last executing test programs: 1m36.718267095s ago: executing program 1 (id=3057): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000010000100000000000400000000000000", @ANYRES32=r2, @ANYBLOB="0140000070a0628824001680200001800c0007000080000002b8000010000608b26b000003000000000000009ee4f542195f987b2a12e38b25bbafcc3fbe1051457b409b1616a07bb67d528792c0d11cb7fdf60a0863572711df4a3609cb3a018d4571a5bec7ce93c4964ae3bf93d99d17e0db1079bf28ea29d9f68abdb67ec3cb742524eb2a75f3973ebccc5c36b3078c751bd8217e37adb014ac6d5af3e71f701d"], 0x44}, 0x1, 0x0, 0x0, 0x20048090}, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x7, 0x0, 0x20040001, 0x0, 0x7f, 0x0, 0x0, 0xffffffff}}) 48.213316671s ago: executing program 1 (id=3057): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000010000100000000000400000000000000", @ANYRES32=r2, @ANYBLOB="0140000070a0628824001680200001800c0007000080000002b8000010000608b26b000003000000000000009ee4f542195f987b2a12e38b25bbafcc3fbe1051457b409b1616a07bb67d528792c0d11cb7fdf60a0863572711df4a3609cb3a018d4571a5bec7ce93c4964ae3bf93d99d17e0db1079bf28ea29d9f68abdb67ec3cb742524eb2a75f3973ebccc5c36b3078c751bd8217e37adb014ac6d5af3e71f701d"], 0x44}, 0x1, 0x0, 0x0, 0x20048090}, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x7, 0x0, 0x20040001, 0x0, 0x7f, 0x0, 0x0, 0xffffffff}}) 37.908988087s ago: executing program 1 (id=3057): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000010000100000000000400000000000000", @ANYRES32=r2, @ANYBLOB="0140000070a0628824001680200001800c0007000080000002b8000010000608b26b000003000000000000009ee4f542195f987b2a12e38b25bbafcc3fbe1051457b409b1616a07bb67d528792c0d11cb7fdf60a0863572711df4a3609cb3a018d4571a5bec7ce93c4964ae3bf93d99d17e0db1079bf28ea29d9f68abdb67ec3cb742524eb2a75f3973ebccc5c36b3078c751bd8217e37adb014ac6d5af3e71f701d"], 0x44}, 0x1, 0x0, 0x0, 0x20048090}, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x7, 0x0, 0x20040001, 0x0, 0x7f, 0x0, 0x0, 0xffffffff}}) 24.879063542s ago: executing program 1 (id=3057): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000010000100000000000400000000000000", @ANYRES32=r2, @ANYBLOB="0140000070a0628824001680200001800c0007000080000002b8000010000608b26b000003000000000000009ee4f542195f987b2a12e38b25bbafcc3fbe1051457b409b1616a07bb67d528792c0d11cb7fdf60a0863572711df4a3609cb3a018d4571a5bec7ce93c4964ae3bf93d99d17e0db1079bf28ea29d9f68abdb67ec3cb742524eb2a75f3973ebccc5c36b3078c751bd8217e37adb014ac6d5af3e71f701d"], 0x44}, 0x1, 0x0, 0x0, 0x20048090}, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x7, 0x0, 0x20040001, 0x0, 0x7f, 0x0, 0x0, 0xffffffff}}) 13.043668142s ago: executing program 1 (id=3057): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000010000100000000000400000000000000", @ANYRES32=r2, @ANYBLOB="0140000070a0628824001680200001800c0007000080000002b8000010000608b26b000003000000000000009ee4f542195f987b2a12e38b25bbafcc3fbe1051457b409b1616a07bb67d528792c0d11cb7fdf60a0863572711df4a3609cb3a018d4571a5bec7ce93c4964ae3bf93d99d17e0db1079bf28ea29d9f68abdb67ec3cb742524eb2a75f3973ebccc5c36b3078c751bd8217e37adb014ac6d5af3e71f701d"], 0x44}, 0x1, 0x0, 0x0, 0x20048090}, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x7, 0x0, 0x20040001, 0x0, 0x7f, 0x0, 0x0, 0xffffffff}}) 4.342507394s ago: executing program 1 (id=3057): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000010000100000000000400000000000000", @ANYRES32=r2, @ANYBLOB="0140000070a0628824001680200001800c0007000080000002b8000010000608b26b000003000000000000009ee4f542195f987b2a12e38b25bbafcc3fbe1051457b409b1616a07bb67d528792c0d11cb7fdf60a0863572711df4a3609cb3a018d4571a5bec7ce93c4964ae3bf93d99d17e0db1079bf28ea29d9f68abdb67ec3cb742524eb2a75f3973ebccc5c36b3078c751bd8217e37adb014ac6d5af3e71f701d"], 0x44}, 0x1, 0x0, 0x0, 0x20048090}, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x7, 0x0, 0x20040001, 0x0, 0x7f, 0x0, 0x0, 0xffffffff}}) 3.300006471s ago: executing program 3 (id=4462): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000000)={'lo\x00'}) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000080)={0x3, 0x3, 0xfffffffe, 0x2000001c}, 0x10) write(r1, &(0x7f00000000c0)="1800000016005f0214fffffffffffff80700000001000000", 0x18) socket$pppl2tp(0x18, 0x1, 0x1) (async) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000000)={'lo\x00'}) (async) socket(0x10, 0x3, 0x0) (async) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000080)={0x3, 0x3, 0xfffffffe, 0x2000001c}, 0x10) (async) write(r1, &(0x7f00000000c0)="1800000016005f0214fffffffffffff80700000001000000", 0x18) (async) 3.018127641s ago: executing program 3 (id=4465): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@dev={0xfe, 0x80, '\x00', 0x19}, 0x0, 0x0, 0x1, 0x4, 0xa}, {0xbd1}, {0x81, 0x2}, 0x2000000, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8000, 0x33}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xe803000000000000) 2.305189719s ago: executing program 4 (id=4473): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b70200000000e6ccbfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe02000000850000001a000000b7000000100000009500000000000000455781a5fee65e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde43a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d1106fb0289ce67a66afd92c3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a060000009b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece6d311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da326018362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f707777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee23483508818b897e3b677d3d342640e328504ae2dbf8fe1d704765de74891f7c8dae85739c50409c62040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528d46362ea0d8d79c79ddca066da478c1b7d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5f001000000100008000000000ed6f6663677df37de0ec0d0f548b273940be5d1fe0aae14d1a76e0741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ce0000000000000000000000000000000064d3210f806a4877e73c19072e358da1cdbef27967e918e6f2bab4a78ce0103a91789340b00db45df429d650e2f6acfbf9bf2f1b23064f3e60a9ded23b652f110940813a14c97abc84ab3cf728efd94ba2895a0884e7f7c53bc60d1b9768a979929055be8565b8a15dffc8692476ff03963b626afbc18750629666d1f449f02271064768c0731aeccb2c342ae3fa9956354e847f086eee8cd78617ad6ae28f121b23c1128b78f521eea8c487ae31f9112db0e671dd47d95ea9653e51da8c99a996656149a65f8e88032ddf35717407"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000140)=r1, 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xfffffffc}, @NFTA_NG_TYPE={0x8}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_NG_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) 2.11428659s ago: executing program 2 (id=4474): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="180000003d0007ff0f00fff000000000037c000004"], 0x18}}, 0x0) 2.113166582s ago: executing program 4 (id=4475): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000640)=@newtaction={0x5c, 0x30, 0x7, 0x0, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r1, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000000340)={0x14, r2, 0x313, 0x0, 0x0, {0x2f}}, 0x14}}, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000c000000180001657468315f746f5f687372000000000c0003800500038004000500000000000000711077388b637a82214db1b820489874e1bd40ddd71fc91a0f1e5134fd8935e5847a6249b220c6f44a653b7b5c7b4cc66862de1e90054bd325f901b3526730da52367385dbe74c631a1b98"], 0x38}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000000a05000000000000000000010000000900010073797a30000000000900010073797a31000000000c00044000000000000000040c00044000000000000000050c00044000000000000000020900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a320000000094000000060a010400000000000000000100000008000b40000000006c0004804c0001800b0001007470726f787900003c00028008000140000000000800014000000002080003400000000008000140000000000800014000000000080002400000000408000140000000021c0001800900010068617368000000000c00028008000740000000000900010073797a30"], 0x144}}, 0x0) r7 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYRESDEC=0x0], 0x20}}, 0x0) r8 = socket$inet6(0xa, 0x6, 0x0) setsockopt$sock_int(r8, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r8, &(0x7f0000000140)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) 2.043251444s ago: executing program 3 (id=4476): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000900)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r2, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x101001, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r3, 0x89e0, &(0x7f0000002280)={'syzkaller0\x00', @random='\x00\a\x00'}) 1.996668278s ago: executing program 2 (id=4477): r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, 0x0}, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8) setsockopt$inet6_int(r0, 0x29, 0x4a, 0x0, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x2, &(0x7f0000000400)=0x2, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000680)={'vxcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000480)={0x1d, r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x204, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}, 0x1, 0x0, 0x0, 0x20000}, 0x98) 1.470211645s ago: executing program 4 (id=4478): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000540)=ANY=[@ANYBLOB="61123000000000006113680000000000bf2000000000000015000600071b48013d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586162c17600674290ca9d8d6413b8199e34f67ceaaa78710f9f8aba4765c91382f497585ca39c595b21afa6bce62b5ab0d44e9c32ad6f0349d92962a58d39494a19a9183362382792ac85578d3de07b7e155cf4ee5e3dd51212d2831bd8e2655b2fbd88791e4c66c832a774919b28b8a62711f0f156e636804e1d3f44a5ff3d63a3a51f0c7ec0c8c25e072194ddd83aa155a537e15c0d91f502deef03f83e826718705c9aef9613ac4a325a428d147c1749196e94226671fd9573ab0d079d44b13b56f793e98ab571c58e98e022f18a3be3f318e0690fff93f44f22473dc8004fc758218349bd3f0516a72a7ea913bfa7603063ed3118b2d680cbc"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) (async) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x70, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x3ff, 0x4000000, 0x0, 0x0, 0x1}}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0xfffffffe}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e24, 0x8, @mcast1}}, 0x0, 0x0, 0x1, 0x0, "ddfd3b7ed7c6a1c172a987ae5ce3cafd64c9a736831a5912d606798fb75c9981c4b3ac0e06891ff18bc5543ed57215a3c45f9154dfa319e52a15a2b9acf80c07fb1a854dad742eef6187f2304844c296"}, 0xd8) (async) close(r1) 1.470103321s ago: executing program 0 (id=4479): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400fff01000010400"/20, @ANYRES32=r1, @ANYBLOB="00001700000000001c0037800b0003006970768a616e00000c0002800600010000000000050027"], 0x44}}, 0x814) 1.440767483s ago: executing program 3 (id=4480): socket$inet6_tcp(0xa, 0x1, 0x0) (async) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x24, &(0x7f0000000200)=0x7, 0x4) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) r1 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x1}, 0x7e, {0x2, 0x0, @empty}, 'batadv_slave_0\x00'}) listen(r0, 0x0) (async) listen(r0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000340)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) 1.406201093s ago: executing program 2 (id=4481): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x8}, 0x1c) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x1c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000500)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc250d40f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c9837d5ac03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce935b0f327cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a9b893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1525320e716660000000000b02b001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729a40000dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c5452f42e09b388a14b22bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1c77a211bfa02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0843b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66cf8aeb1f98bd67bfd38ec2beac3ca99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94d81150c68ab27987655e1dd676ceef54ad4d663f88b6f82a65f7c94a0e40cbb782ff536bd67ba81125f8e0af199094b407f630dc6eb3b79615a4e63f75ab30b1e475748cb5dce6581dc92f740a21fb8dec725b4f2a0b0972f852504245d5ce11cfdead09c9b6e094261084cd20c2294525061a4638c0bfd08dfa70d24bf85d9cfd940e1a4f1509bed8233f22506e5b000000000000862a01def6c9e879a87688ad151c14ae7ff8a090aebe7e4f936c26e565ae96d38ee5f794468caa17419e22ff13df60a95596490358a3b8121511e427d619ad87fe998702ea0b659eff3f5cd8f4094fdd6b1d45facfe6629846170d99de670a9e72e21ed7363876612bf58a17142abccbf5354f432ed1df74f8168d05de528f63a98bca22820439c567973de0077c068d1b70b6"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r2, 0x58, &(0x7f0000000180)}, 0x10) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 1.306137445s ago: executing program 2 (id=4482): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000005500010e0e0000000000000007000000", @ANYRES32, @ANYBLOB=' '], 0x38}}, 0xc000) (async) ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000000)={'wlan1\x00', @random="0200"}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0xffff}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x8c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x64, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0xe1}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x100}}, 0x0) socket$rxrpc(0x21, 0x2, 0xa) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r5 = socket(0x10, 0x80002, 0x0) (rerun: 32) sendmmsg$alg(r5, &(0x7f00000000c0), 0x492492492492627, 0x0) (async) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1900000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x2, 0x3, 0x801, 0x0, 0x0, {0x5, 0x0, 0x3}, [@NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x1000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x40000) (async) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_BEACONS(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x1c, r7, 0x7, 0x0, 0x0, {{0x8}, {@void, @val={0x8, 0x3, r8}, @void}}}, 0x1c}}, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) (async) r10 = socket(0x1d, 0x2, 0x6) r11 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r11, 0x0, 0x13, &(0x7f0000000040)=0x1000000, 0x4) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x55}]}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmmsg$inet(r11, &(0x7f0000002240)=[{{&(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10, 0x0}}], 0x1, 0x0) (async, rerun: 32) setsockopt$llc_int(r10, 0x6a, 0x5, 0x0, 0x0) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x3a}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) (async) sendmsg$NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00000068a3eac581269dde5a9665b4148d0000000200000002000000dcc0"], 0x24}, 0x1, 0x0, 0x0, 0x4000081}, 0x0) (async) sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r3, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r9}, @void}}}, 0x28}, 0x1, 0x6c00}, 0x0) 1.305481542s ago: executing program 0 (id=4483): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x4, @remote, 0xb}, 0x1c) syz_emit_ethernet(0x7e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000481100fe8000000000004100000000000000bbfe8000000000000000000000000000aa4e200e22"], 0x0) 1.255804988s ago: executing program 4 (id=4484): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) unshare(0x20000400) r1 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000500)={'lo\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x70bf2c, 0x25dfdbff, {0xa, 0x38, 0x0, 0xff, r3}, [@IFA_LOCAL={0x14, 0x2, @loopback}, @IFA_RT_PRIORITY={0x8, 0x9, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) bind$qrtr(r1, &(0x7f0000000080)={0x2a, 0xffffffff}, 0xc) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, &(0x7f0000000380)="4000000000220006908a00000400", 0x10) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, &(0x7f0000000140)="5f96565e14027386aa93a303c44b5b3b", 0x10) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x10, &(0x7f00000009c0)=@assoc_value={0x0, 0x800}, 0x8) r6 = socket(0x2, 0x3, 0xff) connect$inet(r6, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) sendmmsg$unix(r6, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)="643c87cf08d21d994efea03321af0c6c7715a604", 0x14}], 0x1}}], 0x1, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x1}, 0x6) 1.232443481s ago: executing program 0 (id=4485): syz_emit_ethernet(0x86, &(0x7f0000001500)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0xd}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x2000, 0x0, 0x0, 0x88, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x40000000, 0x0, "8908981864d689ac43445c1c26e95299e94ccad8794114ae3061e328af342f99", "e4d0ce57abcb41f7f5c8ab8f63dd38a1", {"bb3ce5a4bbb68671a2892fa0317a823c", "be9d98ca816f77013a778b6c40b49ea9"}}}}}}}, 0x0) 1.094289774s ago: executing program 3 (id=4486): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000030400fff0000000000000000400", @ANYRES32=r1, @ANYBLOB="e0d8010004a701001c00128009000100626f6e64000000000c000280050001"], 0x3c}, 0x1, 0x0, 0x0, 0x408d1}, 0x4000044) 1.075094319s ago: executing program 2 (id=4487): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@dev={0xfe, 0x80, '\x00', 0x19}, 0x0, 0x0, 0x1, 0x4, 0xa}, {0xbd1}, {0x81, 0x2}, 0x2000000, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8000, 0x33}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xeffdffffffffffff) 1.054755142s ago: executing program 0 (id=4488): r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f0000000540)={0x2, 0x4e24, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7) 937.741665ms ago: executing program 4 (id=4489): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) recvmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x8, 0x9, 0x8, 0xfa}}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000001c0)="b498f384", 0x4) syz_emit_ethernet(0x6e, &(0x7f0000000e80)={@random="0f539af21094", @remote, @val={@val={0x88a8, 0x0, 0x0, 0x2}, {0x8100, 0x2, 0x1, 0x4}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x38, 0x3a, 0x0, @dev={0xfe, 0x80, '\x00', 0x24}, @mcast2, {[], @dest_unreach={0x4, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "277382", 0x0, 0x2c, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [@srh={0x2c, 0x209e, 0x4, 0x0, 0x3, 0x0, 0x365, [@dev={0xfe, 0x80, '\x00', 0x26}]}]}}}}}}}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f0000000b40)=ANY=[@ANYBLOB="f8020000f1488bfd17c9b51a6492cafaba1fb10711abff56824e0f1b16d3e6c2fe182abaec54b81a8bc48609a541865b36f209a2b6744e6722c1c5bc63ab", @ANYRES16=r5, @ANYBLOB="000829bd7000fedbdf253b0000000c00990000000080790000000800cd000001740bc102330080340e00080211000001080211000000ffffffffffff350009000000000000008100118100060202020202020406ff08010492000602ffff05f90169024079a7c2420121ff12f1d350ef5f94ca44c7780c9d4e8a312f7ee9332e8653207a89266f37acd0a442b0385920c7fa0ce629ca67201b4398695e8d9afc0a2bbbfbf95aad0d5a5d219ae9f6eaf87cb794ae0368cb69ed9f91b4146211a6fb5cf5127c91204b2bd336a8f67ea01a14843115de0d93af908348b564910bcc835a8f189228f72ade1ac960ee993cc04130df763fe21676ed616f78be535d719c1ae5269f827753f6b2715a64a92d9329b26d43c82fe22f1da558daeb49ab84f5f0f4afc25de7efcb633b563ef60616e8facc8bd1b66d627c36f852e41bc3430ba80e49302d3af55eb0f25729971b20ec1559e258d06ef2f4250301b50072060303030303037107010000ff010c09760606043a000200dda3c6c694e28b7962a929d7cfe1c4c32c5a03b220a3b3c865785a64d5f25de04229ce8b059c9a000ab69c4e0dff336d1ee1bf343aeac8859849ddc190ffb0f9002590da22a8e2b57103808788662e8b23f45ad7b296f3bffc893c7d15a417879a8e131dc6e28580082fc691562bc1808406eafdf65653a18d2f428cda6f85ab5bfc14022dbc6290980a0b3c07b33dc2198c57d384922f1f6b84755d13c6ff03574c1b39f0dd79794a17ae78d456c0f91e27821a2ebe4e48c894981988dc0ec3473c4dc2b754ce5eb3cfbdd6ee86160be27d20a5141f1397c77d6235420553a153e4c2b42c71b048b5bd2463a6911fab86c1cf942c89dc64a1d5fb14df43ae3a55a630a379f905ace89183b989d0458c3946faf51b36acf4ecd0980f7bb26906dd4ad3e89ebfaf8e43c185f035f549a0b669870fc855fc0410495b685d540808d8aa2db6a25c339bb2a92b7d9e41ae1487a1801d04d8c8ed95a1d3b33a65341a73fbf1c71b24d5db96cf2ca50000000400870004008e0004008700"], 