][T10677] __sctp_connect+0x66d/0xe30 [ 190.921785][T10677] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 190.927798][T10677] ? __pfx___sctp_connect+0x10/0x10 [ 190.933006][T10677] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 190.939350][T10677] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 190.944893][T10677] sctp_setsockopt_connectx+0x181/0x2a0 [ 190.950447][T10677] ? __pfx_sctp_setsockopt_connectx+0x10/0x10 [ 190.956518][T10677] ? do_raw_spin_unlock+0x13c/0x8b0 [ 190.961865][T10677] sctp_setsockopt+0x709/0x11c0 [ 190.966843][T10677] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 190.972756][T10677] do_sock_setsockopt+0x3af/0x720 [ 190.977828][T10677] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 190.983413][T10677] ? __fget_files+0x29/0x470 [ 190.988027][T10677] ? __fget_files+0x3f3/0x470 [ 190.992754][T10677] ? __fget_files+0x29/0x470 [ 190.997364][T10677] __sys_setsockopt+0x1a2/0x250 [ 191.002319][T10677] __x64_sys_setsockopt+0xb5/0xd0 [ 191.007357][T10677] do_syscall_64+0xf3/0x230 [ 191.011873][T10677] ? clear_bhb_loop+0x35/0x90 [ 191.016557][T10677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.022455][T10677] RIP: 0033:0x7fb9fad7e759 [ 191.026870][T10677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.046513][T10677] RSP: 002b:00007fb9fbbcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 191.054952][T10677] RAX: ffffffffffffffda RBX: 00007fb9faf35f80 RCX: 00007fb9fad7e759 [ 191.063036][T10677] RDX: 000000000000006e RSI: 0000000000000084 RDI: 0000000000000003 [ 191.071119][T10677] RBP: 00007fb9fbbcf090 R08: 0000000000000038 R09: 0000000000000000 [ 191.079092][T10677] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000002 [ 191.087059][T10677] R13: 0000000000000000 R14: 00007fb9faf35f80 R15: 00007fff6e231eb8 [ 191.095052][T10677] [ 191.172237][T10681] set match dimension is over the limit! [ 191.198516][T10681] pim6reg: entered allmulticast mode [ 191.228029][T10681] pim6reg: left allmulticast mode [ 191.233557][T10684] x_tables: ip6_tables: SNPT target: used from hooks PREROUTING, but only usable from INPUT/POSTROUTING [ 191.942284][T10730] set match dimension is over the limit! [ 191.973333][T10730] pim6reg: entered allmulticast mode [ 191.995031][T10730] pim6reg: left allmulticast mode [ 192.336868][T10746] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1691'. [ 192.497681][T10752] FAULT_INJECTION: forcing a failure. [ 192.497681][T10752] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 192.511382][T10752] CPU: 0 UID: 0 PID: 10752 Comm: syz.4.1694 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 192.522290][T10752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 192.532406][T10752] Call Trace: [ 192.535734][T10752] [ 192.538718][T10752] dump_stack_lvl+0x241/0x360 [ 192.543468][T10752] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.548733][T10752] ? __pfx__printk+0x10/0x10 [ 192.553399][T10752] should_fail_ex+0x3b0/0x4e0 [ 192.558131][T10752] _copy_from_user+0x2f/0xc0 [ 192.562790][T10752] move_addr_to_kernel+0x82/0x150 [ 192.567876][T10752] __sys_connect+0xc1/0x300 [ 192.572426][T10752] ? __pfx___sys_connect+0x10/0x10 [ 192.577570][T10752] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 192.583960][T10752] ? do_syscall_64+0x100/0x230 [ 192.589017][T10752] __x64_sys_connect+0x7a/0x90 [ 192.593823][T10752] do_syscall_64+0xf3/0x230 [ 192.598351][T10752] ? clear_bhb_loop+0x35/0x90 [ 192.603053][T10752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.608976][T10752] RIP: 0033:0x7fcae837e759 [ 192.613411][T10752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.633040][T10752] RSP: 002b:00007fcae9195038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 192.641475][T10752] RAX: ffffffffffffffda RBX: 00007fcae8535f80 RCX: 00007fcae837e759 [ 192.649461][T10752] RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000003 [ 192.657442][T10752] RBP: 00007fcae9195090 R08: 0000000000000000 R09: 0000000000000000 [ 192.665428][T10752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 192.673411][T10752] R13: 0000000000000000 R14: 00007fcae8535f80 R15: 00007fff393eb038 [ 192.681403][T10752] [ 192.741861][T10758] set match dimension is over the limit! [ 192.755472][T10758] pim6reg: entered allmulticast mode [ 192.769079][T10758] pim6reg: left allmulticast mode [ 192.893491][T10764] IPv6: Can't replace route, no match found [ 192.967157][T10765] netlink: 4268 bytes leftover after parsing attributes in process `syz.3.1700'. [ 193.004631][T10765] netlink: 4268 bytes leftover after parsing attributes in process `syz.3.1700'. [ 193.027568][T10772] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1703'. [ 193.042055][T10774] FAULT_INJECTION: forcing a failure. [ 193.042055][T10774] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 193.078299][T10774] CPU: 0 UID: 0 