last executing test programs: 5.350204242s ago: executing program 4 (id=2013): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x12012, r0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x5, &(0x7f00000001c0)=@framed={{}, [@ldst={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a7fbb}, @ldst={0x6, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe, 0xa000000}]}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xf4240, &(0x7f0000000100)=""/147, 0xa00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 5.056124249s ago: executing program 4 (id=2018): r0 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="03800000ffef0000240012800c0001006d6163766c616e00140002800800390008000000200002000100000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x54}}, 0x0) 4.73860219s ago: executing program 4 (id=2024): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000040)={@empty, @empty, 0x0, "ffff01e03d66a89131fda05322cb0c9c924a0000000000000000000000000001", 0xfffffffc, 0xffffffff, 0x6}, 0x3c) 4.581305522s ago: executing program 4 (id=2026): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000980), r3) sendmsg$NLBL_UNLABEL_C_STATICADD(r3, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000300)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="db1a0000000000000000030000002c00070073797374656d5f753a6f626a65637457723a696e6574645f6368696c645f657865635f743a7330001400060076657468305f746f5f7465616d00000005000400ac1e00fe040005"], 0x64}}, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), r3) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000340)={'wpan1\x00', 0x0}) r10 = syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), r7) sendmsg$NL802154_CMD_DEL_SEC_DEV(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="01002cbd7000ffdbdf251b00000008000300", @ANYRES32=r9, @ANYBLOB="10002e"], 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x800) sendmsg$NL802154_CMD_DEL_SEC_KEY(r5, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x1c, r6, 0x300, 0x70bd2d, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x40081) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x10, {{@in=@multicast1, @in=@remote, 0x0, 0x0, 0xffff, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {0x1, 0x0, 0x80}}}, 0xb8}}, 0x0) 4.191724317s ago: executing program 4 (id=2034): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x1, 0x8, 0x4, 0x20021, 0xc1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000940)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000002"], 0x310) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/237, 0xe}], 0x4) r2 = socket$igmp6(0xa, 0x3, 0x2) r3 = socket(0x10, 0x3, 0x0) r4 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet6_buf(r4, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0db6e3845", 0x118) setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f0000000000), 0x8) connect$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e23, 0xd5, @local, 0x5}, 0x1c) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f00000001c0)={0x5813, 0x0, 0x0, 0x1}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_int(r5, &(0x7f0000000100)='hugetlb.2MB.rsvd.failcnt\x00', 0x2, 0x0) r7 = openat$cgroup_int(r5, &(0x7f0000000080)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0) sendfile(r7, r6, 0x0, 0x3) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000101e008d2a2abd7000fbdbdf250a003800b7daa93d1471273550d068118c097cd74e6b872f9c79b113c5e4b60e176502dd60369b4459", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x1c}}, 0x0) connect$pppoe(r3, &(0x7f0000000000)={0x18, 0x0, {0x4, @remote, 'veth0_virt_wifi\x00'}}, 0x1e) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=@newsa={0x144, 0x10, 0x713, 0x0, 0x0, {{@in6=@remote, @in=@dev={0xac, 0x14, 0x14, 0x10}, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x3b}, {@in6=@private2={0xfc, 0x2, '\x00', 0x41}, 0x2, 0x32}, @in6=@remote, {0x7, 0x0, 0xfffffffffffeffff, 0x0, 0x4, 0x6, 0x9}, {0xfffffffffffff461, 0x0, 0x0, 0x10000}, {0x3, 0x2}, 0x70bd2a, 0x0, 0x2, 0x0, 0x0, 0x30}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @mark={0xc, 0x15, {0x35075a, 0x4}}]}, 0x144}, 0x1, 0x0, 0x0, 0x24000010}, 0x800) socket$unix(0x1, 0x2, 0x0) sendmsg$nl_xfrm(r8, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[], 0x34c}, 0x1, 0xf0}, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) r9 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r9, 0x29, 0x20, &(0x7f0000000100)={@loopback={0x66, 0x7ffffffff000}, 0x800, 0x0, 0x2, 0x0, 0x0, 0x6}, 0x20) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @remote}) 3.148423179s ago: executing program 4 (id=2048): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) pwritev(r1, &(0x7f0000000100)=[{&(0x7f0000000000)="8e", 0x1}], 0x1, 0x8001, 0x80) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="180000002e00010000000000fcdbdf2508006d00", @ANYRES32=0x0, @ANYBLOB="dd3810f8672a19bdaa3503063fe06c9a0dc517987224a8ef8113d1e2a19913144a78852e49b8fc41d752c6035cab59c13e22384a99ea7bb12f29167758526d8c6dec79c05a6148630939f41680479b4cc24b2ee6d0f4adb5b2eb1074b83a68df9200fe0fac38"], 0x18}], 0x1, 0x0, 0x0, 0x1}, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00'}) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) unshare(0x10000c00) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x40050) socket$inet_smc(0x2b, 0x1, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r5 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) recvmmsg(r5, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r9, 0x0, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r10, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="4000000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000010240000180012800e0001007769726567756172640000000400028008000a00", @ANYRES32=r10], 0x40}}, 0x4000) sendmsg$DCCPDIAG_GETSOCK(r6, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYRES32=r10, @ANYBLOB="0400000008000000090080000800000004000100"], 0x50}, 0x1, 0x0, 0x0, 0x10}, 0xc855) 2.211168763s ago: executing program 3 (id=2056): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000002140)=@base={0x5, 0x4, 0x2, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000007290000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) setsockopt$inet6_int(r2, 0x29, 0x33, &(0x7f0000000000)=0x7, 0x4) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$gtp(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$GTP_CMD_NEWPDP(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x30, r8, 0x1, 0x0, 0x0, {}, [@GTPA_LINK={0x8}, @GTPA_TID={0xc}, @GTPA_VERSION={0x8}]}, 0x30}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r9, @ANYBLOB="08000500060000000c001780040007"], 0x30}}, 0x0) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000030000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0) 1.87113661s ago: executing program 3 (id=2059): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_smc(0x2b, 0x1, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) socket$inet_tcp(0x2, 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x3, 0xff) socket$netlink(0x10, 0x3, 0x0) socket(0x1d, 0x2, 0x6) socket$inet6_sctp(0xa, 0x801, 0x84) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$llc(0x1a, 0x1, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305003a00000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0) 1.403721377s ago: executing program 3 (id=2066): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x4, 0xffff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x9, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x2, r1, 0x4}, 0x38) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f00000004c0)={'filter\x00', 0xb001, 0x4, 0x3c8, 0x0, 0x0, 0xe8, 0x2e0, 0x2e0, 0x2e0, 0x7fffffe, 0x0, {[{{@arp={@remote, @broadcast, 0xff, 0xff000000, 0xb, 0x10, {@empty, {[0x7f, 0x0, 0x0, 0xff, 0xff]}}, {@mac=@multicast, {[0x0, 0x0, 0x0, 0xff]}}, 0x7fff, 0x4, 0x3, 0x400, 0x1, 0x8, 'caif0\x00', 'erspan0\x00', {0x7f}, {}, 0x0, 0x4}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x6}}}, {{@uncond, 0xc0, 0x110, 0x0, {0x0, 0x1e03}}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @loopback, @multicast2, 0x4, 0xffffffff}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x7d22, 0x5, 0x3}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) r4 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet(r4, &(0x7f0000000940)=[{{&(0x7f0000000000)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000380)=[{0x0}], 0x1}}], 0x1, 0x46054) setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f0000000100)={0x1}, 0x8) close(r4) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000000)={0x0, @local, @initdev}, &(0x7f0000000040)=0xc) r5 = epoll_create(0x3ff) r6 = socket$kcm(0xa, 0x5, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@cgroup, 0xffffffffffffffff, 0xa, 0x1, 0x0, @void, @value}, 0x20) ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x890b, &(0x7f0000000000)) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r7, 0x800452d3, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x890c, 0x0) r8 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r8, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r8, &(0x7f0000000280)={0x20002000}) sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@ipv4_newnexthop={0x30, 0x68, 0x1, 0x70bd27, 0x25dfdbfb, {0x2, 0x0, 0x2}, [@NHA_GATEWAY={0x14, 0x6, @in6_addr=@private0}, @NHA_FDB={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x4097}, 0x804) 1.26767244s ago: executing program 2 (id=2068): r0 = socket$inet(0x2, 0x80001, 0x84) r1 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0xce20, @local}, 0x10) listen(r1, 0x3) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0xce20, @loopback}, 0x10) listen(r0, 0x3) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r2) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r2, &(0x7f0000001940)=[{{0x0, 0x0, 0x0}, 0xfffffff8}, {{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000840)=""/235, 0xeb}, {&(0x7f00000006c0)=""/231, 0xe7}, {&(0x7f0000000440)=""/71, 0x47}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f00000004c0)=""/189, 0xbd}, {&(0x7f0000004300)=""/49, 0x31}], 0x6}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x10000}], 0x4, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000480), r4) sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="07022cbd700000000000010000000800080586a739802c0004800500030001000000050003000000000200000300010000000500030000000000050003000200000008000100030000000800020001000000"], 0x58}}, 0x880) r6 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$NET_DM_CMD_START(r4, &(0x7f0000000600)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, r6, 0x400, 0x70bd29, 0x25dfdbfe, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x20000004) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4) r7 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@generic={&(0x7f00000002c0)='./file0\x00', 0x0, 0x10}, 0x18) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYRES32], 0x38}}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), 0xffffffffffffffff) poll(&(0x7f0000000340)=[{r3, 0x10}, {r3, 0x23}, {r3, 0x1020}, {r7, 0x4}, {r3}, {r3, 0x81}, {r3, 0x4000}], 0x7, 0x1) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0x5, &(0x7f0000000040)=0x9, 0x4) sendmsg$netlink(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000002d00210000000000000000000400"], 0x1c}], 0x1}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) 1.181875392s ago: executing program 3 (id=2071): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$inet_icmp(0x2, 0x2, 0x1) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={0x0}}, 0x4000080) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000140)) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x6, &(0x7f0000000b80)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce935b0f327cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1525320e716660000000000b02b001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1c77a211bfa02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0843b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r3, &(0x7f0000000000)={0xa, 0x0, 0x6, @local, 0x3643}, 0x20) socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f00000001c0)) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_pid(r4, &(0x7f0000000000), 0xffffff98) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) getsockopt$IP_VS_SO_GET_VERSION(r5, 0x0, 0x480, &(0x7f0000000000), 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES64=r5], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000001800010000000000000000000200000000000006000000000c00090008000000", @ANYRES32, @ANYBLOB="08000400", @ANYBLOB='\b\x00'], 0x38}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x17, 0x66, &(0x7f0000000c00)=ANY=[@ANYBLOB="b4000000020000006600000000000000730123000000000095000000000000004bb5eea0a6ec9fcd4b0a008a8443f22702000000e63bde9e4a0587536a966992ae7011d6e6c03175717e9912e0dd1a59541f7cbb1548ee5bd627f5b0b8ec77bd6d5f7b543f9aafaabe53339b12fbbe7decc4aa61b8aad0359083bdd61543fbeee8d560bb4b5925fae801f4c91e31674b124a1b38000000bc4da4a9b3d5cc9e0000f6a7a729009973ff07000000000000ac79e5d84abbec7d96629490727375b853f6308a980fba61fbe0131f3c7a026d8f000008000000000000000b20d7ac2df89d7989bf53bec908213d396edf24e9fc3cc004a1097fddc65c1b1b328277ff85ed56b9261eb7bcee28ec2d3616689ab3f31f849eebce6f21e6302003c0467844e000000000db0700bd694a09b253a1c6c7c138b3ec6ee9b83edcc55d3403acd5c50e2740a7ab7069790da79b7ab45184caffff00009bab066bf7a4ab148d44c7e2e4d219cdd7ebeb51511d9df85a648b1b85f93cb6cd21f93d5ea3da2b31657c065d052d9b9ee00320def97ebac25b929b3c15e33be6e7d54e622b427ee8d181d2f18d772fb5c58a936620ba1f5fbb48703ab211f442697edc165b449db2e3c221fbf270a6db414516949b97c200000096a1cbe81a38a23f03bd741a3e60c2e294f828e06f1b2cb70328f151f949e369efed52a28b87aae9d7d2800c8eff7f93c05adc9086d3f143a7b87d06838c6525cafdc01820a8912a131ff1f6acb9439f2d95a746291641b38333ce1c84b0d9d033edc9da00c8a2b42e8adfeff69fce7a35f79748e3e5b235269310988a05bf7c4e4cef3d1aa550c83d6328eb000000044a6458c31431d58973c93f5e9452258a7098bc3d014afe638a40948498fa9561213bc20845526e054d6b3ba5ca8f357df67c41acc28edacb31d38994544c3511ea1e8a448e66039425cfb03efb5d5eb81a306746adb8809ef969187763c00085e2dc401325327e54cbfceb400c2663466cd4a79c94b62c9882626499a8a29c564464f2a7aee6a929f831c93d23005787d272b5eaf0c6e11a7f0f1f39f68df44f6bf2d9b51d99c89e327b4bf7b96ad33abbd3a8b5814b5e7f85d1a47ee604ccef20bda53c9ce06910568fc200eee12fc6ef2734a6e9af5132f0c507e277fd97f9b48c840697289d38e454467f4d2f94b2f76d06edd083dafefd76deb251b5818de9c27d0df6e7b8862fe42f6c453f551f35b6d76395a1d205f276ae628fbdb8081905a1d7c2805532d3387b88f2997e8ce41c5dca83659cfb7f3a1c7b2bec8a7575dc4241dde6c680ee9a27b197739f4ad86f3bad3e42d4954bef864586ad02c27858d63efc495bcfb6ed49a5ca8987b0f2a8b14054e30f30fedf536d63769a196fc3b472195d0a1a13ecf803136d751cefb0edb5794cab8681214b39f86d88f3aebea4d465ef05f975b09f264d6c8d8e3bb6ea7d21c6602bcc8f76f2546cccc074f55c22aa8b502968040000000000000047c8a50036dd268a1aeff951f5090492b5e941feb1d3785aafe1655876e5a36c40fb5afcfd1eb28952662782097836a4d1aa3de0c06bb7dc27cf1a546b6aa6ce9932f3c6a013bc3791da4d8a33680ba8f1334d75a43e991ebd4582d786ec05cdd3152d52ab15fc7595cbd339f730d2ec8e37e6c500c4c30280a6af986f62a22d9c5c275e7798c165545abfcd304243274db15924a136a0896d56576ed7de90b1bda90f4024b9a0b3b33f688db8e38f784ae3942aba874f95d10c47e2405ceb0438cc272133fac718a6553710e4ca97df646b21d02652c54eade2e99344e11a2671cf274d397650fba8fcfb7e51a926e37b3980a1732111175dd99b9d979042b3ea411a7b4f9081ae9b82974d5eb6fd4e4bcd95e4f897dfba4e44777e6d02a896b650a66d9139696b926c36a33eb3bdc092bf4586bfab34002f802bbfe6a7679cec20cc25e01f129bbe92a65961fac7bffa3d8feda2ac927743d2bce57ee39b671948576337535180aa754e035421cf1709bc1b5e46c35515fb1fcda637a6405e9b216d2ca09795c5d2f27665da5b17bcf0f387e6dd58202a3a1148e46e55ac7ea027eb3022eee4a000ca543ab566921e5db4f741a762e5705f942855a9fa30b912045f78ab1e3fdeada84bc8ac36cc1223901e56f6ecbabbc3263098c9c47a1f505a8299b5715a455e834ddddc430f387cafa07bf915522f9a42e34eea5169b796320e892d27924045bcf56135684ca96ada82749371d5766c0d0cae8772f140eef001ca39dc28aef8a5236393fce29b0531cbd3265c209761ed41a2e473fbd84ca9b67e3ceb58a4b774ee127628faba8702c0a73f8311d269429aaadf74c439404fc9f864e69807dfe257c0c4a26c60bfa77f89bae2bd4c498a10d4e17dddb1f7539bfeb392e22e7b93d0ecf66cd253a4062bbc8a437f8924ee7a89ab73dd7c11be13707482c369f02d7b6f242599f95dbfcb55bea158665231f8fe04ed2a8c407fed1a8702e2486386f2ae6347231128be789186ff5651208c80781f85d3fb51bd28b939a8bc88a471c36fa17fd04c3fbdbd3f7bf144b1466014a77c582aa0380e612cd101d557dd1e5b7bae3da3ea2659f66a3641eaa3b008b9788a63c8f7009f9149fd9c740eddd300000000000000000000e620e3657ac82a5bd27dfa4f2add31a402346571e87b2644edb73d4affdcbbe2b8e2539b44554c10dc0ac8ba67ab9901c8e9564b4c26a87cf59b11978a86d4938ca4db01a9d8426aed32eb0d0d1dd894bbf3197f3b5744b5a4f813fd7330"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x41100, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000002c0), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.054568867s ago: executing program 0 (id=2073): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x3f}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 1.02003549s ago: executing program 2 (id=2074): bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="090000000011000000009ba79ba4d79137c4f71642f9c994282100"/36, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) (async) getpeername$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000001c0)=0x14) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x6, 0x0, @void, @value}, 0x28) (async) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x30}}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wpan4\x00'}) (async) sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$TIPC_DEST_DROPPABLE(r3, 0x10f, 0x81, &(0x7f0000000080), 0x4) (async) sendmmsg$inet(r3, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r4) r5 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r5, &(0x7f0000000140)=[{&(0x7f0000000080)="5800000014001923fc834b80040d8c560a067f020000000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd001a0010000100080c10000000000000000000", 0x58}], 0x1) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000440)={0x0, 0x6, 0xc7, 0x8, 0xfffffffd}) (async) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async) ioctl$FS_IOC_GETFLAGS(r5, 0x80086601, &(0x7f0000000040)) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, r6) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x1c}}, 0x4000054) (async) unshare(0x40020000) (async) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399eb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3576], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='rcu_utilization\x00', r7, 0x0, 0x2}, 0x18) 881.409877ms ago: executing program 1 (id=2076): bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x12, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000010000000004000000000000711217000000000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @cgroup_sock_addr=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2568, @void, @value}, 0x94) 784.414801ms ago: executing program 1 (id=2077): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="120000000b000000080000000200000000000000", @ANYRES32, @ANYBLOB="0000000000000900000000000000ad000000488c", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r2, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000280)=r1}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000200)={r3, &(0x7f0000000340)}, 0x20) sendto$inet6(r0, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f000c200a0000000d0085a168d0bf46d32345653600648d0a00120002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x4c, 0x7, 0x6, 0x3, 0x0, 0x0, {0xa, 0x0, 0x6}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x8}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4004}, 