0x2f8}, 0x1, 0x0, 0x0, 0x10}, 0x8001) r6 = syz_genetlink_get_family_id$devlink(&(0x7f00000021c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f00000022c0)={0x0, 0x0, &(0x7f0000002280)={&(0x7f0000002200)={0x3c, r6, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$NL80211_CMD_PROBE_MESH_LINK(r2, &(0x7f0000000b00)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000300)={&(0x7f0000000680)={0x480, r5, 0x200, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@cf_end={{}, {0x2}, @device_b}}, @NL80211_ATTR_FRAME={0xe, 0x33, @ctrl_frame=@ack={{}, {0x1}}}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_FRAME={0x228, 0x33, @data_frame={@msdu=@type10={{0x0, 0x2, 0x5, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1}, {}, @initial, @device_a, @device_b, {0xf, 0x934}, "", @void, @value=@ver_80211n={0x0, 0x7003, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1}}, @a_msdu=[{@broadcast, @device_a, 0xe5, "502f1ead102c536080230179a9800f9c7e8033ef8335d6ef6b0a8fc127e8bbf20f681fc375aab7edef3fd95a9e75db1c840c966781f1c46483977766bf38cc939ea48f809d2f406cc189866a880c8a24bb844b48cb35e965bcefa2636da0a7d91186bd1f7df58da258b2c1d11ab4f5721b567f484c37bf14e9be8989a37854e81b5a6d41259fb0cafda4b805e5f1605da942679566a7cefe2a60c5bc9700350b83eda4b6ba1ca6597080411ad175aa90bdf35ef76d22cae7bcf0f8b705c508fe2b6fb095fd6c4dabb1532d96c058bb4c84e5084bb26f05a982eef072de92b69bad2add3f2b"}, {@broadcast, @device_b, 0xa, "696b16a09b3ab74225ae"}, {@device_b, @device_b, 0xeb, "124b0ce7387e0ca3f77526b3317806e9ecfc0e269cc7e77811c2df6762ce50b6071142ad006a50a4c9075d97905930eaceafb9c916cd195e6b086eccac072d7076bf846693e46fd137bab88a53518ad4e035007e4352959f7c3d643e0fe0f1c55df77fcf0a3f75113383d9474cdc7f44cd1a44aa6c454ad48fb4e3f1ba2f9fb920f6f370e6a256768f1f2e4836e1d992c82423bea3167346af377e421cbc6edd702504f50404104aa7e7570030be648a336feba62f3727f3440a21bb82cc75a8214175663521e81e5a943c152ff9a55be5229e15343b4b6fac700c14c8b1c4dadc1caa0bd956207833111c"}]}}, @NL80211_ATTR_FRAME={0xff, 0x33, @mgmt_frame=@probe_response={{{0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, {}, @device_b, @device_b, @random="b2174d3421ee"}, 0x9, @random=0x6, 0x5, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x10, 0x0, 0x1, 0x0, {0xbe, 0xa9, 0x0, 0x2, 0x0, 0x1}, 0x1, 0x101, 0x3}}, @void, @void, [{0xdd, 0xa3, "c1beda822687b039fb465c2a408ae3f66faa11eb3eb71b725c283067f6908c018e29cbcef22f23361923217ad6d35847d610397a01299eb1106ece5ae312901a2a930375dadd884dee0e8f196fac418d892366c919b131b3797bc27f942290fc3ab3cabb9aa6829156589803b3771708e0ff443d428c6ed4ff029eb2031eb140bd095d20660e126008552ce71967cb4124b142bde5b6ec88f07415ae40c12fa4644534"}, {0xdd, 0x14, "dca7c33cfed7d6f2b140971c97e510ff95206ccf"}]}}, @NL80211_ATTR_FRAME={0x90, 0x33, @mgmt_frame=@probe_response={{{0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x6}, @device_b, @device_a, @random="8a7f49a8ae02", {0x4, 0x584}}, 0x55cb, @default, 0x8, @void, @val={0x1, 0x3, [{0x24}, {0x16}, {0x1b, 0x1}]}, @void, @val={0x4, 0x6, {0x7, 0x7, 0x0, 0x6df}}, @val={0x6, 0x2, 0x8000}, @val={0x2d, 0x1a, {0x800, 0x2, 0x0, 0x0, {0x8001, 0x4, 0x0, 0x6, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x8, 0x40, 0x6b}}, @val={0x72, 0x6}, @void, [{0xdd, 0xe, "d228dc63f15c7c3d0c06633b4e85"}, {0xdd, 0x21, "8c945eb2c9f97e9d4dcb5131594b9b86c5dd78458a42b63716672ab957dd9da500"}]}}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@rts={{}, {0x6}, @broadcast, @device_b}}, @NL80211_ATTR_FRAME={0x43, 0x33, @mgmt_frame=@action_no_ack={{{0x0, 0x0, 0xe, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x81}, @device_a, @broadcast, @random="edf27d5bf266", {0x9, 0x8}}, @sp_mp_confirm={0xf, 0x2, {0x8, @random=0xfffd, {0x1, 0x3, [{0x60}, {0x44ea17102896c051, 0x1}, {0x18}]}, @void, @val={0x2d, 0x1a, {0x2, 0x3, 0x4, 0x0, {0x5, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x1, 0x80000000, 0x2}}}}}}, @NL80211_ATTR_FRAME={0x1e, 0x33, @mgmt_frame=@deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x7ffd}, @broadcast, @broadcast, @from_mac=@device_b, {0x9, 0x6}}, 0x32, @void}}]}, 0x480}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040045) sendmsg$key(r7, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x4, 0x0, 0x6, 0x28, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x2, 0x4, 0x0, 0x6e6bb5, 0xc, {0x6, 0x33, 0xe6, 0x0, 0x0, 0x8, 0x0, @in6=@private0, @in=@empty}}, @sadb_ident={0x2, 0xa, 0x7, 0x0, 0x7}, @sadb_key={0x1c, 0x9, 0x690, 0x0, "9a07238f8d79ede05be6d6f6abcdcea80140e1a3beac8060bbc95f4c49994e9b538a21c6a1af87b6481c3929f6fb0f2eea3c3a5e1171044f2bda4d4bca906b792b0d5791a0ee08774ecd80586216062b1cc789a93753c79403d5944f8be95f3b0a6c4b772ea95bfb11b454ad7d6f395a600b9e95ecc13c3f408693c743494a993b53cb7753fbd385cc2d485dcaecb7af01d48463d8f9f73e7104c669b40131866cc4784dc5956419359f03f98b3045b427ee7adf2d353eb3ef745ec5d5db351a9a3b6e1344969b53577df5011bcc105979fd"}]}, 0x140}, 0x1, 0x7}, 0x0) r8 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r8, 0x6, 0xc, 0x0, &(0x7f0000000280)) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000380)={r7, 0x4, 0x572, 0x7}) bind$alg(r9, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x58) 937.394169ms ago: executing program 2 (id=4490): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000900)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r2, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x101001, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @random=' \a\x00'}) 861.398392ms ago: executing program 3 (id=4491): r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, 0x0}, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8) setsockopt$inet6_int(r0, 0x29, 0x4a, 0x0, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x2, &(0x7f0000000400)=0x2, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000680)={'vxcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000480)={0x1d, r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x300, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}, 0x1, 0x0, 0x0, 0x20000}, 0x98) 801.638702ms ago: executing program 4 (id=4492): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getroute={0x1c, 0x1a, 0x1, 0x0, 0x0, {0x1c, 0x0, 0x10, 0x0, 0x0, 0x0, 0xfd, 0x8, 0x2000}}, 0x1c}}, 0x4000) ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000000)) (async) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r3, @ANYBLOB="0a0001"], 0x48}}, 0x0) 77.315657ms ago: executing program 0 (id=4493): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x650, 0x1b8, 0x0, 0x428, 0x428, 0x0, 0x580, 0x580, 0x580, 0x580, 0x580, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@loopback, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {0xff}}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast1, @private2, [], [0x0, 0x0, 0x0, 0xff000000], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0x100, 0x148, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@socket1={{0x28}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4=@private}}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@frag={{0x30}, {[], 0x0, 0x0, 0x2}}, @inet=@rpfilter={{0x28}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x118, 0x158, 0x0, {}, [@common=@dst={{0x48}}, @inet=@rpfilter={{0x28}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0xfffffffe, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6b0) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0), 0xffffffffffffffff) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f00000003c0)={0x0, 0x10, &(0x7f0000000200)={&(0x7f0000000180)={0x28, r1, 0x1, 0x0, 0x0, {{}, {}, {0xc, 0x14, 'broadcast-link\x00'}}}, 0x28}}, 0x0) (async, rerun: 64) r3 = socket(0x10, 0x3, 0x0) (rerun: 64) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000940)={{0x1, 0xffffffffffffffff}, &(0x7f00000008c0), &(0x7f0000000900)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000b40)={r4, &(0x7f00000009c0)="264dd7e217fcbc8cbbcec29e92c2f0dd54f2b1dcacc16b0abab12596d14d6466fbd7a8afdcc1d62f0a417323e32d77441d5db1cfb52bb54721270dfa07562bd2f0a3eb7ec7ce106aa98e5eba589546197479caa96fb1523b6a83f572882fbe5e3f69dc4dad90ddcd56f3a3b581ae1a3a91d7dc986335903e6410148715957603bf0e32adcba02d78a912b9453bb1ede0dd393b69f0bee0ab4a9dd025af63d331fc0ead7f32f35431cf49da02493baf15931aeb4075a5c85fe49924208f02b8b28ceee8b9be12e4482b1efc76a3ad", &(0x7f0000000ac0)=""/92, 0x4}, 0x20) (async) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000680001"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x58, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0x30, 0x16, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0x0, @local}}]}]}, @IFLA_GROUP={0x8}]}, 0x58}}, 0x0) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) (async) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000100)={0x1b, 0x0, 0x0, 0xad, 0x0, r3, 0xa6d, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x5, 0x0, @void, @value, @void, @value}, 0x50) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xb7}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x2b}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) (async) setsockopt$inet6_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000880)=@gcm_256={{0x304}, "cf2f2d87e8107d09", "1fd036ece2fe2bf76d1b4e368d3ca2429b2601d88d84247eaf78b482a172e41a", "76e69a55", "f392eac64fb4c70b"}, 0x38) (async, rerun: 64) r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x88, 0x88, 0x5, [@enum64={0x6, 0x4, 0x0, 0x13, 0x1, 0xc, [{0x9, 0x200, 0xffff15d2}, {0x2, 0xe97, 0x2}, {0xb, 0x3, 0x2}, {0xd, 0x9, 0x4}]}, @enum64={0x4, 0x1, 0x0, 0x13, 0x1, 0x1, [{0xa, 0x36, 0x5}]}, @volatile={0x8}, @var={0x8, 0x0, 0x0, 0xe, 0x4, 0x1}, @float={0x5, 0x0, 0x0, 0x10, 0x2}, @const={0x10, 0x0, 0x0, 0xa, 0x5}]}, {0x0, [0x0, 0x5f, 0x0]}}, &(0x7f0000000580)=""/41, 0xa5, 0x29, 0x1, 0x6, 0x0, @void, @value}, 0x28) (rerun: 64) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x33, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @generic={0x9, 0x5, 0x6, 0x8, 0xd861}, @cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffff9}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4b}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}, @call={0x85, 0x0, 0x0, 0x8b}, @jmp={0x5, 0x1, 0x3, 0x3, 0x8, 0x80, 0x12}, @jmp={0x5, 0x0, 0xd, 0x2, 0x6, 0xffffffffffffffe0, 0xfffffffffffffffc}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='syzkaller\x00', 0x8, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, 0x25, r8, 0x8, &(0x7f0000000640)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000680)={0x3, 0x9, 0x3, 0x5525afcd}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000006c0)=[{0x2, 0x2, 0x3, 0x9}], 0x10, 0x8b06, @void, @value}, 0x94) (async, rerun: 64) r9 = socket$kcm(0x10, 0x2, 0x0) (async, rerun: 64) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r10, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000800)=ANY=[@ANYBLOB="1802000005000000000000000000000085000000cd00000095000000000000002053ef12e47b07d6d5ac7081eefdd183a8ed6290e983da"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000840)={r7}, 0x4) (async) ioctl$SIOCSIFHWADDR(r10, 0x8924, &(0x7f00000007c0)={'\x00', @local}) sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000300)="d8000000180081054e81f783db4cb9040a1d080006007c02e8fc55a10a0015000600142603600e120800060000000401a8000100fec0ffff00000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbaceac3c2fb14c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775820d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace0d", 0xa2}, {&(0x7f00000005c0)="b8cadd1b63d27c4fc2da", 0xa}, {&(0x7f0000000980)="84a33e5a63b49ad64070db02fc47dcbdcdc74d23d861c56fa46597169f24bf325d642f3daec69e6e1ba23958", 0x2c}], 0x3}, 0x0) 0s ago: executing program 0 (id=4494): r0 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000001}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x28, r3, 0x5, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0x13}]}]}, 0x28}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) read(r5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x7, 0x0, r6, 0x4, '\x00', r7, r5, 0x1, 0x3, 0x4, 0x0, @void, @value, @void, @value}, 0x50) kernel console output (not intermixed with test programs): ? __pfx_netlink_sendmsg+0x10/0x10 [ 341.702667][T15991] ? aa_sock_msg_perm+0x91/0x160 [ 341.702702][T15991] ? __pfx_netlink_sendmsg+0x10/0x10 [ 341.702723][T15991] __sock_sendmsg+0x221/0x270 [ 341.702752][T15991] ____sys_sendmsg+0x53a/0x860 [ 341.702781][T15991] ? __pfx_____sys_sendmsg+0x10/0x10 [ 341.702800][T15991] ? __fget_files+0x2a/0x410 [ 341.702831][T15991] ? __fget_files+0x2a/0x410 [ 341.702867][T15991] __sys_sendmsg+0x269/0x350 [ 341.702892][T15991] ? __pfx___sys_sendmsg+0x10/0x10 [ 341.702925][T15991] ? do_sys_openat2+0x17a/0x1d0 [ 341.702986][T15991] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 341.703015][T15991] ? do_syscall_64+0x100/0x230 [ 341.703045][T15991] ? do_syscall_64+0xb6/0x230 [ 341.703074][T15991] do_syscall_64+0xf3/0x230 [ 341.703118][T15991] ? clear_bhb_loop+0x35/0x90 [ 341.703167][T15991] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.703191][T15991] RIP: 0033:0x7f399f98d169 [ 341.703207][T15991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.703223][T15991] RSP: 002b:00007f39a07f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 341.703242][T15991] RAX: ffffffffffffffda RBX: 00007f399fba5fa0 RCX: 00007f399f98d169 [ 341.703256][T15991] RDX: 0000000000000000 RSI: 0000400000000240 RDI: 0000000000000003 [ 341.703268][T15991] RBP: 00007f39a07f9090 R08: 0000000000000000 R09: 0000000000000000 [ 341.703280][T15991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 341.703291][T15991] R13: 0000000000000000 R14: 00007f399fba5fa0 R15: 00007fffd708fd48 [ 341.703319][T15991] [ 342.096637][T16004] FAULT_INJECTION: forcing a failure. [ 342.096637][T16004] name failslab, interval 1, probability 0, space 0, times 0 [ 342.109617][T16004] CPU: 0 UID: 0 PID: 16004 Comm: syz.0.3654 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 342.109639][T16004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 342.109651][T16004] Call Trace: [ 342.109658][T16004] [ 342.109666][T16004] dump_stack_lvl+0x241/0x360 [ 342.109694][T16004] ? __pfx_dump_stack_lvl+0x10/0x10 [ 342.109714][T16004] ? __pfx__printk+0x10/0x10 [ 342.109735][T16004] ? fs_reclaim_acquire+0x93/0x130 [ 342.109754][T16004] ? __pfx___might_resched+0x10/0x10 [ 342.109782][T16004] should_fail_ex+0x40a/0x550 [ 342.109814][T16004] should_failslab+0xac/0x100 [ 342.109840][T16004] __kmalloc_noprof+0xdd/0x4c0 [ 342.109864][T16004] ? kstrtouint_from_user+0x128/0x190 [ 342.109882][T16004] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 342.109907][T16004] tomoyo_realpath_from_path+0xcf/0x5e0 [ 342.109955][T16004] tomoyo_path_number_perm+0x239/0x770 [ 342.109982][T16004] ? __lock_acquire+0x1397/0x2100 [ 342.110014][T16004] ? tomoyo_path_number_perm+0x209/0x770 [ 342.110042][T16004] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 342.110118][T16004] ? __fget_files+0x2a/0x410 [ 342.110150][T16004] ? __fget_files+0x2a/0x410 [ 342.110183][T16004] security_file_ioctl+0xc6/0x2a0 [ 342.110210][T16004] __se_sys_ioctl+0x46/0x170 [ 342.110234][T16004] do_syscall_64+0xf3/0x230 [ 342.110264][T16004] ? clear_bhb_loop+0x35/0x90 [ 342.110295][T16004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.110321][T16004] RIP: 0033:0x7fe2a178d169 [ 342.110338][T16004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 342.110356][T16004] RSP: 002b:00007fe2a2522038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 342.110376][T16004] RAX: ffffffffffffffda RBX: 00007fe2a19a5fa0 RCX: 00007fe2a178d169 [ 342.110391][T16004] RDX: 0000400000000100 RSI: 00000000400452c9 RDI: 0000000000000004 [ 342.110404][T16004] RBP: 00007fe2a2522090 R08: 0000000000000000 R09: 0000000000000000 [ 342.110417][T16004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 342.110428][T16004] R13: 0000000000000000 R14: 00007fe2a19a5fa0 R15: 00007ffe66a63e28 [ 342.110459][T16004] [ 342.110467][T16004] ERROR: Out of memory at tomoyo_realpath_from_path. [ 342.395289][T16010] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3657'. [ 342.598434][T16017] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 342.632697][T16017] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 342.679280][T16030] batman_adv: batadv0: Interface deactivated: dummy0 [ 342.841715][T16038] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3667'. [ 343.133165][T16049] FAULT_INJECTION: forcing a failure. [ 343.133165][T16049] name failslab, interval 1, probability 0, space 0, times 0 [ 343.147648][T16049] CPU: 0 UID: 0 PID: 16049 Comm: syz.0.3672 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 343.147671][T16049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 343.147683][T16049] Call Trace: [ 343.147691][T16049] [ 343.147698][T16049] dump_stack_lvl+0x241/0x360 [ 343.147727][T16049] ? __pfx_dump_stack_lvl+0x10/0x10 [ 343.147748][T16049] ? __pfx__printk+0x10/0x10 [ 343.147768][T16049] ? fs_reclaim_acquire+0x93/0x130 [ 343.147788][T16049] ? __pfx___might_resched+0x10/0x10 [ 343.147811][T16049] ? dynamic_dname+0x144/0x1b0 [ 343.147833][T16049] should_fail_ex+0x40a/0x550 [ 343.147866][T16049] should_failslab+0xac/0x100 [ 343.147891][T16049] __kmalloc_noprof+0xdd/0x4c0 [ 343.147934][T16049] ? tomoyo_encode+0x26f/0x540 [ 343.147959][T16049] tomoyo_encode+0x26f/0x540 [ 343.147981][T16049] ? __pfx_sockfs_dname+0x10/0x10 [ 343.148010][T16049] tomoyo_realpath_from_path+0x59e/0x5e0 [ 343.148042][T16049] tomoyo_path_number_perm+0x239/0x770 [ 343.148070][T16049] ? __lock_acquire+0x1397/0x2100 [ 343.148102][T16049] ? tomoyo_path_number_perm+0x209/0x770 [ 343.148132][T16049] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 343.148201][T16049] ? __fget_files+0x2a/0x410 [ 343.148233][T16049] ? __fget_files+0x2a/0x410 [ 343.148290][T16049] security_file_ioctl+0xc6/0x2a0 [ 343.148318][T16049] __se_sys_ioctl+0x46/0x170 [ 343.148340][T16049] do_syscall_64+0xf3/0x230 [ 343.148369][T16049] ? clear_bhb_loop+0x35/0x90 [ 343.148398][T16049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.148423][T16049] RIP: 0033:0x7fe2a178d169 [ 343.148439][T16049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 343.148455][T16049] RSP: 002b:00007fe2a2522038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 343.148475][T16049] RAX: ffffffffffffffda RBX: 00007fe2a19a5fa0 RCX: 00007fe2a178d169 [ 343.148489][T16049] RDX: 0000400000000100 RSI: 00000000400452c9 RDI: 0000000000000004 [ 343.148501][T16049] RBP: 00007fe2a2522090 R08: 0000000000000000 R09: 0000000000000000 [ 343.148513][T16049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 343.148525][T16049] R13: 0000000000000000 R14: 00007fe2a19a5fa0 R15: 00007ffe66a63e28 [ 343.148553][T16049] [ 343.148569][T16049] ERROR: Out of