PID: 10774 Comm: syz.0.1702 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 193.089140][T10774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 193.099247][T10774] Call Trace: [ 193.102565][T10774] [ 193.105534][T10774] dump_stack_lvl+0x241/0x360 [ 193.110254][T10774] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.115508][T10774] ? __pfx__printk+0x10/0x10 [ 193.120169][T10774] should_fail_ex+0x3b0/0x4e0 [ 193.124899][T10774] prepare_alloc_pages+0x1da/0x5b0 [ 193.130061][T10774] __alloc_pages_noprof+0x16f/0x710 [ 193.135311][T10774] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 193.141094][T10774] alloc_pages_mpol_noprof+0x3e8/0x680 [ 193.146601][T10774] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 193.152629][T10774] ? alloc_pages_noprof+0xef/0x170 [ 193.157799][T10774] __pmd_alloc+0x91/0x670 [ 193.162213][T10774] ? mt_find+0x2a9/0x920 [ 193.166517][T10774] ? __pfx___pmd_alloc+0x10/0x10 [ 193.171543][T10774] handle_mm_fault+0xf76/0x1bb0 [ 193.176447][T10774] ? mt_find+0x2a9/0x920 [ 193.180777][T10774] ? __pfx_handle_mm_fault+0x10/0x10 [ 193.186120][T10774] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 193.192499][T10774] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 193.197860][T10774] exc_page_fault+0x2b9/0x8c0 [ 193.202596][T10774] asm_exc_page_fault+0x26/0x30 [ 193.207491][T10774] RIP: 0010:rep_movs_alternative+0x30/0x70 [ 193.213350][T10774] Code: f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 [ 193.233003][T10774] RSP: 0018:ffffc9000b367a90 EFLAGS: 00050202 [ 193.239132][T10774] RAX: 0000000000000001 RBX: 0000000020000100 RCX: 0000000000000018 [ 193.247148][T10774] RDX: 0000000000000001 RSI: 0000000020000100 RDI: ffffc9000b367b90 [ 193.255164][T10774] RBP: ffffc9000b367c70 R08: ffffc9000b367ba7 R09: 1ffff9200166cf74 [ 193.263182][T10774] R10: dffffc0000000000 R11: fffff5200166cf75 R12: 0000000020000100 [ 193.271187][T10774] R13: dffffc0000000000 R14: ffffc9000b367b90 R15: 0000000000000018 [ 193.279193][T10774] _copy_from_user+0x7f/0xc0 [ 193.283832][T10774] rfcomm_dev_ioctl+0x187/0x2220 [ 193.288819][T10774] ? tomoyo_path_number_perm+0x208/0x880 [ 193.294520][T10774] ? __pfx_lock_release+0x10/0x10 [ 193.299586][T10774] ? lockdep_hardirqs_on+0x99/0x150 [ 193.304819][T10774] ? __pfx_rfcomm_dev_ioctl+0x10/0x10 [ 193.310230][T10774] ? kfree+0x1a0/0x440 [ 193.313792][T10783] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 193.314416][T10774] ? tomoyo_path_number_perm+0x71a/0x880 [ 193.327023][T10774] ? bt_sock_ioctl+0xe9/0x2c0 [ 193.331766][T10774] sock_do_ioctl+0x158/0x460 [ 193.336425][T10774] ? __pfx_sock_do_ioctl+0x10/0x10 [ 193.339336][T10783] macsec1: entered promiscuous mode [ 193.341587][T10774] sock_ioctl+0x626/0x8e0 [ 193.351176][T10774] ? __pfx_sock_ioctl+0x10/0x10 [ 193.356065][T10774] ? __fget_files+0x29/0x470 [ 193.360692][T10774] ? __fget_files+0x3f3/0x470 [ 193.365419][T10774] ? __pfx_sock_ioctl+0x10/0x10 [ 193.370314][T10774] __se_sys_ioctl+0xf9/0x170 [ 193.374940][T10774] do_syscall_64+0xf3/0x230 [ 193.379479][T10774] ? clear_bhb_loop+0x35/0x90 [ 193.384188][T10774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.390114][T10774] RIP: 0033:0x7fb9fad7e759 [ 193.394559][T10774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.414365][T10774] RSP: 002b:00007fb9fbbcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 193.422787][T10774] RAX: ffffffffffffffda RBX: 00007fb9faf35f80 RCX: 00007fb9fad7e759 [ 193.430761][T10774] RDX: 0000000020000100 RSI: 00000000400452c9 RDI: 0000000000000004 [ 193.438751][T10774] RBP: 00007fb9fbbcf090 R08: 0000000000000000 R09: 0000000000000000 [ 193.446767][T10774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.454760][T10774] R13: 0000000000000000 R14: 00007fb9faf35f80 R15: 00007fff6e231eb8 [ 193.462783][T10774] [ 193.506529][T10783] mac80211_hwsim hwsim4 wlan0: left promiscuous mode [ 193.572098][T10785] netlink: 4268 bytes leftover after parsing attributes in process `syz.4.1708'. [ 193.592809][T10785] netlink: 4268 bytes leftover after parsing attributes in process `syz.4.1708'. [ 193.738162][T10794] set match dimension is over the limit! [ 193.829330][T10794] pim6reg: entered allmulticast mode [ 193.864022][T10794] pim6reg: left allmulticast mode [ 193.876651][T10800] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1715'. [ 193.934454][T10800] bond0: option use_carrier: invalid value (100) [ 193.963036][T10803] netlink: 4268 bytes leftover after parsing attributes in process `syz.2.1716'. [ 194.012612][T10807] raw_sendmsg: syz.4.1718 forgot to set AF_INET. Fix it! [ 194.090125][T10810] netlink: 'syz.1.1719': attribute type 2 has an invalid length. [ 194.183462][T10812] dvmrp8: entered allmulticast mode [ 194.221245][T10812] dvmrp8: left allmulticast mode [ 194.604757][T10843] netlink: 'syz.0.1734': attribute type 4 has an invalid