last executing test programs: 6.170435255s ago: executing program 3 (id=2212): bpf$PROG_LOAD(0x5, 0x0, 0xffc4) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a300000000e080005400000000f2c0000000b0a01080000000000000000010000000900020073797a32000000000900010073797a30"], 0xc4}}, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r2) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x9801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}, @IFLA_GRE_LINK={0x8, 0x1, r3}]}}}]}, 0x40}}, 0x0) sendto$packet(r0, &(0x7f0000000180)="399d0b492373dd", 0x7, 0x0, &(0x7f0000000200)={0x11, 0x7, r3, 0x1, 0x0, 0x6, @local}, 0x14) r4 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@random="a5e208b63fee", @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0) sendmsg(r4, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 3.94983495s ago: executing program 3 (id=2222): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = getpid() r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r4, &(0x7f0000000100)={0x0, 0x4100, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r5, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r3}}]}, 0x3c}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=@RTM_NEWNSID={0x34, 0x58, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NETNSA_PID={0x8, 0x2, r3}, @NETNSA_PID={0x8}, @NETNSA_FD={0x8}, @NETNSA_PID={0x8, 0x2, 0xffffffffffffffff}]}, 0x34}, 0x1, 0x0, 0x0, 0x4054}, 0x8005) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 3.938797976s ago: executing program 1 (id=2223): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000040)={0x18, 0x2c, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@nested={0x4, 0xe}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x50, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x88c7}, @NL80211_ATTR_FRAME={0x20, 0x33, @data_frame={@msdu=@type00={{0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x7ffc}, @broadcast, @device_b, @random="71e1e2a3f4e9", {0x4, 0x8}, "", @void, @value=@ver_80211n={0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}}]}, 0x50}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r8) sendmsg$NLBL_CIPSOV4_C_ADD(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x50, r9, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x4}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5}, {0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x50}, 0x1, 0x0, 0x0, 0x4080}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), r11) sendmsg$TIPC_NL_MEDIA_SET(r11, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000600)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="010025bd7000fbdbdf250c0000001800058008000100657468"], 0x2c}, 0x1, 0x0, 0x0, 0x480c4}, 0x14000000) r13 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) connect$tipc(r13, &(0x7f0000000180)=@id={0x1e, 0x3, 0x0, {0x4e22, 0x2}}, 0x10) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="13002dbd6b1f6b10487000fedbdf253b00000008000300", @ANYRES32=r10, @ANYBLOB="5500330080100f00ffffffffffffffffffffffff0802110000017100fd7e0000000000003e27008901000301b6040604f801000c00060204002d1a00081608000000000000004e0009001100000008003d78000008000000"], 0x74}, 0x1, 0x0, 0x0, 0x20008004}, 0xc00c) 3.596288396s ago: executing program 1 (id=2227): getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000000), 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000001000000280001801400040000000000000000000000ffffac1414aa060001000a"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000001fff0002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002ac0)=ANY=[@ANYBLOB], 0xc8}}, 0x40) 2.699479651s ago: executing program 1 (id=2229): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00'}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r1, &(0x7f0000000340)=[{{&(0x7f0000000240)={0xa, 0x4e21, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, &(0x7f00000003c0)=[{&(0x7f00000002c0)="14", 0x1}], 0x1}}, {{&(0x7f0000000300)={0xa, 0x4e20, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000000800)="ff", 0x1}], 0x1}}], 0x2, 0x931766f6119eed40) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$l2tp(0x2, 0x2, 0x73) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000400)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000001180)={0x6, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001bc0)={r6, 0x0, 0xdc0, 0x4000, &(0x7f0000001cc0)="633268f83ca3000000a2029e3815bb2fa117d8326687688b2c969fd7267d546214af00d1ca2524d00f9e4d9555f3ab381b5d44fd6bda8c509e66101d296f10c805252e7c5d48d9814f46db8f07441878734b13270fe47fba418b7358984b9a61c2bbf964a520459fd0d90590b46cf1677d580a26933b6e35aee75996b73a15a25aa8ae2f1f9bc9699a505c0dc4050ab2255fc35f508ccc52f10ac12febf28652fe36f725714868675ca2a7042ab4b26904b2f000589694f69ab0b22a5aec72c5036ce1c8974690045e4ab412a70336b4c65b2dfc8121af4143c2e10a0e5632bcd44e0b000029da424d86f298656822dae2c002e289fbfa6fe0dfb2fd57713a7684dc166c628dc45027ac174c5db54f22e409eb4e94263dbc9919f90f1af3290918b9824c3e0268b300bf69cc2eb3fc58f655439bdbe2b905", &(0x7f0000001c40)=""/76, 0x0, 0x0, 0x47, 0x50, &(0x7f0000001ac0)="9c01bd6f9a6028c80d7364240fd78867d9d62eca43c565f2c5ac65dd4a0fadceb6c65dcb07f2421e69087e0f17b4eb709e4805f2722709c46bef17c4cb9aed9fb1c342179ea349", &(0x7f0000001a40)="408fd0050dc7945b483103067eca9bd26ffbe35abf0f88a103f6893dc2b1d1cdc2195d4ae89abc04ff5fe5d2466892c81015df835a7d47be4f852161bc4015e7564b08584290fe1762f943a653008ac5", 0x1, 0x0, 0x13}, 0x22) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x2000000) setsockopt$sock_attach_bpf(r4, 0x1, 0x4c, &(0x7f0000000000), 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000090a010407000000000000000000000008000a400000000008000640ffffff200900010073797a3000000000080005400000001c0900020073797a3200000000080003400000008804"], 0x78}}, 0x0) r8 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0), 0x8) close(r8) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000200)=r9}, 0x20) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r12 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r12, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newlink={0x50, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, r11, 0x800, 0x55007}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x4}, @IFLA_BR_STP_STATE={0x8, 0x5, 0x1}, @IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc, 0x23, 0x6}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x80) 1.509115089s ago: executing program 0 (id=2230): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x27, 0x0, 0x0, &(0x7f0000000540), 0x0, 0x1400, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50) close(0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500)) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)=ANY=[@ANYBLOB="10000000010401802dbd70000000200053613b53a2703fe18ac3d7b42c92939231da40edc46040ee26f1e13469ad4ef6bae60e1cee078609a42b7256ba48125efe439c33214ae9cb4a44efbc77f58a94ec68bb20017e13fc17a4fbf0b618087b66206115897d079f0c02ef50ead91cd80fc9eb391adeab5eaf5c5dfe915d77d1fffb2d2ef3d6412a524602ce42d2240d92702831a3c7"], 0x10}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0xf, 0x0, 0x0, 0xa1, 0x0, 0x0, 0x41000, 0x30, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x2, 0xf, 0xa, 0xb17}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000, @void, @value}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000300)=ANY=[@ANYBLOB="cf599d3baed500000000000086dd60f20000001c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0000020800"], 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000006580), r1) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r1, &(0x7f00000066c0)={0x0, 0x0, &(0x7f0000006680)={&(0x7f00000001c0)={0x1c, r2, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x3c, r4, 0x1, 0x0, 0x80, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x2}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0xfc}]}, 0x3c}}, 0x10) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'tunl0\x00', &(0x7f0000000140)={'sit0\x00', 0x0, 0x20, 0x10, 0x10001, 0x3ff, {{0x10, 0x4, 0x1, 0x1b, 0x40, 0x64, 0x0, 0xf9, 0x4, 0x0, @empty, @rand_addr=0x64010100, {[@ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0x10, 0xe2, 0x0, 0x0, [0x6, 0x9, 0x2]}, @timestamp_addr={0x44, 0xc, 0x65, 0x1, 0x0, [{@dev={0xac, 0x14, 0x14, 0x37}, 0x36}]}, @generic={0x7, 0x5, '!!0'}]}}}}}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, 0x0, 0x0) close(0x3) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r7, &(0x7f00000004c0)='W', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback, 0x8}, 0x1c) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4) setsockopt$inet6_int(r5, 0x29, 0x3c, 0x0, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newqdisc={0x5c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x6, 0x6, 0x9, 0x3ae3, 0x2, 0xe, 0xa31c}}, {0x4}}]}]}, 0x5c}}, 0x4000010) 1.39616708s ago: executing program 1 (id=2233): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000015000000000a78000000060a0b160000000000000000020000044c00048018000180080001006f7366000c000280080001400000000230000180080001006e6174002400028008000140000000000800074000000069080003400000001408000240b00000020900010073797a30000000000900020073797a3200"], 0xa0}, 0x1, 0x0, 0x0, 0x850}, 0x0) 1.284817415s ago: executing program 0 (id=2235): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, @void, @value}, 0x94) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100030000002c000480050003000100000005000300000000000500030000000000050003000100000005000300800000000800020003"], 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x0) 1.244419789s ago: executing program 1 (id=2236): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x14}, 0x9}]}, &(0x7f0000000500)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x27) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000000)={0x100, 0x800, 0x2, 0x4, 0x349, 0x2, 0x7, 0x6, r3}, &(0x7f0000000040)=0x20) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@newlink={0x60, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x28, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_INGRESS_QOS={0x1c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7fff, 0x80000001}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x40, 0xfff}}]}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x60}}, 0x0) 1.183854531s ago: executing program 2 (id=2237): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000001140012800c0001006d6163766c616e00dbff028008000500", @ANYRES32=r0, @ANYBLOB="080004007f0000000a000100aa"], 0x50}}, 0x0) 1.1734622s ago: executing program 4 (id=2238): sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) write(r1, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d) recvmmsg(r1, &(0x7f00000021c0), 0x5b, 0x40, 0x0) close(0xffffffffffffffff) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000540)={0x1, &(0x7f00000004c0)="391c742f9eed09e1d9", &(0x7f0000000500)=""/40}, 0x20) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[], 0x528}}, 0xc000) 1.06427427s ago: executing program 0 (id=2239): getpid() r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff, 0x100000}, 0x10) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) write(r0, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000fe00000000000000", 0x1c) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth1_vlan\x00', 0x0}) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) connect$inet(r4, &(0x7f00000006c0)={0x2, 0x0, @dev}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000180)=0x2, 0x4) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r5, 0x0) sendmmsg$inet(r4, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000700)="0138853cbb18a407244af90d2e22a496908379f2dbc2e4792db2d81260be02b4d9b44bea1af5b5e0c71404d636bbd8d0f17b6cdad8857fe4700fd3ff558c9f2ee7493c9ab5802f2c826ae48c4b1b3a644677b157f62cda68c3a5b3598eb72c1ac5b96486c6cef115606293cbdf43fa3cd485ac987250898a7d889d4ac27b014f2ce44aacbb050875aa86b963115cf81a5f4c05366c1274ba0f3e93f54a062bcf2688b9ad0b009f63f5bd2680632e316a8f30928063f28b77838643b81a9c1ce34bf1ac6ee26c62fa2e9260e43db1bcd3f88f202624d3d9abaa53e4469ae929bb7bfc8f7a15118b27bd981ff3cf7d22abbab3808e93e65a2eb1a20d2b000a2d86fc01125806db8151f564654164adfda002f5a4bed83c31f4e49ba6e41f3d7c3868c3898dc385434f8bddebb9c8566ac90ef01bc323f764eda22d7ed685cd5d8d0094162ac009b6520bed7285e29e948ca829891db00b3cb7f88587f00e6c3432228d744288ab111a56cec07a69f25a0dd3a27c65bf9bdf8496cdf8bb9319dade967433f63c10109b42427aae85dda9c115c3d049f9bef9a5ab59ffd3ecb6823d2049c84f369f52037ba7c7015d64c27479df1b7af0734741db19c2cd6c40b5837475bfb837ee531fa3ca7418c57fedb2830c0c8662d55d55ec2ab335caf50ff6e02a1607f5662fa8e1fd39cdb4828df7ec9b84b478621567a389b6447ddb7c31bbb8b0b0aef0361411c9098af5c9739f6a0f4ac257e02cdbc9fce46174462b3f8593b6d3491a30e19679ea39c34aa7f1196bd4023fd01175f4ef0c9a966d4fa7683cb448a14523d2933ca6d0d4eb13ea98e47a97eddc5dcf180e3afe9cde2f95c52e65443654126102f192b513b303c5b69c8050056d243ecd2ee020396ca734c21f8c965a747ba6989aa42f776beacb5a024f0b7cbcf480aa1542d03b240c910b525d86c928ea7c1090e64bee271bc9b5d1a1be7c110715a92f0056b88a7f882ddd66e248e189a8a46ee4a211677c8a09210d3209c178d1a840143694c7ce1a97cdb8c78b6a4b08dca68ec592c20f6e42e56182196a203ee775f283d3df52b37fa54990b517c50b25ca0a1973ae450b614e3913a23a67ba9b5482242611adbf90177e2d2ebadb5b6d29e12212301923cfa6b9daa723c5da357abf8523ed0522eea8e6ea14caf7ce0e14e3db18b9190a5ae8cb472efb74d474a168a7da02720fecaa3c80736f2e52337e4f9eac9a7f328a69ec3e816749f7fca8d5b1f28feb6b883f2a43d549bcb01cb8e8a976a335b525dde2b08ebe621ed3177129fdd5f9eb5f702c0f15320eff6e1c9b246ecfb1b5ba946f0d9106e0e2019880f4b8235a3d572a1429698d2c5de369a96a481398532aaa43257d28651f759d2a77bceb4513fe3c174a42195cbb1322ef99133d88e4dd6716b2858510f661db797a7c140030b80a3598226b6d9ce6af7650e79654cb939b1f3a03fc59a124e898775a2932ba8121067001f55a0b840f6c47a314c430cb9c9de0028c0fc886215fab172127fa4ee5adaf40d6cca7d76e487407b0e4f1be725d5e4c2a329b57c55960b794ead5c20a987a38650f859e7e2b5d714ea1dc1f366c9461a04af74e18dfc3e4d7d905c6413d3659b148e070e7e199fc9a8005d75c426914e6bfb19f29537f17c64a9df2d92683f5b190f65b7ae7451510c091cfd9071aec7201270da81b38039e6576e320d8a562a467e2d4934d93a7bbe810dad77a1a968ecbf98cc489e3d7f0485a72b7409e9af9cffeba19cca1e3a6b6a0154d489307369a07d055f32abe20cf93363aeee0da70022187472768a297deb50259c9b1aa2a8117cbe7052fda671e82a9f97e681b8da5fd0f098aa9ded7b33bdb8f5310317ac7024c9845000e722e5bfd8363294b4e94eb6e15e6f16d279069dfaf68c71a6115b31ccaf11c5359646497080212761135576562decc0ffda04c23fc1e3ab4a01fabda21a2526f1f0d31f49e649b4e3cfbb8212f3bf1f4fefba8ab7f1be4591f8c7d5b306c058602bd6eaebd4656330cb4cec682046c3830d0a586bd21557f6a860597c322c1478720ac3c0b5a7b8a1ac535a55d47c8d283d1f0e0cf5f5a0dab9b638baa45402393267050041b4f64533ee8b2746d00860ca56d385567ce5dfd18a3152b42ca76dc911610415d5dc6153609246c7a61fa70d58927a64880e6bb5303b9073cdf8bfcd535df1683333ed688658075524e4373ba492cec1ffb9181ac1a9b3a80469424eab277f3da95298e35da253c32593e97570bc21436e9af5c44f6c6e89062066d57497415478a3388fefc63931ad9b2a825f800b742060fcfb25a3ffdd938f541b7226d2a6d20300faba3ba46684666334fd8ce927e67285d0482d981db52131bf8498e592f5cbb26c664eca3a473b56bf37ce10c1c928165a70c931fe3bb01230693b01f3859ba8ef02583c3219410e9643fe3a8a0bb1bd412144e85212c9fac8897311d06b80b558c0c4a6d4341daa399fecc926d2f362305de1106f384c6d1aa98475ed85d80eef4731dfc7158da366d61f0185c4acfc83d43b13fa57e005fe6b8aa004caa254d9e2797069be49a730daf0c5a311ac10ad014290a58293e8bcd2c006d8bbaf5607f673467db64ed4bc4ff00bf86e1ccc49506301866f1790e2a8e46b1f4105ab17dcc3eee5132f9e42359a23dc6f1b5b49fcae468c2f541d02acff17e205e93b4cdc263c9a7b710a97d92b1c13a9f9af711f73c004777b9948e4d5c32bccab5bd487398c073487aa485d8f8f62049bdd0d9e32eddbff8cd1ad08b84e41f92a4b7bc0d6e72ebf3b8a1702990ce5aecfad93aca46261590b31d1a58dd4744eef7178d34438977152a9a5534174c025fd798d3e73db772ca44981247bb13e9a03beaf1cb6016722cb59776305668b457c707f38c3740beb9dffae2a96d4a93e66494fee3a1f9077801d14fc688095a5956c1b129d2dc47bf77c1e35db327a9956efff38289970bdf35e4f80681683be8b70e039493773252407e61d4415d1c4cf702cdb972ab7a61614f9852348e31dbccadb537d37bcddc2fce190270267004c83d19203f36b60568fb1956bc117ab1df40cf68fce4103cdcfa5bf4858b57632dcfd237336f5a860e10a05162921b6b27fab40f5b282379b6d1edf9ed408154d1bccc3c7649b771a0f312d042c7ea2e625611fc0b47abe13570c3dd53fdee8afca57df511af6c7bc303f6e9ea5cae6d4bfb9967b51fdc8a3123e3e38d", 0x901}, {0x0, 0x9}, {&(0x7f0000000280)="6e36979461e8cc93ae86f05fe2497e633801a6e7f655162929b8f96418bec45bdf0ef6f03f605a78b33f6a4dfc087ebde70ee7b264fbf7406e79a46ff101590aeadc1425ae020007d6355b1b5eeca861e66ee07a964445f10d19a0a1f1f746119c4b9527038b049bc9e4429a4f59aab6e0b4d8341f9ad0feb216048e70bab61bb98b7b996191e659455d49f9fddb63a6fdb6b872ebcf9d833128a58d5ccb15d9a0d46e74a2115bb5ca"}], 0x2}}, {{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000340)="be7074cf6f68302a0800fece3212bce98bf78bed8ec1278734bb91d48d14026232d0028f78454ec91ac4472f928c12a14201124e7441c155862999cbb6ce1aacb1007b10cf0b590afef662a6022b92d403e7b61378888f5745019e4dfbd4c670389bdbea8d0f7ab486eada3921fbee4a6c95341b6e885fb726c823b40bfb4df4edf84dbb20599f84224f855c2f46beaa8468eedbda0525143cd2f42885bd96c7fb43e282795fabdae0c9e9bff5b859e9e37fbf3c686a2fe526477b2a4920966b687786b179c6053544a2c08161b953fb2a9739f09e64f8a1da877a56a5f4a1076882d3"}, {&(0x7f0000000480)="2739b398770a9c59d121f0a54c9c8334eeb683f603e3da274dee8366ed9af276ade2a1543327dea6629e77908f18682106df45ee8f6900d52513576a63a3eb10dcd1373656e9e58ba81de325a3e2bd2121355b5981412d18c0d24cc1510e084281fffc01f67749bbf8a055fbb8ac4f67aeb22a0701121289591522952678157bbf34d970e8a43c3be82bead9862417bc45f24550206e032f120a2b02bbaf6c7b5f77d1c85b1f60a21ae41a293165a92a11d9"}, {&(0x7f0000000540)="359a931db053c4c183537e60e467f37b635f1c52f7b0c7d690086abf8e245e2c21c09c9f4f3ef9a9e9f561ce48a3eba25b384010d6cbc3ef3af0e313023ec360a790496bb7f621d8a86a43d3eaa234916532b9194f0a6889aa68a8cd86265cf95e797cd46765369659b523d6dfadc908a02e704f517a8801b67f3510fd3c4b0b13dcb6db8139"}, {&(0x7f0000000600)="2e6daf7699fc0a48f47b6f86a43ec3a800350ad9ad9bdd53a09efe94ed81a8d40b62ae7e00703321159c8c62e3a8761c556512e09266bb6dc7cd9fb711cacb281480"}, {&(0x7f0000001040)="28d63325cf72e40dae82b43a3c02f4f06b4476b83f9e1afcec69ff6a65855fb68d7fb3fa15d0540b3d512ff02dd0e5a06a9412ee7b4fcce4953a0071023410cf528d89602d6820970ad8390be2d6a5e506407738268c8a928bb2649f831e4578fe"}, {&(0x7f00000001c0)="afe60ce5731517715418f510c79fae568635fecf187f10938f683652c3"}, {&(0x7f00000010c0)="4ef4f01fe5fcb3ad8f5710bd975c1623c8811593ecea03091482ad4f101cef16d266b8e72573ffc4e509fc2729f352c0c5dbb7c800397a7d846b559ffccd6ccd2fb2051973382ea7270e8afe1352af3c9683d8087872115a286ebe7225a679ad72bfef39391e2c09f919327503530d48638b10c8d14268930347b434c68d9914296c1747a0e234491a5fd8d9f192d6094ae2ca4e70526dc5170e3a2a46552902615c8240a0cf26208c9ae0b937cfadcbbbe71d155d4c5972722ccde697e2ddcee61ca5c79d418a681fb45f17d064a012ba428bb6be83edb5cb16af15cdaa7db22052776319b0c920e475649599"}]}}], 0x1, 0x4000440) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r3, {}, {}, {0x0, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 1.063945322s ago: executing program 3 (id=2240): socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x40, 0xa, @ipv4={'\x00', '\xff\xff', @empty}, 0x6}, 0x1c) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff810000400e227f000001925aa80020007b00090080007f000006e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000b40)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r4, @ANYBLOB="10007d8005", @ANYRES8=0x0, @ANYRES32=r0], 0x2c}}, 0x0) 1.027939722s ago: executing program 4 (id=2241): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000001840)=@filter={'filter\x00', 0x42, 0x4, 0x1310, 0xffffffff, 0x98, 0x98, 0x0, 0xffffffff, 0xffffffff, 0x1278, 0x1278, 0x1278, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'netpci0\x00', 'nr0\x00'}, 0x74000002, 0x70, 0x98, 0x1ba, {0x46010000, 0x2c000000000000}}, @REJECT={0x28}}, {{@ip={@private, @multicast2, 0xff, 0x0, 'netpci0\x00', 'team_slave_1\x00'}, 0x287, 0x10e8, 0x1148, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x0, './cgroup.cpu/syz1\x00'}}, @common=@unspec=@limit={{0x48}, {0xfffffffe, 0x7}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0xffff, [0xff00]}}}}, {{@ip={@dev, @remote, 0x0, 0x0, 'veth1_to_team\x00', 'veth1_to_batadv\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x1ff, 0x2, 0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x1370) 958.755614ms ago: executing program 2 (id=2242): syz_emit_ethernet(0x1f, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x70, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40004}, [@IFLA_LINKINFO={0x48, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x3c, 0x2, 0x0, 0x1, [@IFLA_GTP_LOCAL6={0x14, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_GTP_LOCAL={0x8, 