memory at tomoyo_realpath_from_path. [ 343.950957][T16077] openvswitch: netlink: Flow actions attr not present in new flow. [ 344.143195][T16093] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3689'. [ 344.189059][T16096] xt_CT: No such helper "netbios-ns" [ 344.303399][T16103] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3692'. [ 344.645500][T16123] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3698'. [ 344.692200][T16129] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3700'. [ 344.806048][T16135] xt_CT: You must specify a L4 protocol and not use inversions on it [ 344.924909][T16143] netlink: 'syz.0.3704': attribute type 11 has an invalid length. [ 344.946143][T16143] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3704'. [ 345.344936][T16167] netlink: 71 bytes leftover after parsing attributes in process `syz.2.3712'. [ 345.744044][T16185] netlink: 'syz.0.3720': attribute type 11 has an invalid length. [ 345.752146][T16185] __nla_validate_parse: 2 callbacks suppressed [ 345.752163][T16185] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3720'. [ 345.942775][T16200] netlink: 'syz.2.3726': attribute type 10 has an invalid length. [ 345.988637][T16200] team0: Device hsr_slave_0 failed to register rx_handler [ 346.074043][T16206] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3729'. [ 346.173690][T16213] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3728'. [ 346.273740][T16220] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3733'. [ 346.307940][T16220] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3733'. [ 346.312568][T16222] sch_tbf: burst 0 is lower than device lo mtu (39799) ! [ 346.481120][T16230] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3736'. [ 346.739242][T16244] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3743'. [ 346.859226][T16251] FAULT_INJECTION: forcing a failure. [ 346.859226][T16251] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 346.892752][T16251] CPU: 0 UID: 0 PID: 16251 Comm: syz.3.3745 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 346.892779][T16251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 346.892792][T16251] Call Trace: [ 346.892800][T16251] [ 346.892808][T16251] dump_stack_lvl+0x241/0x360 [ 346.892857][T16251] ? __pfx_dump_stack_lvl+0x10/0x10 [ 346.892881][T16251] ? __pfx__printk+0x10/0x10 [ 346.892902][T16251] ? cgroup_rstat_updated+0x13b/0xc30 [ 346.892946][T16251] should_fail_ex+0x40a/0x550 [ 346.892982][T16251] prepare_alloc_pages+0x1da/0x5b0 [ 346.893015][T16251] __alloc_frozen_pages_noprof+0x16f/0x710 [ 346.893044][T16251] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 346.893092][T16251] alloc_pages_mpol+0x311/0x660 [ 346.893127][T16251] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 346.893161][T16251] ? do_raw_spin_unlock+0x13c/0x8b0 [ 346.893192][T16251] alloc_pages_noprof+0x121/0x190 [ 346.893224][T16251] __pmd_alloc+0x91/0x420 [ 346.893247][T16251] ? __pfx___pmd_alloc+0x10/0x10 [ 346.893267][T16251] ? __pfx_validate_chain+0x10/0x10 [ 346.893299][T16251] __handle_mm_fault+0xd34/0x70f0 [ 346.893329][T16251] ? mark_lock+0x9a/0x360 [ 346.893379][T16251] ? __pfx___handle_mm_fault+0x10/0x10 [ 346.893422][T16251] ? mt_find+0x2a9/0x920 [ 346.893453][T16251] ? __pfx_lock_release+0x10/0x10 [ 346.893496][T16251] ? mt_find+0x2a9/0x920 [ 346.893528][T16251] ? mt_find+0x6c8/0x920 [ 346.893558][T16251] ? mt_find+0x2a9/0x920 [ 346.893592][T16251] ? __pfx_mt_find+0x10/0x10 [ 346.893644][T16251] ? find_vma+0xf9/0x170 [ 346.893668][T16251] ? __pfx_find_vma+0x10/0x10 [ 346.893686][T16251] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 346.893721][T16251] handle_mm_fault+0x3e5/0x8d0 [ 346.893764][T16251] exc_page_fault+0x2b9/0x8b0 [ 346.893801][T16251] asm_exc_page_fault+0x26/0x30 [ 346.893828][T16251] RIP: 0010:rep_movs_alternative+0x30/0x70 [ 346.893852][T16251] Code: f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 [ 346.893870][T16251] RSP: 0018:ffffc900050dfa98 EFLAGS: 00050202 [ 346.893890][T16251] RAX: 00007ffffffff001 RBX: 0000400000000100 RCX: 0000000000000018 [ 346.893904][T16251] RDX: 0000000000000001 RSI: 0000400000000100 RDI: ffffc900050dfb90 [ 346.893926][T16251] RBP: ffffc900050dfc70 R08: ffffc900050dfba7 R09: 1ffff92000a1bf74 [ 346.893941][T16251] R10: dffffc0000000000 R11: fffff52000a1bf75 R12: ffffc900050dfb90 [ 346.893957][T16251] R13: dffffc0000000000 R14: ffffc900050dfb90 R15: 0000000000000018 [ 346.893991][T16251] _copy_from_user+0x7b/0xb0 [ 346.894020][T16251] rfcomm_dev_ioctl+0x188/0x22f0 [ 346.894055][T16251] ? tomoyo_path_number_perm+0x209/0x770 [ 346.894086][T16251] ? __pfx_lock_release+0x10/0x10 [ 346.894117][T16251] ? __pfx_rfcomm_dev_ioctl+0x10/0x10 [ 346.894149][T16251] ? tomoyo_path_number_perm+0x5dd/0x770 [ 346.894190][T16251] ? tomoyo_path_number_perm+0x65d/0x770 [ 346.894218][T16251] ? __lock_acquire+0x1397/0x2100 [ 346.894250][T16251] ? bt_sock_ioctl+0xe9/0x2c0 [ 346.894285][T16251] sock_do_ioctl+0x158/0x460 [ 346.894331][T16251] ? __pfx_sock_do_ioctl+0x10/0x10 [ 346.894376][T16251] sock_ioctl+0x626/0x8e0 [ 346.894403][T16251] ? __pfx_sock_ioctl+0x10/0x10 [ 346.894427][T16251] ? __fget_files+0x2a/0x410 [ 346.894459][T16251] ? __fget_files+0x2a/0x410 [ 346.894491][T16251] ? __pfx_sock_ioctl+0x10/0x10 [ 346.894516][T16251] __se_sys_ioctl+0xf5/0x170 [ 346.894540][T16251] do_syscall_64+0xf3/0x230 [ 346.894569][T16251] ? clear_bhb_loop+0x35/0x90 [ 346.894600][T16251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.894626][T16251] RIP: 0033:0x7fa3edb8d169 [ 346.894642][T16251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 346.894657][T16251] RSP: 002b:00007fa3ee905038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 346.894676][T16251] RAX: ffffffffffffffda RBX: 00007fa3edda5fa0 RCX: 00007fa3edb8d169 [ 346.894690][T16251] RDX: 0000400000000100 RSI: 00000000400452c9 RDI: 0000000000000004 [ 346.894703][T16251] RBP: 00007fa3ee905090 R08: 0000000000000000 R09: 0000000000000000 [ 346.894715][T16251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 346.894726][T16251] R13: 0000000000000000 R14: 00007fa3edda5fa0 R15: 00007ffee8d32d68 [ 346.894756][T16251] [ 347.404169][T16259] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3746'. [ 347.503336][T16264] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3748'. [ 347.598141][T16270] netlink: 'syz.0.3750': attribute type 62 has an invalid length. [ 347.729058][T16276] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3755'. [ 347.773164][T16278] FAULT_INJECTION: forcing a failure. [ 347.773164][T16278] name failslab, interval 1, probability 0, space 0, times 0 [ 347.810220][T16278] CPU: 1 UID: 0 PID: 16278 Comm: syz.2.3754 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 347.810247][T16278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 347.810260][T16278] Call Trace: [ 347.810267][T16278] [ 347.810276][T16278] dump_stack_lvl+0x241/0x360 [ 347.810304][T16278] ? __pfx_dump_stack_lvl+0x10/0x10 [ 347.810327][T16278] ? __pfx__printk+0x10/0x10 [ 347.810348][T16278] ? __kmalloc_cache_noprof+0x48/0x390 [ 347.810377][T16278] ? __pfx___might_resched+0x10/0x10 [ 347.810407][T16278] should_fail_ex+0x40a/0x550 [ 347.810442][T16278] should_failslab+0xac/0x100 [ 347.810470][T16278] __kmalloc_cache_noprof+0x70/0x390 [ 347.810496][T16278] ? genl_start+0x1cb/0x6d0 [ 347.810529][T16278] genl_start+0x1cb/0x6d0 [ 347.810566][T16278] __netlink_dump_start+0x45c/0x790 [ 347.810599][T16278] genl_rcv_msg+0x894/0xec0 [ 347.810636][T16278] ? __pfx_genl_rcv_msg+0x10/0x10 [ 347.810683][T16278] ? __pfx_genl_start+0x10/0x10 [ 347.810709][T16278] ? __pfx_genl_dumpit+0x10/0x10 [ 347.810735][T16278] ? __pfx_genl_done+0x10/0x10 [ 347.810781][T16278] ? __pfx_lock_acquire+0x10/0x10 [ 347.810811][T16278] ? __pfx_batadv_mcast_flags_dump+0x10/0x10 [ 347.810841][T16278] ? __pfx___might_resched+0x10/0x10 [ 347.810878][T16278] netlink_rcv_skb+0x206/0x480 [ 347.810902][T16278] ? __pfx_genl_rcv_msg+0x10/0x10 [ 347.810932][T16278] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 347.810969][T16278] ? __netlink_deliver_tap+0x7b0/0x7f0 [ 347.811008][T16278] genl_rcv+0x28/0x40 [ 347.811034][T16278] netlink_unicast+0x7f6/0x990 [ 347.811064][T16278] ? __pfx_netlink_unicast+0x10/0x10 [ 347.811082][T16278] ? __virt_addr_valid+0x45f/0x530 [ 347.811102][T16278] ? __phys_addr_symbol+0x2f/0x70 [ 347.811119][T16278] ? __check_object_size+0x47a/0x730 [ 347.811150][T16278] netlink_sendmsg+0x8de/0xcb0 [ 347.811187][T16278] ? __pfx_netlink_sendmsg+0x10/0x10 [ 347.811216][T16278] ? aa_sock_msg_perm+0x91/0x160 [ 347.811251][T16278] ? __pfx_netlink_sendmsg+0x10/0x10 [ 347.811272][T16278] __sock_sendmsg+0x221/0x270 [ 347.811302][T16278] ____sys_sendmsg+0x53a/0x860 [ 347.811333][T16278] ? __pfx_____sys_sendmsg+0x10/0x10 [ 347.811352][T16278] ? __fget_files+0x2a/0x410 [ 347.811384][T16278] ? __fget_files+0x2a/0x410 [ 347.811422][T16278] __sys_sendmsg+0x269/0x350 [ 347.811448][T16278] ? __pfx___sys_sendmsg+0x10/0x10 [ 347.811483][T16278] ? do_sys_openat2+0x17a/0x1d0 [ 347.811539][T16278] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 347.811571][T16278] ? do_syscall_64+0x100/0x230 [ 347.811602][T16278] ? do_syscall_64+0xb6/0x230 [ 347.811633][T16278] do_syscall_64+0xf3/0x230 [ 347.811669][T16278] ? clear_bhb_loop+0x35/0x90 [ 347.811699][T16278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.811725][T16278] RIP: 0033:0x7fdc52d8d169 [ 347.811741][T16278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 347.811757][T16278] RSP: 002b:00007fdc53ba3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 347.811778][T16278] RAX: ffffffffffffffda RBX: 00007fdc52fa5fa0 RCX: 00007fdc52d8d169 [ 347.811793][T16278] RDX: 0000000000000000 RSI: 0000400000000240 RDI: 0000000000000003 [ 347.811805][T16278] RBP: 00007fdc53ba3090 R08: 0000000000000000 R09: 0000000000000000 [ 347.811817][T16278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 347.811829][T16278] R13: 0000000000000000 R14: 00007fdc52fa5fa0 R15: 00007fff00837438 [ 347.811861][T16278] [ 347.844087][T16276] netlink: 'syz.4.3755': attribute type 1 has an invalid length. [ 348.197539][T16276] 8021q: adding VLAN 0 to HW filter on device bond0 [ 348.356020][T16300] sch_tbf: burst 0 is lower than device lo mtu (39799) ! [ 348.417096][T16302] netlink: 'syz.3.3762': attribute type 11 has an invalid length. [ 348.446266][T16299] openvswitch: netlink: Flow actions attr not present in new flow. [ 349.109207][T16331] geneve2: entered promiscuous mode [ 349.114805][T16331] geneve2: entered allmulticast mode [ 349.556714][T16354] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 350.431049][T16409] x_tables: duplicate underflow at hook 1 [ 350.695159][T16418] xt_CT: No such helper "netbios-ns" [ 350.703054][T16425] FAULT_INJECTION: forcing a failure. [ 350.703054][T16425] name failslab, interval 1, probability 0, space 0, times 0 [ 350.732746][T16425] CPU: 1 UID: 0 PID: 16425 Comm: syz.2.3812 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 350.732771][T16425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 350.732784][T16425] Call Trace: [ 350.732790][T16425] [ 350.732799][T16425] dump_stack_lvl+0x241/0x360 [ 350.732827][T16425] ? __pfx_dump_stack_lvl+0x10/0x10 [ 350.732847][T16425] ? __pfx__printk+0x10/0x10 [ 350.732873][T16425] ? ref_tracker_alloc+0x332/0x490 [ 350.732896][T16425] should_fail_ex+0x40a/0x550 [ 350.732928][T16425] should_failslab+0xac/0x100 [ 350.732954][T16425] ? skb_clone+0x20c/0x390 [ 350.732974][T16425] kmem_cache_alloc_noprof+0x70/0x380 [ 350.733005][T16425] skb_clone+0x20c/0x390 [ 350.733029][T16425] __netlink_deliver_tap+0x3c4/0x7f0 [ 350.733062][T16425] ? netlink_deliver_tap+0x2e/0x1b0 [ 350.733083][T16425] netlink_deliver_tap+0x19d/0x1b0 [ 350.733106][T16425] __netlink_sendskb+0x60/0xd0 [ 350.733126][T16425] netlink_dump+0x9f0/0xe10 [ 350.733158][T16425] ? __pfx_netlink_dump+0x10/0x10 [ 350.733193][T16425] ? __asan_memset+0x23/0x50 [ 350.733212][T16425] ? genl_start+0x4ae/0x6d0 [ 350.733246][T16425] __netlink_dump_start+0x5a2/0x790 [ 350.733276][T16425] genl_rcv_msg+0x894/0xec0 [ 350.733311][T16425] ? __pfx_genl_rcv_msg+0x10/0x10 [ 350.733344][T16425] ? __pfx_genl_start+0x10/0x10 [ 350.733367][T16425] ? __pfx_genl_dumpit+0x10/0x10 [ 350.733399][T16425] ? __pfx_genl_done+0x10/0x10 [ 350.733444][T16425] ? __pfx_lock_acquire+0x10/0x10 [ 350.733472][T16425] ? __pfx_batadv_mcast_flags_dump+0x10/0x10 [ 350.733500][T16425] ? __pfx___might_resched+0x10/0x10 [ 350.733536][T16425] netlink_rcv_skb+0x206/0x480 [ 350.733558][T16425] ? __pfx_genl_rcv_msg+0x10/0x10 [ 350.733587][T16425] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 350.733621][T16425] ? __netlink_deliver_tap+0x7b0/0x7f0 [ 350.733658][T16425] genl_rcv+0x28/0x40 [ 350.733683][T16425] netlink_unicast+0x7f6/0x990 [ 350.733711][T16425] ? __pfx_netlink_unicast+0x10/0x10 [ 350.733728][T16425] ? __virt_addr_valid+0x45f/0x530 [ 350.733747][T16425] ? __phys_addr_symbol+0x2f/0x70 [ 350.733763][T16425] ? __check_object_size+0x47a/0x730 [ 350.733792][T16425] netlink_sendmsg+0x8de/0xcb0 [ 350.733824][T16425] ? __pfx_netlink_sendmsg+0x10/0x10 [ 350.733849][T16425] ? aa_sock_msg_perm+0x91/0x160 [ 350.733881][T16425] ? __pfx_netlink_sendmsg+0x10/0x10 [ 350.733900][T16425] __sock_sendmsg+0x221/0x270 [ 350.733927][T16425] ____sys_sendmsg+0x53a/0x860 [ 350.733954][T16425] ? __pfx_____sys_sendmsg+0x10/0x10 [ 350.733971][T16425] ? __fget_files+0x2a/0x410 [ 350.734000][T16425] ? __fget_files+0x2a/0x410 [ 350.734033][T16425] __sys_sendmsg+0x269/0x350 [ 350.734056][T16425] ? __pfx___sys_sendmsg+0x10/0x10 [ 350.734086][T16425] ? do_sys_openat2+0x17a/0x1d0 [ 350.734135][T16425] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 350.734161][T16425] ? do_syscall_64+0x100/0x230 [ 350.734189][T16425] ? do_syscall_64+0xb6/0x230 [ 350.734216][T16425] do_syscall_64+0xf3/0x230 [ 350.734240][T16425] ? clear_bhb_loop+0x35/0x90 [ 350.734268][T16425] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.734291][T16425] RIP: 0033:0x7fdc52d8d169 [ 350.734307][T16425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.734322][T16425] RSP: 002b:00007fdc53ba3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 350.734340][T16425] RAX: ffffffffffffffda RBX: 00007fdc52fa5fa0 RCX: 00007fdc52d8d169 [ 350.734354][T16425] RDX: 0000000000000000 RSI: 0000400000000240 RDI: 0000000000000003 [ 350.734365][T16425] RBP: 00007fdc53ba3090 R08: 0000000000000000 R09: 0000000000000000 [ 350.734383][T16425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 350.734394][T16425] R13: 0000000000000000 R14: 00007fdc52fa5fa0 R15: 00007fff00837438 [ 350.734423][T16425] [ 351.169549][T16427] netlink: 'syz.4.3813': attribute type 11 has an invalid length. [ 351.182366][T16427] __nla_validate_parse: 6 callbacks suppressed [ 351.182382][T16427] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3813'. [ 351.620990][T16460] FAULT_INJECTION: forcing a failure. [ 351.620990][T16460] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 351.661117][T16460] CPU: 0 UID: 0 PID: 16460 Comm: syz.4.3825 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 351.661142][T16460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 351.661153][T16460] Call Trace: [ 351.661161][T16460] [ 351.661169][T16460] dump_stack_lvl+0x241/0x360 [ 351.661197][T16460] ? __pfx_dump_stack_lvl+0x10/0x10 [ 351.661218][T16460] ? __pfx__printk+0x10/0x10 [ 351.661241][T16460] ? snprintf+0xda/0x120 [ 351.661275][T16460] should_fail_ex+0x40a/0x550 [ 351.661307][T16460] _copy_to_user+0x31/0xb0 [ 351.661334][T16460] simple_read_from_buffer+0xca/0x150 [ 351.661363][T16460] proc_fail_nth_read+0x1e9/0x250 [ 351.661392][T16460] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 351.661421][T16460] ? rw_verify_area+0x243/0x630 [ 351.661440][T16460] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 351.661467][T16460] vfs_read+0x1f8/0xb40 [ 351.661487][T16460] ? fdget_pos+0x254/0x320 [ 351.661515][T16460] ? __pfx___mutex_lock+0x10/0x10 [ 351.661542][T16460] ? __pfx_vfs_read+0x10/0x10 [ 351.661565][T16460] ? __fget_files+0x2a/0x410 [ 351.661593][T16460] ? __fget_files+0x395/0x410 [ 351.661617][T16460] ? __fget_files+0x2a/0x410 [ 351.661652][T16460] ksys_read+0x18f/0x2b0 [ 351.661674][T16460] ? __pfx_ksys_read+0x10/0x10 [ 351.661694][T16460] ? do_syscall_64+0x100/0x230 [ 351.661724][T16460] ? do_syscall_64+0xb6/0x230 [ 351.661754][T16460] do_syscall_64+0xf3/0x230 [ 351.661781][T16460] ? clear_bhb_loop+0x35/0x90 [ 351.661809][T16460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.661834][T16460] RIP: 0033:0x7f399f98bb7c [ 351.661850][T16460] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 351.661866][T16460] RSP: 002b:00007f39a07f9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 351.661885][T16460] RAX: ffffffffffffffda RBX: 00007f399fba5fa0 RCX: 00007f399f98bb7c [ 351.661898][T16460] RDX: 000000000000000f RSI: 00007f39a07f90a0 RDI: 0000000000000004 [ 351.661910][T16460] RBP: 00007f39a07f9090 R08: 0000000000000000 R09: 0000000000000000 [ 351.661921][T16460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 351.661936][T16460] R13: 0000000000000000 R14: 00007f399fba5fa0 R15: 00007fffd708fd48 [ 351.661964][T16460] [ 351.665796][T16463] FAULT_INJECTION: forcing a failure. [ 351.665796][T16463] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 351.751659][T16465] netlink: 'syz.4.3827': attribute type 1 has an invalid length. [ 351.800186][T16463] CPU: 1 UID: 0 PID: 16463 Comm: syz.0.3826 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 351.800212][T16463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 351.800224][T16463] Call Trace: [ 351.800231][T16463] [ 351.800238][T16463] dump_stack_lvl+0x241/0x360 [ 351.800268][T16463] ? __pfx_dump_stack_lvl+0x10/0x10 [ 351.800290][T16463] ? __pfx__printk+0x10/0x10 [ 351.800315][T16463] ? snprintf+0xda/0x120 [ 351.800341][T16463] should_fail_ex+0x40a/0x550 [ 351.800374][T16463] _copy_to_user+0x31/0xb0 [ 351.800402][T16463] simple_read_from_buffer+0xca/0x150 [ 351.800432][T16463] proc_fail_nth_read+0x1e9/0x250 [ 351.800479][T16463] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 351.800522][T16463] ? rw_verify_area+0x243/0x630 [ 351.800543][T16463] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 351.800573][T16463] vfs_read+0x1f8/0xb40 [ 351.800596][T16463] ? fdget_pos+0x254/0x320 [ 351.800626][T16463] ? __pfx___mutex_lock+0x10/0x10 [ 351.800658][T16463] ? __pfx_vfs_read+0x10/0x10 [ 351.800682][T16463] ? __fget_files+0x2a/0x410 [ 351.800731][T16463] ? __fget_files+0x395/0x410 [ 351.800761][T16463] ? __fget_files+0x2a/0x410 [ 351.800802][T16463] ksys_read+0x18f/0x2b0 [ 351.800828][T16463] ? __pfx_ksys_read+0x10/0x10 [ 351.800852][T16463] ? do_syscall_64+0x100/0x230 [ 351.800888][T16463] ? do_syscall_64+0xb6/0x230 [ 351.800934][T16463] do_syscall_64+0xf3/0x230 [ 351.800963][T16463] ? clear_bhb_loop+0x35/0x90 [ 351.801002][T16463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.801029][T16463] RIP: 0033:0x7fe2a178bb7c [ 351.801047][T16463] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 351.801064][T16463] RSP: 002b:00007fe2a2522030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 351.801086][T16463] RAX: ffffffffffffffda RBX: 00007fe2a19a5fa0 RCX: 00007fe2a178bb7c [ 351.801101][T16463] RDX: 000000000000000f RSI: 00007fe2a25220a0 RDI: 0000000000000003 [ 351.801114][T16463] RBP: 00007fe2a2522090 R08: 0000000000000000 R09: 0000000000000000 [ 351.801127][T16463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 