0x40000) accept4$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none}, &(0x7f0000000100)=0xe, 0x80800) 675.937607ms ago: executing program 0 (id=2078): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="88000000112858c57e4155dfd16b9302fc889b57f467ae957e5e51b9c218c91d2b3638ea223f55e586be7d200952d11f158343a974c94a5cf6b55308e3e9f7997300a43a13f0", @ANYRES16=r1, @ANYBLOB="050200000000000000000f00000008000300", @ANYRES32=r2, @ANYBLOB="49000e0080000000080211000001ffffffffffff0802110000010000000000000000000064007f5d01002a01022d1a0020190900000000000000c90007001900000008000b0000000400000008000e8004000100080026006c09000008000c006400000008000d00ffffffff"], 0x88}}, 0x20040044) 643.324214ms ago: executing program 2 (id=2079): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_TARGET={0x8}]}}]}, 0x3c}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = socket$kcm(0xa, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890c, &(0x7f0000000000)) 622.828218ms ago: executing program 1 (id=2080): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000005500110227bd7000fbdbdf2507000000", @ANYRES32, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB='\x00\"'], 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x40010) sendmsg$TIPC_CMD_RESET_LINK_STATS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0500000000000000000001"], 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 551.414628ms ago: executing program 0 (id=2081): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x4, 0xffff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x9, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x2, r1, 0x4}, 0x38) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f00000004c0)={'filter\x00', 0xb001, 0x4, 0x3c8, 0x0, 0x0, 0xe8, 0x2e0, 0x2e0, 0x2e0, 0x7fffffe, 0x0, {[{{@arp={@remote, @broadcast, 0xff, 0xff000000, 0xb, 0x10, {@empty, {[0x7f, 0x0, 0x0, 0xff, 0xff]}}, {@mac=@multicast, {[0x0, 0x0, 0x0, 0xff]}}, 0x7fff, 0x4, 0x3, 0x400, 0x1, 0x8, 'caif0\x00', 'erspan0\x00', {0x7f}, {}, 0x0, 0x4}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x6}}}, {{@uncond, 0xc0, 0x110, 0x0, {0x0, 0x1e03}}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @loopback, @multicast2, 0x4, 0xffffffff}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x7d22, 0x5, 0x3}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) r4 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet(r4, &(0x7f0000000940)=[{{&(0x7f0000000000)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000380)=[{0x0}], 0x1}}], 0x1, 0x46054) setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f0000000100)={0x1}, 0x8) close(r4) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000000)={0x0, @local, @initdev}, &(0x7f0000000040)=0xc) r5 = epoll_create(0x3ff) r6 = socket$kcm(0xa, 0x5, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@cgroup, 0xffffffffffffffff, 0xa, 0x1, 0x0, @void, @value}, 0x20) ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x890b, &(0x7f0000000000)) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r7, 0x800452d3, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x890c, 0x0) r8 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r8, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r8, &(0x7f0000000280)={0x20002000}) sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@ipv4_newnexthop={0x30, 0x68, 0x1, 0x70bd27, 0x25dfdbfb, {0x2, 0x0, 0x2}, [@NHA_GATEWAY={0x14, 0x6, @in6_addr=@private0}, @NHA_FDB={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x4097}, 0x804) 550.615603ms ago: executing program 2 (id=2082): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000100000000000000000000f"], 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000014c0)=@base={0xf, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0xe, &(0x7f0000001440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000018000000000000000000000000000000950000002304f866"], &(0x7f0000000200)='syzkaller\x00', 0x6, 0xe1, &(0x7f0000000240)=""/4096, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe66, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3f) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca900000000000035090200000300ffe5000d0000000000b702000000000000739af0ff00000000c509040004000000c3aaf0ff00000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018220000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf980000000000005608f0ffffff00008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 426.998215ms ago: executing program 1 (id=2083): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240", @ANYRESOCT], 0x7c}, 0x1, 0xf000000}, 0x0) 411.400928ms ago: executing program 2 (id=2084): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB="180200000000000000000000000000068500000022000000850000007d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 382.569127ms ago: executing program 0 (id=2085): getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000b00)=@flushpolicy={0x10, 0x1d, 0x1, 0x70bd2d, 0x25dfdbfd}, 0x10}}, 0xfffd) 268.084605ms ago: executing program 0 (id=2086): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'netdevsim0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x503, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20305}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x3c}, 0x1, 0xffffffa1}, 0x0) 267.528434ms ago: executing program 1 (id=2087): recvmmsg(0xffffffffffffffff, &(0x7f000000cec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000006200)=""/4096, 0x1000}], 0x1}}], 0x2, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) unshare(0x16000200) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="ad76b6c5", 0x4) r1 = accept4(r0, 0x0, 0x0, 0x100800) recvmsg(r1, &(0x7f0000001e80)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)=""/7, 0x7}], 0x1}, 0x222) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_group_source_req(r2, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108) setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000a40)={0x9, {{0x2, 0x0, @multicast2}}, 0x0, 0x1, [{{0x2, 0x0, @loopback}}]}, 0x110) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r3, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 264.255436ms ago: executing program 2 (id=2088): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) socket(0x11, 0x3, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @empty}], 0x1c) sendto$inet6(r1, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, 0x0, 0x8000) epoll_create1(0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, 0x0, &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r3, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) shutdown(r4, 0x0) poll(&(0x7f0000000300)=[{r4}], 0x1, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000003c0)='kmem_cache_free\x00', r5, 0x0, 0xffffffffffffffff}, 0x18) ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) close(0x4) 197.365668ms ago: executing program 3 (id=2089): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x8, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000001000000000000000220000018000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014002000b7030000000000008500000005000006bf0900000000000045090100000003709500000000000000bf91000000000000b7020000000000008500000000000000b70000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0xa, 0xffc, &(0x7f0000001e40)=""/4092, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100, @void, @value}, 0x94) 98.797846ms ago: executing program 1 (id=2090): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c030000160001000000000000000000fc010000000000000000000000000000fe8800000000000000000000000000010000000000000a000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000006c000000ac14140000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000000000000000000000000000000000000300000006"], 0x34c}}, 0x0) 528.358µs ago: executing program 3 (id=2091): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) socket(0x11, 0x3, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @empty}], 0x1c) sendto$inet6(r1, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, 0x0, 0x8000) epoll_create1(0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, 0x0, &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r3, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) shutdown(r4, 0x0) poll(&(0x7f0000000300)=[{r4}], 0x1, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000003c0)='kmem_cache_free\x00', r5, 0x0, 0xffffffffffffffff}, 0x18) ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) close(0x4) 0s ago: executing program 0 (id=2092): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="5c0000002d000100000000001000000004000080450011802f2f"], 0x5c}], 0x1}, 0x0) kernel console output (not intermixed with test programs): m hooks INPUT, but only usable from FORWARD/OUTPUT [ 185.115805][ T9580] netlink: 596 bytes leftover after parsing attributes in process `syz.2.1223'. [ 185.124399][ T9581] bond0: entered promiscuous mode [ 185.134173][ T9581] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 185.162917][ T9581] bond0: left promiscuous mode [ 185.426765][ T9597] tipc: Enabled bearer , priority 0 [ 185.480141][ T9597] syzkaller0: entered promiscuous mode [ 185.485625][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 185.485934][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 185.519838][ T9597] syzkaller0: entered allmulticast mode [ 185.540014][ T9597] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 185.599056][ T9597] tipc: Resetting bearer [ 185.638476][ T9596] tipc: Resetting bearer [ 185.691383][ T9596] tipc: Disabling bearer [ 185.710087][ T9611] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1236'. [ 185.725899][ T9611] A link change request failed with some changes committed already. Interface veth0_macvtap may have been left with an inconsistent configuration, please check. [ 186.218430][ T9634] netlink: 596 bytes leftover after parsing attributes in process `syz.1.1244'. [ 186.374933][ T9639] FAULT_INJECTION: forcing a failure. [ 186.374933][ T9639] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 186.396469][ T9639] CPU: 1 UID: 0 PID: 9639 Comm: syz.2.1246 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 186.396501][ T9639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 186.396514][ T9639] Call Trace: [ 186.396522][ T9639] [ 186.396532][ T9639] dump_stack_lvl+0x189/0x250 [ 186.396570][ T9639] ? __pfx_dump_stack_lvl+0x10/0x10 [ 186.396600][ T9639] ? __pfx__printk+0x10/0x10 [ 186.396634][ T9639] should_fail_ex+0x414/0x560 [ 186.396683][ T9639] _copy_to_user+0x31/0xb0 [ 186.396712][ T9639] simple_read_from_buffer+0xe1/0x170 [ 186.396741][ T9639] proc_fail_nth_read+0x1df/0x250 [ 186.396776][ T9639] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 186.396806][ T9639] ? rw_verify_area+0x258/0x650 [ 186.396826][ T9639] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 186.396855][ T9639] vfs_read+0x1fd/0x980 [ 186.396882][ T9639] ? __pfx___mutex_lock+0x10/0x10 [ 186.396912][ T9639] ? __pfx_vfs_read+0x10/0x10 [ 186.396935][ T9639] ? __fget_files+0x2a/0x420 [ 186.396964][ T9639] ? __fget_files+0x3a0/0x420 [ 186.396988][ T9639] ? __fget_files+0x2a/0x420 [ 186.397022][ T9639] ksys_read+0x145/0x250 [ 186.397042][ T9639] ? __fget_files+0x2a/0x420 [ 186.397067][ T9639] ? __pfx_ksys_read+0x10/0x10 [ 186.397093][ T9639] ? do_syscall_64+0xba/0x210 [ 186.397126][ T9639] do_syscall_64+0xf6/0x210 [ 186.397155][ T9639] ? clear_bhb_loop+0x45/0xa0 [ 186.397198][ T9639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.397232][ T9639] RIP: 0033:0x7fd48598d37c [ 186.397249][ T9639] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 186.397266][ T9639] RSP: 002b:00007fd48675f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 186.397311][ T9639] RAX: ffffffffffffffda RBX: 00007fd485bb5fa0 RCX: 00007fd48598d37c [ 186.397326][ T9639] RDX: 000000000000000f RSI: 00007fd48675f0a0 RDI: 0000000000000004 [ 186.397339][ T9639] RBP: 00007fd48675f090 R08: 0000000000000000 R09: 0000000000000000 [ 186.397351][ T9639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 186.397363][ T9639] R13: 0000000000000000 R14: 00007fd485bb5fa0 R15: 00007ffe107e0238 [ 186.397407][ T9639] [ 186.556288][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 186.570147][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 186.639537][ T9641] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1247'. [ 186.690906][ T9641] tipc: Enabling of bearer rejected, already enabled [ 186.759307][ T9648] tipc: Enabling of bearer rejected, already enabled [ 186.837546][ T9648] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 187.154343][ T9664] netlink: 'syz.1.1257': attribute type 10 has an invalid length. [ 187.172615][ T9664] team0: Device 0! is up. Set it down before adding it as a team port [ 187.553265][ T9687] netlink: 596 bytes leftover after parsing attributes in process `syz.2.1267'. [ 187.565695][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 187.698326][ T9693] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1269'. [ 187.838854][ T9697] sctp: [Deprecated]: syz.2.1271 (pid 9697) Use of int in max_burst socket option deprecated. [ 187.838854][ T9697] Use struct sctp_assoc_value instead [ 187.929724][ T9705] netlink: 'syz.0.1274': attribute type 1 has an invalid length. [ 187.990637][ T9705] 8021q: adding VLAN 0 to HW filter on device bond2 [ 188.092530][ T9713] syzkaller0: refused to change device tx_queue_len [ 188.317597][ T9722] IPVS: set_ctl: invalid protocol: 4 127.0.0.1:20003 [ 188.492163][ T9735] FAULT_INJECTION: forcing a failure. [ 188.492163][ T9735] name failslab, interval 1, probability 0, space 0, times 0 [ 188.520676][ T9735] CPU: 0 UID: 0 PID: 9735 Comm: syz.0.1282 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 188.520704][ T9735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 188.520716][ T9735] Call Trace: [ 188.520723][ T9735] [ 188.520730][ T9735] dump_stack_lvl+0x189/0x250 [ 188.520765][ T9735] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.520791][ T9735] ? __pfx__printk+0x10/0x10 [ 188.520811][ T9735] ? __pfx___might_resched+0x10/0x10 [ 188.520829][ T9735] ? fs_reclaim_acquire+0x7d/0x100 [ 188.520863][ T9735] should_fail_ex+0x414/0x560 [ 188.520899][ T9735] should_failslab+0xa8/0x100 [ 188.520939][ T9735] __kmalloc_cache_noprof+0x70/0x3d0 [ 188.520980][ T9735] ? alloc_netdev_mqs+0xc36/0x11e0 [ 188.521014][ T9735] alloc_netdev_mqs+0xc36/0x11e0 [ 188.521050][ T9735] rtnl_create_link+0x31f/0xd10 [ 188.521085][ T9735] rtnl_newlink_create+0x25c/0xb00 [ 188.521116][ T9735] ? __pfx_aa_get_newest_label+0x10/0x10 [ 188.521140][ T9735] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 188.521162][ T9735] ? rtnl_newlink+0x8db/0x1c70 [ 188.521185][ T9735] ? __pfx___mutex_lock+0x10/0x10 [ 188.521244][ T9735] ? ns_capable+0x8a/0xf0 [ 188.521267][ T9735] rtnl_newlink+0x16d6/0x1c70 [ 188.521290][ T9735] ? __kasan_slab_free+0x62/0x70 [ 188.521333][ T9735] ? __pfx_rtnl_newlink+0x10/0x10 [ 188.521353][ T9735] ? preempt_schedule_common+0x83/0xd0 [ 188.521385][ T9735] ? __pfx___schedule+0x10/0x10 [ 188.521432][ T9735] ? preempt_schedule+0xae/0xc0 [ 188.521455][ T9735] ? __dev_queue_xmit+0x27e/0x3a70 [ 188.521485][ T9735] ? preempt_schedule_common+0x83/0xd0 [ 188.521513][ T9735] ? preempt_schedule+0xae/0xc0 [ 188.521538][ T9735] ? __pfx_preempt_schedule+0x10/0x10 [ 188.521567][ T9735] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 188.521596][ T9735] ? preempt_schedule_thunk+0x16/0x30 [ 188.521625][ T9735] ? __local_bh_enable_ip+0x13e/0x1c0 [ 188.521656][ T9735] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 188.521697][ T9735] ? aa_get_newest_label+0xf7/0x5d0 [ 188.521723][ T9735] ? __lock_acquire+0xaac/0xd20 [ 188.521776][ T9735] ? __pfx_rtnl_newlink+0x10/0x10 [ 188.521798][ T9735] rtnetlink_rcv_msg+0x7cc/0xb70 [ 188.521823][ T9735] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 188.521844][ T9735] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 188.521884][ T9735] netlink_rcv_skb+0x219/0x490 [ 188.521908][ T9735] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 188.521931][ T9735] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 188.521976][ T9735] ? netlink_deliver_tap+0x2e/0x1b0 [ 188.522008][ T9735] netlink_unicast+0x758/0x8d0 [ 188.522040][ T9735] netlink_sendmsg+0x805/0xb30 [ 188.522074][ T9735] ? __pfx_netlink_sendmsg+0x10/0x10 [ 188.522100][ T9735] ? aa_sock_msg_perm+0x94/0x160 [ 188.522123][ T9735] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 188.522145][ T9735] ? __pfx_netlink_sendmsg+0x10/0x10 [ 188.522168][ T9735] __sock_sendmsg+0x219/0x270 [ 188.522203][ T9735] ____sys_sendmsg+0x505/0x830 [ 188.522235][ T9735] ? __pfx_____sys_sendmsg+0x10/0x10 [ 188.522270][ T9735] ? import_iovec+0x74/0xa0 [ 188.522300][ T9735] ___sys_sendmsg+0x21f/0x2a0 [ 188.522348][ T9735] ? __pfx____sys_sendmsg+0x10/0x10 [ 188.522414][ T9735] ? __fget_files+0x2a/0x420 [ 188.522438][ T9735] ? __fget_files+0x3a0/0x420 [ 188.522472][ T9735] __x64_sys_sendmsg+0x19b/0x260 [ 188.522498][ T9735] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 188.522542][ T9735] ? do_syscall_64+0xba/0x210 [ 188.522575][ T9735] do_syscall_64+0xf6/0x210 [ 188.522604][ T9735] ? clear_bhb_loop+0x45/0xa0 [ 188.522629][ T9735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.522647][ T9735] RIP: 0033:0x7f6c88b8e969 [ 188.522665][ T9735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.522681][ T9735] RSP: 002b:00007f6c869f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 188.522702][ T9735] RAX: ffffffffffffffda RBX: 00007f6c88db6080 RCX: 00007f6c88b8e969 [ 188.522716][ T9735] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004 [ 188.522728][ T9735] RBP: 00007f6c869f6090 R08: 0000000000000000 R09: 0000000000000000 [ 188.522740][ T9735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 188.522751][ T9735] R13: 0000000000000000 R14: 00007f6c88db6080 R15: 00007fff186b50f8 [ 188.522781][ T9735] [ 189.146333][ T9748] __nla_validate_parse: 2 callbacks suppressed [ 189.146351][ T9748] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1287'. [ 189.195692][ T9748] nbd: must specify at least one socket [ 189.301315][ T9756] ipvlan10: entered promiscuous mode [ 189.308166][ T9760] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1292'. [ 189.318105][ T9756] ipvlan10: entered allmulticast mode [ 189.353567][ T9760] tipc: Enabling of bearer rejected, already enabled [ 189.624158][ T9781] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1301'. [ 189.713303][ T9788] netlink: 17 bytes leftover after parsing attributes in process `syz.4.1302'. [ 189.725759][ C1] net_ratelimit: 3 callbacks suppressed [ 189.725777][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 189.735689][ T9788] netlink: zone id is out of range [ 189.750996][ T9789] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 189.753089][ T9788] netlink: zone id is out of range [ 189.791874][ T9788] netlink: zone id is out of range [ 189.804810][ T9788] netlink: zone id is out of range [ 189.810305][ T9788] netlink: zone id is out of range [ 189.815916][ T9788] netlink: zone id is out of range [ 189.823268][ T9788] netlink: zone id is out of range [ 189.852292][ T9788] netlink: zone id is out of range [ 189.861432][ T9788] netlink: zone id is out of range [ 189.886087][ T9795] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1306'. [ 189.916303][ T9795] lo speed is unknown, defaulting to 1000 [ 189.924602][ T9795] lo speed is unknown, defaulting to 1000 [ 189.940326][ T9795] lo speed is unknown, defaulting to 1000 [ 189.956018][ T9795] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 189.987774][ T9795] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 