0x7, @multicast2}, @IFLA_GTP_LOCAL6={0x14, 0x8, @ipv4={'\x00', '\xff\xff', @loopback}}, @IFLA_GTP_CREATE_SOCKETS={0x5}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x70}}, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00'}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) 792.226558ms ago: executing program 4 (id=2243): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x27, 0x0, 0x0, &(0x7f0000000540), 0x0, 0x1400, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50) close(0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500)) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)=ANY=[@ANYBLOB="10000000010401802dbd70000000200053613b53a2703fe18ac3d7b42c92939231da40edc46040ee26f1e13469ad4ef6bae60e1cee078609a42b7256ba48125efe439c33214ae9cb4a44efbc77f58a94ec68bb20017e13fc17a4fbf0b618087b66206115897d079f0c02ef50ead91cd80fc9eb391adeab5eaf5c5dfe915d77d1fffb2d2ef3d6412a524602ce42d2240d92702831a3c7"], 0x10}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0xf, 0x0, 0x0, 0xa1, 0x0, 0x0, 0x41000, 0x30, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x2, 0xf, 0xa, 0xb17}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000, @void, @value}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000640)=ANY=[@ANYBLOB="ffffffffffffffffffffff1d87dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11000001c0a82a94491d831d95ede7409316cae4705452eb8e8705e2d9df614e9029204880d487bed2ae09cd2df8b6daac9b32bf98f8998997d44aed9e15865ef36fb600b750147f888ad4e634df084ee267c2dca375901422b2b08e2412a51ad2d012892ef6415ae8babf06f2d41b6440d1676c5a58c473b9b8246563"], 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000006580), r1) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r1, &(0x7f00000066c0)={0x0, 0x0, &(0x7f0000006680)={&(0x7f00000001c0)={0x1c, r2, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x3c, r4, 0x1, 0x0, 0x80, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x2}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0xfc}]}, 0x3c}}, 0x10) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'tunl0\x00', &(0x7f0000000140)={'sit0\x00', 0x0, 0x20, 0x10, 0x10001, 0x3ff, {{0x10, 0x4, 0x1, 0x1b, 0x40, 0x64, 0x0, 0xf9, 0x4, 0x0, @empty, @rand_addr=0x64010100, {[@ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0x10, 0xe2, 0x0, 0x0, [0x6, 0x9, 0x2]}, @timestamp_addr={0x44, 0xc, 0x65, 0x1, 0x0, [{@dev={0xac, 0x14, 0x14, 0x37}, 0x36}]}, @generic={0x7, 0x5, '!!0'}]}}}}}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, 0x0, 0x0) close(0x3) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r7, &(0x7f00000004c0)='W', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback, 0x8}, 0x1c) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4) setsockopt$inet6_int(r5, 0x29, 0x3c, 0x0, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newqdisc={0x5c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x6, 0x6, 0x9, 0x3ae3, 0x2, 0xe, 0xa31c}}, {0x4}}]}]}, 0x5c}}, 0x4000010) 791.649528ms ago: executing program 3 (id=2244): bpf$PROG_LOAD(0x5, 0x0, 0xffc4) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a300000000e080005400000000f2c0000000b0a01080000000000000000010000000900020073797a32000000000900010073797a30"], 0xc4}}, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r2) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x9801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}, @IFLA_GRE_LINK={0x8, 0x1, r3}]}}}]}, 0x40}}, 0x0) sendto$packet(r0, &(0x7f0000000180)="399d0b492373dd", 0x7, 0x0, &(0x7f0000000200)={0x11, 0x7, r3, 0x1, 0x0, 0x6, @local}, 0x14) r4 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@random="a5e208b63fee", @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0) sendmsg(r4, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 727.522131ms ago: executing program 0 (id=2245): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) unshare(0x44040011) 725.346151ms ago: executing program 2 (id=2246): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={{0x14, 0x10, 0x1, 0x2}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0xf5, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2c}, @NFTA_SET_DESC={0x14, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}]}]}]}]}], {0x14, 0x10}}, 0x78}, 0x1, 0x0, 0x0, 0x400048d0}, 0x0) 653.638118ms ago: executing program 3 (id=2247): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b1f1a7a7b7cd592, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x806000) (async) write$cgroup_int(r1, &(0x7f0000000200), 0x806000) pipe(&(0x7f0000000040)) (async) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$int_in(r2, 0x5421, &(0x7f0000000140)=0xbc8) (async) ioctl$int_in(r2, 0x5421, &(0x7f0000000140)=0xbc8) readv(r2, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/68, 0x44}], 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x10) recvmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 613.978527ms ago: executing program 4 (id=2248): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x2, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="8500000007000000c3ff00001800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x5, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 501.082678ms ago: executing program 0 (id=2249): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) close(r3) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x16, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000d0000000000000000000000870000007b0000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYRES32=r1], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 500.91777ms ago: executing program 2 (id=2250): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x8, 0x3, 0x300, 0x198, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x268, 0xffffff7a, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000a00ffffff7f00", 0x2e}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x8, '\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [], 0x0, 0x3}, {0x0, [0x0, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x360) 412.407429ms ago: executing program 4 (id=2251): sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) write(r1, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d) recvmmsg(r1, &(0x7f00000021c0), 0x5b, 0x40, 0x0) close(0xffffffffffffffff) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000540)={0x1, &(0x7f00000004c0)="391c742f9eed09e1d9", &(0x7f0000000500)=""/40}, 0x20) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[], 0x528}}, 0xc000) 410.572191ms ago: executing program 3 (id=2252): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000018c0)={'team0\x00', 0x0}) r3 = socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000e80)=ANY=[@ANYBLOB="4000000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100677470000c00028008000200", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2, @ANYBLOB="5c2a99d37a49a8bd95bb17b2f1b7b60e854fc0a03eeb310abde9bac2a55b328e57f42a87b6c7b93b9597fa49512f8e05bccbd143a527aba89580a02626ed2bee02cfda914152b4c8249eb1b2ca76dea47dab0993"], 0x40}}, 0xc8c0) sendmmsg$inet(r0, 0x0, 0x0, 0x10000) r4 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_SET_FEATURE(r4, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004001}, 0x40000) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x1e, 0x3, 0x3a) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002ac0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc8734c295cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f244a3c307145452ce64dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c65070020d7df0abc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3593], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r5}, 0x10) r6 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x4, 0xfffff034}, {0x40, 0x40, 0x0, 0xfffffffe}, {0x6, 0x0, 0x40, 0x1}]}, 0x10) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r8 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r8, 0x400442c8, &(0x7f0000000540)=ANY=[@ANYRES32=r7]) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r8, 0x800442d2, &(0x7f0000000440)={0x1, &(0x7f0000000340)=[{0x0, 0x0, 0x0, @remote}]}) setsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000140), 0x4) sendto$inet(r6, &(0x7f0000000080)="8f", 0x1, 0x1, &(0x7f0000000040)={0x2, 0x4e22, @remote}, 0x10) openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=@newtaction={0x70, 0x30, 0xb, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x48, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x8, 0x3}, @TCA_SKBEDIT_PTYPE={0x6, 0x4}, @TCA_SKBEDIT_PARMS={0x18}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0xf5}}}}]}]}, 0x70}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 282.965609ms ago: executing program 4 (id=2253): syz_init_net_socket$ax25(0x3, 0x5, 0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r4, &(0x7f0000000300)={0xa, 0x0, 0xff, @empty, 0x4}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000006100)=[{{&(0x7f00000002c0)={0xa, 0x4e20, 0x0, @loopback, 0x5}, 0x1c, 0x0, 0x0, &(0x7f0000000640)=[@rthdr_2292={{0x28, 0x29, 0x39, {0x3b, 0x2, 0x2, 0x0, 0x0, [@private0]}}}], 0x28}}], 0x1, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_rr={{0x7}, {0x18, 0x2, {0x2, "3104685a22fa07c705f7b0a054b32a4f"}}}]}, 0x44}}, 0x4000810) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x2c, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r5, {0x4, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@TCA_CHAIN={0x8, 0xb, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 282.262823ms ago: executing program 2 (id=2254): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000b00)={0x0, 0xe00, &(0x7f0000000ac0)={&(0x7f00000008c0)={0x74, r2, 0x13, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x55, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xf}, @broadcast, @broadcast, @from_mac=@device_b, {0x1, 0x7}}, 0x7efd, @random=0x273e, 0x8900, @void, @val, @val={0x3, 0x1, 0xb6}, @val={0x4, 0x6, {0x4, 0xf8, 0x1, 0xc}}, @val={0x6, 0x2, 0x4}, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x800, 0x2, 0x5, 0x0, {0x8, 0x4e, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8, 0x783d, 0x8}}, @void, @void, @void}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20008004}, 0xc00c) 270.613194ms ago: executing program 1 (id=2255): r0 = socket(0x1e, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)) r1 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@private2, 0x4e23, 0x800, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xfffffffffffffffd}, {0x0, 0x200000}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0xa}, 0x0, 0x33}, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x2}, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0xfffffffe}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x21, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000700)=@newtaction={0x7c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x68, 0x1, [@m_tunnel_key={0x64, 0x1, 0x0, 0x0, {{0xf}, {0x34, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0xb, @loopback={0x400000004000000}}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000180)={0x0, 0x80ffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x2, 0x2, 0x0, 0x3, 0x11, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb}, @sadb_x_sa2={0x2, 0x9}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, @sadb_x_nat_t_type={0x1}]}, 0x88}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$CAN_RAW_RECV_OWN_MSGS(0xffffffffffffffff, 0x65, 0x4, &(0x7f0000000200)=0x1, 0x4) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'macvlan0\x00'}) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={0x0, 0x4c}}, 0x20000000) r9 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f00000001c0)={'ip_vti0\x00', 0x100}) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000000)=0x41, 0x4) r10 = accept4(r5, &(0x7f0000000500)=@vsock={0x28, 0x0, 0x0, @my}, &(0x7f00000002c0)=0xfffffffffffffeff, 0x0) sendmsg$nl_generic(r10, &(0x7f0000000440)={&(0x7f0000000300), 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x84, 0x2b, 0x10, 0x70bd2a, 0x25dfdbfb, {0x1b}, [@typed={0x5e, 0x138, 0x0, 0x0, @binary="cbf7743427dc5608ec80784d5bd0ba40083f02f8fa7e752fd56f02886f76bfd8b0134438784a73e110a0a61ec2365bc0a4cceaa611bd5b14acd7f15b70ca89d70f814bb60b7bdef589c72e08713b7c168f97caa130db251cbd8a"}, @typed={0x8, 0xd5, 0x0, 0x0, @fd=r6}, @typed={0x8, 0x86, 0x0, 0x0, @u32=0x2}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040}, 0x0) ioctl$sock_inet_SIOCADDRT(r10, 0x890b, &(0x7f0000000580)={0x0, {0x2, 0x4e21, @remote}, {0x2, 0x4e23, @multicast2}, {0x2, 0x4e21, @multicast2}, 0x81, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000240)='veth1_to_bond\x00', 0x8000000000000000, 0x3, 0x8689}) getsockopt$IP6T_SO_GET_REVISION_TARGET(r10, 0x29, 0x45, &(0x7f0000000480)={'TPROXY\x00'}, &(0x7f00000004c0)=0x1e) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x50}}, 0x0) 258.410882ms ago: executing program 0 (id=2256): syz_emit_ethernet(0x1f, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x70, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40004}, [@IFLA_LINKINFO={0x48, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x3c, 0x2, 0x0, 0x1, [@IFLA_GTP_LOCAL6={0x14, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_GTP_LOCAL={0x8, 0x7, @multicast2}, @IFLA_GTP_LOCAL6={0x14, 0x8, @ipv4={'\x00', '\xff\xff', @loopback}}, @IFLA_GTP_CREATE_SOCKETS={0x5}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x70}}, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00'}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) 0s ago: executing program 2 (id=2257): bpf$PROG_LOAD(0x5, 0x0, 0xffc4) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a300000000e080005400000000f2c0000000b0a01080000000000000000010000000900020073797a32000000000900010073797a30"], 0xc4}}, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r2) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x9801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}, @IFLA_GRE_LINK={0x8, 0x1, r3}]}}}]}, 0x40}}, 0x0) sendto$packet(r0, &(0x7f0000000180)="399d0b492373dd", 0x7, 0x0, &(0x7f0000000200)={0x11, 0x7, r3, 0x1, 0x0, 0x6, @local}, 0x14) r4 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@random="a5e208b63fee", @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0) sendmsg(r4, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) kernel console output (not intermixed with test programs): 20'. [ 246.694431][T10665] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1418'. [ 247.034258][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 247.250372][T10684] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1427'. [ 247.572461][T10695] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1428'. [ 247.615827][T10696] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1430'. [ 248.084236][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 248.096118][T10698] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 248.105586][T10698] bond_slave_0: left promiscuous mode [ 248.126580][T10698] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 248.149352][T10698] bond_slave_1: left promiscuous mode [ 248.169176][T10698] bond0 (unregistering): (slave team0): Releasing backup interface [ 248.203129][T10698] team0: left promiscuous mode [ 248.225873][T10698] team_slave_0: left promiscuous mode [ 248.231504][T10698] team_slave_1: left promiscuous mode [ 248.272043][T10698] bond0 (unregistering): Released all slaves [ 248.811646][T10723] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1437'. [ 249.114315][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 249.804484][T10751] netlink: 'syz.3.1445': attribute type 1 has an invalid length. [ 249.904203][T10751] bond14: entered promiscuous mode [ 249.909406][T10751] bond14: entered allmulticast mode [ 249.970684][T10754] batadv1: entered allmulticast mode [ 249.980552][T10754] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 249.993583][T10754] bond14: (slave batadv1): making interface the new active one [ 250.003308][T10754] batadv1: entered promiscuous mode [ 250.014035][T10754] bond14: (slave batadv1): Enslaving as an active interface with an up link [ 250.053059][T10748] bond14: left promiscuous mode [ 250.058097][T10748] batadv1: left promiscuous mode [ 250.063346][T10748] bond14: left allmulticast mode [ 250.070262][T10748] 8021q: adding VLAN 0 to HW filter on device bond14 [ 250.083216][T10756] tipc: Enabling of bearer rejected, failed to enable media [ 250.154206][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 250.326803][T10758] FAULT_INJECTION: forcing a failure. [ 250.326803][T10758] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 250.348234][T10758] CPU: 1 UID: 0 PID: 10758 Comm: syz.2.1447 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 250.348268][T10758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 250.348280][T10758] Call Trace: [ 250.348287][T10758] [ 250.348296][T10758] dump_stack_lvl+0x241/0x360 [ 250.348328][T10758] ? __pfx_dump_stack_lvl+0x10/0x10 [ 250.348352][T10758] ? __pfx__printk+0x10/0x10 [ 250.348381][T10758] ? snprintf+0xda/0x120 [ 250.348405][T10758] should_fail_ex+0x40a/0x550 [ 250.348443][T10758] _copy_to_user+0x31/0xb0 [ 250.348474][T10758] simple_read_from_buffer+0xca/0x150 [ 250.348508][T10758] proc_fail_nth_read+0x1e9/0x250 [ 250.348549][T10758] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 250.348583][T10758] ? rw_verify_area+0x243/0x630 [ 250.348605][T10758] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 250.348638][T10758] vfs_read+0x1f8/0xb40 [ 250.348662][T10758] ? fdget_pos+0x254/0x320 [ 250.348695][T10758] ? __pfx___mutex_lock+0x10/0x10 [ 250.348723][T10758] ? __pfx_vfs_read+0x10/0x10 [ 250.348742][T10758] ? do_sys_openat2+0x17a/0x1d0 [ 250.348776][T10758] ? __fget_files+0x2a/0x410 [ 250.348808][T10758] ? __fget_files+0x395/0x410 [ 250.348837][T10758] ? __fget_files+0x2a/0x410 [ 250.348878][T10758] ksys_read+0x18f/0x2b0 [ 250.348903][T10758] ? __pfx_ksys_read+0x10/0x10 [ 250.348927][T10758] ? do_syscall_64+0x100/0x230 [ 250.348956][T10758] ? do_syscall_64+0xb6/0x230 [ 250.348987][T10758] do_syscall_64+0xf3/0x230 [ 250.349013][T10758] ? clear_bhb_loop+0x35/0x90 [ 250.349047][T10758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.349075][T10758] RIP: 0033:0x7fca47d8bb7c [ 250.349093][T10758] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 250.349112][T10758] RSP: 002b:00007fca48c46030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 250.349135][T10758] RAX: ffffffffffffffda RBX: 00007fca47fa5fa0 RCX: 00007fca47d8bb7c [ 250.349151][T10758] RDX: 000000000000000f RSI: 00007fca48c460a0 RDI: 0000000000000004 [ 250.349164][T10758] RBP: 00007fca48c46090 R08: 0000000000000000 R09: 0000000000000000 [ 250.349177][T10758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 250.349190][T10758] R13: 0000000000000000 R14: 00007fca47fa5fa0 R15: 00007ffd3d20bb48 [ 250.349222][T10758] [ 250.638072][T10763] netlink: 'syz.1.1450': attribute type 1 has an invalid length. [ 250.657489][T10764] ªªªªªªo]Uü.