351.801139][T16463] R13: 0000000000000000 R14: 00007fe2a19a5fa0 R15: 00007ffe66a63e28 [ 351.801170][T16463] [ 352.008912][T16473] FAULT_INJECTION: forcing a failure. [ 352.008912][T16473] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 352.009437][T16465] netlink: 'syz.4.3827': attribute type 1 has an invalid length. [ 352.028596][T16473] CPU: 1 UID: 0 PID: 16473 Comm: syz.3.3828 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 352.028624][T16473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 352.028639][T16473] Call Trace: [ 352.028648][T16473] [ 352.028657][T16473] dump_stack_lvl+0x241/0x360 [ 352.028691][T16473] ? __pfx_dump_stack_lvl+0x10/0x10 [ 352.028717][T16473] ? __pfx__printk+0x10/0x10 [ 352.028741][T16473] ? __pfx_lock_release+0x10/0x10 [ 352.028775][T16473] ? __lock_acquire+0x1397/0x2100 [ 352.028814][T16473] should_fail_ex+0x40a/0x550 [ 352.028853][T16473] _copy_from_user+0x2d/0xb0 [ 352.028883][T16473] kstrtouint_from_user+0xc6/0x190 [ 352.028911][T16473] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 352.028940][T16473] ? __pfx_lock_acquire+0x10/0x10 [ 352.028984][T16473] proc_fail_nth_write+0xaa/0x2d0 [ 352.029019][T16473] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 352.029046][T16473] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 352.029085][T16473] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 352.029117][T16473] vfs_write+0x29f/0xd10 [ 352.029143][T16473] ? fdget_pos+0x254/0x320 [ 352.029173][T16473] ? __mutex_unlock_slowpath+0x227/0x800 [ 352.029211][T16473] ? __pfx_vfs_write+0x10/0x10 [ 352.029232][T16473] ? do_sys_openat2+0x17a/0x1d0 [ 352.029275][T16473] ? __fget_files+0x2a/0x410 [ 352.029309][T16473] ? __fget_files+0x395/0x410 [ 352.029338][T16473] ? __fget_files+0x2a/0x410 [ 352.029380][T16473] ksys_write+0x18f/0x2b0 [ 352.029406][T16473] ? __pfx_ksys_write+0x10/0x10 [ 352.029431][T16473] ? do_syscall_64+0x100/0x230 [ 352.029467][T16473] ? do_syscall_64+0xb6/0x230 [ 352.029502][T16473] do_syscall_64+0xf3/0x230 [ 352.029533][T16473] ? clear_bhb_loop+0x35/0x90 [ 352.029568][T16473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.029597][T16473] RIP: 0033:0x7fa3edb8bc1f [ 352.029616][T16473] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 352.029635][T16473] RSP: 002b:00007fa3eb9f6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 352.029659][T16473] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa3edb8bc1f [ 352.029675][T16473] RDX: 0000000000000001 RSI: 00007fa3eb9f60a0 RDI: 0000000000000005 [ 352.029689][T16473] RBP: 00007fa3eb9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 352.029703][T16473] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 352.029717][T16473] R13: 0000000000000000 R14: 00007fa3edda6080 R15: 00007ffee8d32d68 [ 352.029753][T16473] [ 353.163518][T16524] netlink: 256 bytes leftover after parsing attributes in process `syz.0.3846'. [ 353.285040][T16527] Cannot find set identified by id 0 to match [ 353.297602][T16520] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3845'. [ 353.507057][T16535] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 353.515965][T16535] batadv_slave_1: entered promiscuous mode [ 353.532986][T16535] batadv_slave_1: entered allmulticast mode [ 354.273275][T16573] netlink: 'syz.4.3861': attribute type 11 has an invalid length. [ 354.281335][T16573] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3861'. [ 355.174490][T16632] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3882'. [ 355.355974][T16636] xt_CT: No such helper "netbios-ns" [ 355.627138][T16660] FAULT_INJECTION: forcing a failure. [ 355.627138][T16660] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 355.655701][T16660] CPU: 1 UID: 0 PID: 16660 Comm: syz.3.3892 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 355.655726][T16660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 355.655739][T16660] Call Trace: [ 355.655746][T16660] [ 355.655755][T16660] dump_stack_lvl+0x241/0x360 [ 355.655784][T16660] ? __pfx_dump_stack_lvl+0x10/0x10 [ 355.655806][T16660] ? __pfx__printk+0x10/0x10 [ 355.655832][T16660] ? snprintf+0xda/0x120 [ 355.655858][T16660] should_fail_ex+0x40a/0x550 [ 355.655893][T16660] _copy_to_user+0x31/0xb0 [ 355.655929][T16660] simple_read_from_buffer+0xca/0x150 [ 355.655959][T16660] proc_fail_nth_read+0x1e9/0x250 [ 355.655990][T16660] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 355.656019][T16660] ? rw_verify_area+0x243/0x630 [ 355.656039][T16660] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 355.656068][T16660] vfs_read+0x1f8/0xb40 [ 355.656090][T16660] ? fdget_pos+0x254/0x320 [ 355.656119][T16660] ? __pfx___mutex_lock+0x10/0x10 [ 355.656149][T16660] ? __pfx_vfs_read+0x10/0x10 [ 355.656166][T16660] ? do_sys_openat2+0x17a/0x1d0 [ 355.656198][T16660] ? __fget_files+0x2a/0x410 [ 355.656228][T16660] ? __fget_files+0x395/0x410 [ 355.656254][T16660] ? __fget_files+0x2a/0x410 [ 355.656291][T16660] ksys_read+0x18f/0x2b0 [ 355.656314][T16660] ? __pfx_ksys_read+0x10/0x10 [ 355.656334][T16660] ? do_syscall_64+0x100/0x230 [ 355.656385][T16660] ? do_syscall_64+0xb6/0x230 [ 355.656416][T16660] do_syscall_64+0xf3/0x230 [ 355.656443][T16660] ? clear_bhb_loop+0x35/0x90 [ 355.656472][T16660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.656505][T16660] RIP: 0033:0x7fa3edb8bb7c [ 355.656521][T16660] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 355.656536][T16660] RSP: 002b:00007fa3eb9f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 355.656556][T16660] RAX: ffffffffffffffda RBX: 00007fa3edda6080 RCX: 00007fa3edb8bb7c [ 355.656570][T16660] RDX: 000000000000000f RSI: 00007fa3eb9f60a0 RDI: 0000000000000007 [ 355.656582][T16660] RBP: 00007fa3eb9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 355.656595][T16660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 355.656606][T16660] R13: 0000000000000000 R14: 00007fa3edda6080 R15: 00007ffee8d32d68 [ 355.656653][T16660] [ 356.086078][T16668] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3897'. [ 356.969652][T16725] netlink: 'syz.2.3912': attribute type 3 has an invalid length. [ 356.993147][T16725] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3912'. [ 357.217557][T16736] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3918'. [ 357.254949][T16736] ipvlan3: entered allmulticast mode [ 357.260287][T16736] veth0_virt_wifi: entered allmulticast mode [ 357.501065][T16751] xt_TPROXY: Can be used only with -p tcp or -p udp [ 357.611873][T16754] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 357.646269][T16754] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 357.936893][T16768] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3932'. [ 358.166126][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 358.349083][T16796] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3942'. [ 358.452822][T16803] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3943'. [ 358.473854][T16800] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3944'. [ 358.795156][T16820] xt_CT: No such helper "netbios-ns" [ 358.857340][T16827] netlink: 'syz.4.3954': attribute type 1 has an invalid length. [ 358.911691][T16827] 8021q: adding VLAN 0 to HW filter on device bond2 [ 358.969446][T16831] Unsupported ieee802154 address type: 0 [ 358.994605][T16833] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 358.998074][T16831] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3956'. [ 359.010949][T16833] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 359.056535][T16836] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3957'. [ 359.281387][T16844] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3960'. [ 359.297314][T16844] netlink: 'syz.4.3960': attribute type 7 has an invalid length. [ 359.311860][T16844] netlink: 'syz.4.3960': attribute type 8 has an invalid length. [ 359.320901][T16844] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3960'. [ 359.923381][ T3410] wlan0: Trigger new scan to find an IBSS to join [ 359.938894][T16877] netlink: 'syz.2.3975': attribute type 1 has an invalid length. [ 359.964331][T16877] syzkaller0 speed is unknown, defaulting to 1000 [ 360.064305][T16886] netlink: zone id is out of range [ 360.075623][T16886] netlink: zone id is out of range [ 360.080801][T16886] netlink: zone id is out of range [ 360.090712][T16886] netlink: set zone limit has 8 unknown bytes [ 360.304373][T16901] tipc: Enabling of bearer rejected, failed to enable media [ 360.647761][T16917] veth1_vlan: left promiscuous mode [ 361.009214][T16935] FAULT_INJECTION: forcing a failure. [ 361.009214][T16935] name failslab, interval 1, probability 0, space 0, times 0 [ 361.044151][T16935] CPU: 0 UID: 0 PID: 16935 Comm: syz.4.3997 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 361.044181][T16935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 361.044194][T16935] Call Trace: [ 361.044202][T16935] [ 361.044211][T16935] dump_stack_lvl+0x241/0x360 [ 361.044241][T16935] ? __pfx_dump_stack_lvl+0x10/0x10 [ 361.044264][T16935] ? __pfx__printk+0x10/0x10 [ 361.044287][T16935] ? kmem_cache_alloc_lru_noprof+0x4d/0x390 [ 361.044322][T16935] ? __pfx___might_resched+0x10/0x10 [ 361.044356][T16935] should_fail_ex+0x40a/0x550 [ 361.044391][T16935] should_failslab+0xac/0x100 [ 361.044420][T16935] ? __d_alloc+0x31/0x740 [ 361.044445][T16935] kmem_cache_alloc_lru_noprof+0x75/0x390 [ 361.044481][T16935] __d_alloc+0x31/0x740 [ 361.044507][T16935] d_alloc_pseudo+0x1f/0xb0 [ 361.044528][T16935] alloc_file_pseudo+0x141/0x320 [ 361.044565][T16935] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 361.044597][T16935] ? rcu_is_watching+0x15/0xb0 [ 361.044621][T16935] ? hugetlbfs_get_inode+0x45f/0x690 [ 361.044657][T16935] hugetlb_file_setup+0x38a/0x5c0 [ 361.044689][T16935] ksys_mmap_pgoff+0x20d/0x720 [ 361.044729][T16935] do_syscall_64+0xf3/0x230 [ 361.044761][T16935] ? clear_bhb_loop+0x35/0x90 [ 361.044793][T16935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.044821][T16935] RIP: 0033:0x7f399f98d169 [ 361.044839][T16935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.044857][T16935] RSP: 002b:00007f39a07d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 361.044878][T16935] RAX: ffffffffffffffda RBX: 00007f399fba6080 RCX: 00007f399f98d169 [ 361.044894][T16935] RDX: 0000000002000002 RSI: 0000000000c00000 RDI: 0000400000000000 [ 361.044908][T16935] RBP: 00007f39a07d8090 R08: ffffffffffffffff R09: 0000000000800000 [ 361.044923][T16935] R10: 0000000000042073 R11: 0000000000000246 R12: 0000000000000001 [ 361.044936][T16935] R13: 0000000000000001 R14: 00007f399fba6080 R15: 00007fffd708fd48 [ 361.044965][T16935] [ 361.508023][T16943] 8021q: VLANs not supported on gre0 [ 361.811669][T16954] 0ªî{X¹¦: entered promiscuous mode [ 361.842209][T16954] macvtap1: entered promiscuous mode [ 361.882199][T16954] macvtap1: entered allmulticast mode [ 361.946152][T16961] openvswitch: netlink: Flow actions attr not present in new flow. [ 362.115365][T16967] __nla_validate_parse: 5 callbacks suppressed [ 362.115386][T16967] netlink: 168 bytes leftover after parsing attributes in process `syz.2.4011'. [ 362.292139][T16981] FAULT_INJECTION: forcing a failure. [ 362.292139][T16981] name failslab, interval 1, probability 0, space 0, times 0 [ 362.340732][T16981] CPU: 1 UID: 0 PID: 16981 Comm: syz.2.4015 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 362.340763][T16981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 362.340776][T16981] Call Trace: [ 362.340784][T16981] [ 362.340793][T16981] dump_stack_lvl+0x241/0x360 [ 362.340823][T16981] ? __pfx_dump_stack_lvl+0x10/0x10 [ 362.340847][T16981] ? __pfx__printk+0x10/0x10 [ 362.340869][T16981] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 362.340900][T16981] ? __pfx___might_resched+0x10/0x10 [ 362.340932][T16981] should_fail_ex+0x40a/0x550 [ 362.340968][T16981] should_failslab+0xac/0x100 [ 362.340998][T16981] __kmalloc_node_noprof+0xe1/0x4d0 [ 362.341025][T16981] ? apparmor_capable+0x13b/0x1b0 [ 362.341047][T16981] ? __kvmalloc_node_noprof+0x72/0x190 [ 362.341083][T16981] __kvmalloc_node_noprof+0x72/0x190 [ 362.341112][T16981] xt_alloc_table_info+0x3d/0xa0 [ 362.341140][T16981] do_ip6t_set_ctl+0xba0/0x1270 [ 362.341167][T16981] ? nf_setsockopt+0x240/0x2c0 [ 362.341194][T16981] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 362.341217][T16981] ? rcu_is_watching+0x15/0xb0 [ 362.341240][T16981] ? trace_contention_end+0x3c/0x120 [ 362.341274][T16981] ? __mutex_unlock_slowpath+0x227/0x800 [ 362.341315][T16981] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 362.341345][T16981] ? aa_sk_perm+0x96d/0xab0 [ 362.341383][T16981] ? __pfx_aa_sk_perm+0x10/0x10 [ 362.341415][T16981] nf_setsockopt+0x295/0x2c0 [ 362.341446][T16981] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 362.341475][T16981] do_sock_setsockopt+0x3af/0x720 [ 362.341502][T16981] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 362.341529][T16981] ? __fget_files+0x395/0x410 [ 362.341558][T16981] ? __fget_files+0x2a/0x410 [ 362.341605][T16981] __x64_sys_setsockopt+0x1ee/0x280 [ 362.341633][T16981] do_syscall_64+0xf3/0x230 [ 362.341664][T16981] ? clear_bhb_loop+0x35/0x90 [ 362.341697][T16981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.341730][T16981] RIP: 0033:0x7fdc52d8d169 [ 362.341749][T16981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.341767][T16981] RSP: 002b:00007fdc53ba3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 362.341789][T16981] RAX: ffffffffffffffda RBX: 00007fdc52fa5fa0 RCX: 00007fdc52d8d169 [ 362.341805][T16981] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 362.341818][T16981] RBP: 00007fdc53ba3090 R08: 0000000000000668 R09: 0000000000000000 [ 362.341831][T16981] R10: 0000400000000640 R11: 0000000000000246 R12: 0000000000000001 [ 362.341845][T16981] R13: 0000000000000000 R14: 00007fdc52fa5fa0 R15: 00007fff00837438 [ 362.341876][T16981] [ 362.716316][T16989] netlink: 150412 bytes leftover after parsing attributes in process `syz.2.4019'. [ 362.757455][T16989] netlink: get zone limit has 8 unknown bytes [ 362.802678][T16992] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4020'. [ 362.847821][T16992] xfrm1: entered promiscuous mode [ 362.852953][T16992] xfrm1: entered allmulticast mode [ 362.863530][T16992] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4020'. [ 362.906831][ T36] wlan0: Trigger new scan to find an IBSS to join [ 363.054152][T12626] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.188844][T12626] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.290614][T12626] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.388717][T12626] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.463143][T12626] bridge_slave_1: left allmulticast mode [ 363.468821][T12626] bridge_slave_1: left promiscuous mode [ 363.474961][T12626] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.484458][T12626] bridge_slave_0: left allmulticast mode [ 363.490349][T12626] bridge_slave_0: left promiscuous mode [ 363.496392][T12626] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.724613][T17009] netlink: 256 bytes leftover after parsing attributes in process `syz.4.4028'. [ 363.873016][ T3410] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 364.084073][T17027] netlink: 'syz.3.4032': attribute type 11 has an invalid length. [ 364.122673][T17027] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4032'. [ 364.180839][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 364.198969][ T5847] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 364.207785][ T5847] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 364.217532][ T5847] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 364.226713][ T5847] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 364.234553][ T5847] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 364.331974][T12626] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 364.345470][T12626] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 364.365064][T12626] bond0 (unregistering): Released all slaves [ 364.382699][T17037] FAULT_INJECTION: forcing a failure. [ 364.382699][T17037] name failslab, interval 1, probability 0, space 0, times 0 [ 364.395734][T17037] CPU: 1 UID: 0 PID: 17037 Comm: syz.3.4036 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 364.395760][T17037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 364.395772][T17037] Call Trace: [ 364.395780][T17037] [ 364.395789][T17037] dump_stack_lvl+0x241/0x360 [ 364.395818][T17037] ? __pfx_dump_stack_lvl+0x10/0x10 [ 364.395841][T17037] ? __pfx__printk+0x10/0x10 [ 364.395862][T17037] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 364.395890][T17037] ? __pfx___might_resched+0x10/0x10 [ 364.395912][T17037] ? stack_trace_save+0x118/0x1d0 [ 364.395940][T17037] should_fail_ex+0x40a/0x550 [ 364.395976][T17037] should_failslab+0xac/0x100 [ 364.396005][T17037] __kmalloc_node_noprof+0xe1/0x4d0 [ 364.396032][T17037] ? __kvmalloc_node_noprof+0x72/0x190 [ 364.396069][T17037] __kvmalloc_node_noprof+0x72/0x190 [ 364.396103][T17037] translate_table+0x179/0x2490 [ 364.396148][T17037] ? __pfx_translate_table+0x10/0x10 [ 364.396169][T17037] ? __might_fault+0xaa/0x120 [ 364.396189][T17037] ? __pfx_lock_release+0x10/0x10 [ 364.396224][T17037] ? __virt_addr_valid+0x183/0x530 [ 364.396244][T17037] ? __might_fault+0xaa/0x120 [ 364.396263][T17037] ? __might_fault+0xc6/0x120 [ 364.396288][T17037] ? copy_from_sockptr_offset+0x6b/0xb0 [ 364.396312][T17037] do_ip6t_set_ctl+0xe4c/0x1270 [ 364.396339][T17037] ? nf_setsockopt+0x240/0x2c0 [ 364.396366][T17037] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 364.396397][T17037] ? rcu_is_watching+0x15/0xb0 [ 364.396422][T17037] ? trace_contention_end+0x3c/0x120 [ 364.396456][T17037] ? __mutex_unlock_slowpath+0x227/0x800 [ 364.396497][T17037] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 364.396527][T17037] ? aa_sk_perm+0x96d/0xab0 [ 364.396564][T17037] ? __pfx_aa_sk_perm+0x10/0x10 [ 364.396596][T17037] nf_setsockopt+0x295/0x2c0 [ 364.396626][T17037] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 364.396656][T17037] do_sock_setsockopt+0x3af/0x720 [ 364.396684][T17037] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 364.396710][T17037] ? __fget_files+0x395/0x410 [ 364.396740][T17037] ? __fget_files+0x2a/0x410 [ 364.396778][T17037] __x64_sys_setsockopt+0x1ee/0x280 [ 364.396807][T17037] do_syscall_64+0xf3/0x230 [ 364.396838][T17037] ? clear_bhb_loop+0x35/0x90 [ 364.396871][T17037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.396899][T17037] RIP: 0033:0x7fa3edb8d169 [ 364.396917][T17037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.396936][T17037] RSP: 002b:00007fa3ee905038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 364.396958][T17037] RAX: ffffffffffffffda RBX: 00007fa3edda5fa0 RCX: 00007fa3edb8d169 [ 364.396974][T17037] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 364.396987][T17037] RBP: 00007fa3ee905090 R08: 0000000000000668 R09: 0000000000000000 [ 364.397011][T17037] R10: 0000400000000640 R11: 0000000000000246 R12: 0000000000000001 [ 364.397025][T17037] R13: 0000000000000000 R14: 00007fa3edda5fa0 R15: 00007ffee8d32d68 [ 364.397057][T17037] [ 364.722279][T17030] syzkaller0 speed is unknown, defaulting to 1000 [ 364.732018][T17030] lo speed is unknown, defaulting to 1000 [ 364.844106][T17044] netlink: 244 bytes leftover after parsing attributes in process `syz.3.4038'. [ 