190.103924][ T9795] lo speed is unknown, defaulting to 1000 [ 190.122057][ T9795] lo speed is unknown, defaulting to 1000 [ 190.135069][ T9795] lo speed is unknown, defaulting to 1000 [ 190.149290][ T9795] lo speed is unknown, defaulting to 1000 [ 190.157984][ T9795] lo speed is unknown, defaulting to 1000 [ 190.291987][ T9817] netlink: 596 bytes leftover after parsing attributes in process `syz.1.1314'. [ 190.360948][ T9819] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1317'. [ 190.386052][ T9823] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1315'. [ 190.394099][ T9819] hsr0: entered promiscuous mode [ 190.511226][ T9785] syz.0.1305 (9785) used greatest stack depth: 19336 bytes left [ 190.549100][ T9827] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 190.629061][ T9835] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1323'. [ 190.657163][ T9833] netlink: 'syz.3.1322': attribute type 11 has an invalid length. [ 190.684925][ T9838] Unsupported ieee802154 address type: 0 [ 190.730837][ T9831] veth0_to_bridge: entered promiscuous mode [ 190.774008][ T9830] veth0_to_bridge: left promiscuous mode [ 190.784608][ T9846] tipc: Enabled bearer , priority 0 [ 190.821814][ T9846] syzkaller0: entered promiscuous mode [ 190.852940][ T9846] syzkaller0: entered allmulticast mode [ 190.869531][ T9846] tipc: Resetting bearer [ 190.877001][ T9844] tipc: Resetting bearer [ 190.894880][ T9844] tipc: Disabling bearer [ 192.490110][ T9852] syz.0.1327 uses old SIOCAX25GETINFO [ 192.677230][ T9866] FAULT_INJECTION: forcing a failure. [ 192.677230][ T9866] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 192.700818][ T9859] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1327'. [ 192.711378][ T9866] CPU: 0 UID: 0 PID: 9866 Comm: syz.3.1334 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 192.711409][ T9866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 192.711421][ T9866] Call Trace: [ 192.711429][ T9866] [ 192.711438][ T9866] dump_stack_lvl+0x189/0x250 [ 192.711470][ T9866] ? __lock_acquire+0xaac/0xd20 [ 192.711501][ T9866] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.711530][ T9866] ? __pfx__printk+0x10/0x10 [ 192.711551][ T9866] ? __might_fault+0xb0/0x130 [ 192.711590][ T9866] should_fail_ex+0x414/0x560 [ 192.711628][ T9866] _copy_from_user+0x2d/0xb0 [ 192.711656][ T9866] kstrtouint_from_user+0xc4/0x170 [ 192.711682][ T9866] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 192.711723][ T9866] proc_fail_nth_write+0x88/0x240 [ 192.711752][ T9866] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 192.711788][ T9866] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 192.711818][ T9866] vfs_write+0x27b/0xa90 [ 192.711863][ T9866] ? __pfx_vfs_write+0x10/0x10 [ 192.711888][ T9866] ? __fget_files+0x2a/0x420 [ 192.711918][ T9866] ? __fget_files+0x3a0/0x420 [ 192.711942][ T9866] ? __fget_files+0x2a/0x420 [ 192.711984][ T9866] ksys_write+0x145/0x250 [ 192.712009][ T9866] ? __pfx_ksys_write+0x10/0x10 [ 192.712036][ T9866] ? do_syscall_64+0xba/0x210 [ 192.712071][ T9866] do_syscall_64+0xf6/0x210 [ 192.712101][ T9866] ? clear_bhb_loop+0x45/0xa0 [ 192.712127][ T9866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.712145][ T9866] RIP: 0033:0x7fae9d58d41f [ 192.712163][ T9866] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 192.712179][ T9866] RSP: 002b:00007fae9e470030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 192.712201][ T9866] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fae9d58d41f [ 192.712215][ T9866] RDX: 0000000000000001 RSI: 00007fae9e4700a0 RDI: 0000000000000004 [ 192.712227][ T9866] RBP: 00007fae9e470090 R08: 0000000000000000 R09: 0000000000000000 [ 192.712239][ T9866] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 192.712250][ T9866] R13: 0000000000000000 R14: 00007fae9d7b5fa0 R15: 00007ffd264b5338 [ 192.712282][ T9866] [ 192.949101][ T9868] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 192.978402][ T9871] tipc: Enabled bearer , priority 0 [ 192.990591][ T9871] syzkaller0: entered promiscuous mode [ 193.019436][ T9871] syzkaller0: entered allmulticast mode [ 193.049575][ T9871] tipc: Resetting bearer [ 193.059629][ T9870] tipc: Resetting bearer [ 193.082478][ T9870] tipc: Disabling bearer [ 193.648264][ T9908] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌÌUvy¸ÚØ¢…D£øUDŒw˜' [ 193.658560][ T9908] CPU: 1 UID: 0 PID: 9908 Comm: syz.0.1350 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 193.658585][ T9908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 193.658596][ T9908] Call Trace: [ 193.658604][ T9908] [ 193.658629][ T9908] dump_stack_lvl+0x189/0x250 [ 193.658662][ T9908] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.658692][ T9908] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.658721][ T9908] ? __pfx__printk+0x10/0x10 [ 193.658745][ T9908] ? kernfs_path_from_node+0x2b/0x260 [ 193.658776][ T9908] ? kernfs_path_from_node+0x216/0x260 [ 193.658806][ T9908] sysfs_warn_dup+0x8e/0xa0 [ 193.658843][ T9908] sysfs_do_create_link_sd+0xc0/0x110 [ 193.658870][ T9908] device_add_class_symlinks+0x1cf/0x240 [ 193.658903][ T9908] device_add+0x475/0xb50 [ 193.658928][ T9908] wiphy_register+0x199a/0x26b0 [ 193.658966][ T9908] ? __pfx_wiphy_register+0x10/0x10 [ 193.658983][ T9908] ? minstrel_ht_alloc+0x893/0x990 [ 193.659013][ T9908] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 193.659040][ T9908] ieee80211_register_hw+0x334b/0x4060 [ 193.659078][ T9908] ? ieee80211_register_hw+0x14b1/0x4060 [ 193.659113][ T9908] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 193.659141][ T9908] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 193.659173][ T9908] ? __hrtimer_setup+0x187/0x210 [ 193.659199][ T9908] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 193.659222][ T9908] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 193.659282][ T9908] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 193.659310][ T9908] ? trace_kmalloc+0x1f/0xd0 [ 193.659330][ T9908] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 193.659354][ T9908] ? kstrndup+0xbf/0x160 [ 193.659381][ T9908] hwsim_new_radio_nl+0xea4/0x1b10 [ 193.659413][ T9908] ? __pfx___nla_validate_parse+0x10/0x10 [ 193.659455][ T9908] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 193.659485][ T9908] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 193.659521][ T9908] ? __nla_parse+0x40/0x60 [ 193.659546][ T9908] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 193.659582][ T9908] genl_family_rcv_msg_doit+0x212/0x300 [ 193.659616][ T9908] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 193.659657][ T9908] ? bpf_lsm_capable+0x9/0x20 [ 193.659682][ T9908] ? security_capable+0x7e/0x2e0 [ 193.659708][ T9908] genl_rcv_msg+0x60e/0x790 [ 193.659741][ T9908] ? __pfx_genl_rcv_msg+0x10/0x10 [ 193.659765][ T9908] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 193.659809][ T9908] netlink_rcv_skb+0x219/0x490 [ 193.659830][ T9908] ? __pfx_genl_rcv_msg+0x10/0x10 [ 193.659858][ T9908] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 193.659910][ T9908] ? down_read+0x1ad/0x2e0 [ 193.659930][ T9908] genl_rcv+0x28/0x40 [ 193.659954][ T9908] netlink_unicast+0x758/0x8d0 [ 193.659986][ T9908] netlink_sendmsg+0x805/0xb30 [ 193.660018][ T9908] ? __pfx_netlink_sendmsg+0x10/0x10 [ 193.660044][ T9908] ? aa_sock_msg_perm+0x94/0x160 [ 193.660067][ T9908] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 193.660087][ T9908] ? __pfx_netlink_sendmsg+0x10/0x10 [ 193.660109][ T9908] __sock_sendmsg+0x219/0x270 [ 193.660141][ T9908] ____sys_sendmsg+0x505/0x830 [ 193.660171][ T9908] ? __pfx_____sys_sendmsg+0x10/0x10 [ 193.660204][ T9908] ? import_iovec+0x74/0xa0 [ 193.660233][ T9908] ___sys_sendmsg+0x21f/0x2a0 [ 193.660259][ T9908] ? __pfx____sys_sendmsg+0x10/0x10 [ 193.660322][ T9908] ? __fget_files+0x2a/0x420 [ 193.660345][ T9908] ? __fget_files+0x3a0/0x420 [ 193.660380][ T9908] __x64_sys_sendmsg+0x19b/0x260 [ 193.660407][ T9908] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 193.660449][ T9908] ? do_syscall_64+0xba/0x210 [ 193.660516][ T9908] do_syscall_64+0xf6/0x210 [ 193.660564][ T9908] ? clear_bhb_loop+0x45/0xa0 [ 193.660590][ T9908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.660609][ T9908] RIP: 0033:0x7f6c88b8e969 [ 193.660628][ T9908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.660646][ T9908] RSP: 002b:00007f6c89919038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 193.660667][ T9908] RAX: ffffffffffffffda RBX: 00007f6c88db5fa0 RCX: 00007f6c88b8e969 [ 193.660682][ T9908] RDX: 0000000000000500 RSI: 0000200000000040 RDI: 0000000000000006 [ 193.660695][ T9908] RBP: 00007f6c88c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 193.660708][ T9908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.660719][ T9908] R13: 0000000000000000 R14: 00007f6c88db5fa0 R15: 00007fff186b50f8 [ 193.660752][ T9908] [ 194.159027][ T9916] netlink: 'syz.2.1353': attribute type 6 has an invalid length. [ 194.170244][ T9916] netlink: 'syz.2.1353': attribute type 7 has an invalid length. [ 194.194384][ T9916] netlink: 'syz.2.1353': attribute type 8 has an invalid length. [ 194.213586][ T9916] netlink: 'syz.2.1353': attribute type 10 has an invalid length. [ 194.222919][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.229438][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.282449][ T9916] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode [ 194.294561][ T9916] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 194.306287][ T9915] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 194.324421][ T9921] ipvlan8: entered promiscuous mode [ 194.329973][ T9921] ipvlan8: entered allmulticast mode [ 194.357639][ T9923] bond0: entered promiscuous mode [ 194.363444][ T9923] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 194.371586][ T9923] bond0: left promiscuous mode [ 194.432803][ T9926] __nla_validate_parse: 3 callbacks suppressed [ 194.432824][ T9926] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1356'. [ 194.456022][ T9926] veth0_to_bond: entered allmulticast mode [ 194.672565][ T9940] netlink: 'syz.0.1363': attribute type 29 has an invalid length. [ 194.681991][ T9940] netlink: 'syz.0.1363': attribute type 29 has an invalid length. [ 194.690963][ T9940] netlink: 500 bytes leftover after parsing attributes in process `syz.0.1363'. [ 194.803248][ T9948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1367'. [ 195.091481][ T9961] lo speed is unknown, defaulting to 1000 [ 195.147639][ T9967] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 195.156006][ T9967] CPU: 1 UID: 0 PID: 9967 Comm: syz.0.1375 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 195.156037][ T9967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 195.156049][ T9967] Call Trace: [ 195.156057][ T9967] [ 195.156064][ T9967] dump_stack_lvl+0x189/0x250 [ 195.156097][ T9967] ? lockdep_hardirqs_on+0x9c/0x150 [ 195.156124][ T9967] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.156149][ T9967] ? __pfx__printk+0x10/0x10 [ 195.156170][ T9967] ? kernfs_path_from_node+0x2b/0x260 [ 195.156198][ T9967] ? kernfs_path_from_node+0x216/0x260 [ 195.156226][ T9967] sysfs_warn_dup+0x8e/0xa0 [ 195.156250][ T9967] sysfs_do_create_link_sd+0xc0/0x110 [ 195.156276][ T9967] device_add_class_symlinks+0x1cf/0x240 [ 195.156301][ T9967] device_add+0x475/0xb50 [ 195.156324][ T9967] wiphy_register+0x199a/0x26b0 [ 195.156359][ T9967] ? __pfx_wiphy_register+0x10/0x10 [ 195.156379][ T9967] ? minstrel_ht_alloc+0x893/0x990 [ 195.156407][ T9967] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 195.156432][ T9967] ieee80211_register_hw+0x334b/0x4060 [ 195.156476][ T9967] ? ieee80211_register_hw+0x14b1/0x4060 [ 195.156509][ T9967] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 195.156537][ T9967] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 195.156568][ T9967] ? __hrtimer_setup+0x187/0x210 [ 195.156594][ T9967] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 195.156615][ T9967] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 195.156671][ T9967] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 195.156712][ T9967] ? trace_kmalloc+0x1f/0xd0 [ 195.156730][ T9967] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 195.156752][ T9967] ? kstrndup+0xbf/0x160 [ 195.156778][ T9967] hwsim_new_radio_nl+0xea4/0x1b10 [ 195.156806][ T9967] ? __pfx___nla_validate_parse+0x10/0x10 [ 195.156840][ T9967] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 195.156878][ T9967] ? __nla_parse+0x40/0x60 [ 195.156900][ T9967] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 195.156934][ T9967] genl_family_rcv_msg_doit+0x212/0x300 [ 195.156965][ T9967] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 195.157011][ T9967] ? bpf_lsm_capable+0x9/0x20 [ 195.157038][ T9967] ? security_capable+0x7e/0x2e0 [ 195.157067][ T9967] genl_rcv_msg+0x60e/0x790 [ 195.157102][ T9967] ? __pfx_genl_rcv_msg+0x10/0x10 [ 195.157127][ T9967] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 195.157173][ T9967] netlink_rcv_skb+0x219/0x490 [ 195.157194][ T9967] ? __pfx_genl_rcv_msg+0x10/0x10 [ 195.157219][ T9967] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 195.157261][ T9967] ? down_read+0x1ad/0x2e0 [ 195.157279][ T9967] genl_rcv+0x28/0x40 [ 195.157300][ T9967] netlink_unicast+0x758/0x8d0 [ 195.157328][ T9967] netlink_sendmsg+0x805/0xb30 [ 195.157356][ T9967] ? __pfx_netlink_sendmsg+0x10/0x10 [ 195.157379][ T9967] ? aa_sock_msg_perm+0x94/0x160 [ 195.157398][ T9967] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 195.157416][ T9967] ? __pfx_netlink_sendmsg+0x10/0x10 [ 195.157436][ T9967] __sock_sendmsg+0x219/0x270 [ 195.157473][ T9967] ____sys_sendmsg+0x505/0x830 [ 195.157502][ T9967] ? __pfx_____sys_sendmsg+0x10/0x10 [ 195.157533][ T9967] ? import_iovec+0x74/0xa0 [ 195.157560][ T9967] ___sys_sendmsg+0x21f/0x2a0 [ 195.157584][ T9967] ? __pfx____sys_sendmsg+0x10/0x10 [ 195.157642][ T9967] ? __fget_files+0x2a/0x420 [ 195.157664][ T9967] ? __fget_files+0x3a0/0x420 [ 195.157708][ T9967] __x64_sys_sendmsg+0x19b/0x260 [ 195.157733][ T9967] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 195.157774][ T9967] ? do_syscall_64+0xba/0x210 [ 195.157804][ T9967] do_syscall_64+0xf6/0x210 [ 195.157830][ T9967] ? clear_bhb_loop+0x45/0xa0 [ 195.157851][ T9967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.157868][ T9967] RIP: 0033:0x7f6c88b8e969 [ 195.157884][ T9967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.157898][ T9967] RSP: 002b:00007f6c89919038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 195.157917][ T9967] RAX: ffffffffffffffda RBX: 00007f6c88db5fa0 RCX: 00007f6c88b8e969 [ 195.157930][ T9967] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 195.157941][ T9967] RBP: 00007f6c88c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 195.157951][ T9967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 195.157962][ T9967] R13: 0000000000000000 R14: 00007f6c88db5fa0 R15: 00007fff186b50f8 [ 195.157990][ T9967] [ 195.166460][ C0] net_ratelimit: 86 callbacks suppressed [ 195.166479][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 195.177979][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 195.629994][ T9964] lo speed is unknown, defaulting to 1000 [ 195.664081][ T9978] netlink: 'syz.2.1377': attribute type 21 has an invalid length. [ 195.695808][ T9978] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1377'. [ 195.746022][ T9978] netlink: 'syz.2.1377': attribute type 5 has an invalid length. [ 195.753801][ T9978] netlink: 'syz.2.1377': attribute type 6 has an invalid length. [ 195.762133][ T9978] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1377'. [ 196.205607][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 196.215917][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 196.491507][T10014] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1391'. [ 196.544269][T10016] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1393'. [ 196.830947][T10040] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1397'. [ 196.967691][T10047] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1401'. [ 196.979190][T10047] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1401'. [ 197.082894][T10054] bridge_slave_1: default FDB implementation only supports local addresses [ 197.151588][T10056] syzkaller1: entered promiscuous mode [ 197.157360][T10056] syzkaller1: entered allmulticast mode [ 197.175076][T10058] netlink: 'syz.1.1406': attribute type 29 has an invalid length. [ 197.245617][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 197.256339][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 197.439967][T10069] syzkaller1: entered promiscuous mode [ 197.445943][T10069] syzkaller1: entered allmulticast mode [ 197.607611][T10075] netlink: del zone limit has 4 unknown bytes [ 197.684254][T10078] ipvlan9: entered promiscuous mode [ 197.690276][T10078] ipvlan9: entered allmulticast mode [ 197.959322][T10096] vlan3: entered promiscuous mode [ 197.984898][T10098] openvswitch: netlink: IP tunnel TTL not specified. [ 198.117297][T10105] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 198.160972][T10105] CPU: 1 UID: 0 PID: 10105 Comm: syz.4.1427 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 198.161005][T10105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 198.161018][T10105] Call Trace: [ 198.161027][T10105] [ 198.161035][T10105] dump_stack_lvl+0x189/0x250 [ 198.161070][T10105] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.161099][T10105] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.161128][T10105] ? __pfx__printk+0x10/0x10 [ 198.161153][T10105] ? kernfs_path_from_node+0x2b/0x260 [ 198.161183][T10105] ? kernfs_path_from_node+0x216/0x260 [ 198.161232][T10105] sysfs_warn_dup+0x8e/0xa0 [ 198.161259][T10105] sysfs_do_create_link_sd+0xc0/0x110 [ 198.161290][T10105] device_add_class_symlinks+0x1cf/0x240 [ 198.161319][T10105] device_add+0x475/0xb50 [ 198.161348][T10105] wiphy_register+0x199a/0x26b0 [ 198.161389][T10105] ? __pfx_wiphy_register+0x10/0x10 [ 198.161407][T10105] ? minstrel_ht_alloc+0x893/0x990 [ 198.161441][T10105] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 198.161478][T10105] ieee80211_register_hw+0x334b/0x4060 [ 198.161522][T10105] ? ieee80211_register_hw+0x14b1/0x4060 [ 198.161562][T10105] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 198.161593][T10105] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 198.161629][T10105] ? __hrtimer_setup+0x187/0x210 [ 198.161657][T10105] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 198.161683][T10105] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 198.161749][T10105] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 198.161779][T10105] ? trace_kmalloc+0x1f/0xd0 [ 198.161800][T10105] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 198.161827][T10105] ? kstrndup+0xbf/0x160 [ 198.161858][T10105] hwsim_new_radio_nl+0xea4/0x1b10 [ 198.161893][T10105] ? __pfx___nla_validate_parse+0x10/0x10 [ 198.161934][T10105] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 198.161980][T10105] ? __nla_parse+0x40/0x60 [ 198.162011][T10105] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 198.162052][T10105] genl_family_rcv_msg_doit+0x212/0x300 [ 198.162091][T10105] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 198.162136][T10105] ? bpf_lsm_capable+0x9/0x20 [ 198.162162][T10105] ? security_capable+0x7e/0x2e0 [ 198.162192][T10105] genl_rcv_msg+0x60e/0x790 [ 198.162228][T10105] ? __pfx_genl_rcv_msg+0x10/0x10 [ 198.162255][T10105] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 198.162303][T10105] netlink_rcv_skb+0x219/0x490 [ 198.162327][T10105] ? __pfx_genl_rcv_msg+0x10/0x10 [ 198.162372][T10105] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 198.162431][T10105] ? down_read+0x1ad/0x2e0 [ 198.162451][T10105] genl_rcv+0x28/0x40 [ 198.162479][T10105] netlink_unicast+0x758/0x8d0 [ 198.162510][T10105] netlink_sendmsg+0x805/0xb30 [ 198.162542][T10105] ? __pfx_netlink_sendmsg+0x10/0x10 [ 198.162566][T10105] ? aa_sock_msg_perm+0x94/0x160 [ 198.162588][T10105] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 198.162609][T10105] ? __pfx_netlink_sendmsg+0x10/0x10 [ 198.162630][T10105] __sock_sendmsg+0x219/0x270 [ 198.162663][T10105] ____sys_sendmsg+0x505/0x830 [ 198.162694][T10105] ? __pfx_____sys_sendmsg+0x10/0x10 [ 198.162727][T10105] ? import_iovec+0x74/0xa0 [ 198.162757][T10105] ___sys_sendmsg+0x21f/0x2a0 [ 198.162783][T10105] ? __pfx____sys_sendmsg+0x10/0x10 [ 198.162847][T10105] ? __fget_files+0x2a/0x420 [ 198.162870][T10105] ? __fget_files+0x3a0/0x420 [ 198.162906][T10105] __x64_sys_sendmsg+0x19b/0x260 [ 198.162934][T10105] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 198.162977][T10105] ? do_syscall_64+0xba/0x210 [ 198.163027][T10105] do_syscall_64+0xf6/0x210 [ 198.163057][T10105] ? clear_bhb_loop+0x45/0xa0 [ 198.163082][T10105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.163101][T10105] RIP: 0033:0x7fc4d218e969 [ 198.163119][T10105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.163135][T10105] RSP: 002b:00007fc4d2f63038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 198.163156][T10105] RAX: ffffffffffffffda RBX: 00007fc4d23b5fa0 RCX: 00007fc4d218e969 [ 198.163171][T10105] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 198.163183][T10105] RBP: 00007fc4d2210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 198.163195][T10105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.163207][T10105] R13: 0000000000000000 R14: 00007fc4d23b5fa0 R15: 00007ffc460989a8 [ 198.163250][T10105] [ 198.326063][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 198.327399][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 198.559279][T10121] FAULT_INJECTION: forcing a failure. [ 198.559279][T10121] name failslab, interval 1, probability 0, space 0, times 0 [ 198.637645][T10121] CPU: 0 UID: 0 PID: 10121 Comm: syz.4.1432 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 198.637673][T10121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 198.637684][T10121] Call Trace: [ 198.637692][T10121] [ 198.637700][T10121] dump_stack_lvl+0x189/0x250 [ 198.637734][T10121] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.637760][T10121] ? __pfx__printk+0x10/0x10 [ 198.637784][T10121] ? __pfx___might_resched+0x10/0x10 [ 198.637800][T10121] ? fs_reclaim_acquire+0x7d/0x100 [ 198.637831][T10121] should_fail_ex+0x414/0x560 [ 198.637864][T10121] should_failslab+0xa8/0x100 [ 198.637899][T10121] __kmalloc_cache_noprof+0x70/0x3d0 [ 198.637919][T10121] ? register_netdevice+0x58b/0x1ae0 [ 198.637947][T10121] register_netdevice+0x58b/0x1ae0 [ 198.637978][T10121] ? alloc_netdev_mqs+0xc9e/0x11e0 [ 198.638001][T10121] ? rcu_is_watching+0x15/0xb0 [ 198.638027][T10121] ? __pfx_register_netdevice+0x10/0x10 [ 198.638053][T10121] ? __asan_memset+0x22/0x50 [ 198.638069][T10121] ? dev_addr_mod+0x2ce/0x3d0 [ 198.638096][T10121] ipvlan_link_new+0x407/0xa90 [ 198.638119][T10121] ? rtnl_create_link+0x9d5/0xd10 [ 198.638144][T10121] ? __pfx_ipvlan_link_new+0x10/0x10 [ 198.638198][T10121] rtnl_newlink_create+0x30d/0xb00 [ 198.638225][T10121] ? __pfx_aa_get_newest_label+0x10/0x10 [ 198.638249][T10121] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 198.638268][T10121] ? rtnl_newlink+0x8db/0x1c70 [ 198.638290][T10121] ? __pfx___mutex_lock+0x10/0x10 [ 198.638328][T10121] ? ns_capable+0x8a/0xf0 [ 198.638349][T10121] rtnl_newlink+0x16d6/0x1c70 [ 198.638370][T10121] ? __kasan_slab_free+0x62/0x70 [ 198.638403][T10121] ? __pfx_rtnl_newlink+0x10/0x10 [ 198.638453][T10121] ? kasan_quarantine_put+0xdd/0x220 [ 198.638474][T10121] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.638506][T10121] ? nlmon_xmit+0xb0/0x100 [ 198.638528][T10121] ? kmem_cache_free+0x192/0x3f0 [ 198.638559][T10121] ? __local_bh_enable_ip+0x12d/0x1c0 [ 198.638588][T10121] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.638614][T10121] ? __local_bh_enable_ip+0x12d/0x1c0 [ 198.638640][T10121] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 198.638675][T10121] ? aa_get_newest_label+0xf7/0x5d0 [ 198.638700][T10121] ? __lock_acquire+0xaac/0xd20 [ 198.638747][T10121] ? __pfx_rtnl_newlink+0x10/0x10 [ 198.638764][T10121] rtnetlink_rcv_msg+0x7cc/0xb70 [ 198.638785][T10121] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 198.638803][T10121] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 198.638823][T10121] ? ref_tracker_free+0x63a/0x7d0 [ 198.638839][T10121] ? __copy_skb_header+0xa7/0x550 [ 198.638871][T10121] netlink_rcv_skb+0x219/0x490 [ 198.638894][T10121] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 198.638915][T10121] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 198.638954][T10121] ? netlink_deliver_tap+0x2e/0x1b0 [ 198.638973][T10121] ? netlink_deliver_tap+0x2e/0x1b0 [ 198.638995][T10121] netlink_unicast+0x758/0x8d0 [ 198.639022][T10121] netlink_sendmsg+0x805/0xb30 [ 198.639049][T10121] ? __pfx_netlink_sendmsg+0x10/0x10 [ 198.639072][T10121] ? aa_sock_msg_perm+0x94/0x160 [ 198.639091][T10121] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 198.639112][T10121] ? __pfx_netlink_sendmsg+0x10/0x10 [ 198.639133][T10121] __sock_sendmsg+0x219/0x270 [ 198.639171][T10121] ____sys_sendmsg+0x505/0x830 [ 198.639198][T10121] ? __pfx_____sys_sendmsg+0x10/0x10 [ 198.639234][T10121] ? import_iovec+0x74/0xa0 [ 198.639260][T10121] ___sys_sendmsg+0x21f/0x2a0 [ 198.639285][T10121] ? __pfx____sys_sendmsg+0x10/0x10 [ 198.639345][T10121] ? __fget_files+0x2a/0x420 [ 198.639367][T10121] ? __fget_files+0x3a0/0x420 [ 198.639399][T10121] __x64_sys_sendmsg+0x19b/0x260 [ 198.639424][T10121] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 198.639464][T10121] ? do_syscall_64+0xba/0x210 [ 198.639494][T10121] do_syscall_64+0xf6/0x210 [ 198.639521][T10121] ? clear_bhb_loop+0x45/0xa0 [ 198.639543][T10121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.639559][T10121] RIP: 0033:0x7fc4d218e969 [ 198.639575][T10121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.639591][T10121] RSP: 002b:00007fc4d2f63038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 198.639609][T10121] RAX: ffffffffffffffda RBX: 00007fc4d23b5fa0 RCX: 00007fc4d218e969 [ 198.639622][T10121] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004 [ 198.639633][T10121] RBP: 00007fc4d2f63090 R08: 0000000000000000 R09: 0000000000000000 [ 198.639644][T10121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 198.639655][T10121] R13: 0000000000000000 R14: 00007fc4d23b5fa0 R15: 00007ffc460989a8 [ 198.639683][T10121] [ 199.261090][T10135] (unnamed net_device) (uninitialized): option packets_per_slave: invalid value (18446744073709551615) [ 199.272433][T10135] (unnamed net_device) (uninitialized): option packets_per_slave: allowed values 0 - 65535 [ 199.506901][T10148] __nla_validate_parse: 7 callbacks suppressed [ 199.506920][T10148] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1442'. [ 199.617539][T10158] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1449'. [ 199.634115][T10158] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1449'. [ 199.634159][T10156] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1447'. [ 199.656914][ T5910] lo speed is unknown, defaulting to 1000 [ 199.709892][T10165] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1450'. [ 199.730189][T10158] vlan3: entered allmulticast mode [ 199.735343][T10158] syz_tun: entered allmulticast mode [ 199.828215][T10165] vlan2: entered promiscuous mode [ 200.169872][T10185] mac80211_hwsim hwsim5 ªªªªª): renamed from wlan1 (while UP) [ 200.178746][T10192] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1462'. [ 200.445751][ C1] net_ratelimit: 2 callbacks suppressed [ 200.445768][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 200.445867][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 200.504791][T10208] bond0: entered promiscuous mode [ 200.524864][T10208] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 200.581775][T10208] bond0: left promiscuous mode [ 200.697724][T10218] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1470'. [ 200.717649][T10218] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1470'. [ 201.052625][T10235] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1477'. [ 201.098477][T10235] tipc: Enabling of bearer rejected, already enabled [ 201.300733][T10244] tipc: Enabled bearer , priority 0 [ 201.317106][T10236] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1475'. [ 201.334212][T10244] syzkaller0: entered promiscuous mode [ 201.389418][T10244] syzkaller0: entered allmulticast mode [ 201.401435][T10244] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 201.416503][T10244] tipc: Resetting bearer [ 201.424689][ T5839] Bluetooth: hci2: command 0x0406 tx timeout [ 201.430138][ T56] Bluetooth: hci3: command 0x0406 tx timeout [ 201.434592][ T5841] Bluetooth: hci1: command 0x0406 tx timeout [ 201.485593][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 201.486441][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 201.509963][T10243] tipc: Resetting bearer [ 201.567086][T10243] tipc: Disabling bearer [ 201.707072][T10251] nbd: socks must be embedded in a SOCK_ITEM attr [ 201.716728][T10251] block nbd0: shutting down sockets [ 201.734013][T10254] SET target dimension over the limit! [ 201.778988][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.807573][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.109323][T10268] netlink: zone id is out of range [ 202.119777][T10268] netlink: zone id is out of range [ 202.147431][T10268] netlink: zone id is out of range [ 202.161226][T10268] netlink: zone id is out of range [ 202.199922][T10268] netlink: zone id is out of range [ 202.229395][T10268] netlink: zone id is out of range [ 202.620397][T10284] lo speed is unknown, defaulting to 1000 [ 203.162752][T10304] dummy0: left allmulticast mode [ 203.168073][T10304] dummy0: left promiscuous mode [ 203.173333][T10304] bridge0: port 3(dummy0) entered disabled state [ 203.204869][T10304] bridge_slave_0: left allmulticast mode [ 203.222569][T10304] bridge_slave_0: left promiscuous mode [ 203.243203][T10304] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.272835][T10304] bond0: (slave bridge_slave_1): Releasing backup interface [ 203.304317][T10304] bridge_slave_1: left promiscuous mode [ 203.345805][T10304] bond0: (slave 2@ÿ): Releasing backup interface [ 203.366611][T10304] @ÿ: left promiscuous mode [ 203.401753][T10304] bond0: (slave bond_slave_1): Releasing backup interface [ 203.418865][T10304] bond_slave_1: left promiscuous mode [ 203.469608][T10304] team0: Port device team_slave_0 removed [ 203.500884][T10304] team0: Port device team_slave_1 removed [ 203.512331][T10304] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 203.520070][T10304] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 203.531997][T10304] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 203.540209][T10304] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 203.556292][T10304] bond0: (slave ªªªªª)): Releasing backup interface [ 203.564651][T10304] mac80211_hwsim hwsim5 ªªªªª): left promiscuous mode [ 203.740930][T10329] validate_nla: 1 callbacks suppressed [ 203.740952][T10329] netlink: 'syz.1.1502': attribute type 29 has an invalid length. [ 203.760899][T10329] netlink: 'syz.1.1502': attribute type 29 has an invalid length. [ 204.105200][T10349] tipc: Enabled bearer , priority 10 [ 204.253255][T10361] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 204.277673][T10364] veth0_to_bond: entered allmulticast mode [ 204.349774][T10371] netlink: 'syz.2.1512': attribute type 10 has an invalid length. [ 204.360755][T10361] lo speed is unknown, defaulting to 1000 [ 204.372774][T10371] bridge_slave_1: entered promiscuous mode [ 204.380492][T10371] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 204.649782][T10380] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 204.660729][T10380] CPU: 0 UID: 0 PID: 10380 Comm: syz.1.1518 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 204.660752][T10380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 204.660761][T10380] Call Trace: [ 204.660767][T10380] [ 204.660774][T10380] dump_stack_lvl+0x189/0x250 [ 204.660800][T10380] ? lockdep_hardirqs_on+0x9c/0x150 [ 204.660823][T10380] ? __pfx_dump_stack_lvl+0x10/0x10 [ 204.660844][T10380] ? __pfx__printk+0x10/0x10 [ 204.660861][T10380] ? kernfs_path_from_node+0x2b/0x260 [ 204.660889][T10380] ? kernfs_path_from_node+0x216/0x260 [ 204.660912][T10380] sysfs_warn_dup+0x8e/0xa0 [ 204.660931][T10380] sysfs_do_create_link_sd+0xc0/0x110 [ 204.660953][T10380] device_add_class_symlinks+0x1cf/0x240 [ 204.660975][T10380] device_add+0x475/0xb50 [ 204.660994][T10380] wiphy_register+0x199a/0x26b0 [ 204.661022][T10380] ? __pfx_wiphy_register+0x10/0x10 [ 204.661035][T10380] ? minstrel_ht_alloc+0x893/0x990 [ 204.661058][T10380] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 204.661079][T10380] ieee80211_register_hw+0x334b/0x4060 [ 204.661109][T10380] ? ieee80211_register_hw+0x14b1/0x4060 [ 204.661135][T10380] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 204.661158][T10380] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 204.661183][T10380] ? __hrtimer_setup+0x187/0x210 [ 204.661221][T10380] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 204.661239][T10380] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 204.661298][T10380] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 204.661328][T10380] ? trace_kmalloc+0x1f/0xd0 [ 204.661351][T10380] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 204.661377][T10380] ? kstrndup+0xbf/0x160 [ 204.661409][T10380] hwsim_new_radio_nl+0xea4/0x1b10 [ 204.661444][T10380] ? __pfx___nla_validate_parse+0x10/0x10 [ 204.661478][T10380] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 204.661503][T10380] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 204.661533][T10380] ? __nla_parse+0x40/0x60 [ 204.661553][T10380] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 204.661582][T10380] genl_family_rcv_msg_doit+0x212/0x300 [ 204.661614][T10380] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 204.661660][T10380] ? bpf_lsm_capable+0x9/0x20 [ 204.661688][T10380] ? security_capable+0x7e/0x2e0 [ 204.661718][T10380] genl_rcv_msg+0x60e/0x790 [ 204.661744][T10380] ? __pfx_genl_rcv_msg+0x10/0x10 [ 204.661764][T10380] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 204.661798][T10380] netlink_rcv_skb+0x219/0x490 [ 204.661815][T10380] ? __pfx_genl_rcv_msg+0x10/0x10 [ 204.661838][T10380] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 204.661873][T10380] ? down_read+0x1ad/0x2e0 [ 204.661895][T10380] genl_rcv+0x28/0x40 [ 204.661914][T10380] netlink_unicast+0x758/0x8d0 [ 204.661938][T10380] netlink_sendmsg+0x805/0xb30 [ 204.661963][T10380] ? __pfx_netlink_sendmsg+0x10/0x10 [ 204.661983][T10380] ? aa_sock_msg_perm+0x94/0x160 [ 204.662000][T10380] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 204.662017][T10380] ? __pfx_netlink_sendmsg+0x10/0x10 [ 204.662035][T10380] __sock_sendmsg+0x219/0x270 [ 204.662061][T10380] ____sys_sendmsg+0x505/0x830 [ 204.662085][T10380] ? __pfx_____sys_sendmsg+0x10/0x10 [ 204.662112][T10380] ? import_iovec+0x74/0xa0 [ 204.662135][T10380] ___sys_sendmsg+0x21f/0x2a0 [ 204.662157][T10380] ? __pfx____sys_sendmsg+0x10/0x10 [ 204.662205][T10380] ? __fget_files+0x2a/0x420 [ 204.662225][T10380] ? __fget_files+0x3a0/0x420 [ 204.662253][T10380] __x64_sys_sendmsg+0x19b/0x260 [ 204.662274][T10380] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 204.662308][T10380] ? do_syscall_64+0xba/0x210 [ 204.662344][T10380] do_syscall_64+0xf6/0x210 [ 204.662366][T10380] ? clear_bhb_loop+0x45/0xa0 [ 204.662395][T10380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.662409][T10380] RIP: 0033:0x7ffba1f8e969 [ 204.662421][T10380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.662440][T10380] RSP: 002b:00007ffba2d2a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 204.662460][T10380] RAX: ffffffffffffffda RBX: 00007ffba21b5fa0 RCX: 00007ffba1f8e969 [ 204.662474][T10380] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 204.662486][T10380] RBP: 00007ffba2010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 204.662498][T10380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 204.662509][T10380] R13: 0000000000000000 R14: 00007ffba21b5fa0 R15: 00007ffe1980a3a8 [ 204.662540][T10380] [ 205.117182][T10382] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 205.125643][T10382] CPU: 1 UID: 0 PID: 10382 Comm: syz.3.1519 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 205.125670][T10382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 205.125682][T10382] Call Trace: [ 205.125689][T10382] [ 205.125697][T10382] dump_stack_lvl+0x189/0x250 [ 205.125731][T10382] ? lockdep_hardirqs_on+0x9c/0x150 [ 205.125759][T10382] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.125787][T10382] ? __pfx__printk+0x10/0x10 [ 205.125810][T10382] ? kernfs_path_from_node+0x2b/0x260 [ 205.125847][T10382] ? kernfs_path_from_node+0x216/0x260 [ 205.125895][T10382] sysfs_warn_dup+0x8e/0xa0 [ 205.125922][T10382] sysfs_do_create_link_sd+0xc0/0x110 [ 205.125951][T10382] device_add_class_symlinks+0x1cf/0x240 [ 205.125979][T10382] device_add+0x475/0xb50 [ 205.126005][T10382] wiphy_register+0x199a/0x26b0 [ 205.126041][T10382] ? __pfx_wiphy_register+0x10/0x10 [ 205.126058][T10382] ? minstrel_ht_alloc+0x893/0x990 [ 205.126089][T10382] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 205.126115][T10382] ieee80211_register_hw+0x334b/0x4060 [ 205.126156][T10382] ? ieee80211_register_hw+0x14b1/0x4060 [ 205.126193][T10382] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 205.126222][T10382] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 205.126256][T10382] ? __hrtimer_setup+0x187/0x210 [ 205.126284][T10382] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 205.126309][T10382] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 205.126373][T10382] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 205.126402][T10382] ? trace_kmalloc+0x1f/0xd0 [ 205.126422][T10382] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 205.126448][T10382] ? kstrndup+0xbf/0x160 [ 205.126478][T10382] hwsim_new_radio_nl+0xea4/0x1b10 [ 205.126524][T10382] ? __pfx___nla_validate_parse+0x10/0x10 [ 205.126565][T10382] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 205.126597][T10382] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 205.126641][T10382] ? __nla_parse+0x40/0x60 [ 205.126661][T10382] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 205.126691][T10382] genl_family_rcv_msg_doit+0x212/0x300 [ 205.126719][T10382] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 205.126761][T10382] ? bpf_lsm_capable+0x9/0x20 [ 205.126784][T10382] ? security_capable+0x7e/0x2e0 [ 205.126817][T10382] genl_rcv_msg+0x60e/0x790 [ 205.126859][T10382] ? __pfx_genl_rcv_msg+0x10/0x10 [ 205.126882][T10382] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 205.126919][T10382] netlink_rcv_skb+0x219/0x490 [ 205.126937][T10382] ? __pfx_genl_rcv_msg+0x10/0x10 [ 205.126963][T10382] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 205.127005][T10382] ? down_read+0x1ad/0x2e0 [ 205.127023][T10382] genl_rcv+0x28/0x40 [ 205.127043][T10382] netlink_unicast+0x758/0x8d0 [ 205.127071][T10382] netlink_sendmsg+0x805/0xb30 [ 205.127099][T10382] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.127121][T10382] ? aa_sock_msg_perm+0x94/0x160 [ 205.127142][T10382] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 