ž: renamed from lo (while UP) [ 251.012879][T10780] syzkaller0: tun_chr_ioctl cmd 1074025684 [ 251.089794][T10785] syzkaller0: create flow: hash 3064565657 index 2 [ 251.149541][T10782] __nla_validate_parse: 2 callbacks suppressed [ 251.149563][T10782] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1455'. [ 251.194377][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 251.306016][T10790] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1457'. [ 251.343145][T10284] syzkaller0: tun_net_xmit 76 [ 251.352048][T10284] syzkaller0: tun_net_xmit 48 [ 251.364561][T10485] syzkaller0: tun_net_xmit 76 [ 251.369043][T10790] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1457'. [ 251.379840][T10780] syzkaller0: delete flow: hash 3064565657 index 2 [ 251.445626][T10790] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1457'. [ 251.477479][T10791] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1457'. [ 251.515281][T10791] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1457'. [ 252.237890][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 253.284562][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 253.686183][T10825] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1469'. [ 253.792658][T10825] batadv0: entered promiscuous mode [ 253.810097][T10825] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 253.819185][T10825] batadv0: left promiscuous mode [ 253.886593][T10832] xt_CT: You must specify a L4 protocol and not use inversions on it [ 253.948460][T10836] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1470'. [ 254.046509][T10835] can: request_module (can-proto-0) failed. [ 254.314230][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 254.389488][T10855] ieee802154 phy1 wpan1: encryption failed: -22 [ 254.544510][T10858] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1479'. [ 254.574425][T10858] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1479'. [ 255.354205][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 255.397290][T10886] FAULT_INJECTION: forcing a failure. [ 255.397290][T10886] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 255.456787][T10886] CPU: 1 UID: 0 PID: 10886 Comm: syz.0.1487 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 255.456820][T10886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 255.456853][T10886] Call Trace: [ 255.456861][T10886] [ 255.456871][T10886] dump_stack_lvl+0x241/0x360 [ 255.456905][T10886] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.456942][T10886] ? __pfx__printk+0x10/0x10 [ 255.456966][T10886] ? __pfx_lock_release+0x10/0x10 [ 255.457008][T10886] should_fail_ex+0x40a/0x550 [ 255.457045][T10886] _copy_from_user+0x2d/0xb0 [ 255.457075][T10886] copy_msghdr_from_user+0xae/0x680 [ 255.457107][T10886] ? __pfx___might_resched+0x10/0x10 [ 255.457139][T10886] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 255.457178][T10886] ? do_recvmmsg+0x44e/0xab0 [ 255.457204][T10886] ? __might_fault+0xaa/0x120 [ 255.457230][T10886] do_recvmmsg+0x3bd/0xab0 [ 255.457268][T10886] ? __pfx_do_recvmmsg+0x10/0x10 [ 255.457316][T10886] ? ksys_write+0x22a/0x2b0 [ 255.457340][T10886] ? __pfx_lock_release+0x10/0x10 [ 255.457378][T10886] ? sb_end_write+0xe9/0x1c0 [ 255.457410][T10886] ? vfs_write+0x7fa/0xd10 [ 255.457439][T10886] ? __mutex_unlock_slowpath+0x227/0x800 [ 255.457478][T10886] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 255.457504][T10886] ? __fget_files+0x2a/0x410 [ 255.457551][T10886] __x64_sys_recvmmsg+0x199/0x250 [ 255.457580][T10886] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 255.457609][T10886] ? do_syscall_64+0x100/0x230 [ 255.457639][T10886] ? do_syscall_64+0xb6/0x230 [ 255.457668][T10886] do_syscall_64+0xf3/0x230 [ 255.457696][T10886] ? clear_bhb_loop+0x35/0x90 [ 255.457728][T10886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.457757][T10886] RIP: 0033:0x7fad1158d169 [ 255.457775][T10886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.457793][T10886] RSP: 002b:00007fad123da038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 255.457815][T10886] RAX: ffffffffffffffda RBX: 00007fad117a5fa0 RCX: 00007fad1158d169 [ 255.457831][T10886] RDX: 000000000000f000 RSI: 0000400000000d00 RDI: 0000000000000003 [ 255.457845][T10886] RBP: 00007fad123da090 R08: 0000000000000000 R09: 0000000000000000 [ 255.457858][T10886] R10: 0000000000010002 R11: 0000000000000246 R12: 0000000000000002 [ 255.457871][T10886] R13: 0000000000000000 R14: 00007fad117a5fa0 R15: 00007fffbacb2878 [ 255.457902][T10886] [ 256.010770][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.141901][T10899] netlink: 'syz.2.1491': attribute type 7 has an invalid length. [ 256.150506][T10899] netlink: 'syz.2.1491': attribute type 8 has an invalid length. [ 256.159747][T10899] __nla_validate_parse: 4 callbacks suppressed [ 256.159767][T10899] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1491'. [ 256.404204][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 256.471609][T10914] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1495'. [ 256.537179][T10914] bridge3: entered promiscuous mode [ 256.546985][T10913] bridge3: left promiscuous mode [ 256.757375][T10921] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1498'. [ 256.904501][T10929] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1500'. [ 257.137873][T10939] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1505'. [ 257.184905][T10939] bond0: entered promiscuous mode [ 257.194676][T10939] bond_slave_0: entered promiscuous mode [ 257.209793][T10939] bond_slave_1: entered promiscuous mode [ 257.216768][T10939] team0: entered promiscuous mode [ 257.234467][T10939] team_slave_0: entered promiscuous mode [ 257.241026][T10939] team_slave_1: entered promiscuous mode [ 257.262631][T10939] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 257.288484][T10939] bond0: left promiscuous mode [ 257.303674][T10939] bond_slave_0: left promiscuous mode [ 257.310123][T10939] bond_slave_1: left promiscuous mode [ 257.324839][T10939] team0: left promiscuous mode [ 257.348477][T10951] syz.3.1507: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 257.374504][T10939] team_slave_0: left promiscuous mode [ 257.380139][T10939] team_slave_1: left promiscuous mode [ 257.394437][T10951] CPU: 0 UID: 0 PID: 10951 Comm: syz.3.1507 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 257.394470][T10951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 257.394485][T10951] Call Trace: [ 257.394493][T10951] [ 257.394503][T10951] dump_stack_lvl+0x241/0x360 [ 257.394536][T10951] ? __pfx_dump_stack_lvl+0x10/0x10 [ 257.394561][T10951] ? __pfx__printk+0x10/0x10 [ 257.394588][T10951] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 257.394615][T10951] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 257.394646][T10951] warn_alloc+0x278/0x410 [ 257.394672][T10951] ? __vmalloc_node_range_noprof+0x106/0x1380 [ 257.394698][T10951] ? __pfx_warn_alloc+0x10/0x10 [ 257.394721][T10951] ? kasan_save_track+0x3f/0x80 [ 257.394741][T10951] ? __kasan_kmalloc+0x98/0xb0 [ 257.394767][T10951] ? xsk_setsockopt+0x4aa/0x810 [ 257.394797][T10951] ? do_sock_setsockopt+0x3af/0x720 [ 257.394821][T10951] ? __x64_sys_setsockopt+0x1ee/0x280 [ 257.394843][T10951] ? do_syscall_64+0xf3/0x230 [ 257.394868][T10951] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.394907][T10951] __vmalloc_node_range_noprof+0x126/0x1380 [ 257.394960][T10951] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 257.394994][T10951] ? __kasan_kmalloc+0x98/0xb0 [ 257.395026][T10951] vmalloc_user_noprof+0x74/0x80 [ 257.395049][T10951] ? xskq_create+0xb6/0x170 [ 257.395068][T10951] xskq_create+0xb6/0x170 [ 257.395092][T10951] xsk_init_queue+0xa1/0x100 [ 257.395115][T10951] xsk_setsockopt+0x4aa/0x810 [ 257.395150][T10951] ? __pfx_xsk_setsockopt+0x10/0x10 [ 257.395184][T10951] ? __pfx_aa_sk_perm+0x10/0x10 [ 257.395218][T10951] ? aa_sock_opt_perm+0x79/0x120 [ 257.395257][T10951] ? __pfx_xsk_setsockopt+0x10/0x10 [ 257.395290][T10951] do_sock_setsockopt+0x3af/0x720 [ 257.395321][T10951] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 257.395351][T10951] ? __fget_files+0x395/0x410 [ 257.395382][T10951] ? __fget_files+0x2a/0x410 [ 257.395422][T10951] __x64_sys_setsockopt+0x1ee/0x280 [ 257.395454][T10951] do_syscall_64+0xf3/0x230 [ 257.395481][T10951] ? clear_bhb_loop+0x35/0x90 [ 257.395514][T10951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.395543][T10951] RIP: 0033:0x7f4de0d8d169 [ 257.395562][T10951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 257.395580][T10951] RSP: 002b:00007f4ddebd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 257.395602][T10951] RAX: ffffffffffffffda RBX: 00007f4de0fa6080 RCX: 00007f4de0d8d169 [ 257.395618][T10951] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000004 [ 257.395631][T10951] RBP: 00007f4de0e0e2a0 R08: 0000000000000004 R09: 0000000000000000 [ 257.395644][T10951] R10: 0000400000000000 R11: 0000000000000246 R12: 0000000000000000 [ 257.395657][T10951] R13: 0000000000000000 R14: 00007f4de0fa6080 R15: 00007ffeebb24f68 [ 257.395688][T10951] [ 257.395697][T10951] Mem-Info: [ 257.444200][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 257.469271][T10951] active_anon:4631 inactive_anon:0 isolated_anon:0 [ 257.469271][T10951] active_file:1784 inactive_file:38375 isolated_file:0 [ 257.469271][T10951] unevictable:768 dirty:295 writeback:0 [ 257.469271][T10951] slab_reclaimable:11104 slab_unreclaimable:108160 [ 257.469271][T10951] mapped:29823 shmem:2436 pagetables:766 [ 257.469271][T10951] sec_pagetables:0 bounce:0 [ 257.469271][T10951] kernel_misc_reclaimable:0 [ 257.469271][T10951] free:1335794 free_pcp:855 free_cma:0 [ 257.757142][T10951] Node 0 active_anon:18524kB inactive_anon:0kB active_file:7136kB inactive_file:153424kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119292kB dirty:1180kB writeback:0kB shmem:8208kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12976kB pagetables:3064kB sec_pagetables:0kB all_unreclaimable? no [ 257.803792][T10942] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1506'. [ 257.814203][T10951] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 257.853917][T10951] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 257.902017][T10951] lowmem_reserve[]: 0 2489 2490 2490 2490 [ 257.926568][T10951] Node 0 DMA32 free:1425040kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:18484kB inactive_anon:0kB active_file:7136kB inactive_file:153108kB unevictable:1536kB writepending:1180kB present:3129332kB managed:2549716kB mlocked:0kB bounce:0kB free_pcp:1372kB local_pcp:828kB free_cma:0kB [ 257.974264][T10951] lowmem_reserve[]: 0 0 0 0 0 [ 257.979285][T10951] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:316kB unevictable:0kB writepending:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 258.008311][T10951] lowmem_reserve[]: 0 0 0 0 0 [ 258.013186][T10951] Node 1 Normal free:3906404kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 258.071829][T10951] lowmem_reserve[]: 0 0 0 0 0 [ 258.078177][T10951] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 258.082251][T10957] netlink: 'syz.0.1509': attribute type 10 has an invalid length. [ 258.094220][T10951] Node 0 DMA32: 304*4kB (M) 635*8kB (UME) 401*16kB (UME) 390*32kB (UME) 159*64kB (UME) 68*128kB (UME) 43*256kB (UME) 18*512kB (UME) 13*1024kB (UM) 4*2048kB (UME) 327*4096kB (M) = 1425192kB [ 258.137970][T10956] xt_bpf: check failed: parse error [ 258.144081][T10956] netlink: 124 bytes leftover after parsing attributes in process `syz.4.1508'. [ 258.168225][T10951] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 258.194719][T10951] Node 1 Normal: 233*4kB (UME) 58*8kB (UME) 45*16kB (UME) 229*32kB (UME) 94*64kB (UME) 38*128kB (UME) 8*256kB (UM) 10*512kB (UME) 6*1024kB (UME) 3*2048kB (UE) 944*4096kB (M) = 3906404kB [ 258.242308][T10951] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 258.262376][T10951] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 258.276510][T10965] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1508'. [ 258.298511][T10951] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 258.308671][T10957] team0 (unregistering): Port device team_slave_0 removed [ 258.316969][T10966] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1510'. [ 258.319869][T10951] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 258.346469][T10966] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1510'. [ 258.354377][T10957] team0 (unregistering): Port device team_slave_1 removed [ 258.378290][T10951] 42613 total pagecache pages [ 258.383082][T10951] 0 pages in swap cache [ 258.394738][T10951] Free swap = 124996kB [ 258.402330][T10951] Total swap = 124996kB [ 258.407808][T10951] 2097051 pages RAM [ 258.412149][T10951] 0 pages HighMem/MovableOnly [ 258.417321][T10951] 427900 pages reserved [ 258.422036][T10951] 0 pages cma reserved [ 258.474268][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 259.075359][T10987] batadv_slave_0: entered promiscuous mode [ 259.106721][T10987] batadv_slave_0: entered allmulticast mode [ 259.131651][T10991] sctp: [Deprecated]: syz.2.1520 (pid 10991) Use of struct sctp_assoc_value in delayed_ack socket option. [ 259.131651][T10991] Use struct sctp_sack_info instead [ 259.171569][T10992] gretap0: entered promiscuous mode [ 259.190132][T10992] gretap0: left promiscuous mode [ 259.514269][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 260.381530][T11030] netlink: 'syz.0.1531': attribute type 3 has an invalid length. [ 260.446972][T11024] bond0: entered promiscuous mode [ 260.452370][T11024] 8021q: adding VLAN 0 to HW filter on device bond0 [ 260.473947][T11030] netlink: 'syz.0.1531': attribute type 1 has an invalid length. [ 260.554629][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 261.462258][T11073] __nla_validate_parse: 15 callbacks suppressed [ 261.462279][T11073] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1541'. [ 261.480814][T11074] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1542'. [ 261.490799][T11072] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1545'. [ 261.512334][T11074] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1542'. [ 261.524615][T11060] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1545'. [ 261.543019][T11074] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1542'. [ 261.567005][T11060] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1545'. [ 261.585316][T11078] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1542'. [ 261.594423][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 261.607277][T11060] xt_bpf: check failed: parse error [ 261.618008][T11078] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1542'. [ 261.741242][T11080] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1547'. [ 261.831287][T11083] xt_CT: You must specify a L4 protocol and not use inversions on it [ 262.035551][T11091] Bluetooth: MGMT ver 1.23 [ 262.634285][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 262.718095][T11122] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0 [ 262.810005][T11124] openvswitch: netlink: IPv6 tunnel dst address is zero [ 263.661061][T11149] FAULT_INJECTION: forcing a failure. [ 263.661061][T11149] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 263.674399][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 263.697668][T11149] CPU: 0 UID: 0 PID: 11149 Comm: syz.0.1567 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 263.697692][T11149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 263.697702][T11149] Call Trace: [ 263.697707][T11149] [ 263.697714][T11149] dump_stack_lvl+0x241/0x360 [ 263.697738][T11149] ? __pfx_dump_stack_lvl+0x10/0x10 [ 263.697754][T11149] ? __pfx__printk+0x10/0x10 [ 263.697771][T11149] ? __pfx_lock_release+0x10/0x10 [ 263.697800][T11149] should_fail_ex+0x40a/0x550 [ 263.697827][T11149] _copy_from_user+0x2d/0xb0 [ 263.697849][T11149] copy_msghdr_from_user+0xae/0x680 [ 263.697872][T11149] ? __pfx___might_resched+0x10/0x10 [ 263.697894][T11149] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 263.697920][T11149] ? do_recvmmsg+0x44e/0xab0 [ 263.697938][T11149] ? __might_fault+0xaa/0x120 [ 263.697957][T11149] do_recvmmsg+0x3bd/0xab0 [ 263.697983][T11149] ? __pfx_do_recvmmsg+0x10/0x10 [ 263.698015][T11149] ? ksys_write+0x22a/0x2b0 [ 263.698032][T11149] ? __pfx_lock_release+0x10/0x10 [ 263.698058][T11149] ? sb_end_write+0xe9/0x1c0 [ 263.698080][T11149] ? vfs_write+0x7fa/0xd10 [ 263.698098][T11149] ? __mutex_unlock_slowpath+0x227/0x800 [ 263.698124][T11149] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 263.698143][T11149] ? __fget_files+0x2a/0x410 [ 263.698176][T11149] __x64_sys_recvmmsg+0x199/0x250 [ 263.698197][T11149] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 263.698216][T11149] ? do_syscall_64+0x100/0x230 [ 263.698238][T11149] ? do_syscall_64+0xb6/0x230 [ 263.698259][T11149] do_syscall_64+0xf3/0x230 [ 263.698278][T11149] ? clear_bhb_loop+0x35/0x90 [ 263.698301][T11149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.698322][T11149] RIP: 0033:0x7fad1158d169 [ 263.698335][T11149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.698347][T11149] RSP: 002b:00007fad123da038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 263.698364][T11149] RAX: ffffffffffffffda RBX: 00007fad117a5fa0 RCX: 00007fad1158d169 [ 263.698375][T11149] RDX: 000000000000f000 RSI: 0000400000000d00 RDI: 0000000000000003 [ 263.698385][T11149] RBP: 00007fad123da090 R08: 0000000000000000 R09: 0000000000000000 [ 263.698402][T11149] R10: 0000000000010002 R11: 0000000000000246 R12: 0000000000000002 [ 263.698411][T11149] R13: 0000000000000000 R14: 00007fad117a5fa0 R15: 00007fffbacb2878 [ 263.698432][T11149] [ 264.212370][T11159] batadv0: entered promiscuous mode [ 264.255086][T11159] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 264.276062][T11159] batadv0: left promiscuous mode [ 264.301360][T11167] xt_bpf: check failed: parse error [ 264.529417][T11179] xt_hashlimit: Unknown mode mask B1, kernel too old? [ 264.583395][T11181] unsupported nlmsg_type 40 [ 264.840215][T11194] xt_CT: You must specify a L4 protocol and not use inversions on it [ 264.878057][T11192] syzkaller0: create flow: hash 3064565657 index 2 [ 265.006970][T11201] netlink: 'syz.2.1587': attribute type 1 has an invalid length. [ 265.145630][T11199] syzkaller0: delete flow: hash 3064565657 index 2 [ 265.209359][T11201] 8021q: adding VLAN 0 to HW filter on device bond5 [ 265.229398][T11202] bond5: (slave veth11): Enslaving as an active interface with a down link [ 265.927795][T11206] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 267.274369][ T5836] Bluetooth: hci0: command 0x0406 tx timeout [ 267.582916][T11251] FAULT_INJECTION: forcing a failure. [ 267.582916][T11251] name failslab, interval 1, probability 0, space 0, times 0 [ 267.604954][T11251] CPU: 0 UID: 0 PID: 11251 Comm: syz.0.1604 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 267.604985][T11251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 267.604997][T11251] Call Trace: [ 267.605004][T11251] [ 267.605013][T11251] dump_stack_lvl+0x241/0x360 [ 267.605044][T11251] ? __pfx_dump_stack_lvl+0x10/0x10 [ 267.605068][T11251] ? __pfx__printk+0x10/0x10 [ 267.605098][T11251] ? kmem_cache_alloc_noprof+0x48/0x380 [ 267.605129][T11251] ? __pfx___might_resched+0x10/0x10 [ 267.605163][T11251] should_fail_ex+0x40a/0x550 [ 267.605200][T11251] should_failslab+0xac/0x100 [ 267.605230][T11251] ? alloc_vfsmnt+0x23/0x490 [ 267.605252][T11251] kmem_cache_alloc_noprof+0x70/0x380 [ 267.605288][T11251] alloc_vfsmnt+0x23/0x490 [ 267.605315][T11251] clone_mnt+0x6b/0xc90 [ 267.605337][T11251] ? do_raw_spin_unlock+0x13c/0x8b0 [ 267.605366][T11251] ? attach_mnt+0x4ed/0x600 [ 267.605394][T11251] copy_tree+0x482/0x940 [ 267.605429][T11251] ? copy_mnt_ns+0x185/0x960 [ 267.605460][T11251] copy_mnt_ns+0x185/0x960 [ 267.605487][T11251] ? rcu_is_watching+0x15/0xb0 [ 267.605512][T11251] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 267.605539][T11251] ? kmem_cache_alloc_noprof+0x22d/0x380 [ 267.605575][T11251] create_new_namespaces+0xd3/0x7b0 [ 267.605606][T11251] ? bpf_lsm_capable+0x9/0x10 [ 267.605637][T11251] ? security_capable+0x7e/0x2d0 [ 267.605676][T11251] unshare_nsproxy_namespaces+0x124/0x180 [ 267.605707][T11251] ksys_unshare+0x57d/0xa70 [ 267.605747][T11251] ? __pfx_ksys_unshare+0x10/0x10 [ 267.605776][T11251] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 267.605810][T11251] ? do_syscall_64+0x100/0x230 [ 267.605844][T11251] __x64_sys_unshare+0x38/0x40 [ 267.605873][T11251] do_syscall_64+0xf3/0x230 [ 267.605899][T11251] ? clear_bhb_loop+0x35/0x90 [ 267.605937][T11251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.605965][T11251] RIP: 0033:0x7fad1158d169 [ 267.605983][T11251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 267.606001][T11251] RSP: 002b:00007fad123da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 267.606024][T11251] RAX: ffffffffffffffda RBX: 00007fad117a5fa0 RCX: 00007fad1158d169 [ 267.606039][T11251] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000024020400 [ 267.606052][T11251] RBP: 00007fad123da090 R08: 0000000000000000 R09: 0000000000000000 [ 267.606065][T11251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 267.606082][T11251] R13: 0000000000000000 R14: 00007fad117a5fa0 R15: 00007fffbacb2878 [ 267.606115][T11251] [ 267.892406][T11253] __nla_validate_parse: 13 callbacks suppressed [ 267.892428][T11253] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1603'. [ 267.909175][T11253] bridge_slave_1: left allmulticast mode [ 267.914952][T11253] bridge_slave_1: left promiscuous mode [ 267.921503][T11253] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.972001][T11253] bridge_slave_0: left allmulticast mode [ 267.979281][T11253] bridge_slave_0: left promiscuous mode [ 267.989652][T11253] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.169358][T11260] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1608'. [ 268.267757][T11268] netlink: 596 bytes leftover after parsing attributes in process `syz.4.1609'. [ 268.464282][T11273] netlink: 'syz.3.1611': attribute type 1 has an invalid length. [ 268.525149][T11273] 8021q: adding VLAN 0 to HW filter on device bond15 [ 268.607964][T11278] bond15: (slave