length. [ 195.086468][T10870] netlink: 'syz.0.1741': attribute type 11 has an invalid length. [ 195.115007][T10870] FAULT_INJECTION: forcing a failure. [ 195.115007][T10870] name failslab, interval 1, probability 0, space 0, times 0 [ 195.165668][T10870] CPU: 1 UID: 0 PID: 10870 Comm: syz.0.1741 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 195.176507][T10870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 195.186577][T10870] Call Trace: [ 195.189863][T10870] [ 195.192886][T10870] dump_stack_lvl+0x241/0x360 [ 195.197617][T10870] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.202859][T10870] ? __pfx__printk+0x10/0x10 [ 195.207488][T10870] ? __kmalloc_node_noprof+0xb7/0x440 [ 195.212944][T10870] ? __pfx___might_resched+0x10/0x10 [ 195.218279][T10870] should_fail_ex+0x3b0/0x4e0 [ 195.222989][T10870] should_failslab+0xac/0x100 [ 195.227698][T10870] __kmalloc_node_noprof+0xdf/0x440 [ 195.232931][T10870] ? __kvmalloc_node_noprof+0x72/0x190 [ 195.238427][T10870] ? alloc_netdev_mqs+0xbc6/0x1080 [ 195.243566][T10870] __kvmalloc_node_noprof+0x72/0x190 [ 195.248894][T10870] alloc_netdev_mqs+0xc0f/0x1080 [ 195.253869][T10870] ieee80211_if_add+0x336/0x14f0 [ 195.258839][T10870] ? __kmalloc_node_track_caller_noprof+0x242/0x440 [ 195.265488][T10870] ieee80211_add_iface+0xee/0x670 [ 195.270542][T10870] ? __pfx_nl80211_parse_mon_options+0x10/0x10 [ 195.276746][T10870] ? __pfx_ieee80211_add_iface+0x10/0x10 [ 195.282417][T10870] nl80211_new_interface+0x7e7/0x1180 [ 195.287830][T10870] ? __pfx_nl80211_new_interface+0x10/0x10 [ 195.293675][T10870] genl_rcv_msg+0xb14/0xec0 [ 195.298215][T10870] ? __pfx_genl_rcv_msg+0x10/0x10 [ 195.303287][T10870] ? __pfx_lock_acquire+0x10/0x10 [ 195.308340][T10870] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 195.313743][T10870] ? __pfx_nl80211_new_interface+0x10/0x10 [ 195.319585][T10870] ? __pfx_nl80211_post_doit+0x10/0x10 [ 195.325093][T10870] ? __pfx___might_resched+0x10/0x10 [ 195.330420][T10870] netlink_rcv_skb+0x1e3/0x430 [ 195.335213][T10870] ? __pfx_genl_rcv_msg+0x10/0x10 [ 195.340262][T10870] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 195.345582][T10870] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 195.351083][T10870] genl_rcv+0x28/0x40 [ 195.355080][T10870] netlink_unicast+0x7f6/0x990 [ 195.359959][T10870] ? __pfx_netlink_unicast+0x10/0x10 [ 195.365267][T10870] ? __virt_addr_valid+0x183/0x530 [ 195.370404][T10870] ? __check_object_size+0x48e/0x900 [ 195.375709][T10870] netlink_sendmsg+0x8e4/0xcb0 [ 195.380505][T10870] ? __pfx_netlink_sendmsg+0x10/0x10 [ 195.385815][T10870] ? aa_sock_msg_perm+0x91/0x160 [ 195.390799][T10870] ? __pfx_netlink_sendmsg+0x10/0x10 [ 195.396102][T10870] __sock_sendmsg+0x221/0x270 [ 195.400797][T10870] ____sys_sendmsg+0x52a/0x7e0 [ 195.405588][T10870] ? __pfx_____sys_sendmsg+0x10/0x10 [ 195.410905][T10870] __sys_sendmsg+0x292/0x380 [ 195.415523][T10870] ? __pfx___sys_sendmsg+0x10/0x10 [ 195.420683][T10870] ? __pfx_vfs_write+0x10/0x10 [ 195.425477][T10870] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 195.431824][T10870] ? do_syscall_64+0x100/0x230 [ 195.436615][T10870] ? do_syscall_64+0xb6/0x230 [ 195.441311][T10870] do_syscall_64+0xf3/0x230 [ 195.445827][T10870] ? clear_bhb_loop+0x35/0x90 [ 195.450522][T10870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.456427][T10870] RIP: 0033:0x7fb9fad7e759 [ 195.460856][T10870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.480470][T10870] RSP: 002b:00007fb9fbbcf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 195.488898][T10870] RAX: ffffffffffffffda RBX: 00007fb9faf35f80 RCX: 00007fb9fad7e759 [ 195.496882][T10870] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000003 [ 195.504859][T10870] RBP: 00007fb9fbbcf090 R08: 0000000000000000 R09: 0000000000000000 [ 195.512851][T10870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 195.520831][T10870] R13: 0000000000000000 R14: 00007fb9faf35f80 R15: 00007fff6e231eb8 [ 195.528932][T10870] [ 195.613192][T10875] __nla_validate_parse: 6 callbacks suppressed [ 195.613213][T10875] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1744'. [ 195.626839][T10880] erspan0: entered allmulticast mode [ 195.941236][T10895] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 195.973699][T10897] IPVS: Error joining to the multicast group [ 195.987880][T10895] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1751'. [ 196.076329][T10863] netlink: 'syz.2.1739': attribute type 1 has an invalid length. [ 196.080934][T10901] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1753'. [ 196.120297][T10901] macvtap3: entered promiscuous mode [ 196.148825][T10901] macvtap3: entered allmulticast mode [ 196.167185][T10901] 8021q: adding VLAN 0 to HW filter on device macvtap3 [ 196.240033][T10863] ipip0: entered promiscuous mode [ 196.279390][T10899] netlink: 