last executing test programs: 11.581169821s ago: executing program 4 (id=2651): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x24000080) r1 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r1, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) sendto$inet(r1, &(0x7f00000001c0)='p', 0x1, 0x0, 0x0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000240)={&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000280)=0x40) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$packet(0x11, 0x3, 0x300) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-384-generic\x00'}, 0x59) r4 = accept4(r3, 0x0, 0x0, 0x0) recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r5 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000280)={0xffffffff}, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={0x20, 0x12, 0xa01, 0x0, 0x0, {0x7, 0x2}, [@nested={0x9, 0x3b, 0x0, 0x1, [@generic="e097ed74e4"]}]}, 0x20}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)={0x2c, 0x3d, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@typed={0x4}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x8, 0x9, 0x0, 0x0, @ipv4=@multicast1}]}]}, 0x2c}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x60, 0x10, 0x503, 0x70bd2c, 0x0, {}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x28, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR={0xa, 0x4, @broadcast}, @IFLA_MACVLAN_MACADDR_DATA={0x4}, @IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x3}, @IFLA_MACVLAN_MACADDR={0xa, 0x4, @local}]}}}, @IFLA_LINK={0x8, 0x5, r8}]}, 0x60}, 0x1, 0x0, 0x0, 0x4001}, 0x0) 4.613786603s ago: executing program 3 (id=2693): socket$vsock_stream(0x28, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x7, 0x6, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0xc}}}, 0x24}}, 0x4000) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x8, 0x0, 0x8000, 0x10, 0xffffffffffffffff, 0x0, '\x00', r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) close(0x3) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="7800000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000024000280140001800800010000000000080002007f0000010c00028005000100001f000008000740000000001400108008024000"/120], 0x78}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r7, 0x400448cc, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010000000000000000000800000008000300", @ANYRES32=r5, @ANYBLOB="7fdebf5f10a50eaf3717e835b74334cd87f04f05"], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) unshare(0x400) setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000180)=0x101d1, 0x4) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETRULE(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c000000070a01010000000000000000020000000956f05c7fae6d1871eced6030696b005b3a45607a3200000000ffff000073797a3000000000"], 0x2c}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x10}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) r11 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000400)="b2", 0x1}, {&(0x7f0000000040)="000000070020ac", 0x7}], 0x2}, 0x0) 3.70694903s ago: executing program 3 (id=2697): r0 = socket$nl_rdma(0x10, 0x3, 0x14) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)) (async) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="100000000514040027bd7000fddbdf25e111cf0e175a3c4fb11f39f5c2007bc2eb50ed6b4c33c741bde2974e651e875730c3233fbe710cba0dedf3b88fc4e09a"], 0x10}, 0x1, 0x0, 0x0, 0x8881}, 0x4000000) (async) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = epoll_create1(0x0) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) (async) ppoll(&(0x7f0000000500)=[{r5}], 0x1, 0x0, 0x0, 0x0) (async) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x4, 0x7fffffff}, 0x0, 0x0) (async) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000100)={0x2015}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r2) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r7, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r8, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) (async) bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0) 3.606283357s ago: executing program 3 (id=2698): r0 = socket$rds(0x15, 0x5, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r1, &(0x7f0000000000)="5698ff23eb126ff3152db5e252ddba9ca05c3f8e0653", 0x16, 0x44081, 0x0, 0x0) close(0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000001400)='H', 0x20001401}], 0x1}, 0x0) close(0x3) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r3) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x2c, r4, 0x205, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x4000) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@rdma_args={0x48, 0x114, 0x1, {{0x3, 0x7}, {0x0}, &(0x7f00000011c0)=[{&(0x7f0000001140)=""/94, 0x5e}], 0x1, 0x60, 0xffffffff00000003}}], 0x48, 0x8004}, 0x0) 3.251462557s ago: executing program 0 (id=2702): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_service_time\x00', 0x26e1, 0x0) close(r0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) recvmsg$unix(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) 3.102992322s ago: executing program 1 (id=2703): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002000128008000100677470001400028008000200", @ANYRES32, @ANYBLOB="080003fff3000000"], 0x40}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002000128008000100677470001400028008000200", @ANYRES32, @ANYBLOB="080003fff3000000"], 0x40}}, 0x0) (async) 2.938992378s ago: executing program 2 (id=2704): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r1, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) sendmmsg(r1, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) connect$pppoe(r1, 0x0, 0x0) r2 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0xa0, 0x24, 0xf0b, 0x0, 0x1000000, {0x0, 0x0, 0x12, r3, {0x0, 0x300}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x70, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x3}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff]}}]}}]}, 0xa0}, 0x1, 0x7a00}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="90000000000901010000000000000000000000000900010073797a300000000008000640000000000800064000000000600002"], 0x90}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@ipv4_getrule={0x1c, 0x22, 0x200, 0x70bd2c, 0x25dfdbfb, {0x2, 0x10, 0x10, 0x5, 0x5, 0x0, 0x0, 0x0, 0x3}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x24008000}, 0x0) 2.938560995s ago: executing program 4 (id=2705): syz_emit_ethernet(0x4e, &(0x7f00000001c0)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x6, 0x6, "a4320b", 0x18, 0x6, 0x0, @mcast2, @private1, {[], {{0x4e23, 0x4e24, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc1, 0x5, 0x0, 0x1000, {[@nop, @window={0x3, 0x3, 0x66}]}}}}}}}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r3, &(0x7f0000000200)=[{0x0}, {&(0x7f00000006c0)="e6", 0xfdef}], 0x2) readv(r2, &(0x7f0000000400)=[{&(0x7f0000001680)=""/4096, 0x1000}], 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), r5) sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000840)=ANY=[@ANYBLOB="280000001e00431b000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="00000008000a0000005d1e000010cfd7c0e3320271fe1a89eb10f8bf78e262be85be6f325426b3a45f45f9", @ANYRES32=r4, @ANYBLOB="7382da133804bfc94d50e7013ba53245c4fb72ad15e84ee82005a8e79fb088a57939e7cd36565abc34982dac852d3af82f61d72d729a0ef70c3d00a7c8b0b14efd28c68edd39b29a920f72db5cf233999ff26aba6fc1e32d045a04e2e8a6d0eed0a885f63397bf476cf65be63080be81a98341bcdb989da635856ad06ed5d70556282aa598e9bb1409a548f9875e6b972637f5869bd6ffc2325d278105e4806b0436a956e2e689a46ad44c3ab52574d224665124f4cb414e89aee72d51ecd55ccb06e695873519948bc9aac10b6dc3e4a1d3f11094424a640890d25dbe0c"], 0x28}}, 0x0) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000000240)=ANY=[@ANYBLOB="640000001300050600000000030000000806000000004e210008000000000000000000000500000000010000000000000000000001000000", @ANYRES32=0x0, @ANYBLOB="004b144810f95a1ab900000000000000150001000856b7fc0269"], 0x64}}, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x4008, 0x3, 0x240, 0xd8, 0x500b, 0x148, 0xd8, 0x148, 0x1a8, 0x240, 0x240, 0x1a8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@local, @local, 0xffffff9c, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00', {}, {}, 0x2f}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x600, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f00000000c0)={'ip6tnl0\x00', 0x0}) setsockopt$inet_mreqn(r7, 0x0, 0x24, &(0x7f0000000140)={@dev={0xac, 0x14, 0x14, 0xb}, @local}, 0xc) 2.937542323s ago: executing program 1 (id=2706): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x10) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32], 0x48) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x2c, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1590}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x80}]}, 0x2c}}, 0x0) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x28, r3, 0x1, 0x0, 0x0, {{0x38}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x1}]}, 0x28}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x30004001) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r8, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x40c0080) 2.897942943s ago: executing program 4 (id=2707): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r0, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_ttl={{0x14, 0x110}}], 0x18}, 0x0) 2.820525173s ago: executing program 4 (id=2708): socket$nl_sock_diag(0x10, 0x3, 0x4) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000040)=0x1) r1 = socket$kcm(0x2, 0xa, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="201b00006a00000018297a000004000000000000000000eedc756711869ffb1c4c8aed8bb2e5d028eeaad5ba16a0f56700000003f810e25b683a1ad7e5a8711e149a251d089dc4f5b1d526d6be921a85df1ec442ecdf38b6cd1a7fbc4958e1e07105e3214551f10b6b4e91bb1e8b2985efa2a71787ade48ea6ae1b649e86bd52bf7f314a8cf0c8883b3b5f12a76f570e90565dd8d97c7dd566c158a74a70d466d75d58718628d7136ddf1ba1f308dc8251c9a00a02b7a0b14408c0d72f04d0019af8beb988a4b8d4ef5f285c7fb842931f233ffe03c208"], 0x20}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) ppoll(&(0x7f0000000180)=[{r2}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r5 = socket$inet_udp(0x2, 0x2, 0x0) r6 = socket(0x10, 0x803, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x14, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r8, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}}, 0x0) setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) setsockopt$SO_BINDTODEVICE_wg(r5, 0x1, 0x19, &(0x7f00000004c0)='wg2\x00', 0x4) r9 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000580)={'dummy0\x00', 0x0}) bind$packet(r9, &(0x7f0000000080)={0x11, 0xf8, r10, 0x1, 0x83, 0x6, @multicast}, 0x14) bind$packet(r9, &(0x7f0000000140)={0x11, 0x18, r10, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}}, 0x14) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x3, 0x15, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000002000000000000000008500000061000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x79, '\x00', 0x0, 0x0, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r11, 0x27, 0xe, 0x0, &(0x7f0000000100)="f80204000000000000007f5b88a8", 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.752507211s ago: executing program 1 (id=2709): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000140)={{0x6, @bcast, 0x2}, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x20, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000791007000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$key(0xf, 0x3, 0x2) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00'}) ioctl(r3, 0x8b27, &(0x7f0000000040)) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_SET(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000780)={0x3c, r4, 0x1, 0x200000, 0x25dfdbfe, {}, [@ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x5}, @ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}, @ETHTOOL_A_RINGS_RX={0x8}]}, 0x3c}}, 0x48806) connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose}, [@null, @default, @default, @default, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=ANY=[@ANYBLOB="12000000220000000400000006"], 0x48) r7 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000011c0)={r6, &(0x7f00000001c0)="4addc387a7c74b6eb343d78806a9bfcf", &(0x7f0000000000)=@udp=r7}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r6, &(0x7f0000000040), &(0x7f0000000000)=@udp}, 0x20) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'team_slave_0\x00'}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) listen(r0, 0x1ad72f7) syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async) connect$netrom(r0, &(0x7f0000000140)={{0x6, @bcast, 0x2}, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) (async) syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x20, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000791007000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$key(0xf, 0x3, 0x2) (async) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00'}) (async) ioctl(r3, 0x8b27, &(0x7f0000000040)) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) (async) sendmsg$ETHTOOL_MSG_RINGS_SET(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000780)={0x3c, r4, 0x1, 0x200000, 