205.127161][T10382] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.127182][T10382] __sock_sendmsg+0x219/0x270 [ 205.127211][T10382] ____sys_sendmsg+0x505/0x830 [ 205.127238][T10382] ? __pfx_____sys_sendmsg+0x10/0x10 [ 205.127269][T10382] ? import_iovec+0x74/0xa0 [ 205.127294][T10382] ___sys_sendmsg+0x21f/0x2a0 [ 205.127318][T10382] ? __pfx____sys_sendmsg+0x10/0x10 [ 205.127384][T10382] ? __fget_files+0x2a/0x420 [ 205.127406][T10382] ? __fget_files+0x3a0/0x420 [ 205.127438][T10382] __x64_sys_sendmsg+0x19b/0x260 [ 205.127461][T10382] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 205.127500][T10382] ? do_syscall_64+0xba/0x210 [ 205.127528][T10382] do_syscall_64+0xf6/0x210 [ 205.127553][T10382] ? clear_bhb_loop+0x45/0xa0 [ 205.127574][T10382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.127590][T10382] RIP: 0033:0x7fae9d58e969 [ 205.127609][T10382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.127624][T10382] RSP: 002b:00007fae9e470038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 205.127642][T10382] RAX: ffffffffffffffda RBX: 00007fae9d7b5fa0 RCX: 00007fae9d58e969 [ 205.127656][T10382] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 205.127667][T10382] RBP: 00007fae9d610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 205.127678][T10382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 205.127688][T10382] R13: 0000000000000000 R14: 00007fae9d7b5fa0 R15: 00007ffd264b5338 [ 205.127718][T10382] [ 205.645626][ C1] net_ratelimit: 86 callbacks suppressed [ 205.645644][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 205.646020][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 205.819736][T10394] netlink: 'syz.3.1524': attribute type 1 has an invalid length. [ 206.022375][T10394] 8021q: adding VLAN 0 to HW filter on device bond1 [ 206.069460][T10399] bond1: (slave ip6gretap1): making interface the new active one [ 206.080494][T10399] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 206.111284][T10412] FAULT_INJECTION: forcing a failure. [ 206.111284][T10412] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 206.131826][T10412] CPU: 0 UID: 0 PID: 10412 Comm: syz.0.1527 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 206.131856][T10412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 206.131868][T10412] Call Trace: [ 206.131877][T10412] [ 206.131885][T10412] dump_stack_lvl+0x189/0x250 [ 206.131923][T10412] ? __pfx_dump_stack_lvl+0x10/0x10 [ 206.131952][T10412] ? __pfx__printk+0x10/0x10 [ 206.131986][T10412] should_fail_ex+0x414/0x560 [ 206.132025][T10412] _copy_to_user+0x31/0xb0 [ 206.132055][T10412] simple_read_from_buffer+0xe1/0x170 [ 206.132085][T10412] proc_fail_nth_read+0x1df/0x250 [ 206.132117][T10412] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 206.132148][T10412] ? rw_verify_area+0x258/0x650 [ 206.132170][T10412] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 206.132200][T10412] vfs_read+0x1fd/0x980 [ 206.132227][T10412] ? __pfx___mutex_lock+0x10/0x10 [ 206.132258][T10412] ? __pfx_vfs_read+0x10/0x10 [ 206.132282][T10412] ? __fget_files+0x2a/0x420 [ 206.132312][T10412] ? __fget_files+0x3a0/0x420 [ 206.132351][T10412] ? __fget_files+0x2a/0x420 [ 206.132384][T10412] ksys_read+0x145/0x250 [ 206.132416][T10412] ? rcu_is_watching+0x15/0xb0 [ 206.132445][T10412] ? __pfx_ksys_read+0x10/0x10 [ 206.132468][T10412] ? do_syscall_64+0xba/0x210 [ 206.132498][T10412] do_syscall_64+0xf6/0x210 [ 206.132526][T10412] ? clear_bhb_loop+0x45/0xa0 [ 206.132549][T10412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.132566][T10412] RIP: 0033:0x7f6c88b8d37c [ 206.132582][T10412] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 206.132598][T10412] RSP: 002b:00007f6c869f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 206.132617][T10412] RAX: ffffffffffffffda RBX: 00007f6c88db6080 RCX: 00007f6c88b8d37c [ 206.132630][T10412] RDX: 000000000000000f RSI: 00007f6c869f60a0 RDI: 0000000000000005 [ 206.132641][T10412] RBP: 00007f6c869f6090 R08: 0000000000000000 R09: 0000000000000000 [ 206.132652][T10412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 206.132663][T10412] R13: 0000000000000000 R14: 00007f6c88db6080 R15: 00007fff186b50f8 [ 206.132692][T10412] [ 206.146714][T10406] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 206.389845][T10407] lo speed is unknown, defaulting to 1000 [ 206.513801][T10426] __nla_validate_parse: 6 callbacks suppressed [ 206.513821][T10426] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1533'. [ 206.685604][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 206.685793][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 207.167042][T10454] nbd: socks must be embedded in a SOCK_ITEM attr [ 207.182398][T10454] block nbd0: shutting down sockets [ 207.230166][T10463] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 207.475395][T10479] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1556'. [ 207.695894][T10487] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1560'. [ 207.725768][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 207.726242][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 207.758327][T10487] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1560'. [ 208.060514][T10485] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1559'. [ 208.304069][ T30] audit: type=1800 audit(1746158242.393:6): pid=10485 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1559" name="cgroup.controllers" dev="tmpfs" ino=1640 res=0 errno=0 [ 208.367202][T10518] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1570'. [ 208.442308][T10524] netlink: 'syz.3.1573': attribute type 10 has an invalid length. [ 208.604368][T10535] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 208.717112][T10538] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 208.765671][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 208.819050][T10543] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1581'. [ 208.825817][T10544] netlink: 'syz.3.1580': attribute type 29 has an invalid length. [ 208.910938][T10549] netlink: 500 bytes leftover after parsing attributes in process `syz.3.1580'. [ 208.924288][T10544] netlink: 'syz.3.1580': attribute type 29 has an invalid length. [ 209.146640][T10559] bond0: entered promiscuous mode [ 209.297743][T10567] xt_CT: No such helper "pptp" [ 209.515279][T10584] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.524916][T10584] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.545941][T10584] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.555026][T10584] geneve3: entered promiscuous mode [ 209.615109][T10579] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.649970][T10586] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 209.709144][T10598] IPVS: Error joining to the multicast group [ 209.803047][T10579] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.805893][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 210.014576][T10579] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.133781][T10613] netlink: 'syz.2.1605': attribute type 27 has an invalid length. [ 210.187050][T10579] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.238694][T10579] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.263655][T10579] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.300933][T10579] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.378016][T10626] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1610'. [ 210.394299][T10626] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1610'. [ 210.845678][ C0] net_ratelimit: 1 callbacks suppressed [ 210.845695][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 210.845977][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 211.216679][T10680] tipc: Enabled bearer , priority 0 [ 211.240624][T10680] syzkaller0: entered promiscuous mode [ 211.261490][T10680] syzkaller0: entered allmulticast mode [ 211.319788][T10680] tipc: Resetting bearer [ 211.335819][T10679] tipc: Resetting bearer [ 211.369699][T10679] tipc: Disabling bearer [ 211.539421][T10699] __nla_validate_parse: 6 callbacks suppressed [ 211.539439][T10699] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1636'. [ 211.827964][T10707] lo speed is unknown, defaulting to 1000 [ 211.883330][T10717] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1643'. [ 211.886075][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 211.893017][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 211.913921][T10717] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1643'. [ 211.929757][T10717] netlink: 'syz.0.1643': attribute type 13 has an invalid length. [ 211.942081][T10717] netlink: 'syz.0.1643': attribute type 17 has an invalid length. [ 212.012565][T10717] lo: left allmulticast mode [ 212.111366][T10717] bond0: left promiscuous mode [ 212.121610][T10717] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.144476][T10717] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 212.181153][T10727] tipc: Enabled bearer , priority 0 [ 212.191162][T10724] syzkaller0: entered promiscuous mode [ 212.200550][T10724] syzkaller0: entered allmulticast mode [ 212.231825][T10724] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 212.291706][T10724] tipc: Resetting bearer [ 212.314245][T10722] tipc: Resetting bearer [ 212.406525][T10722] tipc: Disabling bearer [ 212.423639][T10732] netlink: 'syz.0.1647': attribute type 29 has an invalid length. [ 212.502383][T10732] netlink: 500 bytes leftover after parsing attributes in process `syz.0.1647'. [ 212.584923][T10736] netlink: 'syz.0.1647': attribute type 29 has an invalid length. [ 212.636518][T10740] bond0: entered promiscuous mode [ 212.656538][T10740] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 212.720913][T10740] bond0: left promiscuous mode [ 212.757124][T10750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1651'. [ 212.771409][T10748] xt_hashlimit: overflow, rate too high: 1125899906842624 [ 212.812831][T10753] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1654'. [ 212.924448][T10756] netlink: 'syz.4.1655': attribute type 27 has an invalid length. [ 212.926015][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 212.932592][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 213.096658][T10767] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1660'. [ 213.135992][T10767] batadv_slave_1: entered promiscuous mode [ 213.325342][T10784] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1666'. [ 213.350128][T10784] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1666'. [ 213.383594][T10790] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 213.388664][T10785] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1666'. [ 213.394832][T10790] CPU: 0 UID: 0 PID: 10790 Comm: syz.2.1667 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 213.394862][T10790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 213.394876][T10790] Call Trace: [ 213.394884][T10790] [ 213.394893][T10790] dump_stack_lvl+0x189/0x250 [ 213.394929][T10790] ? lockdep_hardirqs_on+0x9c/0x150 [ 213.394960][T10790] ? __pfx_dump_stack_lvl+0x10/0x10 [ 213.395006][T10790] ? __pfx__printk+0x10/0x10 [ 213.395032][T10790] ? kernfs_path_from_node+0x2b/0x260 [ 213.395065][T10790] ? kernfs_path_from_node+0x216/0x260 [ 213.395099][T10790] sysfs_warn_dup+0x8e/0xa0 [ 213.395126][T10790] sysfs_do_create_link_sd+0xc0/0x110 [ 213.395158][T10790] device_add_class_symlinks+0x1cf/0x240 [ 213.395188][T10790] device_add+0x475/0xb50 [ 213.395218][T10790] wiphy_register+0x199a/0x26b0 [ 213.395262][T10790] ? __pfx_wiphy_register+0x10/0x10 [ 213.395281][T10790] ? minstrel_ht_alloc+0x893/0x990 [ 213.395315][T10790] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 213.395345][T10790] ieee80211_register_hw+0x334b/0x4060 [ 213.395391][T10790] ? ieee80211_register_hw+0x14b1/0x4060 [ 213.395432][T10790] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 213.395465][T10790] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 213.395504][T10790] ? __hrtimer_setup+0x187/0x210 [ 213.395540][T10790] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 213.395567][T10790] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 213.395639][T10790] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 213.395669][T10790] ? trace_kmalloc+0x1f/0xd0 [ 213.395692][T10790] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 213.395720][T10790] ? kstrndup+0xbf/0x160 [ 213.395753][T10790] hwsim_new_radio_nl+0xea4/0x1b10 [ 213.395788][T10790] ? __pfx___nla_validate_parse+0x10/0x10 [ 213.395838][T10790] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 213.395887][T10790] ? __nla_parse+0x40/0x60 [ 213.395915][T10790] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 213.395959][T10790] genl_family_rcv_msg_doit+0x212/0x300 [ 213.395999][T10790] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 213.396046][T10790] ? bpf_lsm_capable+0x9/0x20 [ 213.396078][T10790] ? security_capable+0x7e/0x2e0 [ 213.396110][T10790] genl_rcv_msg+0x60e/0x790 [ 213.396148][T10790] ? __pfx_genl_rcv_msg+0x10/0x10 [ 213.396178][T10790] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 213.396227][T10790] netlink_rcv_skb+0x219/0x490 [ 213.396252][T10790] ? __pfx_genl_rcv_msg+0x10/0x10 [ 213.396283][T10790] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 213.396337][T10790] ? down_read+0x1ad/0x2e0 [ 213.396361][T10790] genl_rcv+0x28/0x40 [ 213.396387][T10790] netlink_unicast+0x758/0x8d0 [ 213.396423][T10790] netlink_sendmsg+0x805/0xb30 [ 213.396459][T10790] ? __pfx_netlink_sendmsg+0x10/0x10 [ 213.396489][T10790] ? aa_sock_msg_perm+0x94/0x160 [ 213.396514][T10790] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 213.396537][T10790] ? __pfx_netlink_sendmsg+0x10/0x10 [ 213.396571][T10790] __sock_sendmsg+0x219/0x270 [ 213.396607][T10790] ____sys_sendmsg+0x505/0x830 [ 213.396640][T10790] ? __pfx_____sys_sendmsg+0x10/0x10 [ 213.396678][T10790] ? import_iovec+0x74/0xa0 [ 213.396709][T10790] ___sys_sendmsg+0x21f/0x2a0 [ 213.396738][T10790] ? __pfx____sys_sendmsg+0x10/0x10 [ 213.396807][T10790] ? __fget_files+0x2a/0x420 [ 213.396838][T10790] ? __fget_files+0x3a0/0x420 [ 213.396876][T10790] __x64_sys_sendmsg+0x19b/0x260 [ 213.396907][T10790] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 213.396955][T10790] ? do_syscall_64+0xba/0x210 [ 213.396991][T10790] do_syscall_64+0xf6/0x210 [ 213.397021][T10790] ? clear_bhb_loop+0x45/0xa0 [ 213.397047][T10790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.397066][T10790] RIP: 0033:0x7fd48598e969 [ 213.397085][T10790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.397103][T10790] RSP: 002b:00007fd48675f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 213.397125][T10790] RAX: ffffffffffffffda RBX: 00007fd485bb5fa0 RCX: 00007fd48598e969 [ 213.397141][T10790] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 213.397154][T10790] RBP: 00007fd485a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 213.397166][T10790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 213.397179][T10790] R13: 0000000000000000 R14: 00007fd485bb5fa0 R15: 00007ffe107e0238 [ 213.397213][T10790] [ 213.965940][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 213.965970][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 214.155264][T10814] pim6reg1: entered promiscuous mode [ 214.161070][T10814] pim6reg1: entered allmulticast mode [ 214.424470][T10823] lo speed is unknown, defaulting to 1000 [ 214.647754][T10832] nbd: socks must be embedded in a SOCK_ITEM attr [ 214.665829][T10832] block nbd0: shutting down sockets [ 214.985098][T10841] netlink: 'syz.1.1685': attribute type 29 has an invalid length. [ 215.005900][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 215.022748][T10841] netlink: 'syz.1.1685': attribute type 29 has an invalid length. [ 215.265143][T10846] SET target dimension over the limit! [ 215.750824][T10879] tipc: Enabled bearer , priority 10 [ 215.968236][T10892] lo speed is unknown, defaulting to 1000 [ 216.046099][ C1] net_ratelimit: 2 callbacks suppressed [ 216.046117][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 216.046482][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 216.110302][T10900] tipc: Enabled bearer , priority 0 [ 216.127292][T10900] syzkaller0: entered promiscuous mode [ 216.132808][T10900] syzkaller0: entered allmulticast mode [ 216.194085][T10900] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 216.235220][T10900] tipc: Resetting bearer [ 216.255091][T10899] tipc: Resetting bearer [ 216.308071][T10899] tipc: Disabling bearer [ 216.509040][T10913] erspan0: entered promiscuous mode [ 216.541958][T10913] erspan0: left promiscuous mode [ 216.559030][T10918] __nla_validate_parse: 7 callbacks suppressed [ 216.559050][T10918] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1714'. [ 216.600027][T10911] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1706'. [ 217.085670][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 217.085982][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 217.097608][T10948] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1724'. [ 217.490605][T10966] vlan2: entered allmulticast mode [ 217.507589][T10966] bond0: entered allmulticast mode [ 217.670625][T10978] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1727'. [ 217.939079][ T30] audit: type=1800 audit(1746158252.003:7): pid=10963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1727" name="cgroup.controllers" dev="tmpfs" ino=1576 res=0 errno=0 [ 218.056398][T10983] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 218.064094][T10983] CPU: 0 UID: 0 PID: 10983 Comm: syz.1.1732 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 218.064120][T10983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 218.064133][T10983] Call Trace: [ 218.064141][T10983] [ 218.064149][T10983] dump_stack_lvl+0x189/0x250 [ 218.064183][T10983] ? lockdep_hardirqs_on+0x9c/0x150 [ 218.064212][T10983] ? __pfx_dump_stack_lvl+0x10/0x10 [ 218.064240][T10983] ? __pfx__printk+0x10/0x10 [ 218.064264][T10983] ? kernfs_path_from_node+0x2b/0x260 [ 218.064293][T10983] ? kernfs_path_from_node+0x216/0x260 [ 218.064324][T10983] sysfs_warn_dup+0x8e/0xa0 [ 218.064348][T10983] sysfs_do_create_link_sd+0xc0/0x110 [ 218.064376][T10983] device_add_class_symlinks+0x1cf/0x240 [ 218.064402][T10983] device_add+0x475/0xb50 [ 218.064427][T10983] wiphy_register+0x199a/0x26b0 [ 218.064464][T10983] ? __pfx_wiphy_register+0x10/0x10 [ 218.064481][T10983] ? minstrel_ht_alloc+0x893/0x990 [ 218.064512][T10983] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 218.064538][T10983] ieee80211_register_hw+0x334b/0x4060 [ 218.064578][T10983] ? ieee80211_register_hw+0x14b1/0x4060 [ 218.064613][T10983] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 218.064640][T10983] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 218.064680][T10983] ? __hrtimer_setup+0x187/0x210 [ 218.064708][T10983] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 218.064732][T10983] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 218.064793][T10983] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 218.064819][T10983] ? trace_kmalloc+0x1f/0xd0 [ 218.064839][T10983] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 218.064863][T10983] ? kstrndup+0xbf/0x160 [ 218.064890][T10983] hwsim_new_radio_nl+0xea4/0x1b10 [ 218.064922][T10983] ? __pfx___nla_validate_parse+0x10/0x10 [ 218.064960][T10983] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 218.065004][T10983] ? __nla_parse+0x40/0x60 [ 218.065030][T10983] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 218.065067][T10983] genl_family_rcv_msg_doit+0x212/0x300 [ 218.065103][T10983] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 218.065145][T10983] ? bpf_lsm_capable+0x9/0x20 [ 218.065169][T10983] ? security_capable+0x7e/0x2e0 [ 218.065196][T10983] genl_rcv_msg+0x60e/0x790 [ 218.065231][T10983] ? __pfx_genl_rcv_msg+0x10/0x10 [ 218.065256][T10983] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 218.065300][T10983] netlink_rcv_skb+0x219/0x490 [ 218.065322][T10983] ? __pfx_genl_rcv_msg+0x10/0x10 [ 218.065351][T10983] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 218.065398][T10983] ? down_read+0x1ad/0x2e0 [ 218.065418][T10983] genl_rcv+0x28/0x40 [ 218.065461][T10983] netlink_unicast+0x758/0x8d0 [ 218.065493][T10983] netlink_sendmsg+0x805/0xb30 [ 218.065529][T10983] ? __pfx_netlink_sendmsg+0x10/0x10 [ 218.065557][T10983] ? aa_sock_msg_perm+0x94/0x160 [ 218.065579][T10983] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 218.065600][T10983] ? __pfx_netlink_sendmsg+0x10/0x10 [ 218.065623][T10983] __sock_sendmsg+0x219/0x270 [ 218.065659][T10983] ____sys_sendmsg+0x505/0x830 [ 218.065699][T10983] ? __pfx_____sys_sendmsg+0x10/0x10 [ 218.065737][T10983] ? import_iovec+0x74/0xa0 [ 218.065769][T10983] ___sys_sendmsg+0x21f/0x2a0 [ 218.065798][T10983] ? __pfx____sys_sendmsg+0x10/0x10 [ 218.065867][T10983] ? __fget_files+0x2a/0x420 [ 218.065892][T10983] ? __fget_files+0x3a0/0x420 [ 218.065930][T10983] __x64_sys_sendmsg+0x19b/0x260 [ 218.065961][T10983] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 218.066007][T10983] ? do_syscall_64+0xba/0x210 [ 218.066042][T10983] do_syscall_64+0xf6/0x210 [ 218.066073][T10983] ? clear_bhb_loop+0x45/0xa0 [ 218.066098][T10983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.066116][T10983] RIP: 0033:0x7ffba1f8e969 [ 218.066135][T10983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.066152][T10983] RSP: 002b:00007ffba2d2a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 218.066174][T10983] RAX: ffffffffffffffda RBX: 00007ffba21b5fa0 RCX: 00007ffba1f8e969 [ 218.066188][T10983] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 218.066200][T10983] RBP: 00007ffba2010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 218.066211][T10983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 218.066222][T10983] R13: 0000000000000000 R14: 00007ffba21b5fa0 R15: 00007ffe1980a3a8 [ 218.066255][T10983] [ 218.126020][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 218.130734][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 218.588922][T10991] netlink: 112 bytes leftover after parsing attributes in process `syz.3.1736'. [ 218.716671][T10997] tc_dump_action: action bad kind [ 218.739019][T10997] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1739'. [ 218.999177][T11018] xt_TCPMSS: Only works on TCP SYN packets [ 219.093121][T11022] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1750'. [ 219.165709][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 219.165748][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 219.191529][T11029] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 219.204821][T11029] CPU: 0 UID: 0 PID: 11029 Comm: syz.2.1753 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 219.204849][T11029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 219.204862][T11029] Call Trace: [ 219.204870][T11029] [ 219.204878][T11029] dump_stack_lvl+0x189/0x250 [ 219.204913][T11029] ? lockdep_hardirqs_on+0x9c/0x150 [ 219.204941][T11029] ? __pfx_dump_stack_lvl+0x10/0x10 [ 219.204967][T11029] ? __pfx__printk+0x10/0x10 [ 219.204989][T11029] ? kernfs_path_from_node+0x2b/0x260 [ 219.205017][T11029] ? kernfs_path_from_node+0x216/0x260 [ 219.205045][T11029] sysfs_warn_dup+0x8e/0xa0 [ 219.205070][T11029] sysfs_do_create_link_sd+0xc0/0x110 [ 219.205098][T11029] device_add_class_symlinks+0x1cf/0x240 [ 219.205126][T11029] device_add+0x475/0xb50 [ 219.205152][T11029] wiphy_register+0x199a/0x26b0 [ 219.205200][T11029] ? __pfx_wiphy_register+0x10/0x10 [ 219.205216][T11029] ? minstrel_ht_alloc+0x893/0x990 [ 219.205245][T11029] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 219.205270][T11029] ieee80211_register_hw+0x334b/0x4060 [ 219.205307][T11029] ? ieee80211_register_hw+0x14b1/0x4060 [ 219.205340][T11029] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 219.205367][T11029] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 219.205397][T11029] ? __hrtimer_setup+0x187/0x210 [ 219.205423][T11029] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 219.205445][T11029] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 219.205502][T11029] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 219.205530][T11029] ? trace_kmalloc+0x1f/0xd0 [ 219.205556][T11029] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 219.205579][T11029] ? kstrndup+0xbf/0x160 [ 219.205605][T11029] hwsim_new_radio_nl+0xea4/0x1b10 [ 219.205632][T11029] ? __pfx___nla_validate_parse+0x10/0x10 [ 219.205668][T11029] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 219.205708][T11029] ? __nla_parse+0x40/0x60 [ 219.205733][T11029] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 219.205769][T11029] genl_family_rcv_msg_doit+0x212/0x300 [ 219.205802][T11029] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 219.205842][T11029] ? bpf_lsm_capable+0x9/0x20 [ 219.205865][T11029] ? security_capable+0x7e/0x2e0 [ 219.205890][T11029] genl_rcv_msg+0x60e/0x790 [ 219.205921][T11029] ? __pfx_genl_rcv_msg+0x10/0x10 [ 219.205945][T11029] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 219.205986][T11029] netlink_rcv_skb+0x219/0x490 [ 219.206006][T11029] ? __pfx_genl_rcv_msg+0x10/0x10 [ 219.206032][T11029] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 219.206077][T11029] ? down_read+0x1ad/0x2e0 [ 219.206095][T11029] genl_rcv+0x28/0x40 [ 219.206118][T11029] netlink_unicast+0x758/0x8d0 [ 219.206147][T11029] netlink_sendmsg+0x805/0xb30 [ 219.206177][T11029] ? __pfx_netlink_sendmsg+0x10/0x10 [ 219.206201][T11029] ? aa_sock_msg_perm+0x94/0x160 [ 219.206221][T11029] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 219.206240][T11029] ? __pfx_netlink_sendmsg+0x10/0x10 [ 219.206261][T11029] __sock_sendmsg+0x219/0x270 [ 219.206292][T11029] ____sys_sendmsg+0x505/0x830 [ 219.206321][T11029] ? __pfx_____sys_sendmsg+0x10/0x10 [ 219.206354][T11029] ? import_iovec+0x74/0xa0 [ 219.206382][T11029] ___sys_sendmsg+0x21f/0x2a0 [ 219.206408][T11029] ? __pfx____sys_sendmsg+0x10/0x10 [ 219.206469][T11029] ? __fget_files+0x2a/0x420 [ 219.206491][T11029] ? __fget_files+0x3a0/0x420 [ 219.206524][T11029] __x64_sys_sendmsg+0x19b/0x260 [ 219.206557][T11029] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 219.206599][T11029] ? do_syscall_64+0xba/0x210 [ 219.206630][T11029] do_syscall_64+0xf6/0x210 [ 219.206657][T11029] ? clear_bhb_loop+0x45/0xa0 [ 219.206678][T11029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.206695][T11029] RIP: 0033:0x7fd48598e969 [ 219.206711][T11029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.206725][T11029] RSP: 002b:00007fd48675f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 219.206743][T11029] RAX: ffffffffffffffda RBX: 00007fd485bb5fa0 RCX: 00007fd48598e969 [ 219.206757][T11029] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 219.206768][T11029] RBP: 00007fd485a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 219.206779][T11029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 219.206789][T11029] R13: 0000000000000000 R14: 00007fd485bb5fa0 R15: 00007ffe107e0238 [ 219.206819][T11029] [ 219.779239][T11043] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1758'. [ 219.922246][T11046] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1760'. [ 219.998637][T11046] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1760'. [ 220.107934][T11046] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.205889][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 220.206091][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 220.304521][T11090] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌÌUvy¸ÚØ¢…D£øUDŒw˜' [ 220.324134][T11090] CPU: 0 UID: 0 PID: 11090 Comm: syz.4.1770 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 220.324162][T11090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 220.324174][T11090] Call Trace: [ 220.324182][T11090] [ 220.324191][T11090] dump_stack_lvl+0x189/0x250 [ 220.324224][T11090] ? lockdep_hardirqs_on+0x9c/0x150 [ 220.324254][T11090] ? __pfx_dump_stack_lvl+0x10/0x10 [ 220.324281][T11090] ? __pfx__printk+0x10/0x10 [ 220.324306][T11090] ? kernfs_path_from_node+0x2b/0x260 [ 220.324336][T11090] ? kernfs_path_from_node+0x216/0x260 [ 220.324365][T11090] sysfs_warn_dup+0x8e/0xa0 [ 220.324391][T11090] sysfs_do_create_link_sd+0xc0/0x110 [ 220.324419][T11090] device_add_class_symlinks+0x1cf/0x240 [ 220.324446][T11090] device_add+0x475/0xb50 [ 220.324483][T11090] wiphy_register+0x199a/0x26b0 [ 220.324523][T11090] ? __pfx_wiphy_register+0x10/0x10 [ 220.324539][T11090] ? minstrel_ht_alloc+0x893/0x990 [ 220.324570][T11090] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 220.324598][T11090] ieee80211_register_hw+0x334b/0x4060 [ 220.324637][T11090] ? ieee80211_register_hw+0x14b1/0x4060 [ 220.324672][T11090] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 220.324699][T11090] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 220.324731][T11090] ? __hrtimer_setup+0x187/0x210 [ 220.324757][T11090] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 220.324781][T11090] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 220.324842][T11090] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 220.324870][T11090] ? trace_kmalloc+0x1f/0xd0 [ 220.324890][T11090] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 220.324914][T11090] ? kstrndup+0xbf/0x160 [ 220.324942][T11090] hwsim_new_radio_nl+0xea4/0x1b10 [ 220.324972][T11090] ? __pfx___nla_validate_parse+0x10/0x10 [ 220.325010][T11090] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 220.325052][T11090] ? __nla_parse+0x40/0x60 [ 220.325078][T11090] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 220.325113][T11090] genl_family_rcv_msg_doit+0x212/0x300 [ 220.325147][T11090] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 220.325186][T11090] ? bpf_lsm_capable+0x9/0x20 [ 220.325210][T11090] ? security_capable+0x7e/0x2e0 [ 220.325236][T11090] genl_rcv_msg+0x60e/0x790 [ 220.325268][T11090] ? __pfx_genl_rcv_msg+0x10/0x10 [ 220.325294][T11090] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 220.325337][T11090] netlink_rcv_skb+0x219/0x490 [ 220.325359][T11090] ? __pfx_genl_rcv_msg+0x10/0x10 [ 220.325385][T11090] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 220.325432][T11090] ? down_read+0x1ad/0x2e0 [ 220.325452][T11090] genl_rcv+0x28/0x40 [ 220.325483][T11090] netlink_unicast+0x758/0x8d0 [ 220.325517][T11090] netlink_sendmsg+0x805/0xb30 [ 220.325549][T11090] ? __pfx_netlink_sendmsg+0x10/0x10 [ 220.325573][T11090] ? aa_sock_msg_perm+0x94/0x160 [ 220.325594][T11090] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 220.325614][T11090] ? __pfx_netlink_sendmsg+0x10/0x10 [ 220.325635][T11090] __sock_sendmsg+0x219/0x270 [ 220.325666][T11090] ____sys_sendmsg+0x505/0x830 [ 220.325695][T11090] ? __pfx_____sys_sendmsg+0x10/0x10 [ 220.325729][T11090] ? import_iovec+0x74/0xa0 [ 220.325756][T11090] ___sys_sendmsg+0x21f/0x2a0 [ 220.325781][T11090] ? __pfx____sys_sendmsg+0x10/0x10 [ 220.325844][T11090] ? __fget_files+0x2a/0x420 [ 220.325866][T11090] ? __fget_files+0x3a0/0x420 [ 220.325902][T11090] __x64_sys_sendmsg+0x19b/0x260 [ 220.325930][T11090] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 220.325973][T11090] ? do_syscall_64+0xba/0x210 [ 220.326004][T11090] do_syscall_64+0xf6/0x210 [ 220.326032][T11090] ? clear_bhb_loop+0x45/0xa0 [ 220.326055][T11090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.326073][T11090] RIP: 0033:0x7fc4d218e969 [ 220.326090][T11090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 220.326105][T11090] RSP: 002b:00007fc4d2f63038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 220.326125][T11090] RAX: ffffffffffffffda RBX: 00007fc4d23b5fa0 RCX: 00007fc4d218e969 [ 220.326138][T11090] RDX: 0000000000000500 RSI: 0000200000000040 RDI: 0000000000000004 [ 220.326150][T11090] RBP: 00007fc4d2210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 220.326161][T11090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 220.326172][T11090] R13: 0000000000000000 R14: 00007fc4d23b5fa0 R15: 00007ffc460989a8 [ 220.326204][T11090] [ 220.822353][T11046] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.927756][T11046] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.974584][T11046] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.115382][T11046] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.134240][T11046] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.153472][T11046] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.173570][T11046] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.245675][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 221.245759][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 221.921400][T11164] __nla_validate_parse: 1 callbacks suppressed [ 221.921421][T11164] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1795'. [ 221.988312][T11169] netlink: 17 bytes leftover after parsing attributes in process `syz.4.1796'. [ 222.017865][T11169] netlink: zone id is out of range [ 222.023055][T11169] netlink: zone id is out of range [ 222.056045][T11169] netlink: zone id is out of range [ 222.061213][T11169] netlink: zone id is out of range [ 222.087903][T11169] netlink: zone id is out of range [ 222.093679][T11169] netlink: zone id is out of range [ 222.127750][T11169] netlink: zone id is out of range [ 222.133422][T11169] netlink: zone id is out of range [ 226.445724][ C1] net_ratelimit: 85 callbacks suppressed [ 226.445744][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 226.446178][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 226.689736][T11181] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 226.697930][T11181] CPU: 0 UID: 0 PID: 11181 Comm: syz.3.1802 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 226.697950][T11181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 226.697960][T11181] Call Trace: [ 226.697966][T11181] [ 226.697972][T11181] dump_stack_lvl+0x189/0x250 [ 226.697998][T11181] ? lockdep_hardirqs_on+0x9c/0x150 [ 226.698020][T11181] ? __pfx_dump_stack_lvl+0x10/0x10 [ 226.698041][T11181] ? __pfx__printk+0x10/0x10 [ 226.698059][T11181] ? kernfs_path_from_node+0x2b/0x260 [ 226.698082][T11181] ? kernfs_path_from_node+0x216/0x260 [ 226.698104][T11181] sysfs_warn_dup+0x8e/0xa0 [ 226.698123][T11181] sysfs_do_create_link_sd+0xc0/0x110 [ 226.698145][T11181] device_add_class_symlinks+0x1cf/0x240 [ 226.698166][T11181] device_add+0x475/0xb50 [ 226.698186][T11181] wiphy_register+0x199a/0x26b0 [ 226.698215][T11181] ? __pfx_wiphy_register+0x10/0x10 [ 226.698227][T11181] ? minstrel_ht_alloc+0x893/0x990 [ 226.698251][T11181] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 226.698271][T11181] ieee80211_register_hw+0x334b/0x4060 [ 226.698301][T11181] ? ieee80211_register_hw+0x14b1/0x4060 [ 226.698328][T11181] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 226.698350][T11181] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 226.698375][T11181] ? __hrtimer_setup+0x187/0x210 [ 226.698396][T11181] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 226.698413][T11181] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 226.698460][T11181] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 226.698481][T11181] ? trace_kmalloc+0x1f/0xd0 [ 226.698496][T11181] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 226.698515][T11181] ? kstrndup+0xbf/0x160 [ 226.698536][T11181] hwsim_new_radio_nl+0xea4/0x1b10 [ 226.698561][T11181] ? __pfx___nla_validate_parse+0x10/0x10 [ 226.698589][T11181] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 226.698622][T11181] ? __nla_parse+0x40/0x60 [ 226.698654][T11181] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 226.698681][T11181] genl_family_rcv_msg_doit+0x212/0x300 [ 226.698706][T11181] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 226.698735][T11181] ? bpf_lsm_capable+0x9/0x20 [ 226.698754][T11181] ? security_capable+0x7e/0x2e0 [ 226.698773][T11181] genl_rcv_msg+0x60e/0x790 [ 226.698797][T11181] ? __pfx_genl_rcv_msg+0x10/0x10 [ 226.698815][T11181] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 226.698846][T11181] netlink_rcv_skb+0x219/0x490 [ 226.698861][T11181] ? __pfx_genl_rcv_msg+0x10/0x10 [ 226.698888][T11181] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 226.698921][T11181] ? down_read+0x1ad/0x2e0 [ 226.698935][T11181] genl_rcv+0x28/0x40 [ 226.698952][T11181] netlink_unicast+0x758/0x8d0 [ 226.698977][T11181] netlink_sendmsg+0x805/0xb30 [ 226.699000][T11181] ? __pfx_netlink_sendmsg+0x10/0x10 [ 226.699018][T11181] ? aa_sock_msg_perm+0x94/0x160 [ 226.699034][T11181] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 226.699049][T11181] ? __pfx_netlink_sendmsg+0x10/0x10 [ 226.699065][T11181] __sock_sendmsg+0x219/0x270 [ 226.699088][T11181] ____sys_sendmsg+0x505/0x830 [ 226.699110][T11181] ? __pfx_____sys_sendmsg+0x10/0x10 [ 226.699134][T11181] ? import_iovec+0x74/0xa0 [ 226.699155][T11181] ___sys_sendmsg+0x21f/0x2a0 [ 226.699174][T11181] ? __pfx____sys_sendmsg+0x10/0x10 [ 226.699219][T11181] ? __fget_files+0x2a/0x420 [ 226.699235][T11181] ? __fget_files+0x3a0/0x420 [ 226.699261][T11181] __x64_sys_sendmsg+0x19b/0x260 [ 226.699280][T11181] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 226.699311][T11181] ? do_syscall_64+0xba/0x210 [ 226.699334][T11181] do_syscall_64+0xf6/0x210 [ 226.699354][T11181] ? clear_bhb_loop+0x45/0xa0 [ 226.699371][T11181] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.699383][T11181] RIP: 0033:0x7fae9d58e969 [ 226.699396][T11181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.699408][T11181] RSP: 002b:00007fae9e470038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 226.699423][T11181] RAX: ffffffffffffffda RBX: 00007fae9d7b5fa0 RCX: 00007fae9d58e969 [ 226.699432][T11181] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 226.699441][T11181] RBP: 00007fae9d610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 226.699449][T11181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 226.699456][T11181] R13: 0000000000000000 R14: 00007fae9d7b5fa0 R15: 00007ffd264b5338 [ 226.699478][T11181] [ 227.272608][T11213] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1808'. [ 227.443602][T11222] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1814'. [ 227.474986][T11218] lo speed is unknown, defaulting to 1000 [ 227.485777][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 227.486075][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 227.576639][T11212] lo speed is unknown, defaulting to 1000 [ 227.758118][T11244] netlink: 'syz.3.1821': attribute type 7 has an invalid length. [ 227.823024][T11244] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1821'. [ 227.992634][T11261] sctp: [Deprecated]: syz.2.1828 (pid 11261) Use of int in max_burst socket option. [ 227.992634][T11261] Use struct sctp_assoc_value instead [ 228.021293][T11264] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1828'. [ 228.526097][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 228.526615][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 228.650236][T11274] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1831'. [ 228.861889][T11082] bond0: (slave bridge_slave_1): interface is now down [ 228.894657][T11082] bond0: now running without any active interface! [ 228.925683][ T30] audit: type=1800 audit(1746158263.013:8): pid=11278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1831" name="cgroup.controllers" dev="tmpfs" ino=1979 res=0 errno=0 [ 228.966701][T11298] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1840'. [ 229.063865][T11301] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1842'. [ 229.081802][T11302] netlink: 