veth13): Enslaving as an active interface with a down link [ 268.751151][T11273] bond15: (slave dummy0): making interface the new active one [ 268.774458][T11273] dummy0: entered promiscuous mode [ 268.788562][T11273] bond15: (slave dummy0): Enslaving as an active interface with an up link [ 268.800188][T11261] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1607'. [ 268.831495][T11277] netlink: 'syz.2.1612': attribute type 8 has an invalid length. [ 268.938306][T11286] team0: Device gtp0 is of different type [ 268.992781][T11288] sctp: [Deprecated]: syz.4.1614 (pid 11288) Use of int in max_burst socket option deprecated. [ 268.992781][T11288] Use struct sctp_assoc_value instead [ 269.023777][T11291] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1616'. [ 269.220109][T11302] netlink: 200 bytes leftover after parsing attributes in process `syz.3.1619'. [ 269.289309][T11305] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1619'. [ 269.536797][T11310] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1620'. [ 269.565282][T11310] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1620'. [ 269.587796][T11310] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1620'. [ 269.833322][T11322] pim6reg1: entered promiscuous mode [ 269.845430][T11322] pim6reg1: entered allmulticast mode [ 269.996635][T11329] syzkaller0: tun_chr_ioctl cmd 1074025684 [ 270.026735][T11329] netlink: 'syz.3.1627': attribute type 8 has an invalid length. [ 270.350813][T11342] FAULT_INJECTION: forcing a failure. [ 270.350813][T11342] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 270.370622][T11343] FAULT_INJECTION: forcing a failure. [ 270.370622][T11343] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 270.400048][T11343] CPU: 1 UID: 0 PID: 11343 Comm: syz.1.1631 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 270.400080][T11343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 270.400094][T11343] Call Trace: [ 270.400101][T11343] [ 270.400110][T11343] dump_stack_lvl+0x241/0x360 [ 270.400141][T11343] ? __pfx_dump_stack_lvl+0x10/0x10 [ 270.400165][T11343] ? __pfx__printk+0x10/0x10 [ 270.400188][T11343] ? __pfx_lock_release+0x10/0x10 [ 270.400229][T11343] should_fail_ex+0x40a/0x550 [ 270.400265][T11343] _copy_from_user+0x2d/0xb0 [ 270.400295][T11343] copy_msghdr_from_user+0xae/0x680 [ 270.400326][T11343] ? __pfx___might_resched+0x10/0x10 [ 270.400358][T11343] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 270.400396][T11343] ? do_recvmmsg+0x44e/0xab0 [ 270.400422][T11343] ? __might_fault+0xaa/0x120 [ 270.400449][T11343] do_recvmmsg+0x3bd/0xab0 [ 270.400486][T11343] ? __pfx_do_recvmmsg+0x10/0x10 [ 270.400532][T11343] ? ksys_write+0x22a/0x2b0 [ 270.400555][T11343] ? __pfx_lock_release+0x10/0x10 [ 270.400592][T11343] ? sb_end_write+0xe9/0x1c0 [ 270.400622][T11343] ? vfs_write+0x7fa/0xd10 [ 270.400658][T11343] ? __mutex_unlock_slowpath+0x227/0x800 [ 270.400696][T11343] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 270.400722][T11343] ? __fget_files+0x2a/0x410 [ 270.400769][T11343] __x64_sys_recvmmsg+0x199/0x250 [ 270.400799][T11343] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 270.400827][T11343] ? do_syscall_64+0x100/0x230 [ 270.400858][T11343] ? do_syscall_64+0xb6/0x230 [ 270.400888][T11343] do_syscall_64+0xf3/0x230 [ 270.400916][T11343] ? clear_bhb_loop+0x35/0x90 [ 270.400949][T11343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.400977][T11343] RIP: 0033:0x7f8c1998d169 [ 270.400995][T11343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 270.401013][T11343] RSP: 002b:00007f8c1a868038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 270.401036][T11343] RAX: ffffffffffffffda RBX: 00007f8c19ba5fa0 RCX: 00007f8c1998d169 [ 270.401052][T11343] RDX: 000000000000f000 RSI: 0000400000000d00 RDI: 0000000000000003 [ 270.401065][T11343] RBP: 00007f8c1a868090 R08: 0000000000000000 R09: 0000000000000000 [ 270.401078][T11343] R10: 0000000000010002 R11: 0000000000000246 R12: 0000000000000002 [ 270.401091][T11343] R13: 0000000000000000 R14: 00007f8c19ba5fa0 R15: 00007ffd9bd36918 [ 270.401122][T11343] [ 270.401513][T11342] CPU: 1 UID: 0 PID: 11342 Comm: syz.4.1632 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 270.401538][T11342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 270.401550][T11342] Call Trace: [ 270.401556][T11342] [ 270.401564][T11342] dump_stack_lvl+0x241/0x360 [ 270.401592][T11342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 270.401615][T11342] ? __pfx__printk+0x10/0x10 [ 270.401645][T11342] ? __pfx_lock_release+0x10/0x10 [ 270.401676][T11342] ? __lock_acquire+0x1397/0x2100 [ 270.401714][T11342] should_fail_ex+0x40a/0x550 [ 270.401751][T11342] _copy_from_user+0x2d/0xb0 [ 270.401781][T11342] kstrtouint_from_user+0xc6/0x190 [ 270.401806][T11342] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 270.401838][T11342] ? __pfx_lock_acquire+0x10/0x10 [ 270.401881][T11342] proc_fail_nth_write+0xaa/0x2d0 [ 270.401911][T11342] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 270.401939][T11342] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 270.401976][T11342] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 270.402009][T11342] vfs_write+0x29f/0xd10 [ 270.402035][T11342] ? fdget_pos+0x254/0x320 [ 270.402064][T11342] ? __mutex_unlock_slowpath+0x227/0x800 [ 270.402095][T11342] ? __pfx_vfs_write+0x10/0x10 [ 270.402115][T11342] ? do_sys_openat2+0x17a/0x1d0 [ 270.402150][T11342] ? __fget_files+0x2a/0x410 [ 270.402183][T11342] ? __fget_files+0x395/0x410 [ 270.402213][T11342] ? __fget_files+0x2a/0x410 [ 270.402255][T11342] ksys_write+0x18f/0x2b0 [ 270.402281][T11342] ? __pfx_ksys_write+0x10/0x10 [ 270.402306][T11342] ? do_syscall_64+0x100/0x230 [ 270.402336][T11342] ? do_syscall_64+0xb6/0x230 [ 270.402367][T11342] do_syscall_64+0xf3/0x230 [ 270.402394][T11342] ? clear_bhb_loop+0x35/0x90 [ 270.402427][T11342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.402455][T11342] RIP: 0033:0x7f4c96b8bc1f [ 270.402473][T11342] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 270.402491][T11342] RSP: 002b:00007f4c9794f030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 270.402513][T11342] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4c96b8bc1f [ 270.402528][T11342] RDX: 0000000000000001 RSI: 00007f4c9794f0a0 RDI: 0000000000000004 [ 270.402541][T11342] RBP: 00007f4c9794f090 R08: 0000000000000000 R09: 0000000000000000 [ 270.402554][T11342] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 270.402567][T11342] R13: 0000000000000000 R14: 00007f4c96da5fa0 R15: 00007ffee3a40e38 [ 270.402599][T11342] [ 271.262152][T11365] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 271.522049][T11378] lo speed is unknown, defaulting to 1000 [ 271.571444][T11378] lo speed is unknown, defaulting to 1000 [ 271.778602][T11380] netlink: 'syz.0.1643': attribute type 7 has an invalid length. [ 271.787606][T11378] lo speed is unknown, defaulting to 1000 [ 271.804038][T11380] netlink: 'syz.0.1643': attribute type 8 has an invalid length. [ 271.849902][T11380] syz_tun: entered promiscuous mode [ 271.885867][T11380] erspan0: entered promiscuous mode [ 271.976370][T11380] gretap0: entered promiscuous mode [ 271.982267][T11380] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 272.000755][T11380] Cannot create hsr debugfs directory [ 272.408824][T11395] xt_CT: No such helper "syz0" [ 272.606376][T11378] infiniband syz0: set active [ 272.607899][T11402] xt_connbytes: Forcing CT accounting to be enabled [ 272.614211][ T9496] lo speed is unknown, defaulting to 1000 [ 272.633353][T11378] infiniband syz0: added lo [ 272.638071][T11402] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 272.638103][T11402] xt_bpf: check failed: parse error [ 272.703092][T11378] syz0: rxe_create_cq: returned err = -12 [ 272.725396][T11378] infiniband syz0: Couldn't create ib_mad CQ [ 272.745143][T11378] infiniband syz0: Couldn't open port 1 [ 272.785885][T11378] RDS/IB: syz0: added [ 272.798934][T11378] smc: adding ib device syz0 with port count 1 [ 272.823931][T11378] smc: ib device syz0 port 1 has pnetid SYZ1 (user defined) [ 272.914400][T11378] lo speed is unknown, defaulting to 1000 [ 272.929818][T10485] lo speed is unknown, defaulting to 1000 [ 273.328788][T11424] __nla_validate_parse: 10 callbacks suppressed [ 273.328810][T11424] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1658'. [ 273.354257][T11378] lo speed is unknown, defaulting to 1000 [ 273.458884][T11427] netlink: 'syz.2.1659': attribute type 1 has an invalid length. [ 273.522703][T11427] 8021q: adding VLAN 0 to HW filter on device bond6 [ 273.530781][T11430] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1660'. [ 273.575844][T11430] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1660'. [ 273.646820][T11431] bond6: (slave veth13): Enslaving as an active interface with a down link [ 273.715941][T11378] lo speed is unknown, defaulting to 1000 [ 273.850289][T11439] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1664'. [ 273.869747][T11440] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1653'. [ 273.893578][T11442] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1665'. [ 274.115571][T11415] lo speed is unknown, defaulting to 1000 [ 274.449814][T11378] lo speed is unknown, defaulting to 1000 [ 274.720213][T11467] FAULT_INJECTION: forcing a failure. [ 274.720213][T11467] name failslab, interval 1, probability 0, space 0, times 0 [ 274.733280][T11467] CPU: 1 UID: 0 PID: 11467 Comm: syz.3.1673 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 274.733310][T11467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 274.733323][T11467] Call Trace: [ 274.733330][T11467] [ 274.733339][T11467] dump_stack_lvl+0x241/0x360 [ 274.733371][T11467] ? __pfx_dump_stack_lvl+0x10/0x10 [ 274.733394][T11467] ? __pfx__printk+0x10/0x10 [ 274.733418][T11467] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 274.733450][T11467] ? __pfx___might_resched+0x10/0x10 [ 274.733492][T11467] should_fail_ex+0x40a/0x550 [ 274.733529][T11467] should_failslab+0xac/0x100 [ 274.733560][T11467] kmem_cache_alloc_node_noprof+0x77/0x380 [ 274.733591][T11467] ? __alloc_skb+0x1c3/0x440 [ 274.733618][T11467] __alloc_skb+0x1c3/0x440 [ 274.733646][T11467] ? __pfx___alloc_skb+0x10/0x10 [ 274.733670][T11467] ? netlink_autobind+0xd6/0x2f0 [ 274.733689][T11467] ? netlink_autobind+0x2b0/0x2f0 [ 274.733714][T11467] netlink_sendmsg+0x634/0xcb0 [ 274.733758][T11467] ? __pfx_netlink_sendmsg+0x10/0x10 [ 274.733796][T11467] ? aa_sock_msg_perm+0x91/0x160 [ 274.733836][T11467] ? __pfx_netlink_sendmsg+0x10/0x10 [ 274.733866][T11467] __sock_sendmsg+0x221/0x270 [ 274.733900][T11467] ____sys_sendmsg+0x53a/0x860 [ 274.733933][T11467] ? __pfx_____sys_sendmsg+0x10/0x10 [ 274.733955][T11467] ? __fget_files+0x2a/0x410 [ 274.733988][T11467] ? __fget_files+0x2a/0x410 [ 274.734026][T11467] __sys_sendmsg+0x269/0x350 [ 274.734056][T11467] ? __pfx___sys_sendmsg+0x10/0x10 [ 274.734100][T11467] ? do_sys_openat2+0x17a/0x1d0 [ 274.734157][T11467] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 274.734192][T11467] ? do_syscall_64+0x100/0x230 [ 274.734223][T11467] ? do_syscall_64+0xb6/0x230 [ 274.734252][T11467] do_syscall_64+0xf3/0x230 [ 274.734279][T11467] ? clear_bhb_loop+0x35/0x90 [ 274.734312][T11467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.734340][T11467] RIP: 0033:0x7f4de0d8d169 [ 274.734359][T11467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.734377][T11467] RSP: 002b:00007f4ddebf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 274.734400][T11467] RAX: ffffffffffffffda RBX: 00007f4de0fa5fa0 RCX: 00007f4de0d8d169 [ 274.734416][T11467] RDX: 000000000000c00c RSI: 0000400000000b00 RDI: 0000000000000004 [ 274.734430][T11467] RBP: 00007f4ddebf6090 R08: 0000000000000000 R09: 0000000000000000 [ 274.734443][T11467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 274.734461][T11467] R13: 0000000000000000 R14: 00007f4de0fa5fa0 R15: 00007ffeebb24f68 [ 274.734493][T11467] [ 275.231855][T11378] lo speed is unknown, defaulting to 1000 [ 275.335441][T11479] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1677'. [ 275.515300][T11486] bond0: (slave team0): Releasing backup interface [ 275.539209][T11486] bond0: (slave bond_slave_0): Releasing backup interface [ 275.583391][T11486] bond0: (slave bond_slave_1): Releasing backup interface [ 275.632867][T11493] netlink: 'syz.0.1682': attribute type 1 has an invalid length. [ 275.675054][T11486] team0: Port device team_slave_0 removed [ 275.721243][T11486] team0: Port device team_slave_1 removed [ 275.773315][T11486] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 275.808136][T11505] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1684'. [ 275.818401][T11486] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 275.843351][T11486] bond2: (slave veth7): Releasing backup interface [ 275.876402][T11486] bond5: (slave veth11): Releasing active interface [ 275.941960][T11486] bond6: (slave veth13): Releasing active interface [ 276.090276][T11493] 8021q: adding VLAN 0 to HW filter on device bond16 [ 276.103677][T11497] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1679'. [ 276.142174][T11504] vlan0: entered allmulticast mode [ 276.189084][T11509] pim6reg1: entered promiscuous mode [ 276.205119][T11509] pim6reg1: entered allmulticast mode [ 276.346750][T11522] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1687'. [ 276.730514][T11538] netlink: 'syz.4.1693': attribute type 1 has an invalid length. [ 276.794735][T11538] 8021q: adding VLAN 0 to HW filter on device bond9 [ 276.896349][T11537] bond9: (slave veth19): Enslaving as an active interface with a down link [ 276.963195][T11527] lo speed is unknown, defaulting to 1000 [ 277.164212][T10485] IPVS: starting estimator thread 0... [ 277.170159][T11557] IPVS: set_ctl: invalid protocol: 47 172.20.20.10:20000 [ 277.264703][T11561] IPVS: using max 19 ests per chain, 45600 per kthread [ 277.397391][T11570] FAULT_INJECTION: forcing a failure. [ 277.397391][T11570] name failslab, interval 1, probability 0, space 0, times 0 [ 277.446640][T11570] CPU: 1 UID: 0 PID: 11570 Comm: syz.4.1704 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 277.446673][T11570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 277.446687][T11570] Call Trace: [ 277.446694][T11570] [ 277.446703][T11570] dump_stack_lvl+0x241/0x360 [ 277.446736][T11570] ? __pfx_dump_stack_lvl+0x10/0x10 [ 277.446766][T11570] ? __pfx__printk+0x10/0x10 [ 277.446790][T11570] ? kmem_cache_alloc_noprof+0x48/0x380 [ 277.446822][T11570] ? __pfx___might_resched+0x10/0x10 [ 277.446854][T11570] should_fail_ex+0x40a/0x550 [ 277.446893][T11570] should_failslab+0xac/0x100 [ 277.446923][T11570] ? alloc_vfsmnt+0x23/0x490 [ 277.446946][T11570] kmem_cache_alloc_noprof+0x70/0x380 [ 277.446985][T11570] alloc_vfsmnt+0x23/0x490 [ 277.447012][T11570] clone_mnt+0x6b/0xc90 [ 277.447035][T11570] ? do_raw_spin_unlock+0x13c/0x8b0 [ 277.447065][T11570] ? attach_mnt+0x4ed/0x600 [ 277.447092][T11570] copy_tree+0x482/0x940 [ 277.447127][T11570] ? copy_mnt_ns+0x185/0x960 [ 277.447159][T11570] copy_mnt_ns+0x185/0x960 [ 277.447187][T11570] ? rcu_is_watching+0x15/0xb0 [ 277.447212][T11570] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 277.447239][T11570] ? kmem_cache_alloc_noprof+0x22d/0x380 [ 277.447275][T11570] create_new_namespaces+0xd3/0x7b0 [ 277.447306][T11570] ? bpf_lsm_capable+0x9/0x10 [ 277.447336][T11570] ? security_capable+0x7e/0x2d0 [ 277.447374][T11570] unshare_nsproxy_namespaces+0x124/0x180 [ 277.447406][T11570] ksys_unshare+0x57d/0xa70 [ 277.447443][T11570] ? __pfx_ksys_unshare+0x10/0x10 [ 277.447472][T11570] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 277.447506][T11570] ? do_syscall_64+0x100/0x230 [ 277.447541][T11570] __x64_sys_unshare+0x38/0x40 [ 277.447570][T11570] do_syscall_64+0xf3/0x230 [ 277.447598][T11570] ? clear_bhb_loop+0x35/0x90 [ 277.447631][T11570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.447660][T11570] RIP: 0033:0x7f4c96b8d169 [ 277.447679][T11570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 277.447697][T11570] RSP: 002b:00007f4c9794f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 277.447720][T11570] RAX: ffffffffffffffda RBX: 00007f4c96da5fa0 RCX: 00007f4c96b8d169 [ 277.447736][T11570] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000024020400 [ 277.447749][T11570] RBP: 00007f4c9794f090 R08: 0000000000000000 R09: 0000000000000000 [ 277.447761][T11570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 277.447774][T11570] R13: 0000000000000000 R14: 00007f4c96da5fa0 R15: 00007ffee3a40e38 [ 277.447806][T11570] [ 278.031738][T11584] netlink: 'syz.3.1710': attribute type 1 has an invalid length. [ 278.079942][T11584] 8021q: adding VLAN 0 to HW filter on device bond16 [ 278.121074][T11584] bond16: (slave veth15): Enslaving as an active interface with a down link [ 278.378788][T11594] __nla_validate_parse: 12 callbacks suppressed [ 278.378813][T11594] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1713'. [ 278.503032][T11602] netlink: 'syz.4.1716': attribute type 1 has an invalid length. [ 278.597230][T11606] syz.1.1717: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 278.613832][T11607] FAULT_INJECTION: forcing a failure. [ 278.613832][T11607] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 278.656547][T11607] CPU: 0 UID: 0 PID: 11607 Comm: syz.4.1716 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 278.656576][T11607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 278.656589][T11607] Call Trace: [ 278.656596][T11607] [ 278.656604][T11607] dump_stack_lvl+0x241/0x360 [ 278.656635][T11607] ? __pfx_dump_stack_lvl+0x10/0x10 [ 278.656657][T11607] ? __pfx__printk+0x10/0x10 [ 278.656680][T11607] ? __pfx_lock_release+0x10/0x10 [ 278.656721][T11607] should_fail_ex+0x40a/0x550 [ 278.656757][T11607] _copy_from_iter+0x1df/0x1c40 [ 278.656782][T11607] ? __virt_addr_valid+0x183/0x530 [ 278.656804][T11607] ? __pfx_lock_release+0x10/0x10 [ 278.656848][T11607] ? __alloc_skb+0x28f/0x440 [ 278.656871][T11607] ? __pfx__copy_from_iter+0x10/0x10 [ 278.656899][T11607] ? __virt_addr_valid+0x183/0x530 [ 278.656919][T11607] ? __virt_addr_valid+0x183/0x530 [ 278.656937][T11607] ? __virt_addr_valid+0x45f/0x530 [ 278.656964][T11607] ? __phys_addr_symbol+0x2f/0x70 [ 278.656983][T11607] ? __check_object_size+0x47a/0x730 [ 278.657018][T11607] netlink_sendmsg+0x742/0xcb0 [ 278.657064][T11607] ? __pfx_netlink_sendmsg+0x10/0x10 [ 278.657101][T11607] ? aa_sock_msg_perm+0x91/0x160 [ 278.657140][T11607] ? __pfx_netlink_sendmsg+0x10/0x10 [ 278.657170][T11607] __sock_sendmsg+0x221/0x270 [ 278.657204][T11607] ____sys_sendmsg+0x53a/0x860 [ 278.657238][T11607] ? __pfx_____sys_sendmsg+0x10/0x10 [ 278.657261][T11607] ? __fget_files+0x2a/0x410 [ 278.657296][T11607] ? __fget_files+0x2a/0x410 [ 278.657337][T11607] __sys_sendmsg+0x269/0x350 [ 278.657367][T11607] ? __pfx___sys_sendmsg+0x10/0x10 [ 278.657402][T11607] ? do_sys_openat2+0x17a/0x1d0 [ 278.657459][T11607] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 278.657494][T11607] ? do_syscall_64+0x100/0x230 [ 278.657525][T11607] ? do_syscall_64+0xb6/0x230 [ 278.657554][T11607] do_syscall_64+0xf3/0x230 [ 278.657582][T11607] ? clear_bhb_loop+0x35/0x90 [ 278.657615][T11607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.657643][T11607] RIP: 0033:0x7f4c96b8d169 [ 278.657661][T11607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 278.657678][T11607] RSP: 002b:00007f4c9790d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 278.657701][T11607] RAX: ffffffffffffffda RBX: 00007f4c96da6160 RCX: 00007f4c96b8d169 [ 278.657717][T11607] RDX: 0000000000008000 RSI: 0000400000000280 RDI: 0000000000000005 [ 278.657730][T11607] RBP: 00007f4c9790d090 R08: 0000000000000000 R09: 0000000000000000 [ 278.657743][T11607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 278.657755][T11607] R13: 0000000000000000 R14: 00007f4c96da6160 R15: 00007ffee3a40e38 [ 278.657786][T11607] [ 278.933514][T11606] CPU: 0 UID: 0 PID: 11606 Comm: syz.1.1717 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 278.933550][T11606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 278.933564][T11606] Call Trace: [ 278.933573][T11606] [ 278.933582][T11606] dump_stack_lvl+0x241/0x360 [ 278.933614][T11606] ? __pfx_dump_stack_lvl+0x10/0x10 [ 278.933639][T11606] ? __pfx__printk+0x10/0x10 [ 278.933668][T11606] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 278.933698][T11606] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 278.933730][T11606] warn_alloc+0x278/0x410 [ 278.933756][T11606] ? __vmalloc_node_range_noprof+0x106/0x1380 [ 278.933780][T11606] ? __pfx_warn_alloc+0x10/0x10 [ 278.933805][T11606] ? kasan_save_track+0x3f/0x80 [ 278.933828][T11606] ? __kasan_kmalloc+0x98/0xb0 [ 278.933854][T11606] ? xsk_setsockopt+0x4aa/0x810 [ 278.933886][T11606] ? do_sock_setsockopt+0x3af/0x720 [ 278.933909][T11606] ? __x64_sys_setsockopt+0x1ee/0x280 [ 278.933932][T11606] ? do_syscall_64+0xf3/0x230 [ 278.933960][T11606] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.934000][T11606] __vmalloc_node_range_noprof+0x126/0x1380 [ 278.934054][T11606] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 278.934096][T11606] ? __kasan_kmalloc+0x98/0xb0 [ 278.934126][T11606] vmalloc_user_noprof+0x74/0x80 [ 278.934149][T11606] ? xskq_create+0xb6/0x170 [ 278.934168][T11606] xskq_create+0xb6/0x170 [ 278.934191][T11606] xsk_init_queue+0xa1/0x100 [ 278.934215][T11606] xsk_setsockopt+0x4aa/0x810 [ 278.934251][T11606] ? __pfx_xsk_setsockopt+0x10/0x10 [ 278.934285][T11606] ? __pfx_aa_sk_perm+0x10/0x10 [ 278.934320][T11606] ? aa_sock_opt_perm+0x79/0x120 [ 278.934361][T11606] ? __pfx_xsk_setsockopt+0x10/0x10 [ 278.934393][T11606] do_sock_setsockopt+0x3af/0x720 [ 278.934424][T11606] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 278.934457][T11606] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 278.934500][T11606] __x64_sys_setsockopt+0x1ee/0x280 [ 278.934533][T11606] do_syscall_64+0xf3/0x230 [ 278.934562][T11606] ? clear_bhb_loop+0x35/0x90 [ 278.934596][T11606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.934625][T11606] RIP: 0033:0x7f8c1998d169 [ 278.934645][T11606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 278.934663][T11606] RSP: 002b:00007f8c1a868038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 278.934687][T11606] RAX: ffffffffffffffda RBX: 00007f8c19ba5fa0 RCX: 00007f8c1998d169 [ 278.934704][T11606] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 278.934717][T11606] RBP: 00007f8c19a0e2a0 R08: 0000000000000004 R09: 0000000000000000 [ 278.934731][T11606] R10: 0000400000000000 R11: 0000000000000246 R12: 0000000000000000 [ 278.934745][T11606] R13: 0000000000000000 R14: 00007f8c19ba5fa0 R15: 00007ffd9bd36918 [ 278.934778][T11606] [ 278.973419][T11602] 8021q: adding VLAN 0 to HW filter on device bond10 [ 278.976760][T11606] Mem-Info: [ 279.051235][T11613] FAULT_INJECTION: forcing a failure. [ 279.051235][T11613] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 279.055024][T11606] active_anon:3506 inactive_anon:0 isolated_anon:0 [ 279.055024][T11606] active_file:1979 inactive_file:38384 isolated_file:0 [ 279.055024][T11606] unevictable:768 dirty:318 writeback:0 [ 279.055024][T11606] slab_reclaimable:11244 slab_unreclaimable:110672 [ 279.055024][T11606] mapped:28965 shmem:1433 pagetables:736 [ 279.055024][T11606] sec_pagetables:0 bounce:0 [ 279.055024][T11606] kernel_misc_reclaimable:0 [ 279.055024][T11606] free:1333472 free_pcp:744 free_cma:0 [ 279.090034][T11613] CPU: 1 UID: 0 PID: 11613 Comm: syz.0.1719 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 279.090066][T11613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 279.090080][T11613] Call Trace: [ 279.090088][T11613] [ 279.090097][T11613] dump_stack_lvl+0x241/0x360 [ 279.090132][T11613] ? __pfx_dump_stack_lvl+0x10/0x10 [ 279.090156][T11613] ? __pfx__printk+0x10/0x10 [ 279.090182][T11613] ? __pfx_lock_release+0x10/0x10 [ 279.090225][T11613] should_fail_ex+0x40a/0x550 [ 279.090264][T11613] _copy_from_user+0x2d/0xb0 [ 279.090296][T11613] move_addr_to_kernel+0x82/0x150 [ 279.090329][T11613] copy_msghdr_from_user+0x43e/0x680 [ 279.090369][T11613] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 279.090400][T11613] ? __fget_files+0x2a/0x410 [ 279.090437][T11613] ? __fget_files+0x2a/0x410 [ 279.090481][T11613] __sys_sendmsg+0x209/0x350 [ 279.090514][T11613] ? __pfx___sys_sendmsg+0x10/0x10 [ 279.090554][T11613] ? do_sys_openat2+0x17a/0x1d0 [ 279.090616][T11613] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 279.090652][T11613] ? do_syscall_64+0x100/0x230 [ 279.090685][T11613] ? do_syscall_64+0xb6/0x230 [ 279.090717][T11613] do_syscall_64+0xf3/0x230 [ 279.090746][T11613] ? clear_bhb_loop+0x35/0x90 [ 279.090780][T11613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.090819][T11613] RIP: 0033:0x7fad1158d169 [ 279.090838][T11613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 279.090858][T11613] RSP: 002b:00007fad123da038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 279.090881][T11613] RAX: ffffffffffffffda RBX: 00007fad117a5fa0 RCX: 00007fad1158d169 [ 279.090897][T11613] RDX: 0000000000000000 RSI: 0000400000000640 RDI: 0000000000000003 [ 279.090916][T11613] RBP: 00007fad123da090 R08: 0000000000000000 R09: 0000000000000000 [ 279.090929][T11613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 279.090943][T11613] R13: 0000000000000000 R14: 00007fad117a5fa0 R15: 00007fffbacb2878 [ 279.090974][T11613] [ 279.489836][T11606] Node 0 active_anon:14096kB inactive_anon:0kB active_file:7916kB inactive_file:153460kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:115936kB dirty:1284kB writeback:0kB shmem:4172kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13056kB pagetables:2908kB sec_pagetables:0kB all_unreclaimable? no [ 279.496708][T11603] bond10: (slave veth21): Enslaving as an active interface with a down link [ 279.525903][T11606] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 279.646642][T11617] netlink: 596 bytes leftover after parsing attributes in process `syz.2.1720'. [ 279.666308][T11606] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 279.763428][T11606] lowmem_reserve[]: 0 2489 2490 2490 2490 [ 279.783326][T11606] Node 0 DMA32 free:1412292kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:14064kB inactive_anon:0kB active_file:7916kB inactive_file:153144kB unevictable:1536kB writepending:1284kB present:3129332kB managed:2549716kB mlocked:0kB bounce:0kB free_pcp:3776kB local_pcp:3168kB free_cma:0kB [ 279.844741][T11606] lowmem_reserve[]: 0 0 0 0 0 [ 279.849577][T11606] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:316kB unevictable:0kB writepending:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 279.915570][T11606] lowmem_reserve[]: 0 0 0 0 0 [ 279.930684][T11606] Node 1 Normal free:3906404kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 280.001569][T11635] FAULT_INJECTION: forcing a failure. [ 280.001569][T11635] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 280.013880][T11606] lowmem_reserve[]: 0 0 0 0 0 [ 280.022565][T11635] CPU: 0 UID: 0 PID: 11635 Comm: syz.2.1727 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 280.022597][T11635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 280.022611][T11635] Call Trace: [ 280.022618][T11635] [ 280.022627][T11635] dump_stack_lvl+0x241/0x360 [ 280.022659][T11635] ? __pfx_dump_stack_lvl+0x10/0x10 [ 280.022683][T11635] ? __pfx__printk+0x10/0x10 [ 280.022707][T11635] ? __pfx_lock_release+0x10/0x10 [ 280.022748][T11635] should_fail_ex+0x40a/0x550 [ 280.022787][T11635] _copy_from_user+0x2d/0xb0 [ 280.022818][T11635] copy_msghdr_from_user+0xae/0x680 [ 280.022848][T11635] ? __pfx___might_resched+0x10/0x10 [ 280.022880][T11635] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 280.022916][T11635] ? do_recvmmsg+0x44e/0xab0 [ 280.022943][T11635] ? __might_fault+0xaa/0x120 [ 280.022969][T11635] do_recvmmsg+0x3bd/0xab0 [ 280.023006][T11635] ? __pfx_do_recvmmsg+0x10/0x10 [ 280.023061][T11635] ? ksys_write+0x22a/0x2b0 [ 280.023085][T11635] ? __pfx_lock_release+0x10/0x10 [ 280.023129][T11635] ? sb_end_write+0xe9/0x1c0 [ 280.023160][T11635] ? vfs_write+0x7fa/0xd10 [ 280.023185][T11635] ? __mutex_unlock_slowpath+0x227/0x800 [ 280.023223][T11635] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 280.023250][T11635] ? __fget_files+0x2a/0x410 [ 280.023297][T11635] __x64_sys_recvmmsg+0x199/0x250 [ 280.023326][T11635] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 280.023356][T11635] ? do_syscall_64+0x100/0x230 [ 280.023386][T11635] ? do_syscall_64+0xb6/0x230 [ 280.023416][T11635] do_syscall_64+0xf3/0x230 [ 280.023443][T11635] ? clear_bhb_loop+0x35/0x90 [ 280.023475][T11635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.023504][T11635] RIP: 0033:0x7fca47d8d169 [ 280.023523][T11635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.023540][T11635] RSP: 002b:00007fca48c46038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 280.023562][T11635] RAX: ffffffffffffffda RBX: 00007fca47fa5fa0 RCX: 00007fca47d8d169 [ 280.023578][T11635] RDX: 000000000000f000 RSI: 0000400000000d00 RDI: 0000000000000003 [ 280.023593][T11635] RBP: 00007fca48c46090 R08: 0000000000000000 R09: 0000000000000000 [ 280.023606][T11635] R10: 0000000000010002 R11: 0000000000000246 R12: 0000000000000002 [ 280.023618][T11635] R13: 0000000000000000 R14: 00007fca47fa5fa0 R15: 00007ffd3d20bb48 [ 280.023649][T11635] [ 280.023997][T11606] Node 0 [ 280.135701][ T53] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 280.160035][T11606] DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 280.296131][T11606] Node 0 DMA32: 249*4kB (UM) 332*8kB (UME) 223*16kB (UME) 150*32kB (M) 143*64kB (UM) 64*128kB (UM) 36*256kB (UME) 18*512kB (UME) 14*1024kB (UM) 4*2048kB (UME) 327*4096kB (M) = 1409716kB [ 280.316638][T11606] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 280.329849][T11643] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1728'. [ 280.339156][T11606] Node 1 Normal: 233*4kB (UME) 58*8kB (UME) 45*16kB (UME) 229*32kB (UME) 94*64kB (UME) 38*128kB (UME) 8*256kB (UM) 10*512kB (UME) 6*1024kB (UME) 3*2048kB (UE) 944*4096kB (M) = 3906404kB [ 280.358326][T11606] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 280.369702][T11606] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 280.379190][T11606] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 280.402105][T11646] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1728'. [ 280.411405][T11606] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 280.422158][T11606] 41926 total pagecache pages [ 280.427393][T11606] 0 pages in swap cache [ 280.431585][T11606] Free swap = 124996kB [ 280.435950][T11606] Total swap = 124996kB [ 280.440182][T11606] 2097051 pages RAM [ 280.444020][T11606] 0 pages HighMem/MovableOnly [ 280.449181][T11606] 427900 pages reserved [ 280.453454][T11606] 0 pages cma reserved [ 280.891989][T11659] 8021q: VLANs not supported on ip6gre0 [ 280.944318][T11662] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1735'. [ 281.178952][ T1051] dummy0: left promiscuous mode [ 281.224224][T11668] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1737'. [ 281.285081][T11676] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1739'. [ 281.500176][T11682] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1741'. [ 281.612243][T11644] lo speed is unknown, defaulting to 1000 [ 281.805348][T11664] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 282.052960][T11700] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1747'. [ 282.275467][T11707] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1750'. [ 282.488138][T11721] netlink: 'syz.1.1753': attribute type 3 has an invalid length. [ 283.313207][T11755] bond14: (slave dummy0): Releasing active interface [ 283.389577][T11755] bridge_slave_0: left allmulticast mode [ 283.416984][T11755] bridge_slave_0: left promiscuous mode [ 283.435360][T11755] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.503129][T11755] bridge_slave_1: left allmulticast mode [ 283.519918][T11755] bridge_slave_1: left promiscuous mode [ 283.534648][T11755] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.571356][T11760] netlink: 'syz.2.1763': attribute type 27 has an invalid length. [ 283.608100][T11755] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 283.624625][T11755] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 283.643704][T11755] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 283.658488][T11755] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 283.701941][T11755] bond1: (slave veth3): Releasing backup interface [ 283.721599][T11755] bond2: (slave veth5): Releasing backup interface [ 283.760166][T11755] bond3: (slave veth7): Releasing backup interface [ 283.771749][T11755] bond4: (slave veth9): Releasing backup interface [ 283.787205][T11755] bond5: (slave veth11): Releasing backup interface [ 283.801353][T11755] bond6: left allmulticast mode [ 283.809990][T11755] bond6: left promiscuous mode [ 283.818348][T11755] bridge0: port 3(bond6) entered disabled state [ 283.953362][T11737] lo speed is unknown, defaulting to 1000 [ 284.054556][T11767] Cannot find add_set index 0 as target [ 284.286043][T11747] lo speed is unknown, defaulting to 1000 [ 284.603048][T11750] lo speed is unknown, defaulting to 1000 [ 284.741782][T11773] siw: device registration error -23 [ 284.950442][T11789] Cannot find del_set index 1 as target [ 285.268176][T11802] __nla_validate_parse: 3 callbacks suppressed [ 285.268197][T11802] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1774'. [ 285.303066][T11802] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1774'. [ 285.371183][T11807] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1775'. [ 285.386275][T11806] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1776'. [ 285.407011][T11806] netlink: 'syz.0.1776': attribute type 7 has an invalid length. [ 285.424177][T11806] netlink: 'syz.0.1776': attribute type 8 has an invalid length. [ 285.455393][T11806] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1776'. [ 285.762525][T11813] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1778'. [ 285.767863][T11798] lo speed is unknown, defaulting to 1000 [ 286.273822][T11811] lo speed is unknown, defaulting to 1000 [ 286.433773][T11822] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 286.442890][T11822] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 286.451783][T11822] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 286.459141][T11825] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1783'. [ 286.461081][T11822] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 286.484973][T11825] netlink: 'syz.0.1783': attribute type 1 has an invalid length. [ 286.528434][T11825] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1783'. [ 287.243338][T11839] netlink: 'syz.3.1788': attribute type 1 has an invalid length. [ 287.351930][T11839] 8021q: adding VLAN 0 to HW filter on device bond17 [ 287.510038][T11841] bond17: (slave veth17): Enslaving as an active interface with a down link [ 287.972502][T11850] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1793'. [ 288.109713][T11862] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1792'. [ 288.161531][T11862] bridge3: entered promiscuous mode [ 288.179288][T11862] bridge3: entered allmulticast mode [ 288.265068][T11868] Cannot find del_set index 1 as target [ 288.372838][T11873] tipc: Enabling not permitted [ 288.378557][T11873] tipc: Enabling of bearer rejected, failed to enable media [ 288.674263][T11883] vlan0: entered promiscuous mode [ 288.721756][T11883] bridge0: entered promiscuous mode [ 288.735435][T11883] bridge0: port 3(vlan0) entered blocking state [ 288.741980][T11883] bridge0: port 3(vlan0) entered disabled state [ 288.754074][T11883] vlan0: entered allmulticast mode [ 288.766675][T11883] bridge0: entered allmulticast mode [ 288.776837][T11883] vlan0: left allmulticast mode [ 288.781921][T11883] bridge0: left allmulticast mode [ 288.788919][T11883] bridge0: left promiscuous mode [ 289.108237][T11899] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 289.116638][T11899] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 289.125149][T11899] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 289.133495][T11899] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 289.205688][T11899] vxlan0: entered promiscuous mode [ 289.402400][T11911] xt_CT: You must specify a L4 protocol and not use inversions on it [ 289.423212][T11890] lo speed is unknown, defaulting to 1000 [ 289.824557][T11934] bond0: entered promiscuous mode [ 289.839102][T11934] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 289.884348][T11934] bond0: left promiscuous mode [ 290.074575][ T5836] Bluetooth: hci4: command 0x0405 tx timeout [ 290.829542][T11952] __nla_validate_parse: 5 callbacks suppressed [ 290.829558][T11952] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1827'. [ 291.284982][T11959] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1829'. [ 291.309340][T11959] netlink: 'syz.3.1829': attribute type 1 has an invalid length. [ 291.336178][T11959] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1829'. [ 291.961258][T11973] netlink: 596 bytes leftover after parsing attributes in process `syz.2.1835'. [ 292.236495][T11982] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1839'. [ 292.254693][T11982] netlink: 'syz.2.1839': attribute type 7 has an invalid length. [ 292.276082][T11982] netlink: 'syz.2.1839': attribute type 8 has an invalid length. [ 292.296424][T11982] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1839'. [ 292.477466][T11992] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1841'. [ 292.566702][T11999] SET target dimension over the limit! [ 292.957425][T12010] FAULT_INJECTION: forcing a failure. [ 292.957425][T12010] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 292.991134][T12010] CPU: 1 UID: 0 PID: 12010 Comm: syz.4.1847 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 292.991165][T12010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 292.991178][T12010] Call Trace: [ 292.991186][T12010] [ 292.991194][T12010] dump_stack_lvl+0x241/0x360 [ 292.991227][T12010] ? __pfx_dump_stack_lvl+0x10/0x10 [ 292.991251][T12010] ? __pfx__printk+0x10/0x10 [ 292.991275][T12010] ? __pfx_lock_release+0x10/0x10 [ 292.991317][T12010] should_fail_ex+0x40a/0x550 [ 292.991355][T12010] _copy_from_user+0x2d/0xb0 [ 292.991386][T12010] do_ipv6_setsockopt+0x2fc/0x35b0 [ 292.991428][T12010] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 292.991467][T12010] ? __mutex_trylock_common+0x183/0x2e0 [ 292.991492][T12010] ? __pfx___might_resched+0x10/0x10 [ 292.991523][T12010] ? __pfx___mutex_trylock_common+0x10/0x10 [ 292.991553][T12010] ? rcu_is_watching+0x15/0xb0 [ 292.991578][T12010] ? trace_contention_end+0x3c/0x120 [ 292.991609][T12010] ? __mutex_lock+0x397/0x1010 [ 292.991649][T12010] ? smc_setsockopt+0x1c3/0xd10 [ 292.991669][T12010] ? __pfx___might_resched+0x10/0x10 [ 292.991697][T12010] ? __pfx___mutex_lock+0x10/0x10 [ 292.991739][T12010] ipv6_setsockopt+0x5d/0x170 [ 292.991769][T12010] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 292.991805][T12010] smc_setsockopt+0x275/0xd10 [ 292.991834][T12010] ? __pfx_smc_setsockopt+0x10/0x10 [ 292.991859][T12010] ? aa_sock_opt_perm+0x79/0x120 [ 292.991898][T12010] ? __pfx_smc_setsockopt+0x10/0x10 [ 292.991920][T12010] do_sock_setsockopt+0x3af/0x720 [ 292.991950][T12010] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 292.991980][T12010] ? __fget_files+0x395/0x410 [ 292.992010][T12010] ? __fget_files+0x2a/0x410 [ 292.992050][T12010] __x64_sys_setsockopt+0x1ee/0x280 [ 292.992081][T12010] do_syscall_64+0xf3/0x230 [ 292.992108][T12010] ? clear_bhb_loop+0x35/0x90 [ 292.992141][T12010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.992170][T12010] RIP: 0033:0x7f4c96b8d169 [ 292.992188][T12010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.992205][T12010] RSP: 002b:00007f4c9794f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 292.992228][T12010] RAX: ffffffffffffffda RBX: 00007f4c96da5fa0 RCX: 00007f4c96b8d169 [ 292.992243][T12010] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 292.992255][T12010] RBP: 00007f4c9794f090 R08: 0000000000000060 R09: 0000000000000000 [ 292.992268][T12010] R10: 0000400000000840 R11: 0000000000000246 R12: 0000000000000001 [ 292.992281][T12010] R13: 0000000000000000 R14: 00007f4c96da5fa0 R15: 00007ffee3a40e38 [ 292.992313][T12010] [ 293.318715][T12006] lo speed is unknown, defaulting to 1000 [ 294.089142][T12047] netlink: 'syz.2.1859': attribute type 1 has an invalid length. [ 294.199832][T12047] 8021q: adding VLAN 0 to HW filter on device bond7 [ 294.397797][T12048] bond7: (slave veth15): Enslaving as an active interface with a down link [ 294.417495][T12022] lo speed is unknown, defaulting to 1000 [ 294.893771][T12070] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1867'. [ 294.970980][T12045] lo speed is unknown, defaulting to 1000 [ 295.276738][T12082] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1873'. [ 295.411480][T12085] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1872'. [ 295.475108][T12085] dummy0: entered promiscuous mode [ 295.489656][T12087] netlink: 