'syz.2.1739': attribute type 1 has an invalid length. [ 196.309219][T10910] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1756'. [ 196.357190][T10910] bond_slave_0: entered promiscuous mode [ 196.362985][T10910] bond_slave_1: entered promiscuous mode [ 196.384784][T10916] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1758'. [ 196.423057][T10910] macvtap4: entered promiscuous mode [ 196.433970][T10917] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1757'. [ 196.445927][ T5153] Bluetooth: hci1: command 0x0406 tx timeout [ 196.446067][ T5855] Bluetooth: hci2: command 0x0406 tx timeout [ 196.452489][ T5153] Bluetooth: hci3: command 0x0406 tx timeout [ 196.465295][T10910] bond0: entered promiscuous mode [ 196.507221][T10910] bond2: entered promiscuous mode [ 196.526169][T10910] macvtap4: entered allmulticast mode [ 196.544773][T10910] bond0: entered allmulticast mode [ 196.561075][T10910] bond_slave_0: entered allmulticast mode [ 196.569797][T10910] bond_slave_1: entered allmulticast mode [ 196.576386][T10910] bond2: entered allmulticast mode [ 196.584092][T10910] 8021q: adding VLAN 0 to HW filter on device macvtap4 [ 196.622952][T10914] bond0: left allmulticast mode [ 196.650613][T10914] bond_slave_0: left allmulticast mode [ 196.677922][T10914] bond_slave_1: left allmulticast mode [ 196.701098][T10914] bond2: left allmulticast mode [ 196.715038][T10914] bond0: left promiscuous mode [ 196.724893][T10914] bond2: left promiscuous mode [ 196.750200][T10914] bond_slave_0: left promiscuous mode [ 196.755760][T10914] bond_slave_1: left promiscuous mode [ 196.941291][T10938] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1762'. [ 197.205804][T10951] set match dimension is over the limit! [ 197.259964][T10951] pim6reg: entered allmulticast mode [ 197.294525][T10953] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1767'. [ 197.329693][T10951] pim6reg: left allmulticast mode [ 197.415913][T10956] netlink: 'syz.2.1769': attribute type 2 has an invalid length. [ 197.656657][T10974] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1775'. [ 197.776332][T10979] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1776'. [ 197.866511][T10976] IPVS: You probably need to specify IP address on multicast interface. [ 197.875364][T10976] IPVS: Error connecting to the multicast addr [ 198.261812][T10994] team_slave_0: entered promiscuous mode [ 198.267605][T10994] team_slave_1: entered promiscuous mode [ 198.288956][T10994] macvtap4: entered promiscuous mode [ 198.295447][T10994] netpci0: entered promiscuous mode [ 198.317805][T10994] macvtap4: entered allmulticast mode [ 198.323245][T10994] netpci0: entered allmulticast mode [ 198.329184][T10994] team_slave_0: entered allmulticast mode [ 198.334962][T10994] team_slave_1: entered allmulticast mode [ 198.347251][T11002] xt_hashlimit: invalid interval [ 198.376154][T10994] 8021q: adding VLAN 0 to HW filter on device macvtap4 [ 198.407969][T11000] netpci0: left allmulticast mode [ 198.421113][T11000] team_slave_0: left allmulticast mode [ 198.445657][T11000] team_slave_1: left allmulticast mode [ 198.451484][T11000] netpci0: left promiscuous mode [ 198.462852][T11000] team_slave_0: left promiscuous mode [ 198.468404][T11000] team_slave_1: left promiscuous mode [ 199.386342][T11033] netlink: 'syz.0.1790': attribute type 12 has an invalid length. [ 199.663876][T11048] x_tables: duplicate underflow at hook 2 [ 199.828822][T11058] FAULT_INJECTION: forcing a failure. [ 199.828822][T11058] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 199.854033][T11060] FAULT_INJECTION: forcing a failure. [ 199.854033][T11060] name failslab, interval 1, probability 0, space 0, times 0 [ 199.868504][T11058] CPU: 0 UID: 0 PID: 11058 Comm: syz.4.1800 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 199.879335][T11058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 199.889521][T11058] Call Trace: [ 199.892833][T11058] [ 199.895790][T11058] dump_stack_lvl+0x241/0x360 [ 199.900514][T11058] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.905758][T11058] ? __pfx__printk+0x10/0x10 [ 199.910396][T11058] ? snprintf+0xda/0x120 [ 199.914696][T11058] should_fail_ex+0x3b0/0x4e0 [ 199.919433][T11058] _copy_to_user+0x31/0xb0 [ 199.923893][T11058] simple_read_from_buffer+0xca/0x150 [ 199.929332][T11058] proc_fail_nth_read+0x1e9/0x250 [ 199.934400][T11058] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 199.940031][T11058] ? rw_verify_area+0x55e/0x6f0 [ 199.944945][T11058] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 199.950547][T11058] vfs_read+0x1fc/0xb70 [ 199.954750][T11058] ? fdget_pos+0x24e/0x320 [ 199.959210][T11058] ? __pfx_vfs_read+0x10/0x10 [ 199.963941][T11058] ? __fget_files+0x3f3/0x470 [ 199.968674][T11058] ? fdget_pos+0x24e/0x320 [ 199.973146][T11058] ksys_read+0x183/0x2b0 [ 