0x25dfdbfe, {}, [@ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x5}, @ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}, @ETHTOOL_A_RINGS_RX={0x8}]}, 0x3c}}, 0x48806) (async) connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose}, [@null, @default, @default, @default, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f0000001480)=ANY=[@ANYBLOB="12000000220000000400000006"], 0x48) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000011c0)={r6, &(0x7f00000001c0)="4addc387a7c74b6eb343d78806a9bfcf", &(0x7f0000000000)=@udp=r7}, 0x20) (async) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r6, &(0x7f0000000040), &(0x7f0000000000)=@udp}, 0x20) (async) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'team_slave_0\x00'}) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) (async) listen(r0, 0x1ad72f7) (async) 2.60288495s ago: executing program 3 (id=2710): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000180)=0x200000, 0x4) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f00000003c0), &(0x7f0000000400)=0x18) socket$rds(0x15, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="5bd3de7c1c00ef00", @ANYRES16=0x0, @ANYBLOB="050000000000000000002e00000008000300", @ANYBLOB], 0x1c}}, 0x0) r1 = socket(0x1e, 0x1, 0x0) connect$tipc(r1, 0x0, 0x0) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001180)=[{{0x0, 0x0, &(0x7f0000000680)}, 0xce}], 0x1, 0x40002002, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50) connect$can_bcm(r2, &(0x7f0000000100), 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newtfilter={0x34, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r4, {}, {}, {0x2}}, [@TCA_RATE={0x6, 0x5, {0x3d, 0xfc}}, @TCA_CHAIN={0x8, 0xb, 0x7}]}, 0x34}, 0x1, 0xf0ffffffffffff}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000600)={0x81, {{0xa, 0x4e24, 0xe0000000, @private1={0xfc, 0x1, '\x00', 0x1}}}}, 0x88) close(r5) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) 2.425209692s ago: executing program 0 (id=2711): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) (async) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) (async) read$alg(r1, &(0x7f0000000080)=""/16, 0x10) recvmmsg(r1, &(0x7f0000000280), 0x0, 0x0, 0x0) (async) sendmsg$IPSET_CMD_PROTOCOL(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x3}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0x54, 0x1, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0xfffffe23}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x4841}, 0x8000) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB="2800000010001ffffad00400fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="208506004400010008001c00", @ANYRES32, @ANYBLOB="5b33c668dc3eb8d8db28dd9eb2a2dcfa7bbda6dcd174e221b2867375af945cffbcc714cedb5e0d39e84484d15609415f86a1d7f51ebdf44b26a1956a3b5ad3d8d32c61f83cd4e067f371d65e70e2668be5a90542e61711d058303570aa7fcbec55462e4ae896f6132b8a962100f1c44c20cfe6035935d8321fd7352922dfd29d5e561d732c08831cf370815c2e8639b3fad044ee85416e6a121277db61239b5cc6dca650f47191393f45ff12d922412a4a01845800f75bca10f68b582e46e33d36d9008ca30f67743f3c962a68b8f52ca19f649940ff5eb342040ea58d9bb50864da62577504b67f6a23d9ad1e45b877f5f9a8108b81a741997153fca3a33c482dd1a39ddb9b3983b667837183f34bcb7f72ee21460e9cef5d"], 0x28}, 0x1, 0x0, 0x0, 0x10000}, 0x4840) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfdef) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="189509e2378022c1ae0080000000000095", @ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) (async) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48) (async) sendmsg$DEVLINK_CMD_PORT_GET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x38, r2, 0x1, 0x0, 0x0, {0x39}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x73}}}]}, 0x38}}, 0x0) (async) read$alg(r1, &(0x7f0000000300)=""/99, 0x63) (async) r5 = socket(0x2, 0x80805, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xc5a}, 0xe) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) (async) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r7, &(0x7f0000000200), 0x806000) (async) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x1, 0x12, r4, 0x0) write(r6, &(0x7f0000000080)="ce", 0x1) (async) sendmmsg$inet_sctp(r5, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}], 0x1, 0x0) (async) r8 = syz_genetlink_get_family_id$fou(0x0, r5) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f00000001c0)=0x239008, 0x4) (async) sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000380)={0x14, r8, 0x100, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x8081) sendmmsg$inet_sctp(r5, &(0x7f00000032c0), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 2.236322768s ago: executing program 0 (id=2712): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2, 0x3032, 0xffffffffffffffff, 0x0) (async) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000018"], 0x44}}, 0x0) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newqdisc={0x2c, 0x28, 0x4ee4e6a52ff56541, 0x8004001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xfff3}, {0xffff}, {0x10, 0x1}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000080)={'syztnl0\x00', &(0x7f0000000140)={'ip6tnl0\x00', 0x0, 0x6, 0x5, 0x2, 0x3, 0x24, @private2={0xfc, 0x2, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x10, 0x20, 0xe, 0x1}}) (async) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000240)=0x14) (async) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000003c0)={'gre0\x00', &(0x7f0000000340)={'sit0\x00', 0x0, 0x8000, 0x700, 0x7, 0x6, {{0xd, 0x4, 0x2, 0x9, 0x34, 0x66, 0x0, 0x3, 0x2f, 0x0, @loopback, @multicast2, {[@rr={0x7, 0x7, 0xe9, [@dev={0xac, 0x14, 0x14, 0x27}]}, @timestamp={0x44, 0x18, 0xfe, 0x0, 0x8, [0x3f2f, 0x4, 0x3e4, 0x1, 0x7f]}, @noop]}}}}}) sendmsg$ETHTOOL_MSG_FEATURES_GET(r1, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)={0xd4, r2, 0x10, 0x70bd2c, 0x25dfdbfd, {}, [@HEADER={0x80, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x200088d0}, 0x20000013) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) (async, rerun: 32) r8 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r8, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)={0x30, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0xc0c0}, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x50, r9, 0x10, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_SEQ={0xa, 0xa, "69627eb500a0"}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "6cd560db46c1dd710167b90502"}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x400) (async, rerun: 32) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) (async, rerun: 32) syz_open_procfs$namespace(0x0, &(0x7f0000000000)) 2.018886506s ago: executing program 1 (id=2713): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000040000000000000000000001801000020259a5100000000002020207b1af8ff00000000bfa100350000000007010000f8ffffffb702000008000000b70300000000c7a116ed40ed8237f0fe00"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={0x0, 0x13, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a3200000000dc000000060a010400000000000000000100000508000b4000000000b4000480200001800d00010073796e70726f7879000000000c000280060001400000000034000180080001006c6f670028000280080006400000000d110002402b24292d2d2a5d24402c2d400000000006000440000700003c0001800900010068617368000000002c0002800800074000000000080003400000001608000140000000120800024000000000080004400000000020000180080001006e61740014000280080003400000000008000540000000000900010073797a30"], 0x150}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="0300000002000041a71c391245ba1475e66be478d9592e7cb09b639cbee2d0efd3fa7a989a1d34", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32=r4, @ANYBLOB="020000002201000000002200", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map, 0x2, 0x1, 0x0, &(0x7f00000003c0)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000340)=0x1, 0x4) writev(r0, &(0x7f0000000280)=[{&(0x7f0000000240)="b1", 0x1}], 0x1) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, r4, 0x44f93000) socket$xdp(0x2c, 0x3, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x304}, "00000100ebffffff", "2607080d7f4fcf00fd4ef6dece6c7c58", "e2ffffff", "006e34fb00"}, 0x28) sendto$inet6(r0, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137) r5 = socket$inet_tcp(0x2, 0x1, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) r7 = socket$inet_sctp(0x2, 0x5, 0x84) r8 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r7, 0x84, 0xa, &(0x7f00000000c0)={0x1, 0x7, 0x0, 0x7, 0x6, 0x80000000, 0xf1a, 0x2d3, r9}, 0x20) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r6, 0x84, 0x1, &(0x7f0000000040)={r9, 0x1, 0x10, 0x7, 0x6, 0x4}, 0x14) setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0) 2.017062222s ago: executing program 2 (id=2714): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x24, 0x3c, 0x9, 0x0, 0x0, {0x2}, [@typed={0x4, 0x200}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x13, 0x0, 0x0, @uid}]}]}, 0x24}}, 0x0) (async) r1 = socket$inet(0x2, 0x4, 0x8) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0xc6, @broadcast, 0x4e23, 0x1, 'rr\x00', 0x3, 0x9, 0x22}, 0x2c) 1.944669096s ago: executing program 1 (id=2715): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000380)={0x0, @in6={{0xa, 0x4e23, 0x5, @private0, 0xa1}}}, &(0x7f0000000140)=0x84) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$PNPIPE_IFINDEX(r0, 0x113, 0x2, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x4) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000180)={'syztnl1\x00', r3, 0x29, 0x2, 0x1, 0x7, 0x21, @remote, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}, 0x80, 0x7, 0x401, 0x6}}) getsockopt$CAN_RAW_JOIN_FILTERS(r2, 0x65, 0x6, 0x0, &(0x7f0000000040)) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x20, 0x4, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000001000000000000000000000b791204000000000095"], &(0x7f0000000000)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$netlink(0x10, 0x3, 0x15) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) write(r4, &(0x7f0000000200)="eaa076a57b84e2077daf25a5f2c31f029eaffbc3b148efb5817871b60e2288b4bb89056122f28f79073febb2968d919cb2af92091c70ba50eab56f349e3a30a05fedbc91693ab49d9208d3b24b9a2bea9781889993c6705bba7d7304044d2efeafdc30d1e9ea67f636da0b82c329eb9025ce38f75d72df0a1ad967553c08d1f8ec02dc5f8ef6ae96e221f31ce607f502d7cd4b242b24fb993cc9f403", 0x9c) 1.798561245s ago: executing program 3 (id=2716): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x22020400) r1 = socket(0x2b, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x2711, @hyper}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a30000000004c000000060a010400000000000000000100000008000b40000000000900010073797a3000000000240004800c000180080001006c6f670014000180090001006d61737100000000040002801400000011000100"/211], 0xd4}}, 0x0) 1.686949014s ago: executing program 2 (id=2717): syz_emit_ethernet(0x4e, &(0x7f00000001c0)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x6, 0x6, "a4320b", 0x18, 0x6, 0x0, @mcast2, @private1, {[], {{0x4e23, 0x4e24, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc1, 0x5, 0x0, 0x1000, {[@nop, @window={0x3, 0x3, 0x66}]}}}}}}}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r3, &(0x7f0000000200)=[{0x0}, {&(0x7f00000006c0)="e6", 0xfdef}], 0x2) readv(r2, &(0x7f0000000400)=[{&(0x7f0000001680)=""/4096, 0x1000}], 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), r5) sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000840)=ANY=[@ANYBLOB="280000001e00431b000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="00000008000a0000005d1e000010cfd7c0e3320271fe1a89eb10f8bf78e262be85be6f325426b3a45f45f9", @ANYRES32=r4, @ANYBLOB="7382da133804bfc94d50e7013ba53245c4fb72ad15e84ee82005a8e79fb088a57939e7cd36565abc34982dac852d3af82f61d72d729a0ef70c3d00a7c8b0b14efd28c68edd39b29a920f72db5cf233999ff26aba6fc1e32d045a04e2e8a6d0eed0a885f63397bf476cf65be63080be81a98341bcdb989da635856ad06ed5d70556282aa598e9bb1409a548f9875e6b972637f5869bd6ffc2325d278105e4806b0436a956e2e689a46ad44c3ab52574d224665124f4cb414e89aee72d51ecd55ccb06e695873519948bc9aac10b6dc3e4a1d3f11094424a640890d25dbe0c"], 0x28}}, 0x0) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000000240)=ANY=[@ANYBLOB="640000001300050600000000030000000806000000004e210008000000000000000000000500000000010000000000000000000001000000", @ANYRES32=0x0, @ANYBLOB="004b144810f95a1ab900000000000000150001000856b7fc0269"], 0x64}}, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x4008, 0x3, 0x240, 0xd8, 0x500b, 0x148, 0xd8, 0x148, 0x1a8, 0x240, 0x240, 0x1a8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@local, @local, 0xffffff9c, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00', {}, {}, 0x2f}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x1100, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f00000000c0)={'ip6tnl0\x00', 0x0}) setsockopt$inet_mreqn(r7, 0x0, 0x24, &(0x7f0000000140)={@dev={0xac, 0x14, 0x14, 0xb}, @local}, 0xc) 1.658117021s ago: executing program 4 (id=2718): r0 = socket$alg(0x26, 0x5, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000000000000880000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x10, 0x20, &(0x7f00000002c0)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca900000000000035090100000000009500000000000000b7020000000000007b9af8ff00000000b509020000000000dbaaf8fff1000000bf8200000000000007080000f8ffffffbfa400000000000007090000f0ffffffc70200000800000018220000", @ANYRES32=r1, @ANYRES32=r3], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000003, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58) r5 = accept4(r0, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r6 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) accept$ax25(r6, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x4, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x54}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_ro(r7, &(0x7f0000000580)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) r9 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r9, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) bind$inet(r9, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r9, &(0x7f0000001340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/58, 0x3a}, 0x7ff}], 0x1, 0x60010020, 0x0) sendto$inet(r9, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) close(r8) sendmsg$kcm(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000940)="d744784ca67c0398246d848e6df22054de2bd8ca3da64dfdea7d8eb74ffe057d7469066c6ca034a2677ce0c1c25e2b2a825d677e0fbac312a7da165cd5db94fa38cdf3a3f3f93b912a7515e0b1e441a3be644a296bcc765e7adc9ddb4d14376a69cbfcd2ddd156ba432349e96debeda26ee8914c28f4", 0x7ffff000}, {&(0x7f00000009c0)="d86e5c29ab2c0dce2b79f95d543a0d6b45dec9dab7afbc0d6d678feb7a652e67638c3ee007937917fad76308e99818f8f112b73a3c3e3c5ed80c49fab6e0593e95008b4a47aebdde3e28cea1cec26385f3d03b872970dfb69a63a6384a9be5b9419ff8ea6d9c2a730307894adb589d11a1ec59255d10acb1fbef", 0x7a}], 0x2}, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x404000, 0x0) r10 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/pid\x00') bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=r10, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000380)={0x0, &(0x7f0000000040)}, 0x10) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newtaction={0x18, 0x30, 0xffff, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x11}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) 1.57190486s ago: executing program 2 (id=2719): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x10) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32], 0x48) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x2c, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1590}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x80}]}, 0x2c}}, 0x0) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x28, r3, 0x1, 0x0, 0x0, {{0x38}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x1}]}, 0x28}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x30004001) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r8, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x40c0080) 1.442060722s ago: executing program 2 (id=2720): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$inet(0xa, 0x801, 0x84) readv(r1, &(0x7f0000000740)=[{&(0x7f0000000540)=""/212, 0xd4}, {&(0x7f0000000640)=""/235, 0xeb}, {&(0x7f0000000000)=""/26, 0x1a}, {&(0x7f00000001c0)=""/128, 0x80}, {&(0x7f0000000100)=""/43, 0x2b}, {&(0x7f0000000300)=""/13, 0xd}, {&(0x7f00000003c0)=""/147, 0x93}], 0x7) connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b704000008000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) listen(r2, 0x208) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x9, 0x7}, 0x8) r5 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x3}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x2}, 0x8) syz_emit_ethernet(0xae, &(0x7f0000000240)={@random="05c38c886b60", @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1803"}, {0x0, 0x1, "00e9fff8fef50000000000a2"}, {0x1f, 0x1, "fe906d26efe3"}]}}}}}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0xfffffffffffffce5, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc, 0x4, 0x80c20001000002}, @IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0x4}]}}}]}, 0x48}}, 0x0) 1.441613534s ago: executing program 3 (id=2721): socket$inet6(0xa, 0x802, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6(0xa, 0x3, 0x26) socket$nl_route(0x10, 0x3, 0x0) socket$rxrpc(0x21, 0x2, 0xa) socket$inet6(0xa, 0x3, 0x5) socket$inet_dccp(0x2, 0x6, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=ANY=[@ANYBLOB="4400000010000305000000040000000000000000", @ANYRES32=0x0, @ANYBLOB="1546010000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r3, @ANYBLOB="a9bae6f0e5e775e884ae93cc23d1dc42bf7d8ed1c30855088183fddf9f75633ceaa87801b8d25fe8aaf9a2feae50fc00"/62], 0x44}}, 0x0) socket$alg(0x26, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000007000000008000000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000020000000807ecb60000000000"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES16=r1, @ANYRES8=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="18000000000000000000000000000000611274000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PAUSE_GET(r7, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000004c0)=ANY=[@ANYRESDEC=r6, @ANYRES16=0x0, @ANYBLOB="01002dbd7000000000001c0000000c00018008000100", @ANYRES64=r0, @ANYBLOB="232bc061791fa79e8f1826b4cdd8952d5399a416933f53a07263571afacc807959b8adfb64b3d90e97d6203d659ce5dbe576ff"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 1.230486849s ago: executing program 2 (id=2722): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x28ce80, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x1, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="850000002f000000350000000000000085000000080000009500000000000000f4670880271e3503200ffa95a2c81f000000000000006287066c5197fabd5f9810e81ae0b737126ea677dcaeed8d38e65cb6e22ff5dde54704d25c79949c23e2eb15d75da2350ea7c09cc28d7673294f42a5f0a8320e13822c45c0f8612c10b100000000b0d3712c7e93363af3166a32d95433bb755a2dd576090c4867a7b6393e36856386d5ec15beb59686ca7034ff9cd41c03727209d031f40f3012e9576e51a7f550afc852003b2f7846c744ae6af3e4195cc037100324d85cec074c6949e129890152213c8b2759a07e6d067a97f5fe47fe5f17fdab80ef4104dbaba46aa43a815b1e5c6d1d224264be6c4d7f47ef21eb7e46f9aa4a9779f8555eaea768c1f2c221c110ef25253d110ce282ab76f593d928cf957d6be6277c04b8c5324812696a623cd8a4f8dc8dcba00b3b2d27478207993202b7bdbcbf8496b9a951667d5127f5a555c7b88b5c0ba0e37b56c0ebfb19a34268335648e1f844b6518a6ef7297f7b2744419af53e5309ec91d83cf4fbd775d9c07d8d591a4dac60ff0084190000b78863e629c6b2000088b8695eea0000000000000000000000000000000000449c810d3174c87ee545860972ae0c8006ac13f469a171e2cc6001e911eb513029dd293a58832e6a0ef2ccd58fc7974f8eda1e2e48d56c88c8698af62ec4580831f87aafc8428d3c2a4d1398115b9fcca23f5417e7202520b7f00e512890ab043123000000000000000000000000000003bf7a2282b3935270d6293e35079cd03d0986bdae57a687242525b644d5cd9ee5cffe82e347c1b3a889eaba769f72040168327e7b95b8934d0ec15526375a08ddd1ef53fe075e4fe42beb0eef41f9b23b1d06effb7812265d56e59ed8408bd7396da441416d1f2f99731232882194105d"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a, 0x0, 0xffffffffffffffff, 0xfffffffffffffef6, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$TUNSETFILTEREBPF(r1, 0x800454e1, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000059c0)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000100)}], 0x1}}], 0x1, 0x0) write$cgroup_devices(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="1e040600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd) socket(0x10, 0x80002, 0x0) 1.178899392s ago: executing program 0 (id=2723): r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000140)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) read$alg(r1, &(0x7f0000000dc0)=""/134, 0x86) (async) getpeername$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendto$packet(r1, &(0x7f0000000000)="23ac26b603f00c6e517411b4dd85b390c1f879f9f9cb98d0b791abfdf918323a1013e8d03d946f4dcfe32324a9f8a27281a371febe60cfbf3857a861b6", 0x3d, 0x8001, &(0x7f0000000180)={0x11, 0x1a, r2, 0x1, 0x5, 0x6, @multicast}, 0x14) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000170000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_enter\x00', r3}, 0x10) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000001800), r4) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r4, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000001840)={0x14, r5, 0x201, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40001}, 0x20000000) (async) select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x2710}) 1.03093989s ago: executing program 1 (id=2724): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900010076657468000000000400028008000a00", @ANYRES32], 0x3c}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900010076657468000000000400028008000a00", @ANYRES32], 0x3c}}, 0x0) (async) socket$netlink(0x10, 0x3, 0x0) (async) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) 1.030591995s ago: executing program 0 (id=2725): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8) sendto$inet6(r0, &(0x7f00000004c0)='W', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback, 0x8}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000140)=0x105, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000004000000000000000000000180100002025252700000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x70000000, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 980.789806ms ago: executing program 4 (id=2726): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000180)=0x200000, 0x4) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f00000003c0), &(0x7f0000000400)=0x18) socket$rds(0x15, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="5bd3de7c1c00ef00", @ANYRES16=0x0, @ANYRES32=r1, @ANYBLOB], 0x1c}}, 0x0) r2 = socket(0x1e, 0x1, 0x0) connect$tipc(r2, 0x0, 0x0) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000001180)=[{{0x0, 0x0, &(0x7f0000000680)}, 0xce}], 0x1, 0x40002002, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50) connect$can_bcm(r3, &(0x7f0000000100), 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newtfilter={0x34, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r5, {}, {}, {0x2}}, [@TCA_RATE={0x6, 0x5, {0x3d, 0xfc}}, @TCA_CHAIN={0x8, 0xb, 0x7}]}, 0x34}, 0x1, 0xf0ffffffffffff}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000600)={0x81, {{0xa, 0x4e24, 0xe0000000, @private1={0xfc, 0x1, '\x00', 0x1}}}}, 0x88) close(r6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) 0s ago: executing program 0 (id=2727): syz_emit_ethernet(0x33, &(0x7f0000000000)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x4100, 0x88be, 0x11, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "0a02868700"}}}}}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000800000079103000000000007b0a00ff000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) (async) r3 = socket$packet(0x11, 0x3, 0x300) (async) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) (async) unshare(0x22020400) (async) bpf$MAP_CREATE(0x0, 0x0, 0x50) (async) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6}, 0x10) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='memory.stat\x00', 0x275a, 0x0) writev(r7, 0x0, 0x0) (async) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000280)={r5, 0x11, 0x6}, 0x10) openat$cgroup_int(r2, &(0x7f00000000c0)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) (async) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)=@newlink={0x50, 0x10, 0xc3b, 0x0, 0x0, {0x0, 0x0, 0x0, r9}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e20}, @IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x101}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e23}]}}}]}, 0x50}}, 0x0) (async) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r10, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000700)={0x98, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x4}, @CTA_EXPECT_MASK={0x44, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @empty}}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}]}]}, 0xdd}}, 0x0) kernel console output (not intermixed with test programs): ntered allmulticast mode [ 214.599279][ T9977] mac80211_hwsim hwsim5 wlan0: entered allmulticast mode [ 214.607832][ T9977] mac80211_hwsim hwsim5 wlan0: left allmulticast mode [ 214.876502][ T9988] infiniband syz!: set down [ 214.898835][ T9988] infiniband syz!: added team_slave_0 [ 214.974099][ T9988] RDS/IB: syz!: added [ 214.979393][ T9988] smc: adding ib device syz! with port count 1 [ 214.988819][ T9988] smc: ib device syz! port 1 has pnetid [ 215.029645][T10010] xt_bpf: check failed: parse error [ 215.152884][T10020] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.161594][T10020] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.170899][T10020] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.180104][T10020] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.194823][T10020] geneve2: entered promiscuous mode [ 215.207771][T10020] geneve2: entered allmulticast mode [ 215.423085][T10028] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 215.574714][T10034] netlink: 'syz.2.1141': attribute type 10 has an invalid length. [ 215.603070][T10035] netlink: 'syz.1.1142': attribute type 1 has an invalid length. [ 215.636848][T10034] team0: Port device wlan1 added [ 215.642119][T10035] netlink: 'syz.1.1142': attribute type 3 has an invalid length. [ 215.691077][T10034] sctp: [Deprecated]: syz.2.1141 (pid 10034) Use of int in maxseg socket option. [ 215.691077][T10034] Use struct sctp_assoc_value instead [ 216.037503][T10052] sctp: [Deprecated]: syz.3.1148 (pid 10052) Use of struct sctp_assoc_value in delayed_ack socket option. [ 216.037503][T10052] Use struct sctp_sack_info instead [ 216.279127][T10075] macsec0: entered promiscuous mode [ 216.581284][T10090] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 216.660756][T10075] macsec0: left promiscuous mode [ 217.640821][T10122] __nla_validate_parse: 6 callbacks suppressed [ 217.641135][T10122] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1168'. [ 218.301890][T10138] TCP: TCP_TX_DELAY enabled [ 218.338898][T10145] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1173'. [ 219.259449][T10172] netlink: 71 bytes leftover after parsing attributes in process `syz.3.1181'. [ 219.310566][T10172] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1181'. [ 219.350935][T10089] Set syz1 is full, maxelem 65536 reached [ 219.681228][T10194] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1186'. [ 219.781045][T10204] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7 [ 219.864927][T10211] netlink: 42 bytes leftover after parsing attributes in process `syz.4.1193'. [ 219.900293][T10213] netlink: 42 bytes leftover after parsing attributes in process `syz.4.1193'. [ 220.060611][T10205] syzkaller0: entered promiscuous mode [ 220.066128][T10205] syzkaller0: entered allmulticast mode [ 220.149344][T10219] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1195'. [ 220.207876][T10222] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1195'. [ 222.429619][T10219] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1195'. [ 222.459546][T10242] netem: incorrect ge model size [ 222.465114][T10242] netem: change failed [ 222.641007][T10251] netlink: 'syz.3.1203': attribute type 4 has an invalid length. [ 222.963126][T10277] openvswitch: netlink: Tunnel attr 54 out of range max 16 [ 223.030332][T10277] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1213'. [ 223.219899][T10287] syzkaller0: entered promiscuous mode [ 223.225775][T10287] syzkaller0: entered allmulticast mode [ 223.236717][T10294] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1219'. [ 223.846233][T10309] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1224'. [ 225.671178][T10332] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 225.737304][T10328] xt_hashlimit: invalid interval [ 225.783615][T10335] virt_wifi0 speed is unknown, defaulting to 1000 [ 225.812389][T10335] lo speed is unknown, defaulting to 1000 [ 225.890453][T10346] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1234'. [ 226.364353][T10365] syzkaller0: entered promiscuous mode [ 226.370251][T10365] syzkaller0: entered allmulticast mode [ 226.984985][T10374] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1243'. [ 228.641198][T10375] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.784368][T10375] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.799890][T10381] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1245'. [ 228.937583][T10375] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.072326][T10375] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.178808][T10406] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1252'. [ 229.203856][T10406] netlink: 'syz.4.1252': attribute type 1 has an invalid length. [ 229.214617][T10406] netlink: 'syz.4.1252': attribute type 2 has an invalid length. [ 229.254302][T10375] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.304251][T10375] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.327333][T10375] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.327540][T10410] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1253'. [ 229.352147][T10375] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.423428][T10412] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1254'. [ 229.457348][T10412] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 229.705593][T10424] syzkaller0: entered promiscuous mode [ 229.719108][T10424] syzkaller0: entered allmulticast mode [ 231.614304][T10438] syzkaller0: entered promiscuous mode [ 231.620643][T10438] syzkaller0: entered allmulticast mode [ 231.866304][T10453] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 232.216318][T10477] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1268'. [ 233.991726][T10477] virt_wifi0 speed is unknown, defaulting to 1000 [ 234.027911][T10486] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1270'. [ 234.049413][T10477] lo speed is unknown, defaulting to 1000 [ 234.166519][T10489] syzkaller0: entered promiscuous mode [ 234.183097][T10489] syzkaller0: entered allmulticast mode [ 234.323811][T10501] netlink: 'syz.2.1275': attribute type 5 has an invalid length. [ 234.529951][T10508] sctp: [Deprecated]: syz.2.1277 (pid 10508) Use of struct sctp_assoc_value in delayed_ack socket option. [ 234.529951][T10508] Use struct sctp_sack_info instead [ 234.711512][T10514] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1279'. [ 234.723638][T10514] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1279'. [ 234.748659][T10514] netlink: 'syz.2.1279': attribute type 3 has an invalid length. [ 234.759392][T10514] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1279'. [ 234.771150][T10514] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1279'. [ 234.782702][T10516] netlink: 'syz.2.1279': attribute type 3 has an invalid length. [ 236.342874][T10519] netlink: 'syz.2.1280': attribute type 322 has an invalid length. [ 236.684843][T10530] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1283'. [ 236.747647][T10535] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1285'. [ 236.782270][T10540] pimreg: entered allmulticast mode [ 236.828901][T10541] rdma_rxe: rxe_newlink: failed to add lo [ 236.955589][T10546] netlink: 'syz.0.1290': attribute type 1 has an invalid length. [ 236.964840][T10546] nbd: couldn't find a device at index 20 [ 236.973542][T10546] netlink: 'syz.0.1290': attribute type 1 has an invalid length. [ 236.981650][T10546] nbd: couldn't find a device at index 20 [ 236.988084][T10546] netlink: 'syz.0.1290': attribute type 1 has an invalid length. [ 236.996508][T10546] nbd: couldn't find a device at index 20 [ 237.006978][T10546] netlink: 'syz.0.1290': attribute type 1 has an invalid length. [ 237.041122][T10546] nbd: couldn't find a device at index 20 [ 237.246025][T10555] syzkaller0: entered promiscuous mode [ 237.265003][T10555] syzkaller0: entered allmulticast mode [ 237.283468][T10556] tipc: Started in network mode [ 237.322125][T10556] tipc: Node identity ac14140f, cluster identity 4711 [ 237.365556][T10556] tipc: New replicast peer: 255.255.255.255 [ 237.389144][T10556] tipc: Enabled bearer , priority 10 [ 237.402491][T10565] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1294'. [ 237.459492][T10561] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1294'. [ 237.774301][T10583] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1298'. [ 238.503901][ T5835] tipc: Node number set to 2886997007 [ 239.485544][T10593] bond0: left promiscuous mode [ 239.498553][T10593] bond_slave_0: left promiscuous mode [ 239.518680][T10593] bond_slave_1: left promiscuous mode [ 239.887088][T10620] tls_set_device_offload_rx: netdev not found [ 239.887988][T10622] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1311'. [ 239.967062][T10627] netlink: 'syz.1.1312': attribute type 4 has an invalid length. [ 240.043415][T10633] netlink: 'syz.4.1313': attribute type 10 has an invalid length. [ 240.181005][T10641] sctp: [Deprecated]: syz.4.1313 (pid 10641) Use of int in maxseg socket option. [ 240.181005][T10641] Use struct sctp_assoc_value instead [ 240.333388][T10648] No such timeout policy "syz0" [ 240.433784][T10624] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.443112][T10624] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.453519][T10624] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.463034][T10624] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.472787][T10624] geneve2: left promiscuous mode [ 240.487626][ T5909] lo speed is unknown, defaulting to 1000 [ 240.491935][T10633] team0: Port device wlan1 added [ 240.525929][T10653] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1315'. [ 240.606781][T10643] syzkaller0: entered promiscuous mode [ 240.615153][T10643] syzkaller0: entered allmulticast mode [ 240.855048][T10659] bridge0: entered promiscuous mode [ 240.878519][T10659] bridge0: entered allmulticast mode [ 240.897201][T10659] team0: Port device bridge0 added [ 240.910573][T10663] bridge0: port 1(ip6gretap0) entered blocking state [ 240.917889][T10663] bridge0: port 1(ip6gretap0) entered disabled state [ 240.939890][T10663] ip6gretap0: entered allmulticast mode [ 240.952227][T10663] ip6gretap0: entered promiscuous mode [ 240.964983][T10663] bridge0: port 1(ip6gretap0) entered blocking state [ 240.972176][T10663] bridge0: port 1(ip6gretap0) entered listening state [ 242.613437][T10671] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1321'. [ 242.804874][T10689] virt_wifi0 speed is unknown, defaulting to 1000 [ 242.827605][T10688] netlink: 'syz.4.1325': attribute type 1 has an invalid length. [ 242.835106][T10689] lo speed is unknown, defaulting to 1000 [ 242.960180][T10696] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1328'. [ 242.980806][T10696] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1328'. [ 243.012020][T10696] netlink: 'syz.3.1328': attribute type 1 has an invalid length. [ 243.028457][T10696] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1328'. [ 243.089025][T10696] nbd: socks must be embedded in a SOCK_ITEM attr [ 243.108909][T10696] block nbd0: shutting down sockets [ 243.136759][T10705] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1329'. [ 243.327106][T10712] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 243.472669][T10718] Cannot find del_set index 3 as target [ 243.548620][T10723] netlink: 'syz.1.1338': attribute type 1 has an invalid length. [ 243.560709][T10727] FAULT_INJECTION: forcing a failure. [ 243.560709][T10727] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 243.565911][T10723] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1338'. [ 243.588294][T10727] CPU: 0 UID: 0 PID: 10727 Comm: syz.3.1337 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 243.599120][T10727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 243.609207][T10727] Call Trace: [ 243.612522][T10727] [ 243.615483][T10727] dump_stack_lvl+0x241/0x360 [ 243.620201][T10727] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.625447][T10727] ? __pfx__printk+0x10/0x10 [ 243.630083][T10727] ? __pfx_lock_release+0x10/0x10 [ 243.635159][T10727] should_fail_ex+0x3b0/0x4e0 [ 243.639919][T10727] _copy_from_iter+0x1e9/0x1c20 [ 243.644832][T10727] ? __virt_addr_valid+0x183/0x530 [ 243.649999][T10727] ? __alloc_skb+0x28f/0x440 [ 243.654650][T10727] ? __pfx__copy_from_iter+0x10/0x10 [ 243.659997][T10727] ? __virt_addr_valid+0x183/0x530 [ 243.665169][T10727] ? __virt_addr_valid+0x183/0x530 [ 243.670349][T10727] ? __virt_addr_valid+0x45f/0x530 [ 243.675514][T10727] ? __phys_addr_symbol+0x2f/0x70 [ 243.680634][T10727] ? __check_object_size+0x47a/0x730 [ 243.685970][T10727] netlink_sendmsg+0x73d/0xcb0 [ 243.690790][T10727] ? __pfx_netlink_sendmsg+0x10/0x10 [ 243.696126][T10727] ? aa_sock_msg_perm+0x91/0x160 [ 243.701200][T10727] ? __pfx_netlink_sendmsg+0x10/0x10 [ 243.706548][T10727] __sock_sendmsg+0x221/0x270 [ 243.711299][T10727] ____sys_sendmsg+0x52a/0x7e0 [ 243.716120][T10727] ? __pfx_____sys_sendmsg+0x10/0x10 [ 243.721450][T10727] ? __fget_files+0x2a/0x410 [ 243.726269][T10727] ? __fget_files+0x2a/0x410 [ 243.730912][T10727] __sys_sendmsg+0x269/0x350 [ 243.735550][T10727] ? __pfx_lock_release+0x10/0x10 [ 243.737778][T10733] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1340'. [ 243.740602][T10727] ? __pfx___sys_sendmsg+0x10/0x10 [ 243.740643][T10727] ? __pfx_vfs_write+0x10/0x10 [ 243.740687][T10727] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 243.740710][T10727] ? do_syscall_64+0x100/0x230 [ 243.740733][T10727] ? do_syscall_64+0xb6/0x230 [ 243.740754][T10727] do_syscall_64+0xf3/0x230 [ 243.779932][T10727] ? clear_bhb_loop+0x35/0x90 [ 243.784675][T10727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.790627][T10727] RIP: 0033:0x7f1af1d85d29 [ 243.795083][T10727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.814728][T10727] RSP: 002b:00007f1af2b1a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 243.823185][T10727] RAX: ffffffffffffffda RBX: 00007f1af1f75fa0 RCX: 00007f1af1d85d29 [ 243.831197][T10727] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004 [ 243.839369][T10727] RBP: 00007f1af2b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 243.847465][T10727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 243.855488][T10727] R13: 0000000000000000 R14: 00007f1af1f75fa0 R15: 00007fff68106908 [ 243.863523][T10727] [ 243.931140][T10689] virt_wifi0 speed is unknown, defaulting to 1000 [ 243.943315][T10689] lo speed is unknown, defaulting to 1000 [ 244.369532][T10752] syzkaller0: entered promiscuous mode [ 244.384968][T10752] syzkaller0: entered allmulticast mode [ 244.576934][T10767] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1350'. [ 244.739135][T10772] FAULT_INJECTION: forcing a failure. [ 244.739135][T10772] name failslab, interval 1, probability 