'syz.3.1874': attribute type 1 has an invalid length. [ 295.512682][T12085] dummy0: left promiscuous mode [ 295.628559][T12091] netlink: 'syz.1.1875': attribute type 39 has an invalid length. [ 295.652537][T12087] 8021q: adding VLAN 0 to HW filter on device bond18 [ 295.678879][T12092] tipc: Enabling of bearer rejected, media not registered [ 295.756041][T12094] bond18: (slave veth19): Enslaving as an active interface with a down link [ 296.011798][T12103] __nla_validate_parse: 1 callbacks suppressed [ 296.011823][T12103] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1879'. [ 296.922437][T12123] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1889'. [ 297.084990][T12125] netlink: 596 bytes leftover after parsing attributes in process `syz.1.1890'. [ 297.227261][T12131] xt_SECMARK: invalid mode: 0 [ 297.264036][T12133] Cannot find del_set index 1 as target [ 297.292232][T12138] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1892'. [ 297.394688][T12140] openvswitch: netlink: Duplicate or invalid key (type 0). [ 297.407787][T12140] openvswitch: netlink: Actions may not be safe on all matching packets [ 297.592761][T12150] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1900'. [ 297.655412][T12152] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1901'. [ 297.699350][T12157] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1900'. [ 297.892987][T12163] sctp: [Deprecated]: syz.1.1905 (pid 12163) Use of int in max_burst socket option. [ 297.892987][T12163] Use struct sctp_assoc_value instead [ 297.917666][T12163] netlink: 'syz.1.1905': attribute type 142 has an invalid length. [ 298.091770][T12160] lo speed is unknown, defaulting to 1000 [ 298.510257][T12183] xt_CT: You must specify a L4 protocol and not use inversions on it [ 298.572287][T12164] lo speed is unknown, defaulting to 1000 [ 298.657996][T12188] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1914'. [ 298.795818][T12191] netlink: 'syz.3.1916': attribute type 6 has an invalid length. [ 298.812949][T12193] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1915'. [ 298.865612][T12196] netlink: 596 bytes leftover after parsing attributes in process `syz.1.1918'. [ 299.960642][T12233] vlan0: entered allmulticast mode [ 299.979580][T12233] hsr0: entered allmulticast mode [ 300.004432][T12233] hsr_slave_0: entered allmulticast mode [ 300.010250][T12233] hsr_slave_1: entered allmulticast mode [ 300.055632][T12233] hsr0: left allmulticast mode [ 300.062784][T12233] hsr_slave_0: left allmulticast mode [ 300.076363][T12233] hsr_slave_1: left allmulticast mode [ 300.347693][T12234] netlink: 'syz.1.1928': attribute type 12 has an invalid length. [ 300.395787][T12233] netlink: 'syz.1.1928': attribute type 12 has an invalid length. [ 300.525379][T12245] IPVS: Error connecting to the multicast addr [ 300.621074][T12227] lo speed is unknown, defaulting to 1000 [ 300.692658][T12251] netlink: 'syz.0.1934': attribute type 1 has an invalid length. [ 300.804911][T12255] syzkaller1: entered promiscuous mode [ 300.810527][T12255] syzkaller1: entered allmulticast mode [ 301.045535][T12261] __nla_validate_parse: 11 callbacks suppressed [ 301.045557][T12261] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1937'. [ 301.130565][T12260] lo speed is unknown, defaulting to 1000 [ 301.474772][T12274] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1941'. [ 301.672372][T12281] netlink: 'syz.1.1944': attribute type 1 has an invalid length. [ 301.703284][T12282] netlink: 'syz.3.1942': attribute type 3 has an invalid length. [ 301.819899][T12281] 8021q: adding VLAN 0 to HW filter on device bond8 [ 301.862821][T12287] bond8: (slave veth13): Enslaving as an active interface with a down link [ 301.908004][T12278] syzkaller0: entered allmulticast mode [ 302.096581][T12297] FAULT_INJECTION: forcing a failure. [ 302.096581][T12297] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 302.124274][T12297] CPU: 1 UID: 0 PID: 12297 Comm: syz.1.1945 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 302.124306][T12297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 302.124339][T12297] Call Trace: [ 302.124346][T12297] [ 302.124355][T12297] dump_stack_lvl+0x241/0x360 [ 302.124387][T12297] ? __pfx_dump_stack_lvl+0x10/0x10 [ 302.124411][T12297] ? __pfx__printk+0x10/0x10 [ 302.124433][T12297] ? __pfx_lock_release+0x10/0x10 [ 302.124475][T12297] should_fail_ex+0x40a/0x550 [ 302.124512][T12297] _copy_from_user+0x2d/0xb0 [ 302.124542][T12297] copy_msghdr_from_user+0xae/0x680 [ 302.124574][T12297] ? __pfx___might_resched+0x10/0x10 [ 302.124606][T12297] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 302.124643][T12297] ? do_recvmmsg+0x44e/0xab0 [ 302.124668][T12297] ? __might_fault+0xaa/0x120 [ 302.124693][T12297] do_recvmmsg+0x3bd/0xab0 [ 302.124730][T12297] ? __pfx_do_recvmmsg+0x10/0x10 [ 302.124781][T12297] ? ksys_write+0x22a/0x2b0 [ 302.124805][T12297] ? __pfx_lock_release+0x10/0x10 [ 302.124843][T12297] ? sb_end_write+0xe9/0x1c0 [ 302.124873][T12297] ? vfs_write+0x7fa/0xd10 [ 302.124899][T12297] ? __mutex_unlock_slowpath+0x227/0x800 [ 302.124936][T12297] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 302.124961][T12297] ? __fget_files+0x2a/0x410 [ 302.125008][T12297] __x64_sys_recvmmsg+0x199/0x250 [ 302.125038][T12297] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 302.125066][T12297] ? do_syscall_64+0x100/0x230 [ 302.125104][T12297] ? do_syscall_64+0xb6/0x230 [ 302.125134][T12297] do_syscall_64+0xf3/0x230 [ 302.125161][T12297] ? clear_bhb_loop+0x35/0x90 [ 302.125193][T12297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.125241][T12297] RIP: 0033:0x7f8c1998d169 [ 302.125261][T12297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.125279][T12297] RSP: 002b:00007f8c1a868038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 302.125302][T12297] RAX: ffffffffffffffda RBX: 00007f8c19ba5fa0 RCX: 00007f8c1998d169 [ 302.125318][T12297] RDX: 000000000000f000 RSI: 0000400000000d00 RDI: 0000000000000003 [ 302.125332][T12297] RBP: 00007f8c1a868090 R08: 0000000000000000 R09: 0000000000000000 [ 302.125345][T12297] R10: 0000000000010002 R11: 0000000000000246 R12: 0000000000000002 [ 302.125358][T12297] R13: 0000000000000000 R14: 00007f8c19ba5fa0 R15: 00007ffd9bd36918 [ 302.125389][T12297] [ 302.659767][T12308] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 302.844387][T12312] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1950'. [ 303.194441][ T5836] Bluetooth: hci4: command 0x0405 tx timeout [ 303.250138][T12333] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1957'. [ 303.657028][T12341] lo speed is unknown, defaulting to 1000 [ 303.930097][T12355] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1966'. [ 304.348752][T12371] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1971'. [ 304.370702][T12370] FAULT_INJECTION: forcing a failure. [ 304.370702][T12370] name failslab, interval 1, probability 0, space 0, times 0 [ 304.422065][T12370] CPU: 1 UID: 0 PID: 12370 Comm: syz.3.1973 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 304.422099][T12370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 304.422112][T12370] Call Trace: [ 304.422121][T12370] [ 304.422130][T12370] dump_stack_lvl+0x241/0x360 [ 304.422162][T12370] ? __pfx_dump_stack_lvl+0x10/0x10 [ 304.422186][T12370] ? __pfx__printk+0x10/0x10 [ 304.422210][T12370] ? kmem_cache_alloc_noprof+0x48/0x380 [ 304.422242][T12370] ? __pfx___might_resched+0x10/0x10 [ 304.422275][T12370] should_fail_ex+0x40a/0x550 [ 304.422313][T12370] should_failslab+0xac/0x100 [ 304.422343][T12370] ? alloc_vfsmnt+0x23/0x490 [ 304.422365][T12370] kmem_cache_alloc_noprof+0x70/0x380 [ 304.422401][T12370] alloc_vfsmnt+0x23/0x490 [ 304.422428][T12370] clone_mnt+0x6b/0xc90 [ 304.422451][T12370] ? do_raw_spin_unlock+0x13c/0x8b0 [ 304.422480][T12370] ? attach_mnt+0x4ed/0x600 [ 304.422509][T12370] copy_tree+0x482/0x940 [ 304.422542][T12370] ? copy_mnt_ns+0x185/0x960 [ 304.422575][T12370] copy_mnt_ns+0x185/0x960 [ 304.422602][T12370] ? rcu_is_watching+0x15/0xb0 [ 304.422627][T12370] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 304.422736][T12370] ? kmem_cache_alloc_noprof+0x22d/0x380 [ 304.422780][T12370] create_new_namespaces+0xd3/0x7b0 [ 304.422815][T12370] ? bpf_lsm_capable+0x9/0x10 [ 304.422846][T12370] ? security_capable+0x7e/0x2d0 [ 304.422886][T12370] unshare_nsproxy_namespaces+0x124/0x180 [ 304.422918][T12370] ksys_unshare+0x57d/0xa70 [ 304.422958][T12370] ? __pfx_ksys_unshare+0x10/0x10 [ 304.422989][T12370] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 304.423024][T12370] ? do_syscall_64+0x100/0x230 [ 304.423059][T12370] __x64_sys_unshare+0x38/0x40 [ 304.423093][T12370] do_syscall_64+0xf3/0x230 [ 304.423121][T12370] ? clear_bhb_loop+0x35/0x90 [ 304.423155][T12370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.423183][T12370] RIP: 0033:0x7f4de0d8d169 [ 304.423204][T12370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.423222][T12370] RSP: 002b:00007f4ddebf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 304.423245][T12370] RAX: ffffffffffffffda RBX: 00007f4de0fa5fa0 RCX: 00007f4de0d8d169 [ 304.423261][T12370] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000024020400 [ 304.423274][T12370] RBP: 00007f4ddebf6090 R08: 0000000000000000 R09: 0000000000000000 [ 304.423287][T12370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 304.423299][T12370] R13: 0000000000000000 R14: 00007f4de0fa5fa0 R15: 00007ffeebb24f68 [ 304.423332][T12370] [ 305.411212][T12396] FAULT_INJECTION: forcing a failure. [ 305.411212][T12396] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 305.428287][T12396] CPU: 1 UID: 0 PID: 12396 Comm: syz.2.1983 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 305.428317][T12396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 305.428331][T12396] Call Trace: [ 305.428338][T12396] [ 305.428347][T12396] dump_stack_lvl+0x241/0x360 [ 305.428378][T12396] ? __pfx_dump_stack_lvl+0x10/0x10 [ 305.428402][T12396] ? __pfx__printk+0x10/0x10 [ 305.428423][T12396] ? __pfx_lock_release+0x10/0x10 [ 305.428463][T12396] should_fail_ex+0x40a/0x550 [ 305.428499][T12396] _copy_from_user+0x2d/0xb0 [ 305.428528][T12396] copy_msghdr_from_user+0xae/0x680 [ 305.428564][T12396] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 305.428601][T12396] ? __fget_files+0x2a/0x410 [ 305.428635][T12396] ? __fget_files+0x2a/0x410 [ 305.428676][T12396] __sys_sendmsg+0x209/0x350 [ 305.428706][T12396] ? __pfx___sys_sendmsg+0x10/0x10 [ 305.428744][T12396] ? do_sys_openat2+0x17a/0x1d0 [ 305.428799][T12396] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 305.428834][T12396] ? do_syscall_64+0x100/0x230 [ 305.428867][T12396] ? do_syscall_64+0xb6/0x230 [ 305.428897][T12396] do_syscall_64+0xf3/0x230 [ 305.428924][T12396] ? clear_bhb_loop+0x35/0x90 [ 305.428954][T12396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.428980][T12396] RIP: 0033:0x7fca47d8d169 [ 305.428998][T12396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.429015][T12396] RSP: 002b:00007fca48c46038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 305.429036][T12396] RAX: ffffffffffffffda RBX: 00007fca47fa5fa0 RCX: 00007fca47d8d169 [ 305.429050][T12396] RDX: 0000000000000010 RSI: 0000400000000280 RDI: 0000000000000003 [ 305.429063][T12396] RBP: 00007fca48c46090 R08: 0000000000000000 R09: 0000000000000000 [ 305.429075][T12396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.429086][T12396] R13: 0000000000000000 R14: 00007fca47fa5fa0 R15: 00007ffd3d20bb48 [ 305.429114][T12396] [ 305.958120][T12420] netlink: 'syz.4.1989': attribute type 5 has an invalid length. [ 306.097882][T12422] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1992'. [ 306.297484][T12412] lo speed is unknown, defaulting to 1000 [ 306.508292][T12429] ieee802154 phy1 wpan1: encryption failed: -22 [ 306.523779][T12429] ieee802154 phy1 wpan1: encryption failed: -22 [ 306.573147][T12417] lo speed is unknown, defaulting to 1000 [ 307.451711][T12445] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1998'. [ 307.488037][T12449] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2000'. [ 307.552332][T12445] dummy0: entered promiscuous mode [ 307.560392][T12445] dummy0: left promiscuous mode [ 308.055969][ T9514] hid (null): unknown global tag 0xe [ 308.063838][ T9514] hid (null): unknown global tag 0xc [ 308.071932][ T9514] hid-generic 0005:046D:0A0E.0002: unknown global tag 0xe [ 308.076214][T12468] xt_hashlimit: Unknown mode mask 4000, kernel too old? [ 308.080507][ T9514] hid-generic 0005:046D:0A0E.0002: item 0 2 1 14 parsing failed [ 308.095569][ T9514] hid-generic 0005:046D:0A0E.0002: probe with driver hid-generic failed with error -22 [ 308.399060][T12478] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2011'. [ 308.425601][T12481] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2012'. [ 308.466329][T12485] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2014'. [ 308.525654][T12487] netlink: 'syz.1.2013': attribute type 2 has an invalid length. [ 308.710270][T12492] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2016'. [ 308.920989][T12497] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2018'. [ 309.605529][T12516] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2025'. [ 309.664321][T12518] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2026'. [ 309.826003][T12521] netlink: 'syz.1.2029': attribute type 5 has an invalid length. [ 309.844290][T12521] netlink: 'syz.1.2029': attribute type 5 has an invalid length. [ 309.853257][T12523] netlink: 'syz.1.2029': attribute type 5 has an invalid length. [ 309.882076][T12523] netlink: 'syz.1.2029': attribute type 5 has an invalid length. [ 309.902280][T12528] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 310.097987][T12533] team0: Device gtp1 is of different type [ 310.108256][T12534] SET target dimension over the limit! [ 310.191351][T12538] sctp: [Deprecated]: syz.1.2036 (pid 12538) Use of int in max_burst socket option deprecated. [ 310.191351][T12538] Use struct sctp_assoc_value instead [ 310.308267][T12546] netlink: 'syz.4.2039': attribute type 7 has an invalid length. [ 310.324723][T12546] netlink: 'syz.4.2039': attribute type 8 has an invalid length. [ 310.990331][T12571] dummy0: entered promiscuous mode [ 311.016690][T12571] dummy0: left promiscuous mode [ 311.136908][T12578] FAULT_INJECTION: forcing a failure. [ 311.136908][T12578] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 311.151809][T12578] CPU: 1 UID: 0 PID: 12578 Comm: syz.1.2051 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 311.151840][T12578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 311.151853][T12578] Call Trace: [ 311.151860][T12578] [ 311.151869][T12578] dump_stack_lvl+0x241/0x360 [ 311.151903][T12578] ? __pfx_dump_stack_lvl+0x10/0x10 [ 311.151927][T12578] ? __pfx__printk+0x10/0x10 [ 311.151950][T12578] ? __pfx_lock_release+0x10/0x10 [ 311.151992][T12578] should_fail_ex+0x40a/0x550 [ 311.152048][T12578] _copy_from_iter+0x1df/0x1c40 [ 311.152075][T12578] ? __virt_addr_valid+0x183/0x530 [ 311.152097][T12578] ? __pfx_lock_release+0x10/0x10 [ 311.152136][T12578] ? __alloc_skb+0x28f/0x440 [ 311.152159][T12578] ? __pfx__copy_from_iter+0x10/0x10 [ 311.152188][T12578] ? __virt_addr_valid+0x183/0x530 [ 311.152207][T12578] ? __virt_addr_valid+0x183/0x530 [ 311.152226][T12578] ? __virt_addr_valid+0x45f/0x530 [ 311.152247][T12578] ? __phys_addr_symbol+0x2f/0x70 [ 311.152266][T12578] ? __check_object_size+0x47a/0x730 [ 311.152301][T12578] netlink_sendmsg+0x742/0xcb0 [ 311.152346][T12578] ? __pfx_netlink_sendmsg+0x10/0x10 [ 311.152390][T12578] ? aa_sock_msg_perm+0x91/0x160 [ 311.152429][T12578] ? __pfx_netlink_sendmsg+0x10/0x10 [ 311.152460][T12578] __sock_sendmsg+0x221/0x270 [ 311.152494][T12578] ____sys_sendmsg+0x53a/0x860 [ 311.152527][T12578] ? __pfx_____sys_sendmsg+0x10/0x10 [ 311.152551][T12578] ? __fget_files+0x2a/0x410 [ 311.152585][T12578] ? __fget_files+0x2a/0x410 [ 311.152625][T12578] __sys_sendmsg+0x269/0x350 [ 311.152656][T12578] ? __pfx___sys_sendmsg+0x10/0x10 [ 311.152699][T12578] ? do_sys_openat2+0x17a/0x1d0 [ 311.152758][T12578] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 311.152793][T12578] ? do_syscall_64+0x100/0x230 [ 311.152824][T12578] ? do_syscall_64+0xb6/0x230 [ 311.152854][T12578] do_syscall_64+0xf3/0x230 [ 311.152881][T12578] ? clear_bhb_loop+0x35/0x90 [ 311.152914][T12578] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.152943][T12578] RIP: 0033:0x7f8c1998d169 [ 311.152961][T12578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.152980][T12578] RSP: 002b:00007f8c1a847038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 311.153003][T12578] RAX: ffffffffffffffda RBX: 00007f8c19ba6080 RCX: 00007f8c1998d169 [ 311.153019][T12578] RDX: 0000000000000000 RSI: 0000400000000200 RDI: 0000000000000004 [ 311.153032][T12578] RBP: 00007f8c1a847090 R08: 0000000000000000 R09: 0000000000000000 [ 311.153045][T12578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.153057][T12578] R13: 0000000000000001 R14: 00007f8c19ba6080 R15: 00007ffd9bd36918 [ 311.153088][T12578] [ 311.540716][T12582] __nla_validate_parse: 4 callbacks suppressed [ 311.540737][T12582] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2053'. [ 311.959011][T12600] team0: Device gtp1 is of different type [ 312.033738][T12602] sctp: [Deprecated]: syz.1.2061 (pid 12602) Use of int in max_burst socket option deprecated. [ 312.033738][T12602] Use struct sctp_assoc_value instead [ 312.329751][T12595] lo speed is unknown, defaulting to 1000 [ 312.601538][T12613] FAULT_INJECTION: forcing a failure. [ 312.601538][T12613] name failslab, interval 1, probability 0, space 0, times 0 [ 312.624787][T12613] CPU: 0 UID: 0 PID: 12613 Comm: syz.4.2066 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 312.624821][T12613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 312.624834][T12613] Call Trace: [ 312.624842][T12613] [ 312.624851][T12613] dump_stack_lvl+0x241/0x360 [ 312.624888][T12613] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.624911][T12613] ? __pfx__printk+0x10/0x10 [ 312.624936][T12613] ? fs_reclaim_acquire+0x93/0x130 [ 312.624959][T12613] ? __pfx___might_resched+0x10/0x10 [ 312.624985][T12613] ? dynamic_dname+0x144/0x1b0 [ 312.625011][T12613] should_fail_ex+0x40a/0x550 [ 312.625048][T12613] should_failslab+0xac/0x100 [ 312.625078][T12613] __kmalloc_noprof+0xdd/0x4c0 [ 312.625106][T12613] ? tomoyo_encode+0x26f/0x540 [ 312.625133][T12613] tomoyo_encode+0x26f/0x540 [ 312.625156][T12613] ? __pfx_sockfs_dname+0x10/0x10 [ 312.625195][T12613] tomoyo_realpath_from_path+0x59e/0x5e0 [ 312.625232][T12613] tomoyo_path_number_perm+0x239/0x770 [ 312.625260][T12613] ? __lock_acquire+0x1397/0x2100 [ 312.625295][T12613] ? tomoyo_path_number_perm+0x209/0x770 [ 312.625326][T12613] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 312.625397][T12613] ? __fget_files+0x2a/0x410 [ 312.625430][T12613] ? __fget_files+0x2a/0x410 [ 312.625463][T12613] security_file_ioctl+0xc6/0x2a0 [ 312.625492][T12613] __se_sys_ioctl+0x46/0x170 [ 312.625518][T12613] do_syscall_64+0xf3/0x230 [ 312.625543][T12613] ? clear_bhb_loop+0x35/0x90 [ 312.625574][T12613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.625601][T12613] RIP: 0033:0x7f4c96b8d169 [ 312.625618][T12613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.625635][T12613] RSP: 002b:00007f4c9794f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 312.625657][T12613] RAX: ffffffffffffffda RBX: 00007f4c96da5fa0 RCX: 00007f4c96b8d169 [ 312.625671][T12613] RDX: 0000400000000000 RSI: 00000000000089a2 RDI: 0000000000000004 [ 312.625685][T12613] RBP: 00007f4c9794f090 R08: 0000000000000000 R09: 0000000000000000 [ 312.625697][T12613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 312.625710][T12613] R13: 0000000000000000 R14: 00007f4c96da5fa0 R15: 00007ffee3a40e38 [ 312.625739][T12613] [ 312.625785][T12613] ERROR: Out of memory at tomoyo_realpath_from_path. [ 313.091193][T12621] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2070'. [ 313.116742][T12626] netlink: 'syz.2.2071': attribute type 1 has an invalid length. [ 313.198173][T12626] 8021q: adding VLAN 0 to HW filter on device bond8 [ 313.350088][T12631] bond8: (slave veth17): Enslaving as an active interface with a down link [ 313.516037][T12640] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2076'. [ 313.862229][T12642] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2075'. [ 314.027245][T12642] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 314.236400][T12666] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2085'. [ 314.263565][T12666] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2085'. [ 