365.143392][T17056] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 365.241803][T17063] netlink: 168 bytes leftover after parsing attributes in process `syz.3.4045'. [ 365.255942][T17030] chnl_net:caif_netlink_parms(): no params data found [ 365.287700][T17067] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4046'. [ 365.326517][T17064] sch_tbf: burst 4398 is lower than device lo mtu (39799) ! [ 365.362810][ T5839] Bluetooth: hci4: command 0x0405 tx timeout [ 365.386856][T17072] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4044'. [ 365.450606][T12626] hsr_slave_0: left promiscuous mode [ 365.464711][T12626] hsr_slave_1: left promiscuous mode [ 365.470526][T12626] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 365.485046][T12626] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 365.494708][T12626] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 365.502145][T12626] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 365.537100][T12626] veth1_macvtap: left promiscuous mode [ 365.542833][T12626] veth0_macvtap: left promiscuous mode [ 365.548448][T12626] veth1_vlan: left promiscuous mode [ 365.553843][T12626] veth0_vlan: left promiscuous mode [ 365.620338][T17077] FAULT_INJECTION: forcing a failure. [ 365.620338][T17077] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 365.662757][T17077] CPU: 1 UID: 0 PID: 17077 Comm: syz.4.4049 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 365.662782][T17077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 365.662794][T17077] Call Trace: [ 365.662801][T17077] [ 365.662810][T17077] dump_stack_lvl+0x241/0x360 [ 365.662839][T17077] ? __pfx_dump_stack_lvl+0x10/0x10 [ 365.662860][T17077] ? __pfx__printk+0x10/0x10 [ 365.662886][T17077] ? snprintf+0xda/0x120 [ 365.662912][T17077] should_fail_ex+0x40a/0x550 [ 365.662946][T17077] _copy_to_user+0x31/0xb0 [ 365.662974][T17077] simple_read_from_buffer+0xca/0x150 [ 365.663004][T17077] proc_fail_nth_read+0x1e9/0x250 [ 365.663035][T17077] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 365.663073][T17077] ? rw_verify_area+0x243/0x630 [ 365.663093][T17077] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 365.663123][T17077] vfs_read+0x1f8/0xb40 [ 365.663145][T17077] ? fdget_pos+0x254/0x320 [ 365.663175][T17077] ? __pfx___mutex_lock+0x10/0x10 [ 365.663205][T17077] ? __pfx_vfs_read+0x10/0x10 [ 365.663228][T17077] ? __fget_files+0x2a/0x410 [ 365.663258][T17077] ? __fget_files+0x395/0x410 [ 365.663284][T17077] ? __fget_files+0x2a/0x410 [ 365.663322][T17077] ksys_read+0x18f/0x2b0 [ 365.663345][T17077] ? __pfx_ksys_read+0x10/0x10 [ 365.663367][T17077] ? do_syscall_64+0x100/0x230 [ 365.663398][T17077] ? do_syscall_64+0xb6/0x230 [ 365.663430][T17077] do_syscall_64+0xf3/0x230 [ 365.663458][T17077] ? clear_bhb_loop+0x35/0x90 [ 365.663488][T17077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.663514][T17077] RIP: 0033:0x7f399f98bb7c [ 365.663531][T17077] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 365.663549][T17077] RSP: 002b:00007f39a07f9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 365.663569][T17077] RAX: ffffffffffffffda RBX: 00007f399fba5fa0 RCX: 00007f399f98bb7c [ 365.663584][T17077] RDX: 000000000000000f RSI: 00007f39a07f90a0 RDI: 0000000000000004 [ 365.663596][T17077] RBP: 00007f39a07f9090 R08: 0000000000000000 R09: 0000000000000000 [ 365.663608][T17077] R10: 0000400000000640 R11: 0000000000000246 R12: 0000000000000001 [ 365.663620][T17077] R13: 0000000000000000 R14: 00007f399fba5fa0 R15: 00007fffd708fd48 [ 365.663651][T17077] [ 366.323064][ T55] Bluetooth: hci3: command tx timeout [ 366.393419][T12626] team0 (unregistering): Port device team_slave_1 removed [ 366.431537][T12626] team0 (unregistering): Port device team_slave_0 removed [ 366.846909][T17090] netlink: 'syz.2.4053': attribute type 12 has an invalid length. [ 366.862880][T17090] netlink: 'syz.2.4053': attribute type 29 has an invalid length. [ 367.045000][T17103] netlink: 'syz.2.4057': attribute type 11 has an invalid length. [ 367.084405][T17030] bridge0: port 1(bridge_slave_0) entered blocking state [ 367.101422][T17030] bridge0: port 1(bridge_slave_0) entered disabled state [ 367.139338][T17030] bridge_slave_0: entered allmulticast mode [ 367.163998][T17030] bridge_slave_0: entered promiscuous mode [ 367.192945][T17030] bridge0: port 2(bridge_slave_1) entered blocking state [ 367.200052][T17030] bridge0: port 2(bridge_slave_1) entered disabled state [ 367.222472][T17030] bridge_slave_1: entered allmulticast mode [ 367.245382][T17030] bridge_slave_1: entered promiscuous mode [ 367.266215][T17109] __nla_validate_parse: 2 callbacks suppressed [ 367.266230][T17109] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4060'. [ 367.283224][T17107] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4058'. [ 367.370471][T17106] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.392134][T17116] Cannot find map_set index 0 as target [ 367.399954][T17109] macsec0: entered promiscuous mode [ 367.410087][T17030] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 367.441660][T17030] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 367.605350][T17123] FAULT_INJECTION: forcing a failure. [ 367.605350][T17123] name failslab, interval 1, probability 0, space 0, times 0 [ 367.641713][T17123] CPU: 1 UID: 0 PID: 17123 Comm: syz.3.4062 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 367.641736][T17123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 367.641752][T17123] Call Trace: [ 367.641759][T17123] [ 367.641767][T17123] dump_stack_lvl+0x241/0x360 [ 367.641793][T17123] ? __pfx_dump_stack_lvl+0x10/0x10 [ 367.641812][T17123] ? __pfx__printk+0x10/0x10 [ 367.641834][T17123] ? kmem_cache_alloc_noprof+0x48/0x380 [ 367.641860][T17123] ? __pfx___might_resched+0x10/0x10 [ 367.641885][T17123] should_fail_ex+0x40a/0x550 [ 367.641911][T17123] should_failslab+0xac/0x100 [ 367.641933][T17123] ? vm_area_dup+0x61/0x290 [ 367.641948][T17123] kmem_cache_alloc_noprof+0x70/0x380 [ 367.641972][T17123] vm_area_dup+0x61/0x290 [ 367.641989][T17123] __split_vma+0x1bf/0xbf0 [ 367.642036][T17123] ? __pfx___split_vma+0x10/0x10 [ 367.642066][T17123] ? mas_find+0x950/0xbb0 [ 367.642105][T17123] vms_gather_munmap_vmas+0x4c1/0x1600 [ 367.642147][T17123] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 367.642177][T17123] ? mas_find+0x8c0/0xbb0 [ 367.642207][T17123] mmap_region+0xa50/0x2fa0 [ 367.642253][T17123] ? validate_chain+0x11e/0x5920 [ 367.642289][T17123] ? __pfx_mmap_region+0x10/0x10 [ 367.642338][T17123] ? mark_lock+0x9a/0x360 [ 367.642401][T17123] ? aa_get_newest_label+0xff/0x6f0 [ 367.642437][T17123] ? __pfx_aa_get_newest_label+0x10/0x10 [ 367.642466][T17123] ? mm_get_unmapped_area_vmflags+0xb9/0xf0 [ 367.642499][T17123] ? rcu_is_watching+0x15/0xb0 [ 367.642524][T17123] ? apparmor_capable+0x13b/0x1b0 [ 367.642548][T17123] ? bpf_lsm_capable+0x9/0x10 [ 367.642578][T17123] ? shmem_mapping+0xd/0x50 [ 367.642610][T17123] do_mmap+0xecc/0x13a0 [ 367.642645][T17123] ? ima_file_mmap+0x17e/0x220 [ 367.642678][T17123] ? __pfx_do_mmap+0x10/0x10 [ 367.642704][T17123] ? down_write_killable+0x19e/0x260 [ 367.642724][T17123] ? vm_mmap_pgoff+0x182/0x430 [ 367.642743][T17123] ? __pfx_down_write_killable+0x10/0x10 [ 367.642761][T17123] ? common_file_perm+0x1a6/0x210 [ 367.642797][T17123] vm_mmap_pgoff+0x214/0x430 [ 367.642827][T17123] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 367.642854][T17123] ? hugetlb_file_setup+0x3dc/0x5c0 [ 367.642884][T17123] ksys_mmap_pgoff+0x53e/0x720 [ 367.642920][T17123] do_syscall_64+0xf3/0x230 [ 367.642948][T17123] ? clear_bhb_loop+0x35/0x90 [ 367.642979][T17123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.643015][T17123] RIP: 0033:0x7fa3edb8d169 [ 367.643033][T17123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 367.643049][T17123] RSP: 002b:00007fa3eb9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 367.643068][T17123] RAX: ffffffffffffffda RBX: 00007fa3edda6080 RCX: 00007fa3edb8d169 [ 367.643082][T17123] RDX: 0000000002000002 RSI: 0000000000c00000 RDI: 0000400000000000 [ 367.643101][T17123] RBP: 00007fa3eb9f6090 R08: ffffffffffffffff R09: 0000000000800000 [ 367.643115][T17123] R10: 0000000000042073 R11: 0000000000000246 R12: 0000000000000001 [ 367.643126][T17123] R13: 0000000000000001 R14: 00007fa3edda6080 R15: 00007ffee8d32d68 [ 367.643155][T17123] [ 367.662978][T17106] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.755166][T17126] FAULT_INJECTION: forcing a failure. [ 367.755166][T17126] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 367.992735][T17126] CPU: 1 UID: 0 PID: 17126 Comm: syz.0.4064 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 367.992763][T17126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 367.992776][T17126] Call Trace: [ 367.992783][T17126] [ 367.992792][T17126] dump_stack_lvl+0x241/0x360 [ 367.992820][T17126] ? __pfx_dump_stack_lvl+0x10/0x10 [ 367.992842][T17126] ? __pfx__printk+0x10/0x10 [ 367.992867][T17126] ? snprintf+0xda/0x120 [ 367.992892][T17126] should_fail_ex+0x40a/0x550 [ 367.992925][T17126] _copy_to_user+0x31/0xb0 [ 367.992953][T17126] simple_read_from_buffer+0xca/0x150 [ 367.992987][T17126] proc_fail_nth_read+0x1e9/0x250 [ 367.993017][T17126] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 367.993048][T17126] ? rw_verify_area+0x243/0x630 [ 367.993075][T17126] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 367.993104][T17126] vfs_read+0x1f8/0xb40 [ 367.993125][T17126] ? fdget_pos+0x254/0x320 [ 367.993155][T17126] ? __pfx___mutex_lock+0x10/0x10 [ 367.993184][T17126] ? __pfx_vfs_read+0x10/0x10 [ 367.993201][T17126] ? do_sys_openat2+0x17a/0x1d0 [ 367.993233][T17126] ? __fget_files+0x2a/0x410 [ 367.993262][T17126] ? __fget_files+0x395/0x410 [ 367.993288][T17126] ? __fget_files+0x2a/0x410 [ 367.993325][T17126] ksys_read+0x18f/0x2b0 [ 367.993347][T17126] ? __pfx_ksys_read+0x10/0x10 [ 367.993372][T17126] ? do_syscall_64+0x100/0x230 [ 367.993404][T17126] ? do_syscall_64+0xb6/0x230 [ 367.993436][T17126] do_syscall_64+0xf3/0x230 [ 367.993464][T17126] ? clear_bhb_loop+0x35/0x90 [ 367.993496][T17126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.993522][T17126] RIP: 0033:0x7fe2a178bb7c [ 367.993538][T17126] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 367.993554][T17126] RSP: 002b:00007fe29f5f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 367.993573][T17126] RAX: ffffffffffffffda RBX: 00007fe2a19a6160 RCX: 00007fe2a178bb7c [ 367.993588][T17126] RDX: 000000000000000f RSI: 00007fe29f5f60a0 RDI: 0000000000000005 [ 367.993600][T17126] RBP: 00007fe29f5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 367.993612][T17126] R10: 0000400000000780 R11: 0000000000000246 R12: 0000000000000001 [ 367.993624][T17126] R13: 0000000000000001 R14: 00007fe2a19a6160 R15: 00007ffe66a63e28 [ 367.993654][T17126] [ 368.249111][T17030] team0: Port device team_slave_0 added [ 368.264774][T17030] team0: Port device team_slave_1 added [ 368.288120][T17124] bridge0: port 3(team0) entered blocking state [ 368.294513][T17124] bridge0: port 3(team0) entered listening state [ 368.301070][T17124] bridge0: port 2(bridge_slave_1) entered blocking state [ 368.308250][T17124] bridge0: port 2(bridge_slave_1) entered listening state [ 368.315569][T17124] bridge0: port 1(bridge_slave_0) entered blocking state [ 368.322730][T17124] bridge0: port 1(bridge_slave_0) entered listening state [ 368.340536][T17124] bridge0: port 3(team0) entered disabled state [ 368.350029][T17124] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 368.404676][ T55] Bluetooth: hci3: command tx timeout [ 368.428998][T17130] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4066'. [ 368.520619][T17106] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.611017][T17030] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 368.622574][T17030] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 368.656156][T17030] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 368.668432][T17135] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 368.715811][T17106] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.726920][T17135] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 368.742135][T17030] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 368.749304][T17030] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 368.829286][T17030] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 368.943761][T17156] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4073'. [ 368.957218][T17030] hsr_slave_0: entered promiscuous mode [ 368.971963][T17030] hsr_slave_1: entered promiscuous mode [ 368.978787][T17030] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 368.986961][T17030] Cannot create hsr debugfs directory [ 369.001795][T17106] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.204836][T17106] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.452621][T17170] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 369.502719][T17172] xt_CT: No such helper "netbios-ns" [ 369.612212][T17180] Cannot find del_set index 17 as target [ 369.708625][T17182] netlink: 'syz.4.4082': attribute type 2 has an invalid length. [ 369.727141][T17182] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4082'. [ 369.969752][T17030] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 369.993601][T17196] FAULT_INJECTION: forcing a failure. [ 369.993601][T17196] name failslab, interval 1, probability 0, space 0, times 0 [ 369.998462][T17030] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 370.024358][T17196] CPU: 1 UID: 0 PID: 17196 Comm: syz.0.4085 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 370.024382][T17196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 370.024394][T17196] Call Trace: [ 370.024401][T17196] [ 370.024409][T17196] dump_stack_lvl+0x241/0x360 [ 370.024435][T17196] ? __pfx_dump_stack_lvl+0x10/0x10 [ 370.024456][T17196] ? __pfx__printk+0x10/0x10 [ 370.024487][T17196] should_fail_ex+0x40a/0x550 [ 370.024519][T17196] should_failslab+0xac/0x100 [ 370.024545][T17196] ? skb_clone+0x20c/0x390 [ 370.024564][T17196] kmem_cache_alloc_noprof+0x70/0x380 [ 370.024595][T17196] skb_clone+0x20c/0x390 [ 370.024618][T17196] __netlink_deliver_tap+0x3c4/0x7f0 [ 370.024651][T17196] ? netlink_deliver_tap+0x2e/0x1b0 [ 370.024672][T17196] netlink_deliver_tap+0x19d/0x1b0 [ 370.024694][T17196] netlink_unicast+0x7c4/0x990 [ 370.024721][T17196] ? __pfx_netlink_unicast+0x10/0x10 [ 370.024738][T17196] ? __virt_addr_valid+0x45f/0x530 [ 370.024757][T17196] ? __phys_addr_symbol+0x2f/0x70 [ 370.024774][T17196] ? __check_object_size+0x47a/0x730 [ 370.024821][T17196] netlink_sendmsg+0x8de/0xcb0 [ 370.024861][T17196] ? __pfx_netlink_sendmsg+0x10/0x10 [ 370.024894][T17196] ? aa_sock_msg_perm+0x91/0x160 [ 370.024930][T17196] ? __pfx_netlink_sendmsg+0x10/0x10 [ 370.024951][T17196] __sock_sendmsg+0x221/0x270 [ 370.024980][T17196] ____sys_sendmsg+0x53a/0x860 [ 370.025010][T17196] ? __pfx_____sys_sendmsg+0x10/0x10 [ 370.025029][T17196] ? __fget_files+0x2a/0x410 [ 370.025060][T17196] ? __fget_files+0x2a/0x410 [ 370.025097][T17196] __sys_sendmsg+0x269/0x350 [ 370.025123][T17196] ? __pfx___sys_sendmsg+0x10/0x10 [ 370.025157][T17196] ? do_sys_openat2+0x17a/0x1d0 [ 370.025212][T17196] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 370.025244][T17196] ? do_syscall_64+0x100/0x230 [ 370.025276][T17196] ? do_syscall_64+0xb6/0x230 [ 370.025307][T17196] do_syscall_64+0xf3/0x230 [ 370.025335][T17196] ? clear_bhb_loop+0x35/0x90 [ 370.025365][T17196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.025391][T17196] RIP: 0033:0x7fe2a178d169 [ 370.025408][T17196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.025424][T17196] RSP: 002b:00007fe2a2522038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 370.025444][T17196] RAX: ffffffffffffffda RBX: 00007fe2a19a5fa0 RCX: 00007fe2a178d169 [ 370.025458][T17196] RDX: 0000000000000000 RSI: 0000400000000580 RDI: 0000000000000003 [ 370.025470][T17196] RBP: 00007fe2a2522090 R08: 0000000000000000 R09: 0000000000000000 [ 370.025481][T17196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 370.025492][T17196] R13: 0000000000000000 R14: 00007fe2a19a5fa0 R15: 00007ffe66a63e28 [ 370.025533][T17196] [ 370.025769][T17196] netlink: 168 bytes leftover after parsing attributes in process `syz.0.4085'. [ 370.030300][T17030] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 370.333819][T17030] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 370.426486][T17203] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 370.462891][T17203] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 370.483680][ T55] Bluetooth: hci3: command tx timeout [ 370.528406][T17030] 8021q: adding VLAN 0 to HW filter on device bond0 [ 370.551152][T17030] 8021q: adding VLAN 0 to HW filter on device team0 [ 370.564251][T12626] bridge0: port 1(bridge_slave_0) entered blocking state [ 370.571370][T12626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 370.607306][T12626] bridge0: port 2(bridge_slave_1) entered blocking state [ 370.614443][T12626] bridge0: port 2(bridge_slave_1) entered forwarding state [ 370.763797][T17220] netlink: 256 bytes leftover after parsing attributes in process `syz.0.4089'. [ 370.929185][T17030] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 370.998954][T17030] veth0_vlan: entered promiscuous mode [ 371.017587][T17030] veth1_vlan: entered promiscuous mode [ 371.058350][T17230] batman_adv: batadv0: Interface activated: dummy0 [ 371.068400][T17230] batadv0: mtu less than device minimum [ 371.080761][T17230] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 371.093242][T17230] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 371.105931][T17230] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 371.118279][T17230] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 371.130707][T17230] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 371.143207][T17230] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 371.155558][T17230] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 371.231031][T17232] xt_CT: No such helper "netbios-ns" [ 371.279594][T17030] veth0_macvtap: entered promiscuous mode [ 371.301962][T17030] veth1_macvtap: entered promiscuous mode [ 371.427927][T17030] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 371.481014][T17030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 371.523041][T17030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.553781][T17030] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 371.592586][T17030] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.601370][T17030] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.654959][T17030] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.683153][T17030] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.831967][T17254] netlink: 168 bytes leftover after parsing attributes in process `syz.3.4099'. [ 371.894747][ T5906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.909244][ T5906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.936639][ T71] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.945514][ T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 372.004319][T17257] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4100'. [ 372.454457][T17270] veth1_vlan: left promiscuous mode [ 372.481396][T17268] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 372.507905][T17268] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 373.305417][ T5906] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.847949][T17259] syz.3.4101: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 373.866091][T17259] CPU: 1 UID: 0 PID: 17259 Comm: syz.3.4101 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 373.866117][T17259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 373.866129][T17259] Call Trace: [ 373.866137][T17259] [ 373.866145][T17259] dump_stack_lvl+0x241/0x360 [ 373.866173][T17259] ? __pfx_dump_stack_lvl+0x10/0x10 [ 373.866194][T17259] ? __pfx__printk+0x10/0x10 [ 373.866217][T17259] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 373.866243][T17259] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 373.866271][T17259] warn_alloc+0x278/0x410 [ 373.866305][T17259] ? __pfx_warn_alloc+0x10/0x10 [ 373.866330][T17259] ? translate_table+0x179/0x2490 [ 373.866349][T17259] ? __get_vm_area_node+0x1c8/0x2d0 [ 373.866378][T17259] ? __get_vm_area_node+0x25c/0x2d0 [ 373.866412][T17259] __vmalloc_node_range_noprof+0x62f/0x1380 [ 373.866459][T17259] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 373.866480][T17259] ? rcu_is_watching+0x15/0xb0 [ 373.866503][T17259] ? trace_kmalloc+0x1f/0xd0 [ 373.866527][T17259] ? __kmalloc_node_noprof+0x2ad/0x4d0 [ 373.866553][T17259] ? __kvmalloc_node_noprof+0x72/0x190 [ 373.866587][T17259] __kvmalloc_node_noprof+0x142/0x190 [ 373.866618][T17259] ? translate_table+0x179/0x2490 [ 373.866638][T17259] translate_table+0x179/0x2490 [ 373.866683][T17259] ? __pfx_translate_table+0x10/0x10 [ 373.866703][T17259] ? __might_fault+0xaa/0x120 [ 373.866723][T17259] ? __pfx_lock_release+0x10/0x10 [ 373.866769][T17259] ? __virt_addr_valid+0x183/0x530 [ 373.866788][T17259] ? __might_fault+0xaa/0x120 [ 373.866805][T17259] ? __might_fault+0xc6/0x120 [ 373.866846][T17259] ? copy_from_sockptr_offset+0x6b/0xb0 [ 373.866870][T17259] do_ip6t_set_ctl+0xe4c/0x1270 [ 373.866896][T17259] ? nf_setsockopt+0x240/0x2c0 [ 373.866920][T17259] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 373.866941][T17259] ? rcu_is_watching+0x15/0xb0 [ 373.866963][T17259] ? trace_contention_end+0x3c/0x120 [ 373.866994][T17259] ? __mutex_unlock_slowpath+0x227/0x800 [ 373.867033][T17259] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 373.867060][T17259] ? aa_sk_perm+0x96d/0xab0 [ 373.867095][T17259] ? __pfx_aa_sk_perm+0x10/0x10 [ 373.867126][T17259] nf_setsockopt+0x295/0x2c0 [ 373.867155][T17259] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 373.867183][T17259] do_sock_setsockopt+0x3af/0x720 [ 373.867209][T17259] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 373.867234][T17259] ? __fget_files+0x395/0x410 [ 373.867262][T17259] ? __fget_files+0x2a/0x410 [ 373.867305][T17259] __x64_sys_setsockopt+0x1ee/0x280 [ 373.867332][T17259] do_syscall_64+0xf3/0x230 [ 373.867360][T17259] ? clear_bhb_loop+0x35/0x90 [ 373.867391][T17259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.867417][T17259] RIP: 0033:0x7fa3edb8d169 [ 373.867434][T17259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 373.867451][T17259] RSP: 002b:00007fa3ee905038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 373.867471][T17259] RAX: ffffffffffffffda RBX: 00007fa3edda5fa0 RCX: 00007fa3edb8d169 [ 373.867485][T17259] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 373.867498][T17259] RBP: 00007fa3edc0e2a0 R08: 0000000000000668 R09: 0000000000000000 [ 373.867510][T17259] R10: 0000400000000640 R11: 0000000000000246 R12: 0000000000000000 [ 373.867523][T17259] R13: 0000000000000000 R14: 00007fa3edda5fa0 R15: 00007ffee8d32d68 [ 373.867551][T17259] [ 373.867559][T17259] Mem-Info: [ 374.218263][T17259] active_anon:3937 inactive_anon:0 isolated_anon:0 [ 374.218263][T17259] active_file:2012 inactive_file:38430 isolated_file:0 [ 374.218263][T17259] unevictable:768 dirty:479 writeback:0 [ 374.218263][T17259] slab_reclaimable:11189 slab_unreclaimable:108785 [ 374.218263][T17259] mapped:24806 shmem:1427 pagetables:696 [ 374.218263][T17259] sec_pagetables:0 bounce:0 [ 374.218263][T17259] kernel_misc_reclaimable:0 [ 374.218263][T17259] free:1321014 free_pcp:1692 free_cma:0 [ 374.387116][T17259] Node 0 active_anon:15748kB inactive_anon:0kB active_file:8048kB inactive_file:153648kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:107124kB dirty:1912kB writeback:0kB shmem:4172kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11344kB pagetables:2884kB sec_pagetables:0kB all_unreclaimable? no [ 374.463102][T17259] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 374.516536][ T5906] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.565731][T17259] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 374.601420][T17292] netlink: 168 bytes leftover after parsing attributes in process `syz.0.4111'. [ 374.645989][T17259] lowmem_reserve[]: 0 2490 2490 2490 2490 [ 374.652268][T17259] Node 0 DMA32 free:1330628kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:15908kB inactive_anon:0kB active_file:8048kB inactive_file:153344kB unevictable:1536kB writepending:1908kB present:3129332kB managed:2549828kB mlocked:0kB bounce:0kB free_pcp:10912kB local_pcp:10116kB free_cma:0kB [ 374.750933][T17259] lowmem_reserve[]: 0 0 0 0 0 [ 374.755421][ T5906] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.776197][T17259] Node 0 Normal free:4kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:304kB unevictable:0kB writepending:4kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 374.870326][T17259] lowmem_reserve[]: 0 0 0 0 0 [ 374.883356][T17259] Node 1 Normal free:3907192kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 374.950164][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 374.953960][ T5906] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.960383][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 374.968571][T17259] lowmem_reserve[]: [ 374.976679][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 374.989526][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 374.989894][T17259] 0 [ 374.997163][ T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 375.007059][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 375.019152][T17259] 0 0 0 0 [ 375.029378][T17259] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 375.049982][T17259] Node 0 DMA32: 2*4kB (UE) 29*8kB (ME) 46*16kB (ME) 65*32kB (ME) 65*64kB (UME) 31*128kB (UM) 16*256kB (UME) 63*512kB (UM) 84*1024kB (UME) 39*2048kB (UME) 272*4096kB (UM) = 1327536kB [ 375.080681][T17313] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4115'. [ 375.092333][T17313] batman_adv: batadv0: Removing interface: dummy0 [ 375.111346][T17313] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 375.121439][T17259] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 375.147315][T17313] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 375.162617][T17259] Node 1 Normal: 226*4kB (UME) 86*8kB (UME) 60*16kB (UME) 246*32kB (UME) 121*64kB (UME) 29*128kB (UME) 15*256kB (UME) 5*512kB (UM) 4*1024kB (UME) 4*2048kB (UE) 944*4096kB (UM) = 3907192kB [ 375.214379][T17259] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 375.224525][T17259] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 375.241260][T17259] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 375.280246][T17259] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 375.309063][T17304] syzkaller0 speed is unknown, defaulting to 1000 [ 375.318722][T17259] 41870 total pagecache pages [ 375.325096][T17259] 0 pages in swap cache [ 375.329365][T17259] Free swap = 124996kB [ 375.334030][T17259] Total swap = 124996kB [ 375.338227][T17259] 2097051 pages RAM [ 375.342145][T17259] 0 pages HighMem/MovableOnly [ 375.347973][T17259] 427872 pages reserved [ 375.352162][T17259] 0 pages cma reserved [ 375.370391][T17304] lo speed is unknown, defaulting to 1000 [ 375.464184][ T5906] bridge_slave_1: left allmulticast mode [ 375.470249][ T5906] bridge_slave_1: left promiscuous mode [ 375.496859][ T5906] bridge0: port 2(bridge_slave_1) entered disabled state [ 375.518669][ T5906] bridge_slave_0: left allmulticast mode [ 375.557625][ T5906] bridge_slave_0: left promiscuous mode [ 375.595010][ T5906] bridge0: port 1(bridge_slave_0) entered disabled state [ 375.929692][T17338] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4123'. [ 376.568996][T17364] netlink: 168 bytes leftover after parsing attributes in process `syz.3.4126'. [ 376.784433][ T5906] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 376.803882][ T5906] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 376.836609][ T5906] bond0 (unregistering): Released all slaves [ 377.042896][ T55] Bluetooth: hci3: command tx timeout [ 377.056296][T17383] net_ratelimit: 13 callbacks suppressed [ 377.056308][T17383] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 377.125410][ T5928] lo speed is unknown, defaulting to 1000 [ 377.219700][T17304] chnl_net:caif_netlink_parms(): no params data found [ 377.447337][ T5906] hsr_slave_0: left promiscuous mode [ 377.454893][ T5906] hsr_slave_1: left promiscuous mode [ 377.460849][ T5906] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 377.470099][ T5906] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 377.483131][ T5906] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 377.490782][ T5906] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 377.527195][ T5906] veth1_macvtap: left promiscuous mode [ 377.537049][T17400] x_tables: duplicate underflow at hook 1 [ 377.540572][ T5906] veth0_macvtap: left promiscuous mode [ 377.549155][ T5906] veth1_vlan: left promiscuous mode [ 377.555105][ T5906] veth0_vlan: left promiscuous mode [ 377.976398][T17408] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 377.977983][T17410] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 378.295993][ T5906] team0 (unregistering): Port device team_slave_1 removed [ 378.340234][ T5906] team0 (unregistering): Port device team_slave_0 removed [ 378.646072][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.084150][T17304] bridge0: port 1(bridge_slave_0) entered blocking state [ 379.091293][T17304] bridge0: port 1(bridge_slave_0) entered disabled state [ 379.122797][ T55] Bluetooth: hci3: command tx timeout [ 379.165385][T17304] bridge_slave_0: entered allmulticast mode [ 379.191490][T17304] bridge_slave_0: entered promiscuous mode [ 379.220548][T17304] bridge0: port 2(bridge_slave_1) entered blocking state [ 379.242365][T17304] bridge0: port 2(bridge_slave_1) entered disabled state [ 379.289562][T17304] bridge_slave_1: entered allmulticast mode [ 379.312069][T17304] bridge_slave_1: entered promiscuous mode [ 379.399806][T17431] netlink: 'syz.3.4147': attribute type 3 has an invalid length. [ 379.501736][T17304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 379.536559][T17304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 379.552336][T17444] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 379.662210][T17304] team0: Port device team_slave_0 added [ 379.764878][T17439] syzkaller0 speed is unknown, defaulting to 1000 [ 379.768788][T17304] team0: Port device team_slave_1 added [ 379.832165][T17439] lo speed is unknown, defaulting to 1000 [ 379.862197][T17304] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 379.919174][T17304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 379.969891][T17304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 380.030579][T17304] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 380.055164][T17304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 380.119346][T17304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 380.386243][T17304] hsr_slave_0: entered promiscuous mode [ 380.409592][T17473] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4155'. [ 380.412940][T17304] hsr_slave_1: entered promiscuous mode [ 380.436827][T17304] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 380.452621][T17304] Cannot create hsr debugfs directory [ 380.529009][T17474] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 380.574460][T17475] Cannot find map_set index 0 as target [ 380.623953][T17473] xt_CT: No such helper "netbios-ns" [ 380.853884][T17486] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4157'. [ 380.858106][T17485] set match dimension is over the limit! [ 381.015735][T17489] netlink: 256 bytes leftover after parsing attributes in process `syz.2.4159'. [ 381.067081][T17491] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4160'. [ 381.162052][T17496] Bluetooth: MGMT ver 1.23 [ 381.203262][ T55] Bluetooth: hci3: command tx timeout [ 381.847791][T17531] netlink: 168 bytes leftover after parsing attributes in process `syz.3.4172'. [ 383.282828][ T55] Bluetooth: hci3: command tx timeout [ 383.338692][T17529] netlink: 2 bytes leftover after parsing attributes in process `syz.2.4170'. [ 383.437198][T17304] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 383.473301][T17304] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 383.508301][T17534] x_tables: ip6_tables: MASQUERADE target: used from hooks INPUT, but only usable from POSTROUTING [ 383.509484][T17304] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 383.559500][T17304] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 383.763291][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 383.770526][ C0] bridge0: port 2(bridge_slave_1) entered learning state [ 383.881760][T17304] 8021q: adding VLAN 0 to HW filter on device bond0 [ 383.926440][T17304] 8021q: adding VLAN 0 to HW filter on device team0 [ 383.957018][T17558] netlink: 'syz.4.4182': attribute type 2 has an invalid length. [ 383.975095][ T3410] bridge0: port 1(bridge_slave_0) entered blocking state [ 383.982206][ T3410] bridge0: port 1(bridge_slave_0) entered forwarding state [ 383.995118][ T3410] bridge0: port 2(bridge_slave_1) entered blocking state [ 384.002288][ T3410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 384.375364][T17581] openvswitch: netlink: Flow actions attr not present in new flow. [ 384.472410][T17304] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 384.508620][T17588] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4188'. [ 384.562274][T17588] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4188'. [ 384.562322][T17596] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4188'. [ 384.588817][T17304] veth0_vlan: entered promiscuous mode [ 384.610006][T17588] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4188'. [ 384.612962][T17304] veth1_vlan: entered promiscuous mode [ 384.631929][T17590] xt_CT: No such helper "netbios-ns" [ 384.685596][T17304] veth0_macvtap: entered promiscuous mode [ 384.707252][T17304] veth1_macvtap: entered promiscuous mode [ 384.727645][T17304] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 384.742244][T17304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 384.762704][T17304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 384.781650][T17304] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 384.808256][T17304] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 384.835227][T17304] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 384.853618][T17304] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 384.862375][T17304] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.084381][ T3410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 385.092222][ T3410] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 385.215005][ T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 385.232932][ T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 385.360615][T17625] Cannot find map_set index 0 as target [ 385.535474][T17629] openvswitch: netlink: Flow actions attr not present in new flow. [ 385.546425][T17632] __nla_validate_parse: 3 callbacks suppressed [ 385.546442][T17632] netlink: 168 bytes leftover after parsing attributes in process `syz.0.4202'. [ 385.766473][T17640] xt_CT: No such helper "netbios-ns" [ 385.790467][T17646] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 385.817790][T17646] Cannot find set identified by id 65535 to match [ 386.291455][T17672] openvswitch: netlink: Flow actions attr not present in new flow. [ 386.388000][ T54] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.090091][ T54] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.196404][T17681] netlink: 'syz.0.4215': attribute type 11 has an invalid length. [ 387.226099][T17681] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4215'. [ 387.423622][T17692] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4221'. [ 387.546918][T17691] xt_CT: No such helper "netbios-ns" [ 387.603919][ T54] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.770764][ T54] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.850725][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 387.861511][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 387.884543][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 387.894956][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 387.907717][ T5839] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 387.917774][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 387.949256][T17720] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 387.980907][T17722] openvswitch: netlink: Flow actions attr not present in new flow. [ 388.092742][T17725] xt_CT: No such helper "netbios-ns" [ 388.180268][T17716] syzkaller0 speed is unknown, defaulting to 1000 [ 388.195107][T17716] lo speed is unknown, defaulting to 1000 [ 388.261836][T17732] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4230'. [ 388.263343][ T54] bridge_slave_1: left allmulticast mode [ 388.282962][ T54] bridge_slave_1: left promiscuous mode [ 388.293121][ T54] bridge0: port 2(bridge_slave_1) entered disabled state [ 388.314725][ T54] bridge_slave_0: left allmulticast mode [ 388.320852][ T54] bridge_slave_0: left promiscuous mode [ 388.336901][ T54] bridge0: port 1(bridge_slave_0) entered disabled state [ 388.424729][T17740] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4230'. [ 388.737481][T17751] xt_CT: No such helper "netbios-ns" [ 388.762079][ T54] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 388.796167][ T54] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 388.824066][ T54] bond0 (unregistering): Released all slaves [ 389.415036][T17716] chnl_net:caif_netlink_parms(): no params data found [ 389.574895][ T54] hsr_slave_0: left promiscuous mode [ 389.591905][ T54] hsr_slave_1: left promiscuous mode [ 389.603230][ T54] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 389.610827][ T54] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 389.631686][ T54] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 389.639341][ T54] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 389.698154][ T54] veth1_macvtap: left promiscuous mode [ 389.707799][ T54] veth0_macvtap: left promiscuous mode [ 389.717883][ T54] veth1_vlan: left promiscuous mode [ 389.726724][ T54] veth0_vlan: left promiscuous mode [ 389.941702][T17794] netlink: 164 bytes leftover after parsing attributes in process `syz.4.4248'. [ 390.003139][ T55] Bluetooth: hci3: command tx timeout [ 390.264053][T17802] xt_CT: No such helper "netbios-ns" [ 390.483636][ T54] team0 (unregistering): Port device team_slave_1 removed [ 390.521876][ T54] team0 (unregistering): Port device team_slave_0 removed [ 390.919775][T17801] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 391.101521][T17716] bridge0: port 1(bridge_slave_0) entered blocking state [ 391.132235][T17716] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.160995][T17716] bridge_slave_0: entered allmulticast mode [ 391.169181][T17716] bridge_slave_0: entered promiscuous mode [ 391.219587][T17819] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 391.259520][T17716] bridge0: port 2(bridge_slave_1) entered blocking state [ 391.267153][T17716] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.274483][T17716] bridge_slave_1: entered allmulticast mode [ 391.281200][T17716] bridge_slave_1: entered promiscuous mode [ 391.355448][T17716] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 391.376657][T17716] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 391.434097][T17822] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4258'. [ 391.463410][T17716] team0: Port device team_slave_0 added [ 391.510658][T17716] team0: Port device team_slave_1 added [ 391.609787][T17832] FAULT_INJECTION: forcing a failure. [ 391.609787][T17832] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 391.642839][T17832] CPU: 1 UID: 0 PID: 17832 Comm: syz.0.4260 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 391.642867][T17832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 391.642880][T17832] Call Trace: [ 391.642888][T17832] [ 391.642896][T17832] dump_stack_lvl+0x241/0x360 [ 391.642927][T17832] ? __pfx_dump_stack_lvl+0x10/0x10 [ 391.642950][T17832] ? __pfx__printk+0x10/0x10 [ 391.642977][T17832] ? snprintf+0xda/0x120 [ 391.643005][T17832] should_fail_ex+0x40a/0x550 [ 391.643048][T17832] _copy_to_user+0x31/0xb0 [ 391.643078][T17832] simple_read_from_buffer+0xca/0x150 [ 391.643110][T17832] proc_fail_nth_read+0x1e9/0x250 [ 391.643143][T17832] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 391.643176][T17832] ? rw_verify_area+0x243/0x630 [ 391.643197][T17832] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 391.643229][T17832] vfs_read+0x1f8/0xb40 [ 391.643252][T17832] ? fdget_pos+0x254/0x320 [ 391.643283][T17832] ? __pfx___mutex_lock+0x10/0x10 [ 391.643315][T17832] ? __pfx_vfs_read+0x10/0x10 [ 391.643340][T17832] ? __fget_files+0x2a/0x410 [ 391.643372][T17832] ? __fget_files+0x395/0x410 [ 391.643400][T17832] ? __fget_files+0x2a/0x410 [ 391.643440][T17832] ksys_read+0x18f/0x2b0 [ 391.643465][T17832] ? __pfx_ksys_read+0x10/0x10 [ 391.643488][T17832] ? do_syscall_64+0x100/0x230 [ 391.643522][T17832] ? do_syscall_64+0xb6/0x230 [ 391.643555][T17832] do_syscall_64+0xf3/0x230 [ 391.643586][T17832] ? clear_bhb_loop+0x35/0x90 [ 391.643618][T17832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.643646][T17832] RIP: 0033:0x7fe2a178bb7c [ 391.643664][T17832] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 391.643681][T17832] RSP: 002b:00007fe2a2501030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 391.643703][T17832] RAX: ffffffffffffffda RBX: 00007fe2a19a6080 RCX: 00007fe2a178bb7c [ 391.643718][T17832] RDX: 000000000000000f RSI: 00007fe2a25010a0 RDI: 0000000000000005 [ 391.643731][T17832] RBP: 00007fe2a2501090 R08: 0000000000000000 R09: 0000000000800000 [ 391.643745][T17832] R10: 0000000000042073 R11: 0000000000000246 R12: 0000000000000002 [ 391.643758][T17832] R13: 0000000000000001 R14: 00007fe2a19a6080 R15: 00007ffe66a63e28 [ 391.643792][T17832] [ 391.903195][T17716] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 391.910209][T17716] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 391.959266][T17716] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 391.983829][T17839] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4264'. [ 392.008519][T17839] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4264'. [ 392.035962][T17716] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 392.041478][T17845] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4265'. [ 392.043052][T17716] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 392.078745][T17716] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 392.080483][T17837] xt_CT: No such helper "netbios-ns" [ 392.089559][ T55] Bluetooth: hci3: command tx timeout [ 392.216316][T17716] hsr_slave_0: entered promiscuous mode [ 392.250953][T17716] hsr_slave_1: entered promiscuous mode [ 392.279886][T17716] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 392.288063][T17716] Cannot create hsr debugfs directory [ 392.290693][T17850] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 392.298304][T17854] FAULT_INJECTION: forcing a failure. [ 392.298304][T17854] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 392.302747][T17853] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4269'. [ 392.321789][T17854] CPU: 1 UID: 0 PID: 17854 Comm: syz.4.4268 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 392.321816][T17854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 392.321830][T17854] Call Trace: [ 392.321838][T17854] [ 392.321847][T17854] dump_stack_lvl+0x241/0x360 [ 392.321877][T17854] ? __pfx_dump_stack_lvl+0x10/0x10 [ 392.321901][T17854] ? __pfx__printk+0x10/0x10 [ 392.321928][T17854] ? snprintf+0xda/0x120 [ 392.321956][T17854] should_fail_ex+0x40a/0x550 [ 392.321992][T17854] _copy_to_user+0x31/0xb0 [ 392.322022][T17854] simple_read_from_buffer+0xca/0x150 [ 392.322054][T17854] proc_fail_nth_read+0x1e9/0x250 [ 392.322086][T17854] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 392.322118][T17854] ? rw_verify_area+0x243/0x630 [ 392.322139][T17854] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 392.322170][T17854] vfs_read+0x1f8/0xb40 [ 392.322192][T17854] ? fdget_pos+0x254/0x320 [ 392.322223][T17854] ? __pfx___mutex_lock+0x10/0x10 [ 392.322254][T17854] ? __pfx_vfs_read+0x10/0x10 [ 392.322278][T17854] ? __fget_files+0x2a/0x410 [ 392.322309][T17854] ? __fget_files+0x395/0x410 [ 392.322337][T17854] ? __fget_files+0x2a/0x410 [ 392.322376][T17854] ksys_read+0x18f/0x2b0 [ 392.322399][T17854] ? __pfx_ksys_read+0x10/0x10 [ 392.322432][T17854] ? do_syscall_64+0x100/0x230 [ 392.322464][T17854] ? do_syscall_64+0xb6/0x230 [ 392.322499][T17854] do_syscall_64+0xf3/0x230 [ 392.322545][T17854] ? clear_bhb_loop+0x35/0x90 [ 392.322577][T17854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.322605][T17854] RIP: 0033:0x7f399f98bb7c [ 392.322623][T17854] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 392.322640][T17854] RSP: 002b:00007f39a07f9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 392.322662][T17854] RAX: ffffffffffffffda RBX: 00007f399fba5fa0 RCX: 00007f399f98bb7c [ 392.322678][T17854] RDX: 000000000000000f RSI: 00007f39a07f90a0 RDI: 0000000000000004 [ 392.322690][T17854] RBP: 00007f39a07f9090 R08: 0000000000000000 R09: 0000000000000000 [ 392.322703][T17854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 392.322715][T17854] R13: 0000000000000000 R14: 00007f399fba5fa0 R15: 00007fffd708fd48 [ 392.322754][T17854] [ 392.556998][T17859] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4271'. [ 392.601936][T17860] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 392.710129][T17860] xt_CT: No such helper "netbios-ns" [ 393.111483][T17880] ip6_vti0: Master is either lo or non-ether device [ 393.211842][T17884] xt_CT: No such helper "netbios-ns" [ 393.337458][T17716] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 393.395436][T17716] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 393.414985][T17716] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 393.437377][T17716] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 393.628575][T17716] 8021q: adding VLAN 0 to HW filter on device bond0 [ 393.671695][T17716] 8021q: adding VLAN 0 to HW filter on device team0 [ 393.672158][T17913] xt_hashlimit: invalid interval [ 393.700930][T17913] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4289'. [ 393.712357][T17913] xt_hashlimit: invalid interval [ 393.715900][ T5906] bridge0: port 1(bridge_slave_0) entered blocking state [ 393.724455][ T5906] bridge0: port 1(bridge_slave_0) entered forwarding state [ 393.734318][ T5906] bridge0: port 2(bridge_slave_1) entered blocking state [ 393.741425][ T5906] bridge0: port 2(bridge_slave_1) entered forwarding state [ 394.001988][T17935] netlink: 'syz.0.4292': attribute type 11 has an invalid length. [ 394.031874][T17716] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 394.122288][T17716] veth0_vlan: entered promiscuous mode [ 394.140376][T17716] veth1_vlan: entered promiscuous mode [ 394.162647][ T5839] Bluetooth: hci3: command tx timeout [ 394.187442][T17716] veth0_macvtap: entered promiscuous mode [ 394.198092][T17716] veth1_macvtap: entered promiscuous mode [ 394.216403][T17716] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 394.227636][T17716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.238588][T17716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.250632][T17716] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 394.277602][T17716] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.286699][T17716] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.295994][T17716] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.322546][T17716] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.337325][T17941] Cannot find add_set index 0 as target [ 394.449928][T12626] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.488547][T12626] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 394.545249][T17948] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 394.555127][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.563027][T17948] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 394.588634][T17950] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4299'. [ 394.598440][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 394.711032][T17956] bond0: option mode: unable to set because the bond device has slaves [ 394.894890][T17962] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 395.094282][T17973] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4309'. [ 395.344516][T17985] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4315'. [ 395.558921][T17994] openvswitch: netlink: Flow actions attr not present in new flow. [ 395.787181][T18007] xt_CT: No such helper "netbios-ns" [ 395.981099][T18016] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 396.013270][T18016] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 396.252737][ T5839] Bluetooth: hci3: command 0x0419 tx timeout [ 396.947206][T18040] __nla_validate_parse: 2 callbacks suppressed [ 396.947226][T18040] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4335'. [ 397.699047][T18042] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4336'. [ 397.861258][T18023] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4329'. [ 397.876199][T18032] vlan2: entered allmulticast mode [ 397.946287][T18046] bond4: entered promiscuous mode [ 397.951375][T18046] bond4: entered allmulticast mode [ 397.957483][T18046] 8021q: adding VLAN 0 to HW filter on device bond4 [ 397.997061][T18044] vlan1: entered allmulticast mode [ 397.997924][T18049] sctp: [Deprecated]: syz.4.4338 (pid 18049) Use of struct sctp_assoc_value in delayed_ack socket option. [ 397.997924][T18049] Use struct sctp_sack_info instead [ 398.020395][T18044] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode [ 398.020525][T18049] sctp: [Deprecated]: syz.4.4338 (pid 18049) Use of struct sctp_assoc_value in delayed_ack socket option. [ 398.020525][T18049] Use struct sctp_sack_info instead [ 398.047841][T18044] mac80211_hwsim hwsim6 wlan0: left allmulticast mode [ 398.098391][T18053] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4340'. [ 398.112363][T18049] netlink: 71 bytes leftover after parsing attributes in process `syz.4.4338'. [ 398.280284][ T3410] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.338304][ T3410] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.390351][ T3410] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.426487][ T3410] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.496004][ T3410] bridge_slave_1: left allmulticast mode [ 398.501694][ T3410] bridge_slave_1: left promiscuous mode [ 398.514974][ T3410] bridge0: port 2(bridge_slave_1) entered disabled state [ 398.525990][ T3410] bridge_slave_0: left allmulticast mode [ 398.531634][ T3410] bridge_slave_0: left promiscuous mode [ 398.540176][ T3410] bridge0: port 1(bridge_slave_0) entered disabled state [ 398.856075][ T3410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 398.869960][ T3410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 398.880293][ T3410] bond0 (unregistering): Released all slaves [ 399.113508][T18062] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4344'. [ 399.133045][ C0] bridge0: port 2(bridge_slave_1) entered forwarding state [ 399.140305][ C0] bridge0: topology change detected, propagating [ 399.146913][ C0] bridge0: port 1(bridge_slave_0) entered forwarding state [ 399.154175][ C0] bridge0: topology change detected, propagating [ 399.222129][T18063] veth1_to_team: entered promiscuous mode [ 399.587125][ T3410] hsr_slave_0: left promiscuous mode [ 399.631083][ T3410] hsr_slave_1: left promiscuous mode [ 399.641718][ T3410] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 399.672835][ T3410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 399.690424][ T3410] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 399.710448][ T3410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 399.734024][T18079] netlink: 'syz.3.4348': attribute type 11 has an invalid length. [ 399.772593][T18079] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4348'. [ 399.789390][ T3410] veth1_macvtap: left promiscuous mode [ 399.801872][ T3410] veth0_macvtap: left promiscuous mode [ 399.818879][ T3410] veth1_vlan: left promiscuous mode [ 399.834483][ T3410] veth0_vlan: left promiscuous mode [ 399.896361][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 399.919300][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 399.933691][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 399.980343][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 399.990097][ T5839] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 400.000754][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 400.603644][T18101] xt_ecn: cannot match TCP bits for non-tcp packets [ 400.620812][T18101] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4354'. [ 400.680233][ T3410] team0 (unregistering): Port device team_slave_1 removed [ 400.722683][ T3410] team0 (unregistering): Port device team_slave_0 removed [ 401.111000][T18089] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4349'. [ 401.169800][T18085] syzkaller0 speed is unknown, defaulting to 1000 [ 401.212217][T18085] lo speed is unknown, defaulting to 1000 [ 401.701439][T18085] chnl_net:caif_netlink_parms(): no params data found [ 401.740688][T18132] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4365'. [ 401.987228][T18085] bridge0: port 1(bridge_slave_0) entered blocking state [ 402.001981][T18085] bridge0: port 1(bridge_slave_0) entered disabled state [ 402.012108][T18085] bridge_slave_0: entered allmulticast mode [ 402.036475][T18085] bridge_slave_0: entered promiscuous mode [ 402.054211][T18085] bridge0: port 2(bridge_slave_1) entered blocking state [ 402.061783][T18085] bridge0: port 2(bridge_slave_1) entered disabled state [ 402.076650][T18085] bridge_slave_1: entered allmulticast mode [ 402.083243][ T55] Bluetooth: hci3: command tx timeout [ 402.097653][T18085] bridge_slave_1: entered promiscuous mode [ 402.109541][T18160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4373'. [ 402.190580][T18085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 402.213526][T18085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 402.343923][T18085] team0: Port device team_slave_0 added [ 402.390279][T18085] team0: Port device team_slave_1 added [ 402.510923][T18181] hsr0: entered promiscuous mode [ 402.549534][T18085] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 402.562905][T18085] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 402.632610][T18085] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 402.656544][T18085] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 402.693553][T18085] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 402.700408][T18192] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 402.726875][T18085] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 402.757460][T18180] hsr0: left promiscuous mode [ 402.807436][T18197] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4386'. [ 402.833349][T18195] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4387'. [ 402.849810][T18197] netlink: 10 bytes leftover after parsing attributes in process `syz.0.4386'. [ 402.865123][T18200] netlink: 204 bytes leftover after parsing attributes in process `syz.0.4386'. [ 402.889803][T18199] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4388'. [ 402.980411][T18085] hsr_slave_0: entered promiscuous mode [ 402.989460][T18085] hsr_slave_1: entered promiscuous mode [ 402.996687][T18085] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 403.012845][T18085] Cannot create hsr debugfs directory [ 403.070984][T18207] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 403.082980][T18210] xt_TCPMSS: Only works on TCP SYN packets [ 403.091291][T18209] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4391'. [ 403.114166][T18207] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 403.260230][T18213] netlink: 5460 bytes leftover after parsing attributes in process `syz.2.4392'. [ 403.289560][T18213] netlink: 204 bytes leftover after parsing attributes in process `syz.2.4392'. [ 403.357314][T18218] tipc: Enabling of bearer rejected, media not registered [ 403.424008][T18222] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4396'. [ 403.475574][T18222] IPVS: persistence engine module ip_vs_pe_• not found [ 403.648706][T18085] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 403.664907][T18085] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 403.685264][T18085] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 403.695541][T18085] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 403.862577][T18085] 8021q: adding VLAN 0 to HW filter on device bond0 [ 403.903778][T18085] 8021q: adding VLAN 0 to HW filter on device team0 [ 403.941289][ T3410] bridge0: port 1(bridge_slave_0) entered blocking state [ 403.948520][ T3410] bridge0: port 1(bridge_slave_0) entered forwarding state [ 403.982747][T12626] bridge0: port 2(bridge_slave_1) entered blocking state [ 403.989901][T12626] bridge0: port 2(bridge_slave_1) entered forwarding state [ 404.080282][T18245] Cannot find del_set index 17 as target [ 404.086976][T18085] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 404.163534][ T55] Bluetooth: hci3: command tx timeout [ 404.246608][T18251] netlink: 'syz.3.4408': attribute type 11 has an invalid length. [ 404.386616][T18259] gre3: entered promiscuous mode [ 404.410968][T18259] gre3: entered allmulticast mode [ 404.438602][T18265] netlink: 'syz.0.4414': attribute type 30 has an invalid length. [ 404.490625][T18085] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 404.541325][T18261] openvswitch: netlink: Flow actions attr not present in new flow. [ 404.662109][T18085] veth0_vlan: entered promiscuous mode [ 404.686732][T18085] veth1_vlan: entered promiscuous mode [ 404.751079][T18085] veth0_macvtap: entered promiscuous mode [ 404.758680][T18283] openvswitch: netlink: Missing valid actions attribute. [ 404.767055][T18283] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 404.791480][T18085] veth1_macvtap: entered promiscuous mode [ 404.831440][T18085] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 404.858146][T18085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 404.880955][T18085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 404.905834][T18288] netlink: 'syz.2.4421': attribute type 11 has an invalid length. [ 404.907446][T18085] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 404.949087][T18085] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.971579][T18085] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.981856][T18085] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.999161][T18085] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 405.120878][T14398] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 405.151662][T14398] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 405.197131][ T4768] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 405.217773][ T4768] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 405.683104][T18320] netlink: 'syz.2.4434': attribute type 1 has an invalid length. [ 405.879306][T18334] netlink: 'syz.3.4440': attribute type 1 has an invalid length. [ 405.898227][T18334] syzkaller0 speed is unknown, defaulting to 1000 [ 406.012321][T18340] FAULT_INJECTION: forcing a failure. [ 406.012321][T18340] name failslab, interval 1, probability 0, space 0, times 0 [ 406.019105][T18343] netlink: 'syz.2.4444': attribute type 5 has an invalid length. [ 406.031662][T18340] CPU: 0 UID: 0 PID: 18340 Comm: syz.0.4442 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 406.031704][T18340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 406.031718][T18340] Call Trace: [ 406.031743][T18340] [ 406.031753][T18340] dump_stack_lvl+0x241/0x360 [ 406.031796][T18340] ? __pfx_dump_stack_lvl+0x10/0x10 [ 406.031822][T18340] ? __pfx__printk+0x10/0x10 [ 406.031846][T18340] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 406.031879][T18340] ? __pfx___might_resched+0x10/0x10 [ 406.031913][T18340] should_fail_ex+0x40a/0x550 [ 406.031960][T18340] should_failslab+0xac/0x100 [ 406.031989][T18340] kmem_cache_alloc_node_noprof+0x77/0x380 [ 406.032018][T18340] ? __alloc_skb+0x1c3/0x440 [ 406.032053][T18340] __alloc_skb+0x1c3/0x440 [ 406.032090][T18340] ? __pfx___alloc_skb+0x10/0x10 [ 406.032125][T18340] ? netlink_autobind+0xd6/0x2f0 [ 406.032149][T18340] ? netlink_autobind+0x2b0/0x2f0 [ 406.032179][T18340] netlink_sendmsg+0x634/0xcb0 [ 406.032215][T18340] ? __pfx_netlink_sendmsg+0x10/0x10 [ 406.032243][T18340] ? aa_sock_msg_perm+0x91/0x160 [ 406.032281][T18340] ? __pfx_netlink_sendmsg+0x10/0x10 [ 406.032303][T18340] __sock_sendmsg+0x221/0x270 [ 406.032334][T18340] ____sys_sendmsg+0x53a/0x860 [ 406.032364][T18340] ? __pfx_____sys_sendmsg+0x10/0x10 [ 406.032384][T18340] ? __fget_files+0x2a/0x410 [ 406.032417][T18340] ? __fget_files+0x2a/0x410 [ 406.032455][T18340] __sys_sendmsg+0x269/0x350 [ 406.032502][T18340] ? __pfx___sys_sendmsg+0x10/0x10 [ 406.032546][T18340] ? do_sys_openat2+0x17a/0x1d0 [ 406.032598][T18340] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 406.032629][T18340] ? do_syscall_64+0x100/0x230 [ 406.032661][T18340] ? do_syscall_64+0xb6/0x230 [ 406.032691][T18340] do_syscall_64+0xf3/0x230 [ 406.032718][T18340] ? clear_bhb_loop+0x35/0x90 [ 406.032748][T18340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.032773][T18340] RIP: 0033:0x7fe2a178d169 [ 406.032788][T18340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 406.032803][T18340] RSP: 002b:00007fe2a2522038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 406.032821][T18340] RAX: ffffffffffffffda RBX: 00007fe2a19a5fa0 RCX: 00007fe2a178d169 [ 406.032834][T18340] RDX: 0000000000000000 RSI: 0000400000000480 RDI: 0000000000000003 [ 406.032845][T18340] RBP: 00007fe2a2522090 R08: 0000000000000000 R09: 0000000000000000 [ 406.032856][T18340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 406.032867][T18340] R13: 0000000000000000 R14: 00007fe2a19a5fa0 R15: 00007ffe66a63e28 [ 406.032893][T18340] [ 406.536550][T18360] netlink: 'syz.2.4449': attribute type 11 has an invalid length. [ 406.842968][T18384] netlink: 'syz.0.4457': attribute type 33 has an invalid length. [ 406.942571][ T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 407.767805][ T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 407.908607][ T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 407.935988][T18389] mac80211_hwsim hwsim4 syzkaller0: left promiscuous mode [ 407.962772][T18389] mac80211_hwsim hwsim4 syzkaller0: left allmulticast mode [ 407.979331][ T5913] syzkaller0 speed is unknown, defaulting to 1000 [ 408.052968][T18401] __nla_validate_parse: 17 callbacks suppressed [ 408.052988][T18401] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4464'. [ 408.074211][ T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.118727][T18404] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4464'. [ 408.145480][T18393] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4463'. [ 408.441937][ T36] bridge_slave_1: left allmulticast mode [ 408.463305][ T36] bridge_slave_1: left promiscuous mode [ 408.475226][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.480278][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 408.492344][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 408.504491][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 408.524015][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 408.531886][ T5839] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 408.539349][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 408.548843][ T36] bridge_slave_0: left allmulticast mode [ 408.554505][T18424] FAULT_INJECTION: forcing a failure. [ 408.554505][T18424] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 408.554542][T18424] CPU: 0 UID: 0 PID: 18424 Comm: syz.2.4469 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 408.554583][T18424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 408.554596][T18424] Call Trace: [ 408.554604][T18424] [ 408.554613][T18424] dump_stack_lvl+0x241/0x360 [ 408.554642][T18424] ? __pfx_dump_stack_lvl+0x10/0x10 [ 408.554666][T18424] ? __pfx__printk+0x10/0x10 [ 408.554688][T18424] ? __pfx_lock_release+0x10/0x10 [ 408.554728][T18424] should_fail_ex+0x40a/0x550 [ 408.554763][T18424] _copy_from_iter+0x1df/0x1c40 [ 408.554788][T18424] ? __virt_addr_valid+0x183/0x530 [ 408.554809][T18424] ? __pfx_lock_release+0x10/0x10 [ 408.554847][T18424] ? __alloc_skb+0x28f/0x440 [ 408.554879][T18424] ? __pfx__copy_from_iter+0x10/0x10 [ 408.554906][T18424] ? __virt_addr_valid+0x183/0x530 [ 408.554927][T18424] ? __virt_addr_valid+0x183/0x530 [ 408.554958][T18424] ? __virt_addr_valid+0x45f/0x530 [ 408.554980][T18424] ? __phys_addr_symbol+0x2f/0x70 [ 408.554999][T18424] ? __check_object_size+0x47a/0x730 [ 408.555051][T18424] netlink_sendmsg+0x742/0xcb0 [ 408.555090][T18424] ? __pfx_netlink_sendmsg+0x10/0x10 [ 408.555121][T18424] ? aa_sock_msg_perm+0x91/0x160 [ 408.555160][T18424] ? __pfx_netlink_sendmsg+0x10/0x10 [ 408.555183][T18424] __sock_sendmsg+0x221/0x270 [ 408.555216][T18424] ____sys_sendmsg+0x53a/0x860 [ 408.555248][T18424] ? __pfx_____sys_sendmsg+0x10/0x10 [ 408.555270][T18424] ? __fget_files+0x2a/0x410 [ 408.555304][T18424] ? __fget_files+0x2a/0x410 [ 408.555346][T18424] __sys_sendmsg+0x269/0x350 [ 408.555374][T18424] ? __pfx___sys_sendmsg+0x10/0x10 [ 408.555411][T18424] ? do_sys_openat2+0x17a/0x1d0 [ 408.555471][T18424] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 408.555505][T18424] ? do_syscall_64+0x100/0x230 [ 408.555549][T18424] ? do_syscall_64+0xb6/0x230 [ 408.555583][T18424] do_syscall_64+0xf3/0x230 [ 408.555615][T18424] ? clear_bhb_loop+0x35/0x90 [ 408.555650][T18424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.555678][T18424] RIP: 0033:0x7fdc52d8d169 [ 408.555698][T18424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.555716][T18424] RSP: 002b:00007fdc53ba3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 408.555740][T18424] RAX: ffffffffffffffda RBX: 00007fdc52fa5fa0 RCX: 00007fdc52d8d169 [ 408.555756][T18424] RDX: 0000000000000000 RSI: 0000400000000480 RDI: 0000000000000003 [ 408.555770][T18424] RBP: 00007fdc53ba3090 R08: 0000000000000000 R09: 0000000000000000 [ 408.555783][T18424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 408.555797][T18424] R13: 0000000000000000 R14: 00007fdc52fa5fa0 R15: 00007fff00837438 [ 408.555831][T18424] [ 408.870971][ T36] bridge_slave_0: left promiscuous mode [ 408.877083][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 409.398791][T18456] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4477'. [ 409.472131][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 409.488149][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 409.499430][ T36] bond0 (unregistering): Released all slaves [ 409.531237][T18421] syzkaller0 speed is unknown, defaulting to 1000 [ 409.539169][T18421] lo speed is unknown, defaulting to 1000 [ 409.932251][T18421] chnl_net:caif_netlink_parms(): no params data found [ 410.022328][T18483] sctp: [Deprecated]: syz.4.4484 (pid 18483) Use of struct sctp_assoc_value in delayed_ack socket option. [ 410.022328][T18483] Use struct sctp_sack_info instead [ 410.208088][T18485] bond0: option mode: unable to set because the bond device has slaves [ 410.263111][ T36] hsr_slave_0: left promiscuous mode [ 410.289012][ T36] hsr_slave_1: left promiscuous mode [ 410.295005][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 410.302449][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 410.311559][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 410.319200][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 410.356902][ T36] veth1_macvtap: left promiscuous mode [ 410.362463][ T36] veth0_macvtap: left promiscuous mode [ 410.382212][ T36] veth1_vlan: left promiscuous mode [ 410.394514][ T36] veth0_vlan: left promiscuous mode [ 410.510999][T18513] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4491'. [ 410.722708][ T5839] Bluetooth: hci3: command tx timeout [ 410.868019][ T36] team0 (unregistering): Port device team_slave_1 removed [ 410.910088][ T36] team0 (unregistering): Port device team_slave_0 removed [ 411.386934][T18511] ------------[ cut here ]------------ [ 411.393397][T18511] WARNING: CPU: 0 PID: 18511 at net/mac80211/key.c:1162 ieee80211_free_keys+0x567/0x680 [ 411.403342][T18511] Modules linked in: [ 411.407256][T18511] CPU: 0 UID: 0 PID: 18511 Comm: syz.2.4490 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 411.418363][T18511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 411.428699][T18511] RIP: 0010:ieee80211_free_keys+0x567/0x680 [ 411.434832][T18511] Code: 01 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 d8 e7 3e f6 90 0f 0b 90 e9 17 fc ff ff e8 ca e7 3e f6 90 <0f> 0b 90 4c 8b 64 24 20 e9 77 fe ff ff e8 b7 e7 3e f6 e9 2d fe ff [ 411.454930][T18511] RSP: 0018:ffffc900033a7620 EFLAGS: 00010287 [ 411.461038][T18511] RAX: ffffffff8b82f746 RBX: 0000000000000001 RCX: 0000000000080000 [ 411.469231][T18511] RDX: ffffc9001256a000 RSI: 0000000000000b87 RDI: 0000000000000b88 [ 411.477416][T18511] RBP: ffffc900033a76f0 R08: ffffffff8b82f547 R09: 1ffff92000674e78 [ 411.485671][T18511] R10: dffffc0000000000 R11: fffff52000674e79 R12: 0000000000000002 [ 411.494041][T18511] R13: ffff888057438d80 R14: 1ffff1100ae8753a R15: dffffc0000000000 [ 411.502034][T18511] FS: 00007fdc53b1f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 411.511196][T18511] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 411.518019][T18511] CR2: 00007fe2a2500f98 CR3: 0000000045358000 CR4: 00000000003526f0 [ 411.526196][T18511] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 411.534395][T18511] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 411.542395][T18511] Call Trace: [ 411.545890][T18511] [ 411.548844][T18511] ? __warn+0x165/0x4d0 [ 411.553238][T18511] ? ieee80211_free_keys+0x567/0x680 [ 411.558579][T18511] ? report_bug+0x2b3/0x500 [ 411.563310][T18511] ? ieee80211_free_keys+0x567/0x680 [ 411.568638][T18511] ? handle_bug+0x60/0x90 [ 411.573236][T18511] ? exc_invalid_op+0x1a/0x50 [ 411.578214][T18511] ? asm_exc_invalid_op+0x1a/0x20 [ 411.583493][T18511] ? ieee80211_free_keys+0x367/0x680 [ 411.588802][T18511] ? ieee80211_free_keys+0x566/0x680 [ 411.594201][T18511] ? ieee80211_free_keys+0x567/0x680 [ 411.599579][T18511] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 411.605584][T18511] ? lockdep_hardirqs_on+0x99/0x150 [ 411.610832][T18511] ? __pfx_ieee80211_free_keys+0x10/0x10 [ 411.616608][T18511] ? wiphy_work_cancel+0x1f0/0x3e0 [ 411.621762][T18511] ieee80211_do_stop+0x1085/0x2380 [ 411.627016][T18511] ? __pfx_ieee80211_do_stop+0x10/0x10 [ 411.632574][T18511] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 411.638514][T18511] ? lockdep_hardirqs_on+0x99/0x150 [ 411.643873][T18511] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 411.650235][T18511] ? wiphy_work_cancel+0x1f0/0x3e0 [ 411.655430][T18511] ieee80211_stop+0x43b/0x490 [ 411.660206][T18511] ? __pfx_ieee80211_stop+0x10/0x10 [ 411.665472][T18511] __dev_close_many+0x216/0x350 [ 411.670355][T18511] ? __pfx___dev_close_many+0x10/0x10 [ 411.675798][T18511] ? dev_set_rx_mode+0x233/0x2e0 [ 411.680770][T18511] __dev_change_flags+0x30e/0x6f0 [ 411.685903][T18511] ? __pfx___dev_change_flags+0x10/0x10 [ 411.691497][T18511] ? __mutex_lock+0xba3/0x1010 [ 411.696374][T18511] ? __mutex_lock+0x602/0x1010 [ 411.701173][T18511] dev_change_flags+0x8b/0x1a0 [ 411.706058][T18511] dev_ifsioc+0x7c2/0xe70 [ 411.710434][T18511] ? __pfx_dev_ifsioc+0x10/0x10 [ 411.715411][T18511] ? dev_load+0x21/0x1f0 [ 411.719677][T18511] dev_ioctl+0x719/0x1340 [ 411.724090][T18511] sock_do_ioctl+0x240/0x460 [ 411.728750][T18511] ? __pfx_sock_do_ioctl+0x10/0x10 [ 411.733978][T18511] sock_ioctl+0x626/0x8e0 [ 411.738346][T18511] ? __pfx_sock_ioctl+0x10/0x10 [ 411.743272][T18511] ? __fget_files+0x2a/0x410 [ 411.747903][T18511] ? __fget_files+0x2a/0x410 [ 411.752576][T18511] ? __pfx_sock_ioctl+0x10/0x10 [ 411.757453][T18511] __se_sys_ioctl+0xf5/0x170 [ 411.762058][T18511] do_syscall_64+0xf3/0x230 [ 411.766622][T18511] ? clear_bhb_loop+0x35/0x90 [ 411.771321][T18511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.777282][T18511] RIP: 0033:0x7fdc52d8d169 [ 411.781705][T18511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.801392][T18511] RSP: 002b:00007fdc53b1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 411.809895][T18511] RAX: ffffffffffffffda RBX: 00007fdc52fa6320 RCX: 00007fdc52d8d169 [ 411.817943][T18511] RDX: 0000400000002280 RSI: 0000000000008914 RDI: 0000000000000009 [ 411.825983][T18511] RBP: 00007fdc52e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 411.834067][T18511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 411.842048][T18511] R13: 0000000000000000 R14: 00007fdc52fa6320 R15: 00007fff00837438 [ 411.850126][T18511] [ 411.853255][T18511] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 411.860548][T18511] CPU: 0 UID: 0 PID: 18511 Comm: syz.2.4490 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0 [ 411.871303][T18511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 411.881357][T18511] Call Trace: [ 411.884638][T18511] [ 411.887578][T18511] dump_stack_lvl+0x241/0x360 [ 411.892284][T18511] ? __pfx_dump_stack_lvl+0x10/0x10 [ 411.897506][T18511] ? __pfx__printk+0x10/0x10 [ 411.902121][T18511] ? _printk+0xd5/0x120 [ 411.906322][T18511] ? __init_begin+0x41000/0x41000 [ 411.911382][T18511] ? vscnprintf+0x5d/0x90 [ 411.915742][T18511] panic+0x349/0x880 [ 411.919671][T18511] ? __warn+0x174/0x4d0 [ 411.923863][T18511] ? __pfx_panic+0x10/0x10 [ 411.928321][T18511] __warn+0x344/0x4d0 [ 411.932325][T18511] ? ieee80211_free_keys+0x567/0x680 [ 411.937623][T18511] report_bug+0x2b3/0x500 [ 411.941968][T18511] ? ieee80211_free_keys+0x567/0x680 [ 411.947271][T18511] handle_bug+0x60/0x90 [ 411.951425][T18511] exc_invalid_op+0x1a/0x50 [ 411.955927][T18511] asm_exc_invalid_op+0x1a/0x20 [ 411.960785][T18511] RIP: 0010:ieee80211_free_keys+0x567/0x680 [ 411.966690][T18511] Code: 01 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 d8 e7 3e f6 90 0f 0b 90 e9 17 fc ff ff e8 ca e7 3e f6 90 <0f> 0b 90 4c 8b 64 24 20 e9 77 fe ff ff e8 b7 e7 3e f6 e9 2d fe ff [ 411.986306][T18511] RSP: 0018:ffffc900033a7620 EFLAGS: 00010287 [ 411.992381][T18511] RAX: ffffffff8b82f746 RBX: 0000000000000001 RCX: 0000000000080000 [ 412.000356][T18511] RDX: ffffc9001256a000 RSI: 0000000000000b87 RDI: 0000000000000b88 [ 412.008337][T18511] RBP: ffffc900033a76f0 R08: ffffffff8b82f547 R09: 1ffff92000674e78 [ 412.016312][T18511] R10: dffffc0000000000 R11: fffff52000674e79 R12: 0000000000000002 [ 412.024285][T18511] R13: ffff888057438d80 R14: 1ffff1100ae8753a R15: dffffc0000000000 [ 412.032264][T18511] ? ieee80211_free_keys+0x367/0x680 [ 412.037555][T18511] ? ieee80211_free_keys+0x566/0x680 [ 412.042857][T18511] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 412.048849][T18511] ? lockdep_hardirqs_on+0x99/0x150 [ 412.054068][T18511] ? __pfx_ieee80211_free_keys+0x10/0x10 [ 412.059717][T18511] ? wiphy_work_cancel+0x1f0/0x3e0 [ 412.064840][T18511] ieee80211_do_stop+0x1085/0x2380 [ 412.069986][T18511] ? __pfx_ieee80211_do_stop+0x10/0x10 [ 412.075468][T18511] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 412.081378][T18511] ? lockdep_hardirqs_on+0x99/0x150 [ 412.086595][T18511] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 412.092944][T18511] ? wiphy_work_cancel+0x1f0/0x3e0 [ 412.098063][T18511] ieee80211_stop+0x43b/0x490 [ 412.102775][T18511] ? __pfx_ieee80211_stop+0x10/0x10 [ 412.107990][T18511] __dev_close_many+0x216/0x350 [ 412.112882][T18511] ? __pfx___dev_close_many+0x10/0x10 [ 412.118265][T18511] ? dev_set_rx_mode+0x233/0x2e0 [ 412.123230][T18511] __dev_change_flags+0x30e/0x6f0 [ 412.128276][T18511] ? __pfx___dev_change_flags+0x10/0x10 [ 412.133836][T18511] ? __mutex_lock+0xba3/0x1010 [ 412.138614][T18511] ? __mutex_lock+0x602/0x1010 [ 412.143395][T18511] dev_change_flags+0x8b/0x1a0 [ 412.148186][T18511] dev_ifsioc+0x7c2/0xe70 [ 412.152534][T18511] ? __pfx_dev_ifsioc+0x10/0x10 [ 412.157401][T18511] ? dev_load+0x21/0x1f0 [ 412.161653][T18511] dev_ioctl+0x719/0x1340 [ 412.166000][T18511] sock_do_ioctl+0x240/0x460 [ 412.170603][T18511] ? __pfx_sock_do_ioctl+0x10/0x10 [ 412.175758][T18511] sock_ioctl+0x626/0x8e0 [ 412.180113][T18511] ? __pfx_sock_ioctl+0x10/0x10 [ 412.185008][T18511] ? __fget_files+0x2a/0x410 [ 412.189619][T18511] ? __fget_files+0x2a/0x410 [ 412.194248][T18511] ? __pfx_sock_ioctl+0x10/0x10 [ 412.199112][T18511] __se_sys_ioctl+0xf5/0x170 [ 412.203713][T18511] do_syscall_64+0xf3/0x230 [ 412.208231][T18511] ? clear_bhb_loop+0x35/0x90 [ 412.212923][T18511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.218834][T18511] RIP: 0033:0x7fdc52d8d169 [ 412.223261][T18511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.242877][T18511] RSP: 002b:00007fdc53b1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 412.251318][T18511] RAX: ffffffffffffffda RBX: 00007fdc52fa6320 RCX: 00007fdc52d8d169 [ 412.259306][T18511] RDX: 0000400000002280 RSI: 0000000000008914 RDI: 0000000000000009 [ 412.267287][T18511] RBP: 00007fdc52e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 412.275268][T18511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 412.283248][T18511] R13: 0000000000000000 R14: 00007fdc52fa6320 R15: 00007fff00837438 [ 412.291250][T18511] [ 412.294600][T18511] Kernel Offset: disabled [ 412.299002][T18511] Rebooting in 86400 seconds..