0, space 0, times 0 [ 244.752220][T10772] CPU: 1 UID: 0 PID: 10772 Comm: syz.1.1352 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 244.763002][T10772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 244.773078][T10772] Call Trace: [ 244.776368][T10772] [ 244.779312][T10772] dump_stack_lvl+0x241/0x360 [ 244.784011][T10772] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.789272][T10772] ? __pfx__printk+0x10/0x10 [ 244.793892][T10772] should_fail_ex+0x3b0/0x4e0 [ 244.798572][T10772] should_failslab+0xac/0x100 [ 244.803264][T10772] ? skb_clone+0x20c/0x390 [ 244.807698][T10772] kmem_cache_alloc_noprof+0x70/0x380 [ 244.813093][T10772] skb_clone+0x20c/0x390 [ 244.817348][T10772] __netlink_deliver_tap+0x3cc/0x7f0 [ 244.822646][T10772] ? netlink_deliver_tap+0x2e/0x1b0 [ 244.827842][T10772] netlink_deliver_tap+0x19d/0x1b0 [ 244.832983][T10772] netlink_unicast+0x7c4/0x990 [ 244.837795][T10772] ? __pfx_netlink_unicast+0x10/0x10 [ 244.843094][T10772] ? __virt_addr_valid+0x45f/0x530 [ 244.848248][T10772] ? __phys_addr_symbol+0x2f/0x70 [ 244.853347][T10772] ? __check_object_size+0x47a/0x730 [ 244.858650][T10772] netlink_sendmsg+0x8e4/0xcb0 [ 244.863564][T10772] ? __pfx_netlink_sendmsg+0x10/0x10 [ 244.868895][T10772] ? aa_sock_msg_perm+0x91/0x160 [ 244.873901][T10772] ? __pfx_netlink_sendmsg+0x10/0x10 [ 244.879220][T10772] __sock_sendmsg+0x221/0x270 [ 244.883911][T10772] ____sys_sendmsg+0x52a/0x7e0 [ 244.888690][T10772] ? __pfx_____sys_sendmsg+0x10/0x10 [ 244.893983][T10772] ? __fget_files+0x2a/0x410 [ 244.898582][T10772] ? __fget_files+0x2a/0x410 [ 244.903188][T10772] __sys_sendmsg+0x269/0x350 [ 244.907808][T10772] ? __pfx_lock_release+0x10/0x10 [ 244.912836][T10772] ? __pfx___sys_sendmsg+0x10/0x10 [ 244.918020][T10772] ? __pfx_vfs_write+0x10/0x10 [ 244.922822][T10772] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 244.929161][T10772] ? do_syscall_64+0x100/0x230 [ 244.933932][T10772] ? do_syscall_64+0xb6/0x230 [ 244.938716][T10772] do_syscall_64+0xf3/0x230 [ 244.943271][T10772] ? clear_bhb_loop+0x35/0x90 [ 244.947979][T10772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.953874][T10772] RIP: 0033:0x7f657fd85d29 [ 244.958291][T10772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.977907][T10772] RSP: 002b:00007f6580b10038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 244.986369][T10772] RAX: ffffffffffffffda RBX: 00007f657ff75fa0 RCX: 00007f657fd85d29 [ 244.994382][T10772] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004 [ 245.002387][T10772] RBP: 00007f6580b10090 R08: 0000000000000000 R09: 0000000000000000 [ 245.010368][T10772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 245.018370][T10772] R13: 0000000000000000 R14: 00007f657ff75fa0 R15: 00007ffc5ae8dfa8 [ 245.026381][T10772] [ 245.034917][T10772] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1352'. [ 245.044243][T10772] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1352'. [ 247.033248][T10790] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1357'. [ 247.317507][T10809] syz.0.1361 uses old SIOCAX25GETINFO [ 247.357063][T10805] syzkaller1: entered promiscuous mode [ 247.371218][T10805] syzkaller1: entered allmulticast mode [ 247.570993][T10820] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1363'. [ 247.600890][T10820] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1363'. [ 247.618925][T10820] FAULT_INJECTION: forcing a failure. [ 247.618925][T10820] name failslab, interval 1, probability 0, space 0, times 0 [ 247.658561][T10820] CPU: 1 UID: 0 PID: 10820 Comm: syz.1.1363 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 247.669392][T10820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 247.679470][T10820] Call Trace: [ 247.682799][T10820] [ 247.685921][T10820] dump_stack_lvl+0x241/0x360 [ 247.690629][T10820] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.695841][T10820] ? __pfx__printk+0x10/0x10 [ 247.700466][T10820] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 247.706477][T10820] ? __pfx___might_resched+0x10/0x10 [ 247.711802][T10820] should_fail_ex+0x3b0/0x4e0 [ 247.716559][T10820] should_failslab+0xac/0x100 [ 247.721296][T10820] kmem_cache_alloc_node_noprof+0x77/0x380 [ 247.727155][T10820] ? __alloc_skb+0x1c3/0x440 [ 247.731766][T10820] __alloc_skb+0x1c3/0x440 [ 247.736205][T10820] ? __pfx___alloc_skb+0x10/0x10 [ 247.741173][T10820] ? netlink_ack_tlv_len+0x6e/0x200 [ 247.746427][T10820] netlink_ack+0x145/0xa50 [ 247.750893][T10820] ? __sock_sendmsg+0x221/0x270 [ 247.755777][T10820] ? ____sys_sendmsg+0x52a/0x7e0 [ 247.761192][T10820] netlink_rcv_skb+0x262/0x430 [ 247.765979][T10820] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 247.771449][T10820] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 247.776744][T10820] ? apparmor_capable+0x13b/0x1b0 [ 247.781785][T10820] ? bpf_lsm_capable+0x9/0x10 [ 247.786458][T10820] ? security_capable+0x7e/0x2d0 [ 247.791421][T10820] nfnetlink_rcv+0x297/0x2ab0 [ 247.796132][T10820] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 247.801969][T10820] ? __dev_queue_xmit+0x2f4/0x3f50 [ 247.807161][T10820] ? __dev_queue_xmit+0x1775/0x3f50 [ 247.812383][T10820] ? kasan_save_track+0x51/0x80 [ 247.817268][T10820] ? ____sys_sendmsg+0x52a/0x7e0 [ 247.822235][T10820] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 247.827381][T10820] ? __dev_queue_xmit+0x2f4/0x3f50 [ 247.832523][T10820] ? __pfx___dev_queue_xmit+0x10/0x10 [ 247.838019][T10820] ? ref_tracker_free+0x643/0x7e0 [ 247.843051][T10820] ? __asan_memcpy+0x40/0x70 [ 247.847640][T10820] ? __pfx_ref_tracker_free+0x10/0x10 [ 247.853019][T10820] ? netlink_deliver_tap+0x2e/0x1b0 [ 247.858220][T10820] ? skb_clone+0x240/0x390 [ 247.862647][T10820] ? __pfx_lock_release+0x10/0x10 [ 247.867673][T10820] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 247.873138][T10820] ? netlink_deliver_tap+0x2e/0x1b0 [ 247.878340][T10820] netlink_unicast+0x7f6/0x990 [ 247.883111][T10820] ? __pfx_netlink_unicast+0x10/0x10 [ 247.888398][T10820] ? __virt_addr_valid+0x45f/0x530 [ 247.893517][T10820] ? __phys_addr_symbol+0x2f/0x70 [ 247.898541][T10820] ? __check_object_size+0x47a/0x730 [ 247.903836][T10820] netlink_sendmsg+0x8e4/0xcb0 [ 247.908613][T10820] ? __pfx_netlink_sendmsg+0x10/0x10 [ 247.913906][T10820] ? aa_sock_msg_perm+0x91/0x160 [ 247.918849][T10820] ? __pfx_netlink_sendmsg+0x10/0x10 [ 247.924133][T10820] __sock_sendmsg+0x221/0x270 [ 247.928837][T10820] ____sys_sendmsg+0x52a/0x7e0 [ 247.933611][T10820] ? __pfx_____sys_sendmsg+0x10/0x10 [ 247.938891][T10820] ? __fget_files+0x2a/0x410 [ 247.943483][T10820] ? __fget_files+0x2a/0x410 [ 247.948079][T10820] __sys_sendmsg+0x269/0x350 [ 247.952768][T10820] ? __pfx_lock_release+0x10/0x10 [ 247.957806][T10820] ? __pfx___sys_sendmsg+0x10/0x10 [ 247.962966][T10820] ? __pfx_vfs_write+0x10/0x10 [ 247.967756][T10820] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 247.974101][T10820] ? do_syscall_64+0x100/0x230 [ 247.978874][T10820] ? do_syscall_64+0xb6/0x230 [ 247.983556][T10820] do_syscall_64+0xf3/0x230 [ 247.988061][T10820] ? clear_bhb_loop+0x35/0x90 [ 247.992743][T10820] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.998670][T10820] RIP: 0033:0x7f657fd85d29 [ 248.003099][T10820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 248.022726][T10820] RSP: 002b:00007f6580b10038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 248.031152][T10820] RAX: ffffffffffffffda RBX: 00007f657ff75fa0 RCX: 00007f657fd85d29 [ 248.039122][T10820] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004 [ 248.047089][T10820] RBP: 00007f6580b10090 R08: 0000000000000000 R09: 0000000000000000 [ 248.055057][T10820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 248.063034][T10820] R13: 0000000000000000 R14: 00007f657ff75fa0 R15: 00007ffc5ae8dfa8 [ 248.071025][T10820] [ 248.159607][T10831] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1366'. [ 248.273525][T10835] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 248.381750][T10842] netlink: 'syz.4.1371': attribute type 10 has an invalid length. [ 248.391507][T10840] netlink: 'syz.4.1371': attribute type 10 has an invalid length. [ 248.424195][T10840] team0: Port device wlan1 removed [ 248.432132][T10840] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 248.599724][T10852] netlink: 'syz.3.1374': attribute type 58 has an invalid length. [ 248.610807][T10852] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1374'. [ 248.716290][T10862] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1377'. [ 248.759845][T10862] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1377'. [ 248.787334][T10862] FAULT_INJECTION: forcing a failure. [ 248.787334][T10862] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 248.807027][T10862] CPU: 1 UID: 0 PID: 10862 Comm: syz.3.1377 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 248.817884][T10862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 248.827986][T10862] Call Trace: [ 248.831376][T10862] [ 248.834328][T10862] dump_stack_lvl+0x241/0x360 [ 248.839046][T10862] ? __pfx_dump_stack_lvl+0x10/0x10 [ 248.844309][T10862] ? __pfx__printk+0x10/0x10 [ 248.848976][T10862] ? snprintf+0xda/0x120 [ 248.853269][T10862] should_fail_ex+0x3b0/0x4e0 [ 248.858001][T10862] _copy_to_user+0x31/0xb0 [ 248.862467][T10862] simple_read_from_buffer+0xca/0x150 [ 248.867888][T10862] proc_fail_nth_read+0x1e9/0x250 [ 248.872959][T10862] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 248.878557][T10862] ? rw_verify_area+0x55e/0x6f0 [ 248.883440][T10862] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 248.889027][T10862] vfs_read+0x1fc/0xb70 [ 248.893271][T10862] ? __pfx___mutex_lock+0x10/0x10 [ 248.898322][T10862] ? __pfx_vfs_read+0x10/0x10 [ 248.903055][T10862] ? __fget_files+0x2a/0x410 [ 248.907660][T10862] ? __fget_files+0x395/0x410 [ 248.912366][T10862] ? __fget_files+0x2a/0x410 [ 248.916999][T10862] ksys_read+0x18f/0x2b0 [ 248.921275][T10862] ? __pfx_ksys_read+0x10/0x10 [ 248.926062][T10862] ? do_syscall_64+0x100/0x230 [ 248.930871][T10862] ? do_syscall_64+0xb6/0x230 [ 248.935552][T10862] do_syscall_64+0xf3/0x230 [ 248.940075][T10862] ? clear_bhb_loop+0x35/0x90 [ 248.944770][T10862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.950662][T10862] RIP: 0033:0x7f1af1d8473c [ 248.955081][T10862] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 248.974690][T10862] RSP: 002b:00007f1af2b1a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 248.983120][T10862] RAX: ffffffffffffffda RBX: 00007f1af1f75fa0 RCX: 00007f1af1d8473c [ 248.991104][T10862] RDX: 000000000000000f RSI: 00007f1af2b1a0a0 RDI: 0000000000000005 [ 248.999085][T10862] RBP: 00007f1af2b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 249.007061][T10862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 249.013068][T10870] x_tables: duplicate underflow at hook 1 [ 249.015023][T10862] R13: 0000000000000000 R14: 00007f1af1f75fa0 R15: 00007fff68106908 [ 249.028829][T10862] [ 249.166469][T10880] netlink: 'syz.0.1382': attribute type 9 has an invalid length. [ 249.218212][T10883] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 249.394800][T10891] virt_wifi0 speed is unknown, defaulting to 1000 [ 249.421354][T10891] lo speed is unknown, defaulting to 1000 [ 249.476088][T10905] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1389'. [ 249.658642][ T5830] Bluetooth: hci4: command 0x0405 tx timeout [ 249.675749][T10917] netlink: 'syz.0.1394': attribute type 1 has an invalid length. [ 249.798875][T10917] 8021q: adding VLAN 0 to HW filter on device bond2 [ 249.847990][T10922] bond2: (slave ip6gretap1): making interface the new active one [ 249.859919][T10922] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 249.868825][T10922] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 249.876987][T10922] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 249.886275][T10921] netlink: 'syz.4.1395': attribute type 21 has an invalid length. [ 249.912077][T10921] IPv6: NLM_F_CREATE should be specified when creating new route [ 249.935542][T10921] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 249.942919][T10921] IPv6: NLM_F_CREATE should be set when creating new route [ 249.950231][T10921] IPv6: NLM_F_CREATE should be set when creating new route [ 249.957484][T10921] IPv6: NLM_F_CREATE should be set when creating new route [ 250.052291][ T5881] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 250.599018][ T5835] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 250.863022][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 250.909748][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 250.976530][T10975] x_tables: duplicate underflow at hook 1 [ 251.059899][T10979] __nla_validate_parse: 1 callbacks suppressed [ 251.059921][T10979] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1407'. [ 251.133234][T10979] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1407'. [ 251.209963][T10984] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 251.602975][T11014] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1421'. [ 251.761170][T11025] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1425'. [ 251.774186][T11021] can: request_module (can-proto-4) failed. [ 251.777270][T11025] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1425'. [ 251.901998][ T12] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 251.921531][ T12] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 252.078631][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 252.105529][T11047] netlink: 'syz.1.1431': attribute type 3 has an invalid length. [ 252.126807][T11047] netlink: 'syz.1.1431': attribute type 3 has an invalid length. [ 252.144368][T11044] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1434'. [ 252.164339][T11048] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1434'. [ 252.218910][ T5835] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 252.322302][T11062] netlink: 'syz.2.1437': attribute type 4 has an invalid length. [ 252.334744][T11064] netlink: 'syz.2.1437': attribute type 4 has an invalid length. [ 252.500147][T11072] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1438'. [ 252.536884][T11072] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1438'. [ 252.593992][T11079] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1441'. [ 252.732535][T11092] ipvlan2: entered promiscuous mode [ 252.752738][T11092] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 252.765687][T11092] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 253.630340][T11158] validate_nla: 3 callbacks suppressed [ 253.630362][T11158] netlink: 'syz.2.1463': attribute type 16 has an invalid length. [ 253.832618][T11112] Bluetooth: hci2: Opcode 0x0401 failed: -4 [ 253.889761][T11160] bridge0: port 1(ip6gretap0) entered disabled state [ 254.074234][T11163] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.087203][T11163] 8021q: adding VLAN 0 to HW filter on device team0 [ 254.102312][T11163] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 254.695581][T11204] SET target dimension over the limit! [ 254.710484][T11209] nbd: must specify at least one socket [ 254.883193][T11217] syzkaller0: entered promiscuous mode [ 254.891259][T11217] syzkaller0: entered allmulticast mode [ 255.104938][ T5830] Bluetooth: hci2: command 0x0406 tx timeout [ 255.428608][ T4876] ip6_tnl_xmit_ctl: 2 callbacks suppressed [ 255.428631][ T4876] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 256.074428][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 256.074471][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.551039][T11251] __nla_validate_parse: 10 callbacks suppressed [ 256.551070][T11251] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1490'. [ 256.582110][ T1161] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 256.789635][T11260] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1493'. [ 256.810015][T11260] unsupported nlmsg_type 40 [ 256.912047][T11262] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1494'. [ 257.587481][T11225] netlink: 'syz.1.1484': attribute type 12 has an invalid length. [ 257.699701][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 257.704745][T11280] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1501'. [ 257.768317][T11280] Timeout policy `syz0' can only be used by L3 protocol number 0 [ 257.813254][T11285] bridge4: entered promiscuous mode [ 257.832163][T11285] bridge4: entered allmulticast mode [ 258.037840][T11297] ax25_connect(): syz.1.1507 uses autobind, please contact jreuter@yaina.de [ 258.097794][T11300] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1508'. [ 258.530771][T11322] syzkaller0: entered promiscuous mode [ 258.543113][T11322] syzkaller0: entered allmulticast mode [ 258.723757][T11334] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 258.737790][T11335] No such timeout policy "syz0" [ 258.746690][T11331] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1518'. [ 258.818419][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 258.840330][T11339] netlink: 'syz.4.1521': attribute type 1 has an invalid length. [ 258.848518][T11339] netlink: 'syz.4.1521': attribute type 4 has an invalid length. [ 258.856515][T11339] netlink: 192 bytes leftover after parsing attributes in process `syz.4.1521'. [ 259.928769][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 260.682198][T11351] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1524'. [ 260.789610][T11363] netlink: 'syz.0.1527': attribute type 3 has an invalid length. [ 260.797420][T11363] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1527'. [ 260.868862][T11363] bridge0: port 2(vlan3) entered blocking state [ 260.894003][T11363] bridge0: port 2(vlan3) entered disabled state [ 260.911269][T11363] vlan3: entered allmulticast mode [ 260.944238][T11363] vlan3: left allmulticast mode [ 261.055823][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 261.096315][T11360] virt_wifi0 speed is unknown, defaulting to 1000 [ 261.142251][T11360] lo speed is unknown, defaulting to 1000 [ 261.399913][T11398] set match dimension is over the limit! [ 261.439111][T11398] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1534'. [ 261.482878][T11366] siw: device registration error -23 [ 261.485474][T11398] pim6reg: entered allmulticast mode [ 261.531571][T11400] Timeout policy `syz0' can only be used by L3 protocol number 0 [ 261.712344][T11402] syzkaller0: entered promiscuous mode [ 261.717876][T11402] syzkaller0: entered allmulticast mode [ 261.868557][T11414] __nla_validate_parse: 1 callbacks suppressed [ 261.868578][T11414] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1541'. [ 261.896078][T11414] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1541'. [ 261.906151][T11414] netlink: 'syz.0.1541': attribute type 5 has an invalid length. [ 261.911567][T11411] vxcan1: entered allmulticast mode [ 261.920269][T11416] netlink: 'syz.2.1542': attribute type 1 has an invalid length. [ 261.938374][T11416] netlink: 'syz.2.1542': attribute type 1 has an invalid length. [ 262.203014][ T12] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 262.284833][T11430] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1543'. [ 263.328474][ T1161] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 264.280804][T11424] netlink: 'syz.1.1544': attribute type 15 has an invalid length. [ 264.300438][T11424] netlink: 666 bytes leftover after parsing attributes in process `syz.1.1544'. [ 264.331450][T11430] bridge_slave_1: left allmulticast mode [ 264.337175][T11430] bridge_slave_1: left promiscuous mode [ 264.363465][T11430] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.378409][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 264.434244][T11430] bridge_slave_0: left allmulticast mode [ 264.440391][T11430] bridge_slave_0: left promiscuous mode [ 264.446344][T11430] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.450719][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 264.550519][T11454] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1552'. [ 264.587063][T11455] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1552'. [ 264.785217][T11469] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1556'. [ 264.809868][T11469] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1556'. [ 265.020552][T11481] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1559'. [ 265.225466][T11486] syzkaller0: entered promiscuous mode [ 265.243367][T11486] syzkaller0: entered allmulticast mode [ 265.467005][T11505] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1564'. [ 265.590889][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 266.728529][ T4876] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 267.473567][T11509] virt_wifi0 speed is unknown, defaulting to 1000 [ 267.508906][T11509] lo speed is unknown, defaulting to 1000 [ 267.829757][T11542] __nla_validate_parse: 1 callbacks suppressed [ 267.829782][T11542] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1571'. [ 267.864559][T11542] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1571'. [ 267.878470][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 268.301567][T11564] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1579'. [ 268.794210][T11587] tipc: Enabled bearer , priority 0 [ 268.816345][T11585] tap0: tun_chr_ioctl cmd 1074812118 [ 268.856928][T11585] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1584'. [ 268.921993][T11590] netlink: 'syz.4.1587': attribute type 3 has an invalid length. [ 268.931040][T11590] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1587'. [ 269.007087][ T4876] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 269.220092][T11616] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1590'. [ 269.233351][T11617] netlink: 'syz.0.1592': attribute type 15 has an invalid length. [ 269.349144][T11622] netlink: 'syz.4.1594': attribute type 10 has an invalid length. [ 269.411984][T11627] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1596'. [ 269.443243][T11627] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1596'. [ 269.885565][T11647] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1603'. [ 269.906108][T11646] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 269.914876][T11646] syzkaller0: entered promiscuous mode [ 269.920842][T11646] syzkaller0: entered allmulticast mode [ 270.116508][T11655] vlan4: entered promiscuous mode [ 270.148684][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 270.179517][T11659] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1609'. [ 271.172444][T11688] bond0: left allmulticast mode [ 271.198161][T11688] bond_slave_0: left allmulticast mode [ 271.222842][T11688] bond_slave_1: left allmulticast mode [ 271.272489][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 271.853579][T11688] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 271.892237][T11688] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 271.973877][T11719] openvswitch: netlink: IP tunnel dst address not specified [ 272.024434][T11688] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.033849][T11688] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.043098][T11688] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.053344][T11688] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.115026][T11710] netlink: 'syz.3.1625': attribute type 29 has an invalid length. [ 272.149065][T11715] syzkaller1: entered promiscuous mode [ 272.154610][T11715] syzkaller1: entered allmulticast mode [ 272.608863][ T35] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 273.024061][T11795] __nla_validate_parse: 7 callbacks suppressed [ 273.024083][T11795] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1636'. [ 273.047303][T11795] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap2 [ 273.073278][T11795] tipc: Started in network mode [ 273.099058][T11795] tipc: Node identity c2474913fae4, cluster identity 4711 [ 273.115711][T11795] tipc: Enabled bearer , priority 10 [ 273.157288][T11799] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.261864][T11799] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.309534][T11810] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1641'. [ 273.485472][T11799] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.688744][T11799] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.732862][ T1161] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 273.792553][T11799] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.830528][T11799] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.855986][T11835] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 273.896556][T11799] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.916308][T11835] netlink: 'syz.2.1651': attribute type 11 has an invalid length. [ 273.977910][T11799] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.078894][T11844] netlink: 1256 bytes leftover after parsing attributes in process `syz.1.1654'. [ 274.108567][ T5912] tipc: Node number set to 950225171 [ 274.188087][T11852] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1658'. [ 274.224777][T11852] netlink: 320 bytes leftover after parsing attributes in process `syz.3.1658'. [ 274.304345][T11861] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1661'. [ 274.314544][T11861] netlink: 'syz.4.1661': attribute type 10 has an invalid length. [ 274.326450][T11861] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 274.733193][T11891] syzkaller0: entered promiscuous mode [ 274.740068][T11891] syzkaller0: entered allmulticast mode [ 274.840203][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 274.991828][T11904] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 275.050577][T11910] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1672'. [ 275.060348][T11910] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1672'. [ 275.399873][T11916] syz.4.1675[11916] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 275.399952][T11916] syz.4.1675[11916] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 275.950745][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 276.974186][T11913] hsr0: entered promiscuous mode [ 276.979692][T11913] hsr0: left promiscuous mode [ 276.985455][T11917] hsr_slave_0: left promiscuous mode [ 276.992050][T11917] hsr_slave_1: left promiscuous mode [ 277.077519][ T1161] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 277.267121][T11943] netlink: 'syz.3.1683': attribute type 10 has an invalid length. [ 277.454117][T11950] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1686'. [ 277.534896][T11959] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1689'. [ 278.189786][T11999] __nla_validate_parse: 1 callbacks suppressed [ 