314.283461][T12666] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2085'. [ 314.286227][T12665] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2086'. [ 314.295369][T12666] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2085'. [ 314.344288][T12666] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2085'. [ 314.622648][T12683] xt_hashlimit: size too large, truncated to 1048576 [ 315.344836][T12712] sctp: [Deprecated]: syz.1.2104 (pid 12712) Use of struct sctp_assoc_value in delayed_ack socket option. [ 315.344836][T12712] Use struct sctp_sack_info instead [ 315.534782][T12720] netlink: 'syz.4.2109': attribute type 8 has an invalid length. [ 315.593694][T12721] netlink: 'syz.2.2108': attribute type 8 has an invalid length. [ 315.898329][T12732] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 317.449837][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.819667][T12745] __nla_validate_parse: 5 callbacks suppressed [ 317.819688][T12745] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2117'. [ 318.061321][T12752] netlink: 'syz.4.2121': attribute type 33 has an invalid length. [ 318.293225][T12764] netlink: 696 bytes leftover after parsing attributes in process `syz.0.2125'. [ 318.440054][T12767] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2126'. [ 318.451129][T12767] netlink: 'syz.0.2126': attribute type 3 has an invalid length. [ 320.529358][T12784] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2133'. [ 320.628031][T12784] dummy0: entered promiscuous mode [ 320.662810][T12784] dummy0: left promiscuous mode [ 320.697525][T12796] xt_hashlimit: Unknown mode mask B100, kernel too old? [ 320.711504][T12794] netlink: 696 bytes leftover after parsing attributes in process `syz.0.2136'. [ 321.012205][T12807] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2141'. [ 321.022568][T12807] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2141'. [ 321.044463][T12807] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2141'. [ 321.091894][T12807] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2141'. [ 321.103648][T12811] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2143'. [ 321.123065][T12811] netlink: 'syz.0.2143': attribute type 7 has an invalid length. [ 321.134241][T12811] netlink: 'syz.0.2143': attribute type 8 has an invalid length. [ 321.218263][T12816] team0: Port device gtp0 added [ 321.245435][T12816] sctp: [Deprecated]: syz.2.2145 (pid 12816) Use of int in max_burst socket option deprecated. [ 321.245435][T12816] Use struct sctp_assoc_value instead [ 321.349017][T12820] FAULT_INJECTION: forcing a failure. [ 321.349017][T12820] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.414714][T12820] CPU: 1 UID: 0 PID: 12820 Comm: syz.3.2147 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 321.414751][T12820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 321.414763][T12820] Call Trace: [ 321.414772][T12820] [ 321.414780][T12820] dump_stack_lvl+0x241/0x360 [ 321.414812][T12820] ? __pfx_dump_stack_lvl+0x10/0x10 [ 321.414835][T12820] ? __pfx__printk+0x10/0x10 [ 321.414858][T12820] ? __pfx_lock_release+0x10/0x10 [ 321.414899][T12820] should_fail_ex+0x40a/0x550 [ 321.414936][T12820] _copy_from_iter+0x1df/0x1c40 [ 321.414961][T12820] ? __virt_addr_valid+0x183/0x530 [ 321.414983][T12820] ? __pfx_lock_release+0x10/0x10 [ 321.415021][T12820] ? __alloc_skb+0x28f/0x440 [ 321.415043][T12820] ? __pfx__copy_from_iter+0x10/0x10 [ 321.415070][T12820] ? __virt_addr_valid+0x183/0x530 [ 321.415089][T12820] ? __virt_addr_valid+0x183/0x530 [ 321.415108][T12820] ? __virt_addr_valid+0x45f/0x530 [ 321.415129][T12820] ? __phys_addr_symbol+0x2f/0x70 [ 321.415148][T12820] ? __check_object_size+0x47a/0x730 [ 321.415182][T12820] netlink_sendmsg+0x742/0xcb0 [ 321.415227][T12820] ? __pfx_netlink_sendmsg+0x10/0x10 [ 321.415262][T12820] ? aa_sock_msg_perm+0x91/0x160 [ 321.415301][T12820] ? __pfx_netlink_sendmsg+0x10/0x10 [ 321.415331][T12820] __sock_sendmsg+0x221/0x270 [ 321.415364][T12820] ____sys_sendmsg+0x53a/0x860 [ 321.415398][T12820] ? __pfx_____sys_sendmsg+0x10/0x10 [ 321.415432][T12820] ? __fget_files+0x2a/0x410 [ 321.415467][T12820] ? __fget_files+0x2a/0x410 [ 321.415506][T12820] __sys_sendmsg+0x269/0x350 [ 321.415536][T12820] ? __pfx___sys_sendmsg+0x10/0x10 [ 321.415572][T12820] ? do_sys_openat2+0x17a/0x1d0 [ 321.415629][T12820] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 321.415661][T12820] ? do_syscall_64+0x100/0x230 [ 321.415692][T12820] ? do_syscall_64+0xb6/0x230 [ 321.415722][T12820] do_syscall_64+0xf3/0x230 [ 321.415749][T12820] ? clear_bhb_loop+0x35/0x90 [ 321.415781][T12820] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.415810][T12820] RIP: 0033:0x7f4de0d8d169 [ 321.415828][T12820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.415846][T12820] RSP: 002b:00007f4ddebf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 321.415869][T12820] RAX: ffffffffffffffda RBX: 00007f4de0fa5fa0 RCX: 00007f4de0d8d169 [ 321.415884][T12820] RDX: 0000000000000010 RSI: 0000400000000280 RDI: 0000000000000003 [ 321.415897][T12820] RBP: 00007f4ddebf6090 R08: 0000000000000000 R09: 0000000000000000 [ 321.415909][T12820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.415920][T12820] R13: 0000000000000000 R14: 00007f4de0fa5fa0 R15: 00007ffeebb24f68 [ 321.415950][T12820] [ 321.935647][T12829] netlink: 'syz.4.2151': attribute type 7 has an invalid length. [ 322.192721][T12841] netlink: 'syz.4.2158': attribute type 1 has an invalid length. [ 322.225355][T12842] netlink: 'syz.0.2155': attribute type 1 has an invalid length. [ 322.267604][T12844] No such timeout policy "syz0" [ 322.293872][T12841] 8021q: adding VLAN 0 to HW filter on device bond11 [ 322.358359][T12846] geneve2: entered promiscuous mode [ 322.363647][T12846] geneve2: entered allmulticast mode [ 322.411361][T12853] FAULT_INJECTION: forcing a failure. [ 322.411361][T12853] name failslab, interval 1, probability 0, space 0, times 0 [ 322.435068][T12851] netlink: 'syz.3.2157': attribute type 1 has an invalid length. [ 322.450825][T12846] bond11: (slave geneve2): making interface the new active one [ 322.460988][T12853] CPU: 0 UID: 0 PID: 12853 Comm: syz.0.2160 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 322.461022][T12853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 322.461035][T12853] Call Trace: [ 322.461042][T12853] [ 322.461052][T12853] dump_stack_lvl+0x241/0x360 [ 322.461081][T12853] ? __pfx_dump_stack_lvl+0x10/0x10 [ 322.461104][T12853] ? __pfx__printk+0x10/0x10 [ 322.461128][T12853] ? __kmalloc_node_track_caller_noprof+0xb4/0x4c0 [ 322.461160][T12853] ? __pfx___might_resched+0x10/0x10 [ 322.461192][T12853] should_fail_ex+0x40a/0x550 [ 322.461229][T12853] should_failslab+0xac/0x100 [ 322.461260][T12853] __kmalloc_node_track_caller_noprof+0xdc/0x4c0 [ 322.461290][T12853] ? alloc_vfsmnt+0xea/0x490 [ 322.461313][T12853] ? do_raw_spin_unlock+0x13c/0x8b0 [ 322.461345][T12853] kstrdup+0x42/0x100 [ 322.461378][T12853] alloc_vfsmnt+0xea/0x490 [ 322.461405][T12853] clone_mnt+0x6b/0xc90 [ 322.461441][T12853] ? do_raw_spin_unlock+0x13c/0x8b0 [ 322.461470][T12853] ? attach_mnt+0x4ed/0x600 [ 322.461498][T12853] copy_tree+0x482/0x940 [ 322.461533][T12853] ? copy_mnt_ns+0x185/0x960 [ 322.461566][T12853] copy_mnt_ns+0x185/0x960 [ 322.461593][T12853] ? rcu_is_watching+0x15/0xb0 [ 322.461617][T12853] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 322.461644][T12853] ? kmem_cache_alloc_noprof+0x22d/0x380 [ 322.461680][T12853] create_new_namespaces+0xd3/0x7b0 [ 322.461713][T12853] ? bpf_lsm_capable+0x9/0x10 [ 322.461745][T12853] ? security_capable+0x7e/0x2d0 [ 322.461784][T12853] unshare_nsproxy_namespaces+0x124/0x180 [ 322.461815][T12853] ksys_unshare+0x57d/0xa70 [ 322.461854][T12853] ? __pfx_ksys_unshare+0x10/0x10 [ 322.461882][T12853] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 322.461914][T12853] ? do_syscall_64+0x100/0x230 [ 322.461948][T12853] __x64_sys_unshare+0x38/0x40 [ 322.461977][T12853] do_syscall_64+0xf3/0x230 [ 322.462004][T12853] ? clear_bhb_loop+0x35/0x90 [ 322.462038][T12853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.462067][T12853] RIP: 0033:0x7fad1158d169 [ 322.462086][T12853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.462104][T12853] RSP: 002b:00007fad123da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 322.462126][T12853] RAX: ffffffffffffffda RBX: 00007fad117a5fa0 RCX: 00007fad1158d169 [ 322.462142][T12853] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000024020400 [ 322.462155][T12853] RBP: 00007fad123da090 R08: 0000000000000000 R09: 0000000000000000 [ 322.462168][T12853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 322.462180][T12853] R13: 0000000000000000 R14: 00007fad117a5fa0 R15: 00007fffbacb2878 [ 322.462213][T12853] [ 322.471422][T12846] bond11: (slave geneve2): Enslaving as an active interface with an up link [ 322.809047][T12864] bond15: (slave dummy0): Releasing active interface [ 322.962233][T12870] FAULT_INJECTION: forcing a failure. [ 322.962233][T12870] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 323.000764][T12870] CPU: 1 UID: 0 PID: 12870 Comm: syz.1.2163 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 323.000798][T12870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 323.000812][T12870] Call Trace: [ 323.000819][T12870] [ 323.000829][T12870] dump_stack_lvl+0x241/0x360 [ 323.000862][T12870] ? __pfx_dump_stack_lvl+0x10/0x10 [ 323.000886][T12870] ? __pfx__printk+0x10/0x10 [ 323.000914][T12870] ? snprintf+0xda/0x120 [ 323.000938][T12870] should_fail_ex+0x40a/0x550 [ 323.000976][T12870] _copy_to_user+0x31/0xb0 [ 323.001008][T12870] simple_read_from_buffer+0xca/0x150 [ 323.001041][T12870] proc_fail_nth_read+0x1e9/0x250 [ 323.001081][T12870] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 323.001116][T12870] ? rw_verify_area+0x243/0x630 [ 323.001139][T12870] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 323.001171][T12870] vfs_read+0x1f8/0xb40 [ 323.001195][T12870] ? fdget_pos+0x254/0x320 [ 323.001229][T12870] ? __pfx___mutex_lock+0x10/0x10 [ 323.001257][T12870] ? __pfx_vfs_read+0x10/0x10 [ 323.001284][T12870] ? __fget_files+0x2a/0x410 [ 323.001316][T12870] ? __fget_files+0x395/0x410 [ 323.001347][T12870] ? __fget_files+0x2a/0x410 [ 323.001388][T12870] ksys_read+0x18f/0x2b0 [ 323.001414][T12870] ? __pfx_ksys_read+0x10/0x10 [ 323.001438][T12870] ? do_syscall_64+0x100/0x230 [ 323.001470][T12870] ? do_syscall_64+0xb6/0x230 [ 323.001501][T12870] do_syscall_64+0xf3/0x230 [ 323.001528][T12870] ? clear_bhb_loop+0x35/0x90 [ 323.001561][T12870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.001590][T12870] RIP: 0033:0x7f8c1998bb7c [ 323.001608][T12870] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 323.001627][T12870] RSP: 002b:00007f8c1a868030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 323.001649][T12870] RAX: ffffffffffffffda RBX: 00007f8c19ba5fa0 RCX: 00007f8c1998bb7c [ 323.001664][T12870] RDX: 000000000000000f RSI: 00007f8c1a8680a0 RDI: 0000000000000005 [ 323.001678][T12870] RBP: 00007f8c1a868090 R08: 0000000000000000 R09: 0000000000000000 [ 323.001690][T12870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 323.001703][T12870] R13: 0000000000000000 R14: 00007f8c19ba5fa0 R15: 00007ffd9bd36918 [ 323.001735][T12870] [ 323.329838][T12877] team0: Device gtp0 is of different type [ 323.387471][T12881] __nla_validate_parse: 7 callbacks suppressed [ 323.387492][T12881] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2168'. [ 323.389380][T12882] sctp: [Deprecated]: syz.3.2166 (pid 12882) Use of int in max_burst socket option deprecated. [ 323.389380][T12882] Use struct sctp_assoc_value instead [ 323.421521][T12883] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2165'. [ 323.438772][T12885] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2167'. [ 323.496104][T12885] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 323.807831][T12896] RDS: rds_bind could not find a transport for fe88::5, load rds_tcp or rds_rdma? [ 323.930301][T12909] FAULT_INJECTION: forcing a failure. [ 323.930301][T12909] name failslab, interval 1, probability 0, space 0, times 0 [ 323.952247][T12909] CPU: 0 UID: 0 PID: 12909 Comm: syz.2.2176 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 323.952280][T12909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 323.952293][T12909] Call Trace: [ 323.952301][T12909] [ 323.952311][T12909] dump_stack_lvl+0x241/0x360 [ 323.952342][T12909] ? __pfx_dump_stack_lvl+0x10/0x10 [ 323.952366][T12909] ? __pfx__printk+0x10/0x10 [ 323.952390][T12909] ? __kmalloc_cache_node_noprof+0x47/0x3a0 [ 323.952423][T12909] ? __pfx___might_resched+0x10/0x10 [ 323.952457][T12909] should_fail_ex+0x40a/0x550 [ 323.952494][T12909] should_failslab+0xac/0x100 [ 323.952524][T12909] ? __get_vm_area_node+0x132/0x2d0 [ 323.952556][T12909] __kmalloc_cache_node_noprof+0x6f/0x3a0 [ 323.952594][T12909] __get_vm_area_node+0x132/0x2d0 [ 323.952631][T12909] __vmalloc_node_range_noprof+0x344/0x1380 [ 323.952654][T12909] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 323.952688][T12909] ? mark_lock+0x9a/0x360 [ 323.952732][T12909] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 323.952764][T12909] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 323.952794][T12909] __vmalloc_noprof+0x79/0x90 [ 323.952815][T12909] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 323.952848][T12909] bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 323.952878][T12909] ? bpf_prog_alloc+0x28/0x1b0 [ 323.952911][T12909] bpf_prog_alloc+0x3a/0x1b0 [ 323.952943][T12909] bpf_prog_load+0x7f4/0x20e0 [ 323.952989][T12909] ? __pfx_bpf_prog_load+0x10/0x10 [ 323.953020][T12909] ? __pfx___might_resched+0x10/0x10 [ 323.953063][T12909] ? __might_fault+0xaa/0x120 [ 323.953092][T12909] __sys_bpf+0x4ea/0x820 [ 323.953124][T12909] ? __pfx___sys_bpf+0x10/0x10 [ 323.953171][T12909] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 323.953212][T12909] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 323.953246][T12909] ? do_syscall_64+0x100/0x230 [ 323.953279][T12909] __x64_sys_bpf+0x7c/0x90 [ 323.953307][T12909] do_syscall_64+0xf3/0x230 [ 323.953334][T12909] ? clear_bhb_loop+0x35/0x90 [ 323.953367][T12909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.953396][T12909] RIP: 0033:0x7fca47d8d169 [ 323.953415][T12909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.953433][T12909] RSP: 002b:00007fca48c46038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 323.953457][T12909] RAX: ffffffffffffffda RBX: 00007fca47fa5fa0 RCX: 00007fca47d8d169 [ 323.953472][T12909] RDX: 0000000000000094 RSI: 0000400000000200 RDI: 0000000000000005 [ 323.953486][T12909] RBP: 00007fca48c46090 R08: 0000000000000000 R09: 0000000000000000 [ 323.953499][T12909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 323.953512][T12909] R13: 0000000000000000 R14: 00007fca47fa5fa0 R15: 00007ffd3d20bb48 [ 323.953543][T12909] [ 324.236608][T12909] syz.2.2176: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 324.324353][T12909] CPU: 1 UID: 0 PID: 12909 Comm: syz.2.2176 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 324.324383][T12909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 324.324397][T12909] Call Trace: [ 324.324404][T12909] [ 324.324413][T12909] dump_stack_lvl+0x241/0x360 [ 324.324445][T12909] ? __pfx_dump_stack_lvl+0x10/0x10 [ 324.324469][T12909] ? __pfx__printk+0x10/0x10 [ 324.324495][T12909] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 324.324524][T12909] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 324.324555][T12909] warn_alloc+0x278/0x410 [ 324.324583][T12909] ? __pfx_warn_alloc+0x10/0x10 [ 324.324602][T12909] ? __kasan_kmalloc+0x23/0xb0 [ 324.324628][T12909] ? __kmalloc_cache_node_noprof+0x25d/0x3a0 [ 324.324666][T12909] ? __get_vm_area_node+0x280/0x2d0 [ 324.324705][T12909] __vmalloc_node_range_noprof+0x369/0x1380 [ 324.324730][T12909] ? mark_lock+0x9a/0x360 [ 324.324774][T12909] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 324.324807][T12909] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 324.324841][T12909] __vmalloc_noprof+0x79/0x90 [ 324.324863][T12909] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 324.324895][T12909] bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 324.324933][T12909] ? bpf_prog_alloc+0x28/0x1b0 [ 324.324966][T12909] bpf_prog_alloc+0x3a/0x1b0 [ 324.324999][T12909] bpf_prog_load+0x7f4/0x20e0 [ 324.325046][T12909] ? __pfx_bpf_prog_load+0x10/0x10 [ 324.325077][T12909] ? __pfx___might_resched+0x10/0x10 [ 324.325120][T12909] ? __might_fault+0xaa/0x120 [ 324.325149][T12909] __sys_bpf+0x4ea/0x820 [ 324.325182][T12909] ? __pfx___sys_bpf+0x10/0x10 [ 324.325225][T12909] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 324.325260][T12909] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 324.325294][T12909] ? do_syscall_64+0x100/0x230 [ 324.325327][T12909] __x64_sys_bpf+0x7c/0x90 [ 324.325354][T12909] do_syscall_64+0xf3/0x230 [ 324.325381][T12909] ? clear_bhb_loop+0x35/0x90 [ 324.325415][T12909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.325443][T12909] RIP: 0033:0x7fca47d8d169 [ 324.325461][T12909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.325478][T12909] RSP: 002b:00007fca48c46038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 324.325501][T12909] RAX: ffffffffffffffda RBX: 00007fca47fa5fa0 RCX: 00007fca47d8d169 [ 324.325517][T12909] RDX: 0000000000000094 RSI: 0000400000000200 RDI: 0000000000000005 [ 324.325530][T12909] RBP: 00007fca48c46090 R08: 0000000000000000 R09: 0000000000000000 [ 324.325543][T12909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 324.325555][T12909] R13: 0000000000000000 R14: 00007fca47fa5fa0 R15: 00007ffd3d20bb48 [ 324.325586][T12909] [ 324.325657][T12909] Mem-Info: [ 324.331149][T12903] lo speed is unknown, defaulting to 1000 [ 324.343681][T12909] active_anon:4528 inactive_anon:0 isolated_anon:0 [ 324.343681][T12909] active_file:1979 inactive_file:38402 isolated_file:0 [ 324.343681][T12909] unevictable:768 dirty:276 writeback:0 [ 324.343681][T12909] slab_reclaimable:11370 slab_unreclaimable:112359 [ 324.343681][T12909] mapped:30041 shmem:2418 pagetables:741 [ 324.343681][T12909] sec_pagetables:0 bounce:0 [ 324.343681][T12909] kernel_misc_reclaimable:0 [ 324.343681][T12909] free:1328525 free_pcp:2883 free_cma:0 [ 324.681987][T12913] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2178'. [ 324.701518][ T30] audit: type=1804 audit(1742008400.916:2): pid=12915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2179" name="/newroot/422/cgroup.controllers" dev="tmpfs" ino=2161 res=1 errno=0 [ 324.726177][ T30] audit: type=1800 audit(1742008400.916:3): pid=12915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2179" name="cgroup.controllers" dev="tmpfs" ino=2161 res=0 errno=0 [ 324.733533][T12909] Node 0 active_anon:18284kB inactive_anon:0kB active_file:7916kB inactive_file:153532kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120184kB dirty:1276kB writeback:0kB shmem:8228kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13268kB pagetables:3080kB sec_pagetables:0kB all_unreclaimable? no [ 324.748023][ T30] audit: type=1804 audit(1742008400.916:4): pid=12915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2179" name="/newroot/422/cgroup.controllers" dev="tmpfs" ino=2161 res=1 errno=0 [ 324.803296][ T30] audit: type=1804 audit(1742008400.916:5): pid=12915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2179" name="/newroot/422/cgroup.controllers" dev="tmpfs" ino=2161 res=1 errno=0 [ 324.839936][T12909] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 324.899256][T12919] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2178'. [ 324.908749][T12919] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2178'. [ 324.925989][T12919] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2178'. [ 324.943325][T12909] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 324.986145][T12909] lowmem_reserve[]: 0 2489 2490 2490 2490 [ 324.992116][T12909] Node 0 DMA32 free:1389432kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:18344kB inactive_anon:0kB active_file:7916kB inactive_file:153216kB unevictable:1536kB writepending:1276kB present:3129332kB managed:2549716kB mlocked:0kB bounce:0kB free_pcp:11560kB local_pcp:10320kB free_cma:0kB [ 325.029268][T12909] lowmem_reserve[]: 0 0 0 0 0 [ 325.039045][T12909] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:316kB unevictable:0kB writepending:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 325.071632][T12923] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2181'. [ 325.082297][T12909] lowmem_reserve[]: 