300 bytes leftover after parsing attributes in process `syz.2.1841'. [ 229.090230][T11301] batadv_slave_0: entered promiscuous mode [ 229.121857][T11301] netlink: 'syz.0.1842': attribute type 3 has an invalid length. [ 229.136849][T11299] batadv_slave_0: left promiscuous mode [ 229.259758][T11305] nbd: socks must be embedded in a SOCK_ITEM attr [ 229.270686][T11309] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1845'. [ 229.287558][T11305] block nbd0: shutting down sockets [ 229.331660][T11312] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1846'. [ 229.565753][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 229.565798][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 229.751961][T11329] netlink: 'syz.0.1852': attribute type 15 has an invalid length. [ 230.429570][T11360] lo speed is unknown, defaulting to 1000 [ 230.605815][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 230.606418][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 230.767417][T11385] nbd: socks must be embedded in a SOCK_ITEM attr [ 230.774224][T11385] block nbd0: shutting down sockets [ 231.108566][T11406] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 231.116413][T11406] CPU: 0 UID: 0 PID: 11406 Comm: syz.3.1877 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 231.116439][T11406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 231.116452][T11406] Call Trace: [ 231.116459][T11406] [ 231.116468][T11406] dump_stack_lvl+0x189/0x250 [ 231.116501][T11406] ? lockdep_hardirqs_on+0x9c/0x150 [ 231.116529][T11406] ? __pfx_dump_stack_lvl+0x10/0x10 [ 231.116555][T11406] ? __pfx__printk+0x10/0x10 [ 231.116578][T11406] ? kernfs_path_from_node+0x2b/0x260 [ 231.116608][T11406] ? kernfs_path_from_node+0x216/0x260 [ 231.116637][T11406] sysfs_warn_dup+0x8e/0xa0 [ 231.116661][T11406] sysfs_do_create_link_sd+0xc0/0x110 [ 231.116689][T11406] device_add_class_symlinks+0x1cf/0x240 [ 231.116716][T11406] device_add+0x475/0xb50 [ 231.116741][T11406] wiphy_register+0x199a/0x26b0 [ 231.116778][T11406] ? __pfx_wiphy_register+0x10/0x10 [ 231.116795][T11406] ? minstrel_ht_alloc+0x893/0x990 [ 231.116826][T11406] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 231.116853][T11406] ieee80211_register_hw+0x334b/0x4060 [ 231.116892][T11406] ? ieee80211_register_hw+0x14b1/0x4060 [ 231.116926][T11406] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 231.116955][T11406] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 231.116987][T11406] ? __hrtimer_setup+0x187/0x210 [ 231.117013][T11406] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 231.117035][T11406] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 231.117133][T11406] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 231.117162][T11406] ? trace_kmalloc+0x1f/0xd0 [ 231.117184][T11406] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 231.117216][T11406] ? kstrndup+0xbf/0x160 [ 231.117248][T11406] hwsim_new_radio_nl+0xea4/0x1b10 [ 231.117281][T11406] ? __pfx___nla_validate_parse+0x10/0x10 [ 231.117322][T11406] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 231.117367][T11406] ? __nla_parse+0x40/0x60 [ 231.117398][T11406] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 231.117437][T11406] genl_family_rcv_msg_doit+0x212/0x300 [ 231.117474][T11406] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 231.117518][T11406] ? bpf_lsm_capable+0x9/0x20 [ 231.117545][T11406] ? security_capable+0x7e/0x2e0 [ 231.117574][T11406] genl_rcv_msg+0x60e/0x790 [ 231.117612][T11406] ? __pfx_genl_rcv_msg+0x10/0x10 [ 231.117640][T11406] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 231.117687][T11406] netlink_rcv_skb+0x219/0x490 [ 231.117711][T11406] ? __pfx_genl_rcv_msg+0x10/0x10 [ 231.117741][T11406] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 231.117792][T11406] ? down_read+0x1ad/0x2e0 [ 231.117814][T11406] genl_rcv+0x28/0x40 [ 231.117840][T11406] netlink_unicast+0x758/0x8d0 [ 231.117874][T11406] netlink_sendmsg+0x805/0xb30 [ 231.117909][T11406] ? __pfx_netlink_sendmsg+0x10/0x10 [ 231.117937][T11406] ? aa_sock_msg_perm+0x94/0x160 [ 231.117961][T11406] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 231.117983][T11406] ? __pfx_netlink_sendmsg+0x10/0x10 [ 231.118007][T11406] __sock_sendmsg+0x219/0x270 [ 231.118042][T11406] ____sys_sendmsg+0x505/0x830 [ 231.118076][T11406] ? __pfx_____sys_sendmsg+0x10/0x10 [ 231.118113][T11406] ? import_iovec+0x74/0xa0 [ 231.118145][T11406] ___sys_sendmsg+0x21f/0x2a0 [ 231.118174][T11406] ? __pfx____sys_sendmsg+0x10/0x10 [ 231.118252][T11406] ? __fget_files+0x2a/0x420 [ 231.118279][T11406] ? __fget_files+0x3a0/0x420 [ 231.118318][T11406] __x64_sys_sendmsg+0x19b/0x260 [ 231.118348][T11406] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 231.118395][T11406] ? do_syscall_64+0xba/0x210 [ 231.118430][T11406] do_syscall_64+0xf6/0x210 [ 231.118461][T11406] ? clear_bhb_loop+0x45/0xa0 [ 231.118487][T11406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.118507][T11406] RIP: 0033:0x7fae9d58e969 [ 231.118526][T11406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.118544][T11406] RSP: 002b:00007fae9e470038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 231.118565][T11406] RAX: ffffffffffffffda RBX: 00007fae9d7b5fa0 RCX: 00007fae9d58e969 [ 231.118579][T11406] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 231.118592][T11406] RBP: 00007fae9d610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 231.118604][T11406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 231.118616][T11406] R13: 0000000000000000 R14: 00007fae9d7b5fa0 R15: 00007ffd264b5338 [ 231.118650][T11406] [ 231.645722][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 231.645730][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 232.135087][T11432] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 232.146435][T11432] CPU: 1 UID: 0 PID: 11432 Comm: syz.4.1884 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 232.146465][T11432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 232.146477][T11432] Call Trace: [ 232.146485][T11432] [ 232.146494][T11432] dump_stack_lvl+0x189/0x250 [ 232.146528][T11432] ? lockdep_hardirqs_on+0x9c/0x150 [ 232.146556][T11432] ? __pfx_dump_stack_lvl+0x10/0x10 [ 232.146582][T11432] ? __pfx__printk+0x10/0x10 [ 232.146606][T11432] ? kernfs_path_from_node+0x2b/0x260 [ 232.146636][T11432] ? kernfs_path_from_node+0x216/0x260 [ 232.146665][T11432] sysfs_warn_dup+0x8e/0xa0 [ 232.146689][T11432] sysfs_do_create_link_sd+0xc0/0x110 [ 232.146718][T11432] device_add_class_symlinks+0x1cf/0x240 [ 232.146745][T11432] device_add+0x475/0xb50 [ 232.146771][T11432] wiphy_register+0x199a/0x26b0 [ 232.146809][T11432] ? __pfx_wiphy_register+0x10/0x10 [ 232.146825][T11432] ? minstrel_ht_alloc+0x893/0x990 [ 232.146856][T11432] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 232.146882][T11432] ieee80211_register_hw+0x334b/0x4060 [ 232.146922][T11432] ? ieee80211_register_hw+0x14b1/0x4060 [ 232.146957][T11432] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 232.146985][T11432] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 232.147018][T11432] ? __hrtimer_setup+0x187/0x210 [ 232.147042][T11432] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 232.147066][T11432] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 232.147131][T11432] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 232.147158][T11432] ? trace_kmalloc+0x1f/0xd0 [ 232.147179][T11432] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 232.147203][T11432] ? kstrndup+0xbf/0x160 [ 232.147231][T11432] hwsim_new_radio_nl+0xea4/0x1b10 [ 232.147262][T11432] ? __pfx___nla_validate_parse+0x10/0x10 [ 232.147299][T11432] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 232.147341][T11432] ? __nla_parse+0x40/0x60 [ 232.147366][T11432] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 232.147403][T11432] genl_family_rcv_msg_doit+0x212/0x300 [ 232.147442][T11432] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 232.147483][T11432] ? bpf_lsm_capable+0x9/0x20 [ 232.147508][T11432] ? security_capable+0x7e/0x2e0 [ 232.147535][T11432] genl_rcv_msg+0x60e/0x790 [ 232.147570][T11432] ? __pfx_genl_rcv_msg+0x10/0x10 [ 232.147595][T11432] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 232.147638][T11432] netlink_rcv_skb+0x219/0x490 [ 232.147660][T11432] ? __pfx_genl_rcv_msg+0x10/0x10 [ 232.147687][T11432] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 232.147735][T11432] ? down_read+0x1ad/0x2e0 [ 232.147755][T11432] genl_rcv+0x28/0x40 [ 232.147779][T11432] netlink_unicast+0x758/0x8d0 [ 232.147810][T11432] netlink_sendmsg+0x805/0xb30 [ 232.147842][T11432] ? __pfx_netlink_sendmsg+0x10/0x10 [ 232.147867][T11432] ? aa_sock_msg_perm+0x94/0x160 [ 232.147889][T11432] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 232.147910][T11432] ? __pfx_netlink_sendmsg+0x10/0x10 [ 232.147932][T11432] __sock_sendmsg+0x219/0x270 [ 232.147966][T11432] ____sys_sendmsg+0x505/0x830 [ 232.147996][T11432] ? __pfx_____sys_sendmsg+0x10/0x10 [ 232.148031][T11432] ? import_iovec+0x74/0xa0 [ 232.148062][T11432] ___sys_sendmsg+0x21f/0x2a0 [ 232.148090][T11432] ? __pfx____sys_sendmsg+0x10/0x10 [ 232.148158][T11432] ? __fget_files+0x2a/0x420 [ 232.148183][T11432] ? __fget_files+0x3a0/0x420 [ 232.148220][T11432] __x64_sys_sendmsg+0x19b/0x260 [ 232.148247][T11432] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 232.148285][T11432] ? do_syscall_64+0xba/0x210 [ 232.148311][T11432] do_syscall_64+0xf6/0x210 [ 232.148333][T11432] ? clear_bhb_loop+0x45/0xa0 [ 232.148352][T11432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.148367][T11432] RIP: 0033:0x7fc4d218e969 [ 232.148449][T11432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.148464][T11432] RSP: 002b:00007fc4d2f63038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 232.148482][T11432] RAX: ffffffffffffffda RBX: 00007fc4d23b5fa0 RCX: 00007fc4d218e969 [ 232.148494][T11432] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 232.148503][T11432] RBP: 00007fc4d2210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 232.148513][T11432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 232.148522][T11432] R13: 0000000000000000 R14: 00007fc4d23b5fa0 R15: 00007ffc460989a8 [ 232.148548][T11432] [ 232.237427][T11443] netlink: 'syz.3.1886': attribute type 2 has an invalid length. [ 232.358322][T11445] sctp: [Deprecated]: syz.3.1886 (pid 11445) Use of int in maxseg socket option. [ 232.358322][T11445] Use struct sctp_assoc_value instead [ 232.411371][T11443] netlink: 'syz.3.1886': attribute type 2 has an invalid length. [ 232.616988][ T30] audit: type=1800 audit(1746158266.713:9): pid=11434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1887" name="cgroup.controllers" dev="tmpfs" ino=1991 res=0 errno=0 [ 232.685714][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 232.696294][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 233.136018][T11468] __nla_validate_parse: 4 callbacks suppressed [ 233.136037][T11468] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1898'. [ 233.183050][T11468] netlink: 'syz.2.1898': attribute type 1 has an invalid length. [ 233.205700][T11468] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1898'. [ 233.347430][ T5843] block nbd0: Receive control failed (result -104) [ 233.479161][T11493] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1912'. [ 233.485278][T11491] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1908'. [ 233.549800][T11496] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1911'. [ 233.559487][T11496] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1911'. [ 233.725821][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 233.725837][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 233.750928][T11507] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1917'. [ 233.760832][T11507] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1917'. [ 233.909795][T11518] IPv6: Can't replace route, no match found [ 233.921580][ T5843] block nbd3: Receive control failed (result -104) [ 234.004494][T11524] netlink: 300 bytes leftover after parsing attributes in process `syz.0.1924'. [ 234.259222][T11531] lo speed is unknown, defaulting to 1000 [ 234.267220][T11539] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1930'. [ 234.328627][T11543] netlink: 'syz.4.1933': attribute type 2 has an invalid length. [ 234.559669][T11539] tipc: Enabling of bearer rejected, already enabled [ 234.603530][T11547] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌÌUvy¸ÚØ¢…D£øUDŒw˜' [ 234.619304][T11547] CPU: 0 UID: 0 PID: 11547 Comm: syz.4.1933 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 234.619333][T11547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 234.619345][T11547] Call Trace: [ 234.619354][T11547] [ 234.619362][T11547] dump_stack_lvl+0x189/0x250 [ 234.619397][T11547] ? lockdep_hardirqs_on+0x9c/0x150 [ 234.619427][T11547] ? __pfx_dump_stack_lvl+0x10/0x10 [ 234.619456][T11547] ? __pfx__printk+0x10/0x10 [ 234.619480][T11547] ? kernfs_path_from_node+0x2b/0x260 [ 234.619509][T11547] ? kernfs_path_from_node+0x216/0x260 [ 234.619538][T11547] sysfs_warn_dup+0x8e/0xa0 [ 234.619564][T11547] sysfs_do_create_link_sd+0xc0/0x110 [ 234.619593][T11547] device_add_class_symlinks+0x1cf/0x240 [ 234.619621][T11547] device_add+0x475/0xb50 [ 234.619648][T11547] wiphy_register+0x199a/0x26b0 [ 234.619687][T11547] ? __pfx_wiphy_register+0x10/0x10 [ 234.619703][T11547] ? minstrel_ht_alloc+0x893/0x990 [ 234.619735][T11547] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 234.619762][T11547] ieee80211_register_hw+0x334b/0x4060 [ 234.619802][T11547] ? ieee80211_register_hw+0x14b1/0x4060 [ 234.619836][T11547] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 234.619864][T11547] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 234.619907][T11547] ? __hrtimer_setup+0x187/0x210 [ 234.619935][T11547] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 234.619960][T11547] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 234.620023][T11547] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 234.620050][T11547] ? trace_kmalloc+0x1f/0xd0 [ 234.620071][T11547] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 234.620096][T11547] ? kstrndup+0xbf/0x160 [ 234.620125][T11547] hwsim_new_radio_nl+0xea4/0x1b10 [ 234.620158][T11547] ? __pfx___nla_validate_parse+0x10/0x10 [ 234.620197][T11547] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 234.620245][T11547] ? __nla_parse+0x40/0x60 [ 234.620272][T11547] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 234.620310][T11547] genl_family_rcv_msg_doit+0x212/0x300 [ 234.620346][T11547] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 234.620388][T11547] ? bpf_lsm_capable+0x9/0x20 [ 234.620414][T11547] ? security_capable+0x7e/0x2e0 [ 234.620441][T11547] genl_rcv_msg+0x60e/0x790 [ 234.620484][T11547] ? __pfx_genl_rcv_msg+0x10/0x10 [ 234.620509][T11547] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 234.620550][T11547] netlink_rcv_skb+0x219/0x490 [ 234.620588][T11547] ? __pfx_genl_rcv_msg+0x10/0x10 [ 234.620616][T11547] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 234.620662][T11547] ? down_read+0x1ad/0x2e0 [ 234.620681][T11547] genl_rcv+0x28/0x40 [ 234.620704][T11547] netlink_unicast+0x758/0x8d0 [ 234.620734][T11547] netlink_sendmsg+0x805/0xb30 [ 234.620764][T11547] ? __pfx_netlink_sendmsg+0x10/0x10 [ 234.620790][T11547] ? aa_sock_msg_perm+0x94/0x160 [ 234.620812][T11547] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 234.620832][T11547] ? __pfx_netlink_sendmsg+0x10/0x10 [ 234.620853][T11547] __sock_sendmsg+0x219/0x270 [ 234.620885][T11547] ____sys_sendmsg+0x505/0x830 [ 234.620926][T11547] ? __pfx_____sys_sendmsg+0x10/0x10 [ 234.620959][T11547] ? import_iovec+0x74/0xa0 [ 234.620989][T11547] ___sys_sendmsg+0x21f/0x2a0 [ 234.621016][T11547] ? __pfx____sys_sendmsg+0x10/0x10 [ 234.621080][T11547] ? __fget_files+0x2a/0x420 [ 234.621105][T11547] ? __fget_files+0x3a0/0x420 [ 234.621142][T11547] __x64_sys_sendmsg+0x19b/0x260 [ 234.621175][T11547] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 234.621238][T11547] ? do_syscall_64+0xba/0x210 [ 234.621274][T11547] do_syscall_64+0xf6/0x210 [ 234.621307][T11547] ? clear_bhb_loop+0x45/0xa0 [ 234.621334][T11547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.621354][T11547] RIP: 0033:0x7fc4d218e969 [ 234.621374][T11547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.621392][T11547] RSP: 002b:00007fc4d2f42038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 234.621414][T11547] RAX: ffffffffffffffda RBX: 00007fc4d23b6080 RCX: 00007fc4d218e969 [ 234.621430][T11547] RDX: 0000000000000500 RSI: 0000200000000040 RDI: 0000000000000005 [ 234.621444][T11547] RBP: 00007fc4d2210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 234.621457][T11547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 234.621469][T11547] R13: 0000000000000000 R14: 00007fc4d23b6080 R15: 00007ffc460989a8 [ 234.621503][T11547] [ 234.765861][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 234.772814][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 235.122349][ T5843] block nbd4: Receive control failed (result -104) [ 235.805878][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 235.805980][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 235.964855][T11598] x_tables: duplicate underflow at hook 1 [ 235.971207][T11598] x_tables: duplicate underflow at hook 1 [ 235.980614][T11598] x_tables: duplicate underflow at hook 1 [ 235.986849][T11598] x_tables: duplicate underflow at hook 1 [ 235.992763][T11598] x_tables: duplicate underflow at hook 1 [ 236.004369][T11598] x_tables: duplicate underflow at hook 1 [ 236.016391][T11598] x_tables: duplicate underflow at hook 1 [ 236.039109][T11606] ipvlan11: entered promiscuous mode [ 236.044588][T11606] ipvlan11: entered allmulticast mode [ 236.069169][ T5843] block nbd5: Receive control failed (result -104) [ 236.469459][T11617] lo speed is unknown, defaulting to 1000 [ 236.491904][T11626] lo speed is unknown, defaulting to 1000 [ 236.677978][ T5843] block nbd6: Receive control failed (result -104) [ 236.845902][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 236.856370][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 236.871000][T11646] lo speed is unknown, defaulting to 1000 [ 237.488431][T11665] bond0: (slave bridge_slave_1): Releasing backup interface [ 237.516219][T11665] bridge_slave_1: left promiscuous mode [ 237.739805][T11677] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌÌUvy¸ÚØ¢…D£øUDŒw˜' [ 237.763931][T11677] CPU: 0 UID: 0 PID: 11677 Comm: syz.4.1977 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 237.763963][T11677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 237.763976][T11677] Call Trace: [ 237.763983][T11677] [ 237.763992][T11677] dump_stack_lvl+0x189/0x250 [ 237.764025][T11677] ? lockdep_hardirqs_on+0x9c/0x150 [ 237.764054][T11677] ? __pfx_dump_stack_lvl+0x10/0x10 [ 237.764081][T11677] ? __pfx__printk+0x10/0x10 [ 237.764103][T11677] ? kernfs_path_from_node+0x2b/0x260 [ 237.764131][T11677] ? kernfs_path_from_node+0x216/0x260 [ 237.764160][T11677] sysfs_warn_dup+0x8e/0xa0 [ 237.764184][T11677] sysfs_do_create_link_sd+0xc0/0x110 [ 237.764232][T11677] device_add_class_symlinks+0x1cf/0x240 [ 237.764261][T11677] device_add+0x475/0xb50 [ 237.764300][T11677] wiphy_register+0x199a/0x26b0 [ 237.764339][T11677] ? __pfx_wiphy_register+0x10/0x10 [ 237.764355][T11677] ? minstrel_ht_alloc+0x893/0x990 [ 237.764386][T11677] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 237.764411][T11677] ieee80211_register_hw+0x334b/0x4060 [ 237.764448][T11677] ? ieee80211_register_hw+0x14b1/0x4060 [ 237.764481][T11677] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 237.764511][T11677] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 