278.189807][T11999] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1703'. [ 278.219811][T12000] rdma_op ffff88806c0549f0 conn xmit_rdma 0000000000000000 [ 278.220683][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 278.248411][T11999] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1703'. [ 278.440592][T12018] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1709'. [ 278.531784][T12027] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1712'. [ 278.802508][T12048] netlink: 'syz.0.1713': attribute type 12 has an invalid length. [ 278.862949][T12053] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1719'. [ 278.872298][T12053] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1719'. [ 279.073481][T12058] rdma_op ffff8880344aa9f0 conn xmit_rdma 0000000000000000 [ 279.232490][T12065] bridge_slave_0: default FDB implementation only supports local addresses [ 279.280815][T12067] x_tables: ip_tables: ah match: only valid for protocol 51 [ 279.400214][ T1161] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 279.436932][T12078] netlink: 'syz.4.1727': attribute type 1 has an invalid length. [ 279.846710][T12105] rdma_op ffff8880345491f0 conn xmit_rdma 0000000000000000 [ 279.934510][T12111] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1739'. [ 279.947966][T12111] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1739'. [ 280.119211][T12122] netlink: 'syz.2.1741': attribute type 4 has an invalid length. [ 280.378576][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 280.424241][T12149] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 280.447419][T12143] lo speed is unknown, defaulting to 1000 [ 280.482808][T12149] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1749'. [ 280.518766][ T4876] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 280.801307][T12164] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1753'. [ 280.844114][T12164] macvtap0: entered promiscuous mode [ 280.873046][T12164] dummy0: entered promiscuous mode [ 280.892284][T12164] macvtap0: entered allmulticast mode [ 280.910014][T12164] dummy0: entered allmulticast mode [ 280.993777][T12175] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 281.043021][T12169] dummy0: left allmulticast mode [ 281.048996][T12169] dummy0: left promiscuous mode [ 281.195323][T12189] netlink: 'syz.1.1762': attribute type 10 has an invalid length. [ 281.577987][T12211] No such timeout policy "syz0" [ 281.713108][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 281.723700][T12220] Bluetooth: MGMT ver 1.23 [ 282.133465][T12231] netlink: 'syz.3.1775': attribute type 2 has an invalid length. [ 282.628151][T12264] rdma_op ffff88802909c9f0 conn xmit_rdma 0000000000000000 [ 282.870053][ T12] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 283.002000][T12281] bond0: (slave macvlan2): Opening slave failed [ 283.192667][T12287] lo speed is unknown, defaulting to 1000 [ 283.661916][T12307] lo speed is unknown, defaulting to 1000 [ 283.771977][T12313] lo speed is unknown, defaulting to 1000 [ 283.989229][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 284.713737][T12350] IPVS: set_ctl: invalid protocol: 43 224.0.0.1:20000 [ 285.218795][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 285.264929][T12369] __nla_validate_parse: 6 callbacks suppressed [ 285.264959][T12369] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1810'. [ 285.637642][T12383] bridge_slave_0: left allmulticast mode [ 285.668794][T12383] bridge_slave_0: left promiscuous mode [ 285.699796][T12383] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.739274][T12383] bridge_slave_1: left allmulticast mode [ 285.784195][T12383] bridge_slave_1: left promiscuous mode [ 285.798141][T12383] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.879515][T12383] bond0: (slave bond_slave_0): Releasing backup interface [ 285.914210][T12401] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1818'. [ 285.955920][T12383] bond0: (slave bond_slave_1): Releasing backup interface [ 285.982876][T12383] team0: Port device team_slave_0 removed [ 285.999926][T12383] team0: Port device team_slave_1 removed [ 286.007596][T12383] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 286.032811][T12383] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 286.055694][T12383] team0: Port device wlan1 removed [ 286.069277][T12407] sctp: [Deprecated]: syz.1.1819 (pid 12407) Use of int in max_burst socket option. [ 286.069277][T12407] Use struct sctp_assoc_value instead [ 286.135896][T12393] lo speed is unknown, defaulting to 1000 [ 286.347372][T12415] rdma_op ffff888021ee31f0 conn xmit_rdma 0000000000000000 [ 286.411986][ T12] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 286.476124][T12424] netlink: 'syz.2.1824': attribute type 39 has an invalid length. [ 286.628205][T12433] xt_hashlimit: size too large, truncated to 1048576 [ 286.789852][T12443] netlink: 'syz.4.1828': attribute type 3 has an invalid length. [ 287.036168][T12451] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1827'. [ 287.604840][ T4876] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 287.918178][T12466] Cannot find add_set index 32768 as target [ 287.957179][T12467] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 288.000593][T12467] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 288.041486][T12467] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 288.738895][ T1161] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 288.907917][T12482] rdma_op ffff88805a3fb1f0 conn xmit_rdma 0000000000000000 [ 288.930528][T12473] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1835'. [ 289.186433][T12493] netlink: 'syz.1.1841': attribute type 12 has an invalid length. [ 289.299100][T12498] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1842'. [ 289.336693][T12498] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 289.892938][T12517] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1848'. [ 289.919120][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 290.119986][T12524] lo speed is unknown, defaulting to 1000 [ 290.239157][T12535] rdma_op ffff88807e49b9f0 conn xmit_rdma 0000000000000000 [ 291.048943][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 291.239205][T12565] wg2: entered promiscuous mode [ 291.244154][T12565] wg2: entered allmulticast mode [ 291.268186][T12567] FAULT_INJECTION: forcing a failure. [ 291.268186][T12567] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 291.287658][T12567] CPU: 0 UID: 0 PID: 12567 Comm: syz.1.1861 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 291.298501][T12567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 291.308595][T12567] Call Trace: [ 291.311913][T12567] [ 291.314910][T12567] dump_stack_lvl+0x241/0x360 [ 291.319658][T12567] ? __pfx_dump_stack_lvl+0x10/0x10 [ 291.324919][T12567] ? __pfx__printk+0x10/0x10 [ 291.329568][T12567] ? __pfx_lock_release+0x10/0x10 [ 291.334660][T12567] should_fail_ex+0x3b0/0x4e0 [ 291.339405][T12567] _copy_from_user+0x2f/0xc0 [ 291.344031][T12567] __sys_bpf+0x1a4/0x810 [ 291.348357][T12567] ? __pfx___sys_bpf+0x10/0x10 [ 291.353176][T12567] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 291.359204][T12567] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 291.365584][T12567] ? do_syscall_64+0x100/0x230 [ 291.370489][T12567] __x64_sys_bpf+0x7c/0x90 [ 291.374950][T12567] do_syscall_64+0xf3/0x230 [ 291.379529][T12567] ? clear_bhb_loop+0x35/0x90 [ 291.384282][T12567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.390217][T12567] RIP: 0033:0x7f657fd85d29 [ 291.394674][T12567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.414335][T12567] RSP: 002b:00007f6580b10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 291.422793][T12567] RAX: ffffffffffffffda RBX: 00007f657ff75fa0 RCX: 00007f657fd85d29 [ 291.430788][T12567] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a [ 291.438772][T12567] RBP: 00007f6580b10090 R08: 0000000000000000 R09: 0000000000000000 [ 291.446856][T12567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.454859][T12567] R13: 0000000000000000 R14: 00007f657ff75fa0 R15: 00007ffc5ae8dfa8 [ 291.462878][T12567] [ 291.655718][T12580] openvswitch: netlink: nsh attr 9472 is out of range max 3 [ 291.861297][T12595] netlink: 404 bytes leftover after parsing attributes in process `syz.2.1872'. [ 291.895128][T12595] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1872'. [ 291.918675][T12595] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1872'. [ 291.943618][T12595] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1872'. [ 292.159476][T12617] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1878'. [ 292.241891][ T1161] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 292.405072][T12633] netlink: 'syz.0.1883': attribute type 1 has an invalid length. [ 292.532366][T12637] veth0_to_team: entered promiscuous mode [ 292.538140][T12637] veth0_to_team: entered allmulticast mode [ 292.871459][T12655] x_tables: duplicate underflow at hook 1 [ 292.946049][T12663] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1894'. [ 292.956472][T12663] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1894'. [ 293.357615][T12691] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1900'. [ 293.380494][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 293.938677][T12708] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1908'. [ 293.947883][T12708] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1908'. [ 294.043278][T12713] netlink: 'syz.3.1911': attribute type 10 has an invalid length. [ 294.059320][T12713] batman_adv: batadv0: Adding interface: team0 [ 294.071809][T12713] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 294.130216][T12716] netlink: 'syz.3.1911': attribute type 10 has an invalid length. [ 294.144172][T12713] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 294.243557][T12720] rdma_op ffff8880303629f0 conn xmit_rdma 0000000000000000 [ 294.373545][T12716] team0: entered promiscuous mode [ 294.379611][T12716] team_slave_0: entered promiscuous mode [ 294.387115][T12716] team_slave_1: entered promiscuous mode [ 294.394093][T12716] bond0: entered promiscuous mode [ 294.399960][T12716] @ÿ: entered promiscuous mode [ 294.405069][T12716] bond_slave_1: entered promiscuous mode [ 294.412806][T12716] 8021q: adding VLAN 0 to HW filter on device team0 [ 294.420688][T12716] batman_adv: batadv0: Interface activated: team0 [ 294.438749][T12716] batman_adv: batadv0: Interface deactivated: team0 [ 294.445629][T12716] batman_adv: batadv0: Removing interface: team0 [ 294.540183][ T4876] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 294.669993][T12731] netpci0: renamed from team0 (while UP) [ 294.690282][T12731] netpci0: Cannot enslave team device to itself [ 294.709417][T12731] A link change request failed with some changes committed already. Interface netpci0 may have been left with an inconsistent configuration, please check. [ 294.774387][T12741] lo speed is unknown, defaulting to 1000 [ 295.212673][T12750] xt_TPROXY: Can be used only with -p tcp or -p udp [ 295.425111][T12757] x_tables: duplicate underflow at hook 3 [ 295.515882][T12762] rdma_op ffff888033e5f9f0 conn xmit_rdma 0000000000000000 [ 295.531990][T12763] tipc: Enabled bearer , priority 0 [ 295.586159][T12763] syzkaller0: entered promiscuous mode [ 295.607188][T12763] syzkaller0: entered allmulticast mode [ 295.619866][T12763] tipc: Resetting bearer [ 295.710933][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 295.912284][T12779] dvmrp5: entered allmulticast mode [ 295.923951][T12779] hsr0: left allmulticast mode [ 295.933026][T12779] hsr_slave_0: left allmulticast mode [ 295.943696][T12779] hsr_slave_1: left allmulticast mode [ 296.006929][T12778] dvmrp5: left allmulticast mode [ 296.182321][T12761] tipc: Resetting bearer [ 296.349358][T12784] netlink: 'syz.1.1931': attribute type 1 has an invalid length. [ 296.528979][T12793] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 296.565292][T12793] netlink: 'syz.0.1936': attribute type 10 has an invalid length. [ 296.803803][T12812] rdma_op ffff88807f6809f0 conn xmit_rdma 0000000000000000 [ 296.819757][ T4876] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 297.918615][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 298.668796][T12761] tipc: Disabling bearer [ 298.870146][T12828] lo speed is unknown, defaulting to 1000 [ 298.911709][T12833] netlink: 'syz.0.1944': attribute type 1 has an invalid length. [ 299.008885][T12842] __nla_validate_parse: 7 callbacks suppressed [ 299.008907][T12842] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1942'. [ 299.054437][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 299.234949][T12844] netlink: 'syz.4.1946': attribute type 10 has an invalid length. [ 299.255396][T12844] netlink: 55 bytes leftover after parsing attributes in process `syz.4.1946'. [ 299.469589][T12856] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1948'. [ 299.676980][T12843] delete_channel: no stack [ 299.978691][T12867] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1953'. [ 300.030225][T12867] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1953'. [ 300.137920][T12873] veth0_to_team: mtu less than device minimum [ 300.270222][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 300.304178][T12882] netlink: 'syz.2.1957': attribute type 1 has an