0 0 0 0 0 [ 325.138819][T12923] dummy0: entered promiscuous mode [ 325.157719][T12909] Node 1 Normal free:3906436kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 325.158491][T12923] dummy0: left promiscuous mode [ 325.209414][T12909] lowmem_reserve[]: 0 0 0 0 0 [ 325.243343][T12909] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 325.281484][T12909] Node 0 DMA32: 751*4kB (UM) 811*8kB (UME) 368*16kB (UME) 272*32kB (UME) 96*64kB (UME) 44*128kB (UME) 22*256kB (ME) 7*512kB (UM) 10*1024kB (UM) 3*2048kB (UME) 327*4096kB (UM) = 1400852kB [ 325.302550][T12909] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 325.314955][T12909] Node 1 Normal: 233*4kB (UME) 58*8kB (UME) 45*16kB (UME) 228*32kB (UME) 95*64kB (UME) 38*128kB (UME) 8*256kB (UM) 10*512kB (UME) 6*1024kB (UME) 3*2048kB (UE) 944*4096kB (M) = 3906436kB [ 325.344365][T12909] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 325.355705][T12909] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 325.367894][T12909] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 325.422000][T12909] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 325.432614][T12909] 41808 total pagecache pages [ 325.437474][T12909] 0 pages in swap cache [ 325.441658][T12909] Free swap = 124996kB [ 325.446877][T12909] Total swap = 124996kB [ 325.451073][T12909] 2097051 pages RAM [ 325.455111][T12937] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2184'. [ 325.470942][T12909] 0 pages HighMem/MovableOnly [ 325.476916][T12909] 427900 pages reserved [ 325.481183][T12909] 0 pages cma reserved [ 325.770712][T12943] FAULT_INJECTION: forcing a failure. [ 325.770712][T12943] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 325.821570][T12950] xt_hashlimit: Unknown mode mask F003, kernel too old? [ 325.860428][T12951] sctp: [Deprecated]: syz.2.2188 (pid 12951) Use of int in max_burst socket option deprecated. [ 325.860428][T12951] Use struct sctp_assoc_value instead [ 325.881997][T12948] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2189'. [ 325.891527][T12943] CPU: 1 UID: 0 PID: 12943 Comm: syz.4.2187 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 325.891557][T12943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 325.891569][T12943] Call Trace: [ 325.891578][T12943] [ 325.891586][T12943] dump_stack_lvl+0x241/0x360 [ 325.891622][T12943] ? __pfx_dump_stack_lvl+0x10/0x10 [ 325.891646][T12943] ? __pfx__printk+0x10/0x10 [ 325.891668][T12943] ? __pfx_lock_release+0x10/0x10 [ 325.891709][T12943] should_fail_ex+0x40a/0x550 [ 325.891747][T12943] _copy_from_user+0x2d/0xb0 [ 325.891776][T12943] copy_msghdr_from_user+0xae/0x680 [ 325.891806][T12943] ? __pfx___might_resched+0x10/0x10 [ 325.891837][T12943] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 325.891873][T12943] ? do_recvmmsg+0x44e/0xab0 [ 325.891898][T12943] ? __might_fault+0xaa/0x120 [ 325.891924][T12943] do_recvmmsg+0x3bd/0xab0 [ 325.891962][T12943] ? __pfx_do_recvmmsg+0x10/0x10 [ 325.892008][T12943] ? ksys_write+0x22a/0x2b0 [ 325.892039][T12943] ? __pfx_lock_release+0x10/0x10 [ 325.892075][T12943] ? sb_end_write+0xe9/0x1c0 [ 325.892107][T12943] ? vfs_write+0x7fa/0xd10 [ 325.892133][T12943] ? __mutex_unlock_slowpath+0x227/0x800 [ 325.892171][T12943] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 325.892198][T12943] ? __fget_files+0x2a/0x410 [ 325.892245][T12943] __x64_sys_recvmmsg+0x199/0x250 [ 325.892274][T12943] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 325.892303][T12943] ? do_syscall_64+0x100/0x230 [ 325.892334][T12943] ? do_syscall_64+0xb6/0x230 [ 325.892364][T12943] do_syscall_64+0xf3/0x230 [ 325.892390][T12943] ? clear_bhb_loop+0x35/0x90 [ 325.892424][T12943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.892452][T12943] RIP: 0033:0x7f4c96b8d169 [ 325.892470][T12943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 325.892487][T12943] RSP: 002b:00007f4c9794f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 325.892509][T12943] RAX: ffffffffffffffda RBX: 00007f4c96da5fa0 RCX: 00007f4c96b8d169 [ 325.892525][T12943] RDX: 000000000000f000 RSI: 0000400000000d00 RDI: 0000000000000003 [ 325.892538][T12943] RBP: 00007f4c9794f090 R08: 0000000000000000 R09: 0000000000000000 [ 325.892551][T12943] R10: 0000000000010002 R11: 0000000000000246 R12: 0000000000000002 [ 325.892563][T12943] R13: 0000000000000000 R14: 00007f4c96da5fa0 R15: 00007ffee3a40e38 [ 325.892594][T12943] [ 326.139670][T12945] team0: Port device gtp1 added [ 326.285175][T12956] netlink: 'syz.1.2192': attribute type 1 has an invalid length. [ 326.390999][T12956] 8021q: adding VLAN 0 to HW filter on device bond9 [ 326.509628][T12965] bond9: (slave veth15): Enslaving as an active interface with a down link [ 326.545930][T12971] dummy0: entered promiscuous mode [ 326.567004][T12971] dummy0: left promiscuous mode [ 326.869311][T12982] netlink: 'syz.1.2199': attribute type 8 has an invalid length. [ 327.237971][T13007] xt_CT: You must specify a L4 protocol and not use inversions on it [ 327.344371][T13009] netlink: 'syz.3.2209': attribute type 1 has an invalid length. [ 329.583968][T13030] team0: entered allmulticast mode [ 329.599650][T13030] gtp0: entered allmulticast mode [ 329.614359][T13030] gtp1: entered allmulticast mode [ 329.636120][T13030] 8021q: adding VLAN 0 to HW filter on device team0 [ 329.716569][T13043] __nla_validate_parse: 6 callbacks suppressed [ 329.716593][T13043] netlink: 596 bytes leftover after parsing attributes in process `syz.4.2221'. [ 329.837693][T13049] netlink: 'syz.0.2225': attribute type 8 has an invalid length. [ 329.890254][T13053] netlink: 'syz.3.2222': attribute type 1 has an invalid length. [ 329.910986][T13045] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2223'. [ 329.978085][T13053] 8021q: adding VLAN 0 to HW filter on device bond19 [ 330.124893][T13064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2227'. [ 330.133831][T13064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2227'. [ 330.143117][T13064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2227'. [ 330.165536][T13064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2227'. [ 330.187822][T13064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2227'. [ 332.030755][T13057] bond19: (slave veth23): Enslaving as an active interface with a down link [ 332.099768][T13068] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 332.502078][T13084] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2237'. [ 332.670675][T13094] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2239'. [ 333.240010][T13123] xt_CT: You must specify a L4 protocol and not use inversions on it [ 333.363592][T13125] team0: Device gtp0 is of different type [ 333.444645][T13130] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2253'. [ 333.468579][T13133] sctp: [Deprecated]: syz.3.2252 (pid 13133) Use of int in max_burst socket option deprecated. [ 333.468579][T13133] Use struct sctp_assoc_value instead [ 333.701779][T13136] ================================================================== [ 333.709919][T13136] BUG: KASAN: slab-use-after-free in qdisc_create+0x1162/0x12b0 [ 333.717605][T13136] Read of size 1 at addr ffff88802a356cbd by task syz.4.2253/13136 [ 333.725528][T13136] [ 333.727878][T13136] CPU: 0 UID: 0 PID: 13136 Comm: syz.4.2253 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 333.727907][T13136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 333.727922][T13136] Call Trace: [ 333.727930][T13136] [ 333.727939][T13136] dump_stack_lvl+0x241/0x360 [ 333.727970][T13136] ? __pfx_dump_stack_lvl+0x10/0x10 [ 333.727993][T13136] ? __pfx__printk+0x10/0x10 [ 333.728016][T13136] ? _printk+0xd5/0x120 [ 333.728036][T13136] ? __virt_addr_valid+0x183/0x530 [ 333.728057][T13136] ? __virt_addr_valid+0x183/0x530 [ 333.728078][T13136] print_report+0x16e/0x5b0 [ 333.728106][T13136] ? __virt_addr_valid+0x183/0x530 [ 333.728126][T13136] ? __virt_addr_valid+0x183/0x530 [ 333.728145][T13136] ? __virt_addr_valid+0x45f/0x530 [ 333.728171][T13136] ? __phys_addr+0xba/0x170 [ 333.728191][T13136] ? qdisc_create+0x1162/0x12b0 [ 333.728219][T13136] kasan_report+0x143/0x180 [ 333.728248][T13136] ? qdisc_create+0x1162/0x12b0 [ 333.728278][T13136] qdisc_create+0x1162/0x12b0 [ 333.728310][T13136] ? __pfx_qdisc_create+0x10/0x10 [ 333.728343][T13136] tc_modify_qdisc+0x17ce/0x2420 [ 333.728383][T13136] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 333.728407][T13136] ? __mutex_lock+0xba3/0x1010 [ 333.728433][T13136] ? __mutex_lock+0x602/0x1010 [ 333.728473][T13136] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 333.728498][T13136] rtnetlink_rcv_msg+0x73f/0xcf0 [ 333.728528][T13136] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 333.728562][T13136] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 333.728598][T13136] ? ref_tracker_free+0x643/0x7e0 [ 333.728623][T13136] netlink_rcv_skb+0x206/0x480 [ 333.728655][T13136] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 333.728690][T13136] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 333.728734][T13136] ? netlink_deliver_tap+0x2e/0x1b0 [ 333.728767][T13136] netlink_unicast+0x7f6/0x990 [ 333.728800][T13136] ? __pfx_netlink_unicast+0x10/0x10 [ 333.728827][T13136] ? __virt_addr_valid+0x45f/0x530 [ 333.728848][T13136] ? __phys_addr_symbol+0x2f/0x70 [ 333.728868][T13136] ? __check_object_size+0x47a/0x730 [ 333.728900][T13136] netlink_sendmsg+0x8de/0xcb0 [ 333.728938][T13136] ? __pfx_netlink_sendmsg+0x10/0x10 [ 333.728973][T13136] ? aa_sock_msg_perm+0x91/0x160 [ 333.729009][T13136] ? __pfx_netlink_sendmsg+0x10/0x10 [ 333.729041][T13136] __sock_sendmsg+0x221/0x270 [ 333.729074][T13136] ____sys_sendmsg+0x53a/0x860 [ 333.729103][T13136] ? __pfx_____sys_sendmsg+0x10/0x10 [ 333.729127][T13136] ? __fget_files+0x2a/0x410 [ 333.729170][T13136] ? __fget_files+0x2a/0x410 [ 333.729207][T13136] __sys_sendmsg+0x269/0x350 [ 333.729230][T13136] ? vma_end_read+0x18/0x170 [ 333.729260][T13136] ? __pfx___sys_sendmsg+0x10/0x10 [ 333.729301][T13136] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 333.729339][T13136] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 333.729373][T13136] ? exc_page_fault+0x590/0x8b0 [ 333.729399][T13136] ? do_syscall_64+0xb6/0x230 [ 333.729428][T13136] do_syscall_64+0xf3/0x230 [ 333.729455][T13136] ? clear_bhb_loop+0x35/0x90 [ 333.729488][T13136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.729518][T13136] RIP: 0033:0x7f4c96b8d169 [ 333.729536][T13136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 333.729555][T13136] RSP: 002b:00007f4c9792e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 333.729577][T13136] RAX: ffffffffffffffda RBX: 00007f4c96da6080 RCX: 00007f4c96b8d169 [ 333.729592][T13136] RDX: 0000000004000810 RSI: 00004000000001c0 RDI: 0000000000000005 [ 333.729606][T13136] RBP: 00007f4c96c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 333.729619][T13136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 333.729631][T13136] R13: 0000000000000001 R14: 00007f4c96da6080 R15: 00007ffee3a40e38 [ 333.729655][T13136] [ 333.729663][T13136] [ 334.097851][T13136] Allocated by task 13130: [ 334.102275][T13136] kasan_save_track+0x3f/0x80 [ 334.106972][T13136] __kasan_kmalloc+0x98/0xb0 [ 334.111570][T13136] __kmalloc_node_noprof+0x290/0x4d0 [ 334.116895][T13136] __kvmalloc_node_noprof+0x72/0x190 [ 334.122221][T13136] alloc_netdev_mqs+0xa4/0x1210 [ 334.127094][T13136] rtnl_create_link+0x2f9/0xc90 [ 334.131970][T13136] rtnl_newlink_create+0x2e1/0xbd0 [ 334.137092][T13136] rtnl_newlink+0x167a/0x1d90 [ 334.141791][T13136] rtnetlink_rcv_msg+0x791/0xcf0 [ 334.146744][T13136] netlink_rcv_skb+0x206/0x480 [ 334.151525][T13136] netlink_unicast+0x7f6/0x990 [ 334.156304][T13136] netlink_sendmsg+0x8de/0xcb0 [ 334.161082][T13136] __sock_sendmsg+0x221/0x270 [ 334.165771][T13136] ____sys_sendmsg+0x53a/0x860 [ 334.170540][T13136] __sys_sendmsg+0x269/0x350 [ 334.175150][T13136] do_syscall_64+0xf3/0x230 [ 334.179678][T13136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.185582][T13136] [ 334.187908][T13136] Freed by task 13130: [ 334.191972][T13136] kasan_save_track+0x3f/0x80 [ 334.196662][T13136] kasan_save_free_info+0x40/0x50 [ 334.201696][T13136] __kasan_slab_free+0x59/0x70 [ 334.206471][T13136] kfree+0x196/0x430 [ 334.210377][T13136] device_release+0x99/0x1c0 [ 334.214977][T13136] kobject_put+0x22f/0x480 [ 334.219404][T13136] netdev_run_todo+0xd9d/0xf30 [ 334.224177][T13136] rtnl_dellink+0x761/0x8c0 [ 334.228711][T13136] rtnetlink_rcv_msg+0x791/0xcf0 [ 334.233662][T13136] netlink_rcv_skb+0x206/0x480 [ 334.238435][T13136] netlink_unicast+0x7f6/0x990 [ 334.243209][T13136] netlink_sendmsg+0x8de/0xcb0 [ 334.247984][T13136] __sock_sendmsg+0x221/0x270 [ 334.252668][T13136] ____sys_sendmsg+0x53a/0x860 [ 334.257438][T13136] __sys_sendmsg+0x269/0x350 [ 334.262035][T13136] do_syscall_64+0xf3/0x230 [ 334.266544][T13136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.272448][T13136] [ 334.274775][T13136] The buggy address belongs to the object at ffff88802a356000 [ 334.274775][T13136] which belongs to the cache kmalloc-cg-4k of size 4096 [ 334.289096][T13136] The buggy address is located 3261 bytes inside of [ 334.289096][T13136] freed 4096-byte region [ffff88802a356000, ffff88802a357000) [ 334.303078][T13136] [ 334.305407][T13136] The buggy address belongs to the physical page: [ 334.311902][T13136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a350 [ 334.320668][T13136] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 334.329166][T13136] memcg:ffff88802f38b701 [ 334.333409][T13136] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 334.341393][T13136] page_type: f5(slab) [ 334.345382][T13136] raw: 00fff00000000040 ffff88801b04f500 0000000000000000 dead000000000001 [ 334.353978][T13136] raw: 0000000000000000 0000000000040004 00000000f5000000 ffff88802f38b701 [ 334.362564][T13136] head: 00fff00000000040 ffff88801b04f500 0000000000000000 dead000000000001 [ 334.371248][T13136] head: 0000000000000000 0000000000040004 00000000f5000000 ffff88802f38b701 [ 334.379925][T13136] head: 00fff00000000003 ffffea0000a8d401 ffffffffffffffff 0000000000000000 [ 334.388861][T13136] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 334.397535][T13136] page dumped because: kasan: bad access detected [ 334.403958][T13136] page_owner tracks the page as allocated [ 334.409758][T13136] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5210, tgid 5210 (udevd), ts 44943638258, free_ts 44936725317 [ 334.430527][T13136] post_alloc_hook+0x1f4/0x240 [ 334.435311][T13136] get_page_from_freelist+0x365c/0x37a0 [ 334.440865][T13136] __alloc_frozen_pages_noprof+0x292/0x710 [ 334.446764][T13136] alloc_pages_mpol+0x311/0x660 [ 334.451622][T13136] allocate_slab+0x8f/0x3a0 [ 334.456132][T13136] ___slab_alloc+0xc27/0x14a0 [ 334.460812][T13136] __slab_alloc+0x58/0xa0 [ 334.465147][T13136] __kmalloc_node_noprof+0x2ee/0x4d0 [ 334.470444][T13136] __kvmalloc_node_noprof+0x72/0x190 [ 334.475746][T13136] seq_read_iter+0x20c/0xd70 [ 334.480348][T13136] vfs_read+0x975/0xb40 [ 334.484514][T13136] ksys_read+0x18f/0x2b0 [ 334.488761][T13136] do_syscall_64+0xf3/0x230 [ 334.493276][T13136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.499182][T13136] page last free pid 5210 tgid 5210 stack trace: [ 334.505518][T13136] free_frozen_pages+0xe0d/0x10e0 [ 334.510555][T13136] __put_partials+0x160/0x1c0 [ 334.515238][T13136] put_cpu_partial+0x17c/0x250 [ 334.520007][T13136] __slab_free+0x290/0x380 [ 334.524433][T13136] qlist_free_all+0x9a/0x140 [ 334.529030][T13136] kasan_quarantine_reduce+0x14f/0x170 [ 334.534504][T13136] __kasan_slab_alloc+0x23/0x80 [ 334.539363][T13136] kmem_cache_alloc_noprof+0x1d9/0x380 [ 334.544835][T13136] getname_flags+0xb7/0x540 [ 334.549353][T13136] do_sys_openat2+0xd2/0x1d0 [ 334.553956][T13136] __x64_sys_openat+0x247/0x2a0 [ 334.558827][T13136] do_syscall_64+0xf3/0x230 [ 334.563343][T13136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.569249][T13136] [ 334.571574][T13136] Memory state around the buggy address: [ 334.577206][T13136] ffff88802a356b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 334.585302][T13136] ffff88802a356c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 334.593369][T13136] >ffff88802a356c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 334.601435][T13136] ^ [ 334.607351][T13136] ffff88802a356d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 334.615416][T13136] ffff88802a356d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 334.623477][T13136] ================================================================== [ 334.686890][T13136] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 334.694148][T13136] CPU: 1 UID: 0 PID: 13136 Comm: syz.4.2253 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 334.704939][T13136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 334.715022][T13136] Call Trace: [ 334.718320][T13136] [ 334.721271][T13136] dump_stack_lvl+0x241/0x360 [ 334.725984][T13136] ? __pfx_dump_stack_lvl+0x10/0x10 [ 334.731211][T13136] ? __pfx__printk+0x10/0x10 [ 334.735828][T13136] ? preempt_schedule+0xe1/0xf0 [ 334.740705][T13136] ? vscnprintf+0x5d/0x90 [ 334.745062][T13136] panic+0x349/0x880 [ 334.748988][T13136] ? check_panic_on_warn+0x21/0xb0 [ 334.754136][T13136] ? __pfx_panic+0x10/0x10 [ 334.758595][T13136] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 334.764622][T13136] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 334.770979][T13136] ? print_report+0x519/0x5b0 [ 334.775698][T13136] check_panic_on_warn+0x86/0xb0 [ 334.780676][T13136] ? qdisc_create+0x1162/0x12b0 [ 334.785576][T13136] end_report+0x77/0x160 [ 334.789849][T13136] kasan_report+0x154/0x180 [ 334.794388][T13136] ? qdisc_create+0x1162/0x12b0 [ 334.799273][T13136] qdisc_create+0x1162/0x12b0 [ 334.803987][T13136] ? __pfx_qdisc_create+0x10/0x10 [ 334.809052][T13136] tc_modify_qdisc+0x17ce/0x2420 [ 334.814040][T13136] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 334.819356][T13136] ? __mutex_lock+0xba3/0x1010 [ 334.824149][T13136] ? __mutex_lock+0x602/0x1010 [ 334.828961][T13136] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 334.834275][T13136] rtnetlink_rcv_msg+0x73f/0xcf0 [ 334.839253][T13136] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 334.844413][T13136] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 334.849909][T13136] ? ref_tracker_free+0x643/0x7e0 [ 334.854961][T13136] netlink_rcv_skb+0x206/0x480 [ 334.859768][T13136] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 334.865269][T13136] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 334.870608][T13136] ? netlink_deliver_tap+0x2e/0x1b0 [ 334.875843][T13136] netlink_unicast+0x7f6/0x990 [ 334.880645][T13136] ? __pfx_netlink_unicast+0x10/0x10 [ 334.885971][T13136] ? __virt_addr_valid+0x45f/0x530 [ 334.891115][T13136] ? __phys_addr_symbol+0x2f/0x70 [ 334.896174][T13136] ? __check_object_size+0x47a/0x730 [ 334.901510][T13136] netlink_sendmsg+0x8de/0xcb0 [ 334.906326][T13136] ? __pfx_netlink_sendmsg+0x10/0x10 [ 334.911654][T13136] ? aa_sock_msg_perm+0x91/0x160 [ 334.916638][T13136] ? __pfx_netlink_sendmsg+0x10/0x10 [ 334.921969][T13136] __sock_sendmsg+0x221/0x270 [ 334.926693][T13136] ____sys_sendmsg+0x53a/0x860 [ 334.931503][T13136] ? __pfx_____sys_sendmsg+0x10/0x10 [ 334.936816][T13136] ? __fget_files+0x2a/0x410 [ 334.941477][T13136] ? __fget_files+0x2a/0x410 [ 334.946109][T13136] __sys_sendmsg+0x269/0x350 [ 334.950737][T13136] ? vma_end_read+0x18/0x170 [ 334.955368][T13136] ? __pfx___sys_sendmsg+0x10/0x10 [ 334.960532][T13136] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 334.966555][T13136] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 334.972946][T13136] ? exc_page_fault+0x590/0x8b0 [ 334.977844][T13136] ? do_syscall_64+0xb6/0x230 [ 334.982560][T13136] do_syscall_64+0xf3/0x230 [ 334.987098][T13136] ? clear_bhb_loop+0x35/0x90 [ 334.991813][T13136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.997750][T13136] RIP: 0033:0x7f4c96b8d169 [ 335.002200][T13136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.021845][T13136] RSP: 002b:00007f4c9792e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 335.030305][T13136] RAX: ffffffffffffffda RBX: 00007f4c96da6080 RCX: 00007f4c96b8d169 [ 335.038308][T13136] RDX: 0000000004000810 RSI: 00004000000001c0 RDI: 0000000000000005 [ 335.046308][T13136] RBP: 00007f4c96c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 335.054312][T13136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 335.062304][T13136] R13: 0000000000000001 R14: 00007f4c96da6080 R15: 00007ffee3a40e38 [ 335.070299][T13136] [ 335.073673][T13136] Kernel Offset: disabled [ 335.078000][T13136] Rebooting in 86400 seconds..