237.764545][T11677] ? __hrtimer_setup+0x187/0x210 [ 237.764571][T11677] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 237.764592][T11677] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 237.764658][T11677] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 237.764683][T11677] ? trace_kmalloc+0x1f/0xd0 [ 237.764700][T11677] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 237.764722][T11677] ? kstrndup+0xbf/0x160 [ 237.764747][T11677] hwsim_new_radio_nl+0xea4/0x1b10 [ 237.764775][T11677] ? __pfx___nla_validate_parse+0x10/0x10 [ 237.764808][T11677] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 237.764836][T11677] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 237.764872][T11677] ? __nla_parse+0x40/0x60 [ 237.764899][T11677] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 237.764935][T11677] genl_family_rcv_msg_doit+0x212/0x300 [ 237.764971][T11677] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 237.765015][T11677] ? bpf_lsm_capable+0x9/0x20 [ 237.765040][T11677] ? security_capable+0x7e/0x2e0 [ 237.765067][T11677] genl_rcv_msg+0x60e/0x790 [ 237.765101][T11677] ? __pfx_genl_rcv_msg+0x10/0x10 [ 237.765127][T11677] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 237.765171][T11677] netlink_rcv_skb+0x219/0x490 [ 237.765194][T11677] ? __pfx_genl_rcv_msg+0x10/0x10 [ 237.765222][T11677] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 237.765269][T11677] ? down_read+0x1ad/0x2e0 [ 237.765290][T11677] genl_rcv+0x28/0x40 [ 237.765313][T11677] netlink_unicast+0x758/0x8d0 [ 237.765345][T11677] netlink_sendmsg+0x805/0xb30 [ 237.765377][T11677] ? __pfx_netlink_sendmsg+0x10/0x10 [ 237.765403][T11677] ? aa_sock_msg_perm+0x94/0x160 [ 237.765426][T11677] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 237.765446][T11677] ? __pfx_netlink_sendmsg+0x10/0x10 [ 237.765469][T11677] __sock_sendmsg+0x219/0x270 [ 237.765508][T11677] ____sys_sendmsg+0x505/0x830 [ 237.765539][T11677] ? __pfx_____sys_sendmsg+0x10/0x10 [ 237.765574][T11677] ? import_iovec+0x74/0xa0 [ 237.765611][T11677] ___sys_sendmsg+0x21f/0x2a0 [ 237.765638][T11677] ? __pfx____sys_sendmsg+0x10/0x10 [ 237.765701][T11677] ? __fget_files+0x2a/0x420 [ 237.765724][T11677] ? __fget_files+0x3a0/0x420 [ 237.765761][T11677] __x64_sys_sendmsg+0x19b/0x260 [ 237.765790][T11677] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 237.765831][T11677] ? do_syscall_64+0xba/0x210 [ 237.765862][T11677] do_syscall_64+0xf6/0x210 [ 237.765891][T11677] ? clear_bhb_loop+0x45/0xa0 [ 237.765916][T11677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.765935][T11677] RIP: 0033:0x7fc4d218e969 [ 237.765953][T11677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.765970][T11677] RSP: 002b:00007fc4d2f63038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 237.765991][T11677] RAX: ffffffffffffffda RBX: 00007fc4d23b5fa0 RCX: 00007fc4d218e969 [ 237.766006][T11677] RDX: 0000000000000500 RSI: 0000200000000040 RDI: 0000000000000004 [ 237.766018][T11677] RBP: 00007fc4d2210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 237.766031][T11677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 237.766043][T11677] R13: 0000000000000000 R14: 00007fc4d23b5fa0 R15: 00007ffc460989a8 [ 237.766075][T11677] [ 237.885908][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 237.890012][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 238.225904][T11679] netlink: 'syz.1.1976': attribute type 1 has an invalid length. [ 238.274533][T11679] __nla_validate_parse: 8 callbacks suppressed [ 238.274560][T11679] netlink: 208 bytes leftover after parsing attributes in process `syz.1.1976'. [ 238.335402][T11691] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1981'. [ 238.425461][T11687] syzkaller0: entered promiscuous mode [ 238.432298][T11687] syzkaller0: entered allmulticast mode [ 238.463753][T11685] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 238.616595][T11700] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 238.838303][T11714] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1989'. [ 238.925674][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 238.925785][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 239.026106][T11720] lo: entered allmulticast mode [ 239.032680][T11720] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 239.058730][T11726] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1995'. [ 239.090674][ T5879] lo speed is unknown, defaulting to 1000 [ 239.096804][ T5879] syz1: Port: 1 Link DOWN [ 239.123988][T11732] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 239.801996][T11769] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 239.949731][T11778] lo speed is unknown, defaulting to 1000 [ 239.965774][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 239.965911][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 240.008123][T11776] lo speed is unknown, defaulting to 1000 [ 240.110767][T11782] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2015'. [ 240.159843][T11787] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2018'. [ 240.202517][T11782] vlan2: entered allmulticast mode [ 240.215165][T11782] batadv0: entered allmulticast mode [ 240.232115][T11787] erspan0: entered promiscuous mode [ 240.252510][T11787] erspan0: left promiscuous mode [ 240.356484][T11795] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2021'. [ 240.399971][T11797] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2023'. [ 240.447558][T11797] pim6reg9: entered allmulticast mode [ 240.531459][T11797] netlink: 'syz.2.2023': attribute type 1 has an invalid length. [ 240.550774][T11797] netlink: 'syz.2.2023': attribute type 11 has an invalid length. [ 240.580791][T11797] netlink: 220 bytes leftover after parsing attributes in process `syz.2.2023'. [ 240.695437][T11813] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2026'. [ 240.766668][T11814] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 241.005673][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 241.388631][T11854] netlink: 'syz.3.2038': attribute type 1 has an invalid length. [ 241.553962][T11863] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 241.807749][T11854] 8021q: adding VLAN 0 to HW filter on device bond3 [ 241.832313][T11858] bond3: (slave gretap1): making interface the new active one [ 241.841438][T11858] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 241.968943][T11848] lo speed is unknown, defaulting to 1000 [ 242.045723][ C0] net_ratelimit: 1 callbacks suppressed [ 242.045741][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 242.202566][T11885] FAULT_INJECTION: forcing a failure. [ 242.202566][T11885] name failslab, interval 1, probability 0, space 0, times 0 [ 242.242730][T11885] CPU: 1 UID: 0 PID: 11885 Comm: syz.3.2049 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 242.242760][T11885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 242.242787][T11885] Call Trace: [ 242.242795][T11885] [ 242.242804][T11885] dump_stack_lvl+0x189/0x250 [ 242.242838][T11885] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.242864][T11885] ? __pfx__printk+0x10/0x10 [ 242.242888][T11885] ? __pfx___might_resched+0x10/0x10 [ 242.242906][T11885] ? fs_reclaim_acquire+0x7d/0x100 [ 242.242939][T11885] should_fail_ex+0x414/0x560 [ 242.242974][T11885] should_failslab+0xa8/0x100 [ 242.243000][T11885] __kmalloc_noprof+0xcb/0x4f0 [ 242.243021][T11885] ? kfree+0x4d/0x440 [ 242.243040][T11885] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 242.243068][T11885] tomoyo_realpath_from_path+0xe3/0x5d0 [ 242.243091][T11885] ? tomoyo_domain+0xda/0x130 [ 242.243119][T11885] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 242.243146][T11885] tomoyo_path_number_perm+0x1e8/0x5a0 [ 242.243179][T11885] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 242.243267][T11885] ? __lock_acquire+0xaac/0xd20 [ 242.243312][T11885] ? __fget_files+0x2a/0x420 [ 242.243342][T11885] ? __fget_files+0x3a0/0x420 [ 242.243365][T11885] ? __fget_files+0x2a/0x420 [ 242.243393][T11885] security_file_ioctl+0xcb/0x2d0 [ 242.243424][T11885] __se_sys_ioctl+0x47/0x170 [ 242.243445][T11885] do_syscall_64+0xf6/0x210 [ 242.243476][T11885] ? clear_bhb_loop+0x45/0xa0 [ 242.243499][T11885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.243517][T11885] RIP: 0033:0x7fae9d58e969 [ 242.243535][T11885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.243552][T11885] RSP: 002b:00007fae9e470038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 242.243572][T11885] RAX: ffffffffffffffda RBX: 00007fae9d7b5fa0 RCX: 00007fae9d58e969 [ 242.243586][T11885] RDX: 0000200000000000 RSI: 000000000000890c RDI: 0000000000000003 [ 242.243598][T11885] RBP: 00007fae9e470090 R08: 0000000000000000 R09: 0000000000000000 [ 242.243610][T11885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 242.243622][T11885] R13: 0000000000000000 R14: 00007fae9d7b5fa0 R15: 00007ffd264b5338 [ 242.243652][T11885] [ 242.243661][T11885] ERROR: Out of memory at tomoyo_realpath_from_path. [ 242.404879][T11883] lo speed is unknown, defaulting to 1000 [ 242.866771][T11899] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 243.085658][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 243.085670][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 243.158834][ T5879] IPVS: starting estimator thread 0... [ 243.166963][T11909] IPVS: set_ctl: invalid protocol: 103 255.255.255.255:20001 [ 243.318119][T11905] netlink: 'syz.2.2057': attribute type 10 has an invalid length. [ 243.335942][T11910] IPVS: using max 27 ests per chain, 64800 per kthread [ 243.349684][T11890] 8021q: adding VLAN 0 to HW filter on device bond2 [ 243.373929][T11889] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 243.474391][T11916] __nla_validate_parse: 7 callbacks suppressed [ 243.474413][T11916] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2059'. [ 243.565993][T11924] netlink: 'syz.2.2061': attribute type 27 has an invalid length. [ 243.573976][T11916] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2059'. [ 243.755730][T11932] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2064'. [ 243.839966][T11935] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 243.971630][T11943] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2068'. [ 244.028474][T11945] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2070'. [ 244.125867][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 244.136463][ C0] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 244.221690][T11957] netlink: 'syz.3.2071': attribute type 12 has an invalid length. [ 244.231048][T11957] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2071'. [ 244.476412][T11969] netlink: 'syz.1.2077': attribute type 5 has an invalid length. [ 244.683026][T11978] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 245.165696][ C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 245.169795][T12003] ------------[ cut here ]------------ [ 245.178573][T12003] UBSAN: array-index-out-of-bounds in net/ipv6/route.c:1095:9 [ 245.186135][T12003] index 255 is out of range for type 'const int[12]' [ 245.192861][T12003] CPU: 0 UID: 0 PID: 12003 Comm: syz.3.2091 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 245.192886][T12003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 245.192899][T12003] Call Trace: [ 245.192907][T12003] [ 245.192915][T12003] dump_stack_lvl+0x189/0x250 [ 245.192951][T12003] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.192978][T12003] ? __pfx__printk+0x10/0x10 [ 245.192994][T12003] ? sctp_v6_get_dst+0x7cc/0x1bc0 [ 245.193014][T12003] ? sctp_sendmsg+0x155c/0x2810 [ 245.193033][T12003] ? __sys_sendto+0x3bd/0x520 [ 245.193051][T12003] ? __x64_sys_sendto+0xde/0x100 [ 245.193070][T12003] ? do_syscall_64+0xf6/0x210 [ 245.193122][T12003] ubsan_epilogue+0xa/0x40 [ 245.193141][T12003] __ubsan_handle_out_of_bounds+0xe9/0xf0 [ 245.193180][T12003] ip6_rt_copy_init+0x8e7/0x970 [ 245.193217][T12003] ip6_pol_route+0xbac/0x1180 [ 245.193236][T12003] ? ip6_pol_route+0x162/0x1180 [ 245.193261][T12003] ? __pfx_ip6_pol_route+0x10/0x10 [ 245.193290][T12003] ? chacha_permute+0x4e6/0xf00 [ 245.193319][T12003] fib6_rule_lookup+0x348/0x6f0 [ 245.193341][T12003] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 245.193361][T12003] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 245.193387][T12003] ? ip6_route_output_flags+0x2e/0x5d0 [ 245.193423][T12003] ip6_route_output_flags+0x364/0x5d0 [ 245.193443][T12003] ? ip6_route_output_flags+0x2e/0x5d0 [ 245.193467][T12003] ip6_dst_lookup_tail+0x1ae/0x1510 [ 245.193504][T12003] ? __pfx_ip6_dst_lookup_tail+0x10/0x10 [ 245.193525][T12003] ? __lock_acquire+0xaac/0xd20 [ 245.193573][T12003] ip6_dst_lookup_flow+0x47/0xe0 [ 245.193597][T12003] ? sctp_v6_get_dst+0x57e/0x1bc0 [ 245.193617][T12003] sctp_v6_get_dst+0x7cc/0x1bc0 [ 245.193636][T12003] ? crng_make_state+0x13a/0x700 [ 245.193662][T12003] ? __pfx_crng_make_state+0x10/0x10 [ 245.193697][T12003] ? __pfx_sctp_v6_get_dst+0x10/0x10 [ 245.193714][T12003] ? __asan_memset+0x22/0x50 [ 245.193758][T12003] ? dst_release+0x72/0x1b0 [ 245.193787][T12003] sctp_transport_route+0x115/0x2f0 [ 245.193820][T12003] sctp_assoc_add_peer+0x657/0x13b0 [ 245.193855][T12003] sctp_connect_new_asoc+0x30a/0x690 [ 245.193883][T12003] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 245.193908][T12003] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 245.193932][T12003] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 245.193953][T12003] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 245.193975][T12003] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 245.193998][T12003] ? security_sctp_bind_connect+0x7e/0x2e0 [ 245.194030][T12003] sctp_sendmsg+0x155c/0x2810 [ 245.194064][T12003] ? __pfx_sctp_sendmsg+0x10/0x10 [ 245.194090][T12003] ? aa_sk_perm+0x81e/0x950 [ 245.194114][T12003] ? __pfx_aa_sk_perm+0x10/0x10 [ 245.194136][T12003] ? sock_rps_record_flow+0x19/0x410 [ 245.194173][T12003] ? inet_sendmsg+0x2f4/0x370 [ 245.194199][T12003] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 245.194224][T12003] __sock_sendmsg+0x19c/0x270 [ 245.194258][T12003] __sys_sendto+0x3bd/0x520 [ 245.194283][T12003] ? __pfx___sys_sendto+0x10/0x10 [ 245.194302][T12003] ? do_futex+0x333/0x420 [ 245.194352][T12003] ? rcu_is_watching+0x15/0xb0 [ 245.194390][T12003] __x64_sys_sendto+0xde/0x100 [ 245.194416][T12003] do_syscall_64+0xf6/0x210 [ 245.194445][T12003] ? clear_bhb_loop+0x45/0xa0 [ 245.194469][T12003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.194486][T12003] RIP: 0033:0x7fae9d58e969 [ 245.194505][T12003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 245.194522][T12003] RSP: 002b:00007fae9e470038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 245.194542][T12003] RAX: ffffffffffffffda RBX: 00007fae9d7b5fa0 RCX: 00007fae9d58e969 [ 245.194557][T12003] RDX: 0000000000034000 RSI: 0000200000000500 RDI: 0000000000000004 [ 245.194570][T12003] RBP: 00007fae9d610ab1 R08: 0000200000000140 R09: 000000000000001c [ 245.194584][T12003] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000000 [ 245.194596][T12003] R13: 0000000000000000 R14: 00007fae9d7b5fa0 R15: 00007ffd264b5338 [ 245.194635][T12003] [ 245.194642][T12003] ---[ end trace ]--- [ 245.301611][T12006] netlink: 596 bytes leftover after parsing attributes in process `syz.1.2090'. [ 245.307148][T12003] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 245.307174][T12003] CPU: 0 UID: 0 PID: 12003 Comm: syz.3.2091 Not tainted 6.15.0-rc4-syzkaller-00701-g337079d31fb1 #0 PREEMPT(full) [ 245.307199][T12003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 245.307212][T12003] Call Trace: [ 245.307220][T12003] [ 245.307230][T12003] dump_stack_lvl+0x99/0x250 [ 245.307264][T12003] ? __asan_memcpy+0x40/0x70 [ 245.307286][T12003] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.307315][T12003] ? __pfx__printk+0x10/0x10 [ 245.307348][T12003] panic+0x2db/0x790 [ 245.307380][T12003] ? __pfx_panic+0x10/0x10 [ 245.307406][T12003] ? _printk+0xcf/0x120 [ 245.307434][T12003] ? __pfx__printk+0x10/0x10 [ 245.307453][T12003] ? sctp_v6_get_dst+0x7cc/0x1bc0 [ 245.307479][T12003] ? sctp_sendmsg+0x155c/0x2810 [ 245.307500][T12003] ? __sys_sendto+0x3bd/0x520 [ 245.307523][T12003] ? __x64_sys_sendto+0xde/0x100 [ 245.307546][T12003] ? do_syscall_64+0xf6/0x210 [ 245.307582][T12003] check_panic_on_warn+0x89/0xb0 [ 245.307613][T12003] __ubsan_handle_out_of_bounds+0xe9/0xf0 [ 245.307647][T12003] ip6_rt_copy_init+0x8e7/0x970 [ 245.307687][T12003] ip6_pol_route+0xbac/0x1180 [ 245.307709][T12003] ? ip6_pol_route+0x162/0x1180 [ 245.307735][T12003] ? __pfx_ip6_pol_route+0x10/0x10 [ 245.307767][T12003] ? chacha_permute+0x4e6/0xf00 [ 245.307799][T12003] fib6_rule_lookup+0x348/0x6f0 [ 245.307822][T12003] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 245.307845][T12003] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 245.307874][T12003] ? ip6_route_output_flags+0x2e/0x5d0 [ 245.307913][T12003] ip6_route_output_flags+0x364/0x5d0 [ 245.307936][T12003] ? ip6_route_output_flags+0x2e/0x5d0 [ 245.307962][T12003] ip6_dst_lookup_tail+0x1ae/0x1510 [ 245.308002][T12003] ? __pfx_ip6_dst_lookup_tail+0x10/0x10 [ 245.308026][T12003] ? __lock_acquire+0xaac/0xd20 [ 245.308078][T12003] ip6_dst_lookup_flow+0x47/0xe0 [ 245.308105][T12003] ? sctp_v6_get_dst+0x57e/0x1bc0 [ 245.308127][T12003] sctp_v6_get_dst+0x7cc/0x1bc0 [ 245.308147][T12003] ? crng_make_state+0x13a/0x700 [ 245.308186][T12003] ? __pfx_crng_make_state+0x10/0x10 [ 245.308224][T12003] ? __pfx_sctp_v6_get_dst+0x10/0x10 [ 245.308244][T12003] ? __asan_memset+0x22/0x50 [ 245.308292][T12003] ? dst_release+0x72/0x1b0 [ 245.308325][T12003] sctp_transport_route+0x115/0x2f0 [ 245.308364][T12003] sctp_assoc_add_peer+0x657/0x13b0 [ 245.308404][T12003] sctp_connect_new_asoc+0x30a/0x690 [ 245.308433][T12003] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 245.308460][T12003] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 245.308486][T12003] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 245.308509][T12003] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 245.308534][T12003] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 245.308579][T12003] ? security_sctp_bind_connect+0x7e/0x2e0 [ 245.308617][T12003] sctp_sendmsg+0x155c/0x2810 [ 245.308658][T12003] ? __pfx_sctp_sendmsg+0x10/0x10 [ 245.308688][T12003] ? aa_sk_perm+0x81e/0x950 [ 245.308715][T12003] ? __pfx_aa_sk_perm+0x10/0x10 [ 245.308741][T12003] ? sock_rps_record_flow+0x19/0x410 [ 245.308779][T12003] ? inet_sendmsg+0x2f4/0x370 [ 245.308809][T12003] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 245.308840][T12003] __sock_sendmsg+0x19c/0x270 [ 245.308880][T12003] __sys_sendto+0x3bd/0x520 [ 245.308909][T12003] ? __pfx___sys_sendto+0x10/0x10 [ 245.308933][T12003] ? do_futex+0x333/0x420 [ 245.308989][T12003] ? rcu_is_watching+0x15/0xb0 [ 245.309034][T12003] __x64_sys_sendto+0xde/0x100 [ 245.309065][T12003] do_syscall_64+0xf6/0x210 [ 245.309100][T12003] ? clear_bhb_loop+0x45/0xa0 [ 245.309128][T12003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.309156][T12003] RIP: 0033:0x7fae9d58e969 [ 245.309179][T12003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 245.309201][T12003] RSP: 002b:00007fae9e470038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 245.309226][T12003] RAX: ffffffffffffffda RBX: 00007fae9d7b5fa0 RCX: 00007fae9d58e969 [ 245.309243][T12003] RDX: 0000000000034000 RSI: 0000200000000500 RDI: 0000000000000004 [ 245.309259][T12003] RBP: 00007fae9d610ab1 R08: 0000200000000140 R09: 000000000000001c [ 245.309275][T12003] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000000 [ 245.309291][T12003] R13: 0000000000000000 R14: 00007fae9d7b5fa0 R15: 00007ffd264b5338 [ 245.309328][T12003] [ 245.312877][T12003] Kernel Offset: disabled