199.977453][T11058] ? __pfx_ksys_read+0x10/0x10 [ 199.982264][T11058] ? do_syscall_64+0x100/0x230 [ 199.987090][T11058] ? do_syscall_64+0xb6/0x230 [ 199.991822][T11058] do_syscall_64+0xf3/0x230 [ 199.996369][T11058] ? clear_bhb_loop+0x35/0x90 [ 200.001102][T11058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.007039][T11058] RIP: 0033:0x7fcae837d19c [ 200.011500][T11058] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 200.031154][T11058] RSP: 002b:00007fcae9195030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 200.039621][T11058] RAX: ffffffffffffffda RBX: 00007fcae8535f80 RCX: 00007fcae837d19c [ 200.047652][T11058] RDX: 000000000000000f RSI: 00007fcae91950a0 RDI: 0000000000000004 [ 200.055673][T11058] RBP: 00007fcae9195090 R08: 0000000000000000 R09: 0000000000000000 [ 200.063680][T11058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 200.071690][T11058] R13: 0000000000000000 R14: 00007fcae8535f80 R15: 00007fff393eb038 [ 200.079747][T11058] [ 200.083438][T11060] CPU: 0 UID: 0 PID: 11060 Comm: syz.1.1801 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 200.094233][T11060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 200.104309][T11060] Call Trace: [ 200.107596][T11060] [ 200.110547][T11060] dump_stack_lvl+0x241/0x360 [ 200.115234][T11060] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.120498][T11060] ? __pfx__printk+0x10/0x10 [ 200.125127][T11060] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 200.131190][T11060] ? __pfx___might_resched+0x10/0x10 [ 200.136514][T11060] should_fail_ex+0x3b0/0x4e0 [ 200.141206][T11060] should_failslab+0xac/0x100 [ 200.145897][T11060] ? __alloc_skb+0x1c3/0x440 [ 200.150502][T11060] kmem_cache_alloc_node_noprof+0x71/0x320 [ 200.156329][T11060] __alloc_skb+0x1c3/0x440 [ 200.160765][T11060] ? mutex_is_locked+0x12/0x50 [ 200.165587][T11060] ? __pfx___alloc_skb+0x10/0x10 [ 200.170556][T11060] ? netlink_ack_tlv_len+0x6e/0x200 [ 200.175794][T11060] netlink_ack+0x13f/0xa30 [ 200.180238][T11060] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 200.185734][T11060] netlink_rcv_skb+0x262/0x430 [ 200.190524][T11060] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 200.196011][T11060] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 200.201331][T11060] ? netlink_deliver_tap+0x2e/0x1b0 [ 200.206555][T11060] netlink_unicast+0x7f6/0x990 [ 200.211342][T11060] ? __pfx_netlink_unicast+0x10/0x10 [ 200.216642][T11060] ? __virt_addr_valid+0x183/0x530 [ 200.221765][T11060] ? __check_object_size+0x48e/0x900 [ 200.227076][T11060] netlink_sendmsg+0x8e4/0xcb0 [ 200.231868][T11060] ? __pfx_netlink_sendmsg+0x10/0x10 [ 200.237177][T11060] ? aa_sock_msg_perm+0x91/0x160 [ 200.242133][T11060] ? __pfx_netlink_sendmsg+0x10/0x10 [ 200.247439][T11060] __sock_sendmsg+0x221/0x270 [ 200.252133][T11060] ____sys_sendmsg+0x52a/0x7e0 [ 200.256930][T11060] ? __pfx_____sys_sendmsg+0x10/0x10 [ 200.262245][T11060] __sys_sendmsg+0x292/0x380 [ 200.266877][T11060] ? __pfx___sys_sendmsg+0x10/0x10 [ 200.272035][T11060] ? __pfx_vfs_write+0x10/0x10 [ 200.276843][T11060] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 200.283204][T11060] ? do_syscall_64+0x100/0x230 [ 200.287989][T11060] ? do_syscall_64+0xb6/0x230 [ 200.292688][T11060] do_syscall_64+0xf3/0x230 [ 200.297207][T11060] ? clear_bhb_loop+0x35/0x90 [ 200.301919][T11060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.307865][T11060] RIP: 0033:0x7f9b0d97e759 [ 200.312305][T11060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.331936][T11060] RSP: 002b:00007f9b0e693038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 200.340366][T11060] RAX: ffffffffffffffda RBX: 00007f9b0db35f80 RCX: 00007f9b0d97e759 [ 200.348346][T11060] RDX: 0000000000000000 RSI: 0000000020000d40 RDI: 0000000000000003 [ 200.356328][T11060] RBP: 00007f9b0e693090 R08: 0000000000000000 R09: 0000000000000000 [ 200.364306][T11060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 200.372276][T11060] R13: 0000000000000000 R14: 00007f9b0db35f80 R15: 00007ffec76166c8 [ 200.380266][T11060] [ 200.453163][T11067] FAULT_INJECTION: forcing a failure. [ 200.453163][T11067] name failslab, interval 1, probability 0, space 0, times 0 [ 200.475624][T11067] CPU: 1 UID: 0 PID: 11067 Comm: syz.0.1803 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 200.486453][T11067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 200.496539][T11067] Call Trace: [ 200.499833][T11067] [ 200.502771][T11067] dump_stack_lvl+0x241/0x360 [ 200.507473][T11067] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.512687][T11067] ? __pfx__printk+0x10/0x10 [ 200.517291][T11067] ? fs_reclaim_acquire+0x93/0x130 [ 200.522414][T11067] ? __pfx___might_resched+0x10/0x10 [ 200.527716][T11067] should_fail_ex+0x3b0/0x4e0 [ 200.532408][T11067] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 200.538143][T11067] should_failslab+0xac/0x100 [ 200.542829][T11067] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 200.548559][T11067] __kmalloc_noprof+0xd8/0x400 [ 200.553341][T11067] tomoyo_realpath_from_path+0xcf/0x5e0 [ 200.558912][T11067] tomoyo_path_number_perm+0x23a/0x880 [ 200.564389][T11067] ? tomoyo_path_number_perm+0x208/0x880 [ 200.570030][T11067] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 200.576054][T11067] ? __fget_files+0x29/0x470 [ 200.580674][T11067] ? __fget_files+0x3f3/0x470 [ 200.585369][T11067] security_file_ioctl+0xc6/0x2a0 [ 200.590401][T11067] __se_sys_ioctl+0x47/0x170 [ 200.595001][T11067] do_syscall_64+0xf3/0x230 [ 200.599520][T11067] ? clear_bhb_loop+0x35/0x90 [ 200.604213][T11067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.610132][T11067] RIP: 0033:0x7fb9fad7e759 [ 200.614558][T11067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.634173][T11067] RSP: 002b:00007fb9fbbcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 200.642596][T11067] RAX: ffffffffffffffda RBX: 00007fb9faf35f80 RCX: 00007fb9fad7e759 [ 200.650576][T11067] RDX: 00000000200d0fc0 RSI: 0000000081f8943c RDI: 0000000000000003 [ 200.658553][T11067] RBP: 00007fb9fbbcf090 R08: 0000000000000000 R09: 0000000000000000 [ 200.666534][T11067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 200.674509][T11067] R13: 0000000000000000 R14: 00007fb9faf35f80 R15: 00007fff6e231eb8 [ 200.682514][T11067] [ 200.692384][T11067] ERROR: Out of memory at tomoyo_realpath_from_path. [ 201.028283][T11084] openvswitch: netlink: Port 2099045992 exceeds max allowable 65535 [ 201.085749][T11090] __nla_validate_parse: 7 callbacks suppressed [ 201.085769][T11090] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1812'. [ 201.225475][T11097] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1816'. [ 201.388461][T11110] ip6t_rpfilter: unknown options [ 201.714520][T11125] macsec2: entered promiscuous mode [ 201.782453][T11133] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1825'. [ 201.801090][T11122] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1825'. [ 202.020854][T11144] delete_channel: no stack [ 202.076442][T11148] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1833'. [ 202.220045][T11156] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1838'. [ 202.250145][T11158] netlink: 304 bytes leftover after parsing attributes in process `syz.1.1839'. [ 202.350562][T11161] ip6t_rpfilter: unknown options [ 202.479254][T11172] IPVS: length: 60 != 8 [ 203.278510][T11196] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1851'. [ 203.545836][T11205] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1854'. [ 203.682511][T11214] netlink: 'syz.3.1859': attribute type 75 has an invalid length. [ 203.795642][ T54] Bluetooth: hci4: command 0x0405 tx timeout [ 204.059086][T11229] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1865'. [ 204.106047][ C1] vxcan0: j1939_tp_txtimer: 0xffff888024372400: tx aborted with unknown reason: -2 [ 204.117428][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff888024373800: 0x00000: (250) Any other reason (if a Connection Abort reason is identified that is not listed in the table use code 250) [ 204.135359][ C1] ------------[ cut here ]------------ [ 204.140866][ C1] refcount_t: underflow; use-after-free. [ 204.147186][ C1] WARNING: CPU: 1 PID: 5845 at lib/refcount.c:28 refcount_warn_saturate+0x15a/0x1d0 [ 204.156770][ C1] Modules linked in: [ 204.160765][ C1] CPU: 1 UID: 0 PID: 5845 Comm: kworker/1:3 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 204.171626][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 204.181776][ C1] Workqueue: mld mld_ifc_work [ 204.186582][ C1] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0 [ 204.192816][ C1] Code: e0 c8 60 8c e8 d7 13 98 fc 90 0f 0b 90 90 eb 99 e8 5b 1d d7 fc c6 05 3d 6b 49 0b 01 90 48 c7 c7 40 c9 60 8c e8 b7 13 98 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 38 1d d7 fc c6 05 17 6b 49 0b 01 90 [ 204.212537][ C1] RSP: 0018:ffffc90000a18740 EFLAGS: 00010246 [ 204.218705][ C1] RAX: b32bd8f619cde300 RBX: ffff888024e2b224 RCX: ffff888066080000 [ 204.226768][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 204.234810][ C1] RBP: 0000000000000003 R08: ffffffff8155e312 R09: fffffbfff1cf9fd0 [ 204.242863][ C1] R10: dffffc0000000000 R11: fffffbfff1cf9fd0 R12: ffff888024373868 [ 204.250921][ C1] R13: ffff888024e2b224 R14: 1ffff1100486e718 R15: ffff888024373800 [ 204.258993][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 204.268104][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 204.274739][ C1] CR2: 000000002000f000 CR3: 000000006603a000 CR4: 00000000003526f0 [ 204.282786][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 204.290830][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 204.298926][ C1] Call Trace: [ 204.302238][ C1] [ 204.305117][ C1] ? __warn+0x168/0x4e0 [ 204.309891][ C1] ? refcount_warn_saturate+0x15a/0x1d0 [ 204.315524][ C1] ? report_bug+0x2b3/0x500 [ 204.320078][ C1] ? refcount_warn_saturate+0x15a/0x1d0 [ 204.325739][ C1] ? handle_bug+0x60/0x90 [ 204.330130][ C1] ? exc_invalid_op+0x1a/0x50 [ 204.334857][ C1] ? asm_exc_invalid_op+0x1a/0x20 [ 204.339975][ C1] ? __warn_printk+0x292/0x360 [ 204.344787][ C1] ? refcount_warn_saturate+0x15a/0x1d0 [ 204.350432][ C1] j1939_session_put+0x1ed/0x440 [ 204.355445][ C1] j1939_tp_recv+0x92a/0x1050 [ 204.360176][ C1] j1939_can_recv+0x732/0xb20 [ 204.364913][ C1] ? __pfx_j1939_can_recv+0x10/0x10 [ 204.370212][ C1] ? __lock_acquire+0x1384/0x2050 [ 204.375412][ C1] ? __pfx_j1939_can_recv+0x10/0x10 [ 204.380660][ C1] can_rcv_filter+0x359/0x7f0 [ 204.385418][ C1] can_receive+0x327/0x480 [ 204.389904][ C1] ? can_receive+0x1c9/0x480 [ 204.394550][ C1] can_rcv+0x144/0x260 [ 204.398703][ C1] ? __pfx_can_rcv+0x10/0x10 [ 204.403354][ C1] __netif_receive_skb+0x2e0/0x650 [ 204.408551][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 204.413637][ C1] ? __pfx___netif_receive_skb+0x10/0x10 [ 204.419341][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 204.425404][ C1] ? __pfx_lock_release+0x10/0x10 [ 204.430481][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 204.435680][ C1] process_backlog+0x662/0x15b0 [ 204.440635][ C1] ? process_backlog+0x33b/0x15b0 [ 204.445751][ C1] ? __pfx_process_backlog+0x10/0x10 [ 204.451085][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 204.457191][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 204.463601][ C1] __napi_poll+0xcb/0x490 [ 204.468030][ C1] net_rx_action+0x89b/0x1240 [ 204.472779][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 204.477967][ C1] ? __run_timer_base+0x178/0x8e0 [ 204.483043][ C1] ? __pfx_tmigr_handle_remote+0x10/0x10 [ 204.488805][ C1] handle_softirqs+0x2c5/0x980 [ 204.493645][ C1] ? do_softirq+0x11b/0x1e0 [ 204.498240][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 204.503609][ C1] do_softirq+0x11b/0x1e0 [ 204.508019][ C1] [ 204.510981][ C1] [ 204.513946][ C1] ? __pfx_do_softirq+0x10/0x10 [ 204.518885][ C1] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 204.524590][ C1] ? xfrm_policy_lookup_bytype+0x148/0x1950 [ 204.530576][ C1] ? rcu_is_watching+0x15/0xb0 [ 204.535457][ C1] __local_bh_enable_ip+0x1bb/0x200 [ 204.540715][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 204.546604][ C1] ? ip6t_do_table+0x205/0x18a0 [ 204.551505][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 204.557315][ C1] ? ip6t_do_table+0x205/0x18a0 [ 204.562219][ C1] ip6t_do_table+0x1687/0x18a0 [ 204.567075][ C1] ? ip6t_do_table+0x205/0x18a0 [ 204.572005][ C1] ? __pfx_ip6t_do_table+0x10/0x10 [ 204.577215][ C1] ? xfrm_expand_policies+0xcb/0x690 [ 204.582563][ C1] ? __pfx_ip6t_do_table+0x10/0x10 [ 204.587756][ C1] nf_hook_slow+0xc3/0x220 [ 204.592233][ C1] NF_HOOK+0x305/0x430 [ 204.596386][ C1] ? NF_HOOK+0xfa/0x430 [ 204.600595][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 204.605264][ C1] ? __pfx_dst_output+0x10/0x10 [ 204.610197][ C1] ? icmp6_dst_alloc+0x3aa/0x420 [ 204.615225][ C1] mld_sendpack+0x843/0xdb0 [ 204.619781][ C1] ? __pfx_mld_newpack+0x10/0x10 [ 204.624793][ C1] ? mld_sendpack+0x1e8/0xdb0 [ 204.629577][ C1] ? __pfx_mld_sendpack+0x10/0x10 [ 204.634686][ C1] mld_ifc_work+0x7d9/0xd90 [ 204.639298][ C1] ? process_scheduled_works+0x976/0x1850 [ 204.645074][ C1] process_scheduled_works+0xa63/0x1850 [ 204.650750][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 204.656861][ C1] ? assign_work+0x364/0x3d0 [ 204.661518][ C1] worker_thread+0x870/0xd30 [ 204.666198][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 204.672151][ C1] ? __kthread_parkme+0x169/0x1d0 [ 204.677254][ C1] ? __pfx_worker_thread+0x10/0x10 [ 204.682418][ C1] kthread+0x2f0/0x390 [ 204.686555][ C1] ? __pfx_worker_thread+0x10/0x10 [ 204.691717][ C1] ? __pfx_kthread+0x10/0x10 [ 204.696469][ C1] ret_from_fork+0x4b/0x80 [ 204.700944][ C1] ? __pfx_kthread+0x10/0x10 [ 204.705611][ C1] ret_from_fork_asm+0x1a/0x30 [ 204.710455][ C1] [ 204.713524][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 204.720829][ C1] CPU: 1 UID: 0 PID: 5845 Comm: kworker/1:3 Not tainted 6.12.0-rc7-syzkaller-01715-ge867ed3ac8aa #0 [ 204.731600][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 204.741668][ C1] Workqueue: mld mld_ifc_work [ 204.746372][ C1] Call Trace: [ 204.749661][ C1] [ 204.752524][ C1] dump_stack_lvl+0x241/0x360 [ 204.757224][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 204.762435][ C1] ? __pfx__printk+0x10/0x10 [ 204.767042][ C1] ? vscnprintf+0x5d/0x90 [ 204.771391][ C1] panic+0x349/0x880 [ 204.775298][ C1] ? __warn+0x177/0x4e0 [ 204.779482][ C1] ? __pfx_panic+0x10/0x10 [ 204.783916][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 204.788887][ C1] __warn+0x34b/0x4e0 [ 204.792878][ C1] ? refcount_warn_saturate+0x15a/0x1d0 [ 204.798449][ C1] report_bug+0x2b3/0x500 [ 204.802789][ C1] ? refcount_warn_saturate+0x15a/0x1d0 [ 204.808356][ C1] handle_bug+0x60/0x90 [ 204.812525][ C1] exc_invalid_op+0x1a/0x50 [ 204.817105][ C1] asm_exc_invalid_op+0x1a/0x20 [ 204.821969][ C1] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0 [ 204.828143][ C1] Code: e0 c8 60 8c e8 d7 13 98 fc 90 0f 0b 90 90 eb 99 e8 5b 1d d7 fc c6 05 3d 6b 49 0b 01 90 48 c7 c7 40 c9 60 8c e8 b7 13 98 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 38 1d d7 fc c6 05 17 6b 49 0b 01 90 [ 204.847772][ C1] RSP: 0018:ffffc90000a18740 EFLAGS: 00010246 [ 204.854285][ C1] RAX: b32bd8f619cde300 RBX: ffff888024e2b224 RCX: ffff888066080000 [ 204.862265][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 204.870251][ C1] RBP: 0000000000000003 R08: ffffffff8155e312 R09: fffffbfff1cf9fd0 [ 204.878228][ C1] R10: dffffc0000000000 R11: fffffbfff1cf9fd0 R12: ffff888024373868 [ 204.886209][ C1] R13: ffff888024e2b224 R14: 1ffff1100486e718 R15: ffff888024373800 [ 204.894193][ C1] ? __warn_printk+0x292/0x360 [ 204.898972][ C1] j1939_session_put+0x1ed/0x440 [ 204.903932][ C1] j1939_tp_recv+0x92a/0x1050 [ 204.908617][ C1] j1939_can_recv+0x732/0xb20 [ 204.913313][ C1] ? __pfx_j1939_can_recv+0x10/0x10 [ 204.918532][ C1] ? __lock_acquire+0x1384/0x2050 [ 204.923576][ C1] ? __pfx_j1939_can_recv+0x10/0x10 [ 204.928792][ C1] can_rcv_filter+0x359/0x7f0 [ 204.933482][ C1] can_receive+0x327/0x480 [ 204.937917][ C1] ? can_receive+0x1c9/0x480 [ 204.942527][ C1] can_rcv+0x144/0x260 [ 204.946609][ C1] ? __pfx_can_rcv+0x10/0x10 [ 204.951220][ C1] __netif_receive_skb+0x2e0/0x650 [ 204.956346][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 204.961389][ C1] ? __pfx___netif_receive_skb+0x10/0x10 [ 204.967027][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 204.973026][ C1] ? __pfx_lock_release+0x10/0x10 [ 204.978079][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 204.983206][ C1] process_backlog+0x662/0x15b0 [ 204.988077][ C1] ? process_backlog+0x33b/0x15b0 [ 204.993114][ C1] ? __pfx_process_backlog+0x10/0x10 [ 204.998406][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 205.004422][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 205.010772][ C1] __napi_poll+0xcb/0x490 [ 205.015118][ C1] net_rx_action+0x89b/0x1240 [ 205.019825][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 205.024948][ C1] ? __run_timer_base+0x178/0x8e0 [ 205.029988][ C1] ? __pfx_tmigr_handle_remote+0x10/0x10 [ 205.035662][ C1] handle_softirqs+0x2c5/0x980 [ 205.040462][ C1] ? do_softirq+0x11b/0x1e0 [ 205.044978][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 205.050281][ C1] do_softirq+0x11b/0x1e0 [ 205.054627][ C1] [ 205.057567][ C1] [ 205.060506][ C1] ? __pfx_do_softirq+0x10/0x10 [ 205.065383][ C1] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 205.071039][ C1] ? xfrm_policy_lookup_bytype+0x148/0x1950 [ 205.076967][ C1] ? rcu_is_watching+0x15/0xb0 [ 205.081740][ C1] __local_bh_enable_ip+0x1bb/0x200 [ 205.086948][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 205.092760][ C1] ? ip6t_do_table+0x205/0x18a0 [ 205.097621][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 205.103368][ C1] ? ip6t_do_table+0x205/0x18a0 [ 205.108226][ C1] ip6t_do_table+0x1687/0x18a0 [ 205.113029][ C1] ? ip6t_do_table+0x205/0x18a0 [ 205.117923][ C1] ? __pfx_ip6t_do_table+0x10/0x10 [ 205.123066][ C1] ? xfrm_expand_policies+0xcb/0x690 [ 205.128419][ C1] ? __pfx_ip6t_do_table+0x10/0x10 [ 205.133556][ C1] nf_hook_slow+0xc3/0x220 [ 205.137992][ C1] NF_HOOK+0x305/0x430 [ 205.142082][ C1] ? NF_HOOK+0xfa/0x430 [ 205.146271][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 205.150885][ C1] ? __pfx_dst_output+0x10/0x10 [ 205.155779][ C1] ? icmp6_dst_alloc+0x3aa/0x420 [ 205.160748][ C1] mld_sendpack+0x843/0xdb0 [ 205.165270][ C1] ? __pfx_mld_newpack+0x10/0x10 [ 205.170248][ C1] ? mld_sendpack+0x1e8/0xdb0 [ 205.174946][ C1] ? __pfx_mld_sendpack+0x10/0x10 [ 205.180002][ C1] mld_ifc_work+0x7d9/0xd90 [ 205.184526][ C1] ? process_scheduled_works+0x976/0x1850 [ 205.190260][ C1] process_scheduled_works+0xa63/0x1850 [ 205.195866][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 205.201866][ C1] ? assign_work+0x364/0x3d0 [ 205.206469][ C1] worker_thread+0x870/0xd30 [ 205.211075][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 205.216982][ C1] ? __kthread_parkme+0x169/0x1d0 [ 205.222026][ C1] ? __pfx_worker_thread+0x10/0x10 [ 205.227145][ C1] kthread+0x2f0/0x390 [ 205.231216][ C1] ? __pfx_worker_thread+0x10/0x10 [ 205.236337][ C1] ? __pfx_kthread+0x10/0x10 [ 205.240931][ C1] ret_from_fork+0x4b/0x80 [ 205.245356][ C1] ? __pfx_kthread+0x10/0x10 [ 205.250031][ C1] ret_from_fork_asm+0x1a/0x30 [ 205.254827][ C1] [ 205.258110][ C1] Kernel Offset: disabled [ 205.262473][ C1] Rebooting in 86400 seconds..