invalid length. [ 300.575286][T12893] macsec1: entered promiscuous mode [ 300.584643][T12893] team0: entered promiscuous mode [ 300.593039][T12893] macsec1: entered allmulticast mode [ 300.602191][T12893] team0: entered allmulticast mode [ 300.619208][T12893] team0: Device macsec1 is already an upper device of the team interface [ 300.654512][T12893] team0: left allmulticast mode [ 300.667109][T12893] team0: left promiscuous mode [ 300.731866][T12896] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1962'. [ 300.952427][T12905] rdma_op ffff888021ae21f0 conn xmit_rdma 0000000000000000 [ 300.992702][T12909] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1967'. [ 301.021537][T12909] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1967'. [ 301.067194][T12912] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 301.119342][T12909] netlink: 'syz.4.1967': attribute type 10 has an invalid length. [ 301.191256][T12916] ip6tnl3: entered allmulticast mode [ 301.257099][T12909] IPVS: Error connecting to the multicast addr [ 301.295775][T12919] lo speed is unknown, defaulting to 1000 [ 301.409526][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 301.912460][T12943] x_tables: duplicate underflow at hook 1 [ 302.223600][T12965] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1979'. [ 302.249193][T12963] rdma_op ffff88806c6589f0 conn xmit_rdma 0000000000000000 [ 302.531901][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 303.639213][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 304.199133][T12919] lo speed is unknown, defaulting to 1000 [ 304.360474][T12987] netlink: 'syz.2.1985': attribute type 7 has an invalid length. [ 304.426071][T12987] netlink: 'syz.2.1985': attribute type 7 has an invalid length. [ 304.634728][T13007] netlink: 276 bytes leftover after parsing attributes in process `syz.2.1991'. [ 304.723102][T13012] netlink: 'syz.2.1991': attribute type 1 has an invalid length. [ 304.726526][T13007] lo speed is unknown, defaulting to 1000 [ 304.749278][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 304.761693][T13012] 8021q: adding VLAN 0 to HW filter on device bond1 [ 304.813767][T13012] bond1: (slave bridge4): Enslaving as an active interface with a down link [ 304.832553][T13012] netlink: 'syz.2.1991': attribute type 1 has an invalid length. [ 304.842898][T13012] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 304.850987][T13012] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 304.860340][T13018] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1994'. [ 305.138098][T13027] rdma_op ffff88807eb281f0 conn xmit_rdma 0000000000000000 [ 305.481181][T13041] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1998'. [ 305.763266][T13061] netlink: 'syz.0.2003': attribute type 10 has an invalid length. [ 305.778898][T13061] syz_tun: entered promiscuous mode [ 305.796923][T13061] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 305.872919][T13061] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 305.900617][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 305.943618][T13069] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2005'. [ 305.969589][T13072] ieee802154 phy1 wpan1: encryption failed: -22 [ 306.201975][T13081] netlink: 'syz.0.2011': attribute type 14 has an invalid length. [ 306.790732][T13109] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2023'. [ 306.853454][T13112] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2022'. [ 307.094254][ T1161] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 307.173431][T13127] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2027'. [ 307.199859][T13127] team0: entered promiscuous mode [ 307.205913][T13127] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 307.225733][T13127] team0: left promiscuous mode [ 307.576410][T13146] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2033'. [ 307.816415][T13157] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2036'. [ 308.198949][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 308.354936][T13174] FAULT_INJECTION: forcing a failure. [ 308.354936][T13174] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 308.379401][T13174] CPU: 0 UID: 0 PID: 13174 Comm: syz.0.2046 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 308.390453][T13174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 308.400553][T13174] Call Trace: [ 308.403859][T13174] [ 308.406808][T13174] dump_stack_lvl+0x241/0x360 [ 308.411583][T13174] ? __pfx_dump_stack_lvl+0x10/0x10 [ 308.416792][T13174] ? __pfx__printk+0x10/0x10 [ 308.421414][T13174] should_fail_ex+0x3b0/0x4e0 [ 308.426139][T13174] _copy_to_user+0x31/0xb0 [ 308.430596][T13174] bpf_test_finish+0x212/0x890 [ 308.435408][T13174] ? __might_fault+0xaa/0x120 [ 308.440092][T13174] ? __pfx_bpf_test_finish+0x10/0x10 [ 308.445380][T13174] ? _copy_from_user+0x99/0xc0 [ 308.450160][T13174] ? bpf_test_init+0x15a/0x180 [ 308.454925][T13174] bpf_prog_test_run_xdp+0x8f4/0x11e0 [ 308.460307][T13174] ? __pfx_lock_release+0x10/0x10 [ 308.465342][T13174] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 308.471172][T13174] ? __fget_files+0x2a/0x410 [ 308.475883][T13174] ? __fget_files+0x2a/0x410 [ 308.480534][T13174] ? fput+0x21b/0x290 [ 308.484525][T13174] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 308.490335][T13174] bpf_prog_test_run+0x2e4/0x360 [ 308.495363][T13174] __sys_bpf+0x48d/0x810 [ 308.499603][T13174] ? __pfx___sys_bpf+0x10/0x10 [ 308.504371][T13174] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 308.510356][T13174] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 308.516775][T13174] ? do_syscall_64+0x100/0x230 [ 308.521548][T13174] __x64_sys_bpf+0x7c/0x90 [ 308.525990][T13174] do_syscall_64+0xf3/0x230 [ 308.530584][T13174] ? clear_bhb_loop+0x35/0x90 [ 308.535266][T13174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.541171][T13174] RIP: 0033:0x7fdf3a985d29 [ 308.545591][T13174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.565198][T13174] RSP: 002b:00007fdf3b6f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 308.573619][T13174] RAX: ffffffffffffffda RBX: 00007fdf3ab75fa0 RCX: 00007fdf3a985d29 [ 308.581602][T13174] RDX: 0000000000000050 RSI: 0000000020000600 RDI: 000000000000000a [ 308.589572][T13174] RBP: 00007fdf3b6f8090 R08: 0000000000000000 R09: 0000000000000000 [ 308.597547][T13174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 308.605726][T13174] R13: 0000000000000000 R14: 00007fdf3ab75fa0 R15: 00007ffd57c3f118 [ 308.613711][T13174] [ 308.702307][T13180] netlink: 'syz.2.2047': attribute type 1 has an invalid length. [ 308.724901][T13180] netlink: 'syz.2.2047': attribute type 8 has an invalid length. [ 308.737981][T13180] netlink: 134664 bytes leftover after parsing attributes in process `syz.2.2047'. [ 308.846232][T13191] rdma_op ffff88807b18d1f0 conn xmit_rdma 0000000000000000 [ 308.906663][T13194] netem: invalid attributes len -16 [ 308.923199][T13194] netem: change failed [ 309.319500][T13221] FAULT_INJECTION: forcing a failure. [ 309.319500][T13221] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 309.333767][T13221] CPU: 1 UID: 0 PID: 13221 Comm: syz.3.2060 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 309.344589][T13221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 309.354676][T13221] Call Trace: [ 309.358073][T13221] [ 309.361083][T13221] dump_stack_lvl+0x241/0x360 [ 309.365887][T13221] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.371141][T13221] ? __pfx__printk+0x10/0x10 [ 309.376325][T13221] should_fail_ex+0x3b0/0x4e0 [ 309.381053][T13221] _copy_to_user+0x31/0xb0 [ 309.385499][T13221] bpf_test_finish+0x59c/0x890 [ 309.390285][T13221] ? __might_fault+0xaa/0x120 [ 309.394962][T13221] ? __pfx_bpf_test_finish+0x10/0x10 [ 309.400247][T13221] ? _copy_from_user+0x99/0xc0 [ 309.405013][T13221] ? bpf_test_init+0x15a/0x180 [ 309.410384][T13221] bpf_prog_test_run_xdp+0x8f4/0x11e0 [ 309.415763][T13221] ? __pfx_lock_release+0x10/0x10 [ 309.420795][T13221] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 309.426714][T13221] ? __fget_files+0x2a/0x410 [ 309.431397][T13221] ? __fget_files+0x2a/0x410 [ 309.436009][T13221] ? fput+0x21b/0x290 [ 309.439997][T13221] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 309.445812][T13221] bpf_prog_test_run+0x2e4/0x360 [ 309.450760][T13221] __sys_bpf+0x48d/0x810 [ 309.455003][T13221] ? __pfx___sys_bpf+0x10/0x10 [ 309.459775][T13221] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 309.465769][T13221] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 309.472106][T13221] ? do_syscall_64+0x100/0x230 [ 309.476882][T13221] __x64_sys_bpf+0x7c/0x90 [ 309.481307][T13221] do_syscall_64+0xf3/0x230 [ 309.485820][T13221] ? clear_bhb_loop+0x35/0x90 [ 309.490507][T13221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.496407][T13221] RIP: 0033:0x7f1af1d85d29 [ 309.500829][T13221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.520463][T13221] RSP: 002b:00007f1af2b1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 309.528915][T13221] RAX: ffffffffffffffda RBX: 00007f1af1f75fa0 RCX: 00007f1af1d85d29 [ 309.537072][T13221] RDX: 0000000000000050 RSI: 0000000020000600 RDI: 000000000000000a [ 309.545063][T13221] RBP: 00007f1af2b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 309.553053][T13221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 309.561034][T13221] R13: 0000000000000000 R14: 00007f1af1f75fa0 R15: 00007fff68106908 [ 309.569042][T13221] [ 309.605389][T13228] netlink: 'syz.1.2063': attribute type 1 has an invalid length. [ 309.689476][T13232] __nla_validate_parse: 3 callbacks suppressed [ 309.689497][T13232] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2062'. [ 309.696782][ T1161] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 309.776881][T13237] tipc: Enabling of bearer rejected, already enabled [ 309.951877][T13243] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 310.002890][T13251] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2070'. [ 310.084997][T13254] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2071'. [ 310.251473][T13268] FAULT_INJECTION: forcing a failure. [ 310.251473][T13268] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 310.283022][T13268] CPU: 1 UID: 0 PID: 13268 Comm: syz.4.2074 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 310.293899][T13268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 310.303992][T13268] Call Trace: [ 310.307304][T13268] [ 310.310245][T13268] dump_stack_lvl+0x241/0x360 [ 310.314937][T13268] ? __pfx_dump_stack_lvl+0x10/0x10 [ 310.320142][T13268] ? __pfx__printk+0x10/0x10 [ 310.324753][T13268] ? snprintf+0xda/0x120 [ 310.329015][T13268] should_fail_ex+0x3b0/0x4e0 [ 310.333705][T13268] _copy_to_user+0x31/0xb0 [ 310.338135][T13268] simple_read_from_buffer+0xca/0x150 [ 310.343531][T13268] proc_fail_nth_read+0x1e9/0x250 [ 310.348571][T13268] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 310.354125][T13268] ? rw_verify_area+0x55e/0x6f0 [ 310.358991][T13268] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 310.364547][T13268] vfs_read+0x1fc/0xb70 [ 310.368876][T13268] ? __pfx___mutex_lock+0x10/0x10 [ 310.373913][T13268] ? __pfx_vfs_read+0x10/0x10 [ 310.378611][T13268] ? __fget_files+0x2a/0x410 [ 310.383242][T13268] ? __fget_files+0x395/0x410 [ 310.387992][T13268] ? __fget_files+0x2a/0x410 [ 310.392641][T13268] ksys_read+0x18f/0x2b0 [ 310.396941][T13268] ? __pfx_ksys_read+0x10/0x10 [ 310.401727][T13268] ? do_syscall_64+0x100/0x230 [ 310.406532][T13268] ? do_syscall_64+0xb6/0x230 [ 310.411266][T13268] do_syscall_64+0xf3/0x230 [ 310.415802][T13268] ? clear_bhb_loop+0x35/0x90 [ 310.420494][T13268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.426419][T13268] RIP: 0033:0x7f85c7f8473c [ 310.430878][T13268] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 310.450618][T13268] RSP: 002b:00007f85c8e77030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 310.459074][T13268] RAX: ffffffffffffffda RBX: 00007f85c8175fa0 RCX: 00007f85c7f8473c [ 310.467051][T13268] RDX: 000000000000000f RSI: 00007f85c8e770a0 RDI: 0000000000000005 [ 310.475025][T13268] RBP: 00007f85c8e77090 R08: 0000000000000000 R09: 0000000000000000 [ 310.482997][T13268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 310.490973][T13268] R13: 0000000000000000 R14: 00007f85c8175fa0 R15: 00007ffd86834fe8 [ 310.498964][T13268] [ 310.683443][T13282] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2078'. [ 310.882766][T13296] FAULT_INJECTION: forcing a failure. [ 310.882766][T13296] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 310.906350][T13296] CPU: 0 UID: 0 PID: 13296 Comm: syz.0.2083 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 310.917192][T13296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 310.927286][T13296] Call Trace: [ 310.930587][T13296] [ 310.933546][T13296] dump_stack_lvl+0x241/0x360 [ 310.938256][T13296] ? __pfx_dump_stack_lvl+0x10/0x10 [ 310.943490][T13296] ? __pfx__printk+0x10/0x10 [ 310.948108][T13296] ? __pfx_lock_release+0x10/0x10 [ 310.953167][T13296] should_fail_ex+0x3b0/0x4e0 [ 310.957881][T13296] _copy_from_user+0x2f/0xc0 [ 310.962514][T13296] copy_msghdr_from_user+0xae/0x680 [ 310.967764][T13296] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 310.973630][T13296] __sys_sendmsg+0x209/0x350 [ 310.978264][T13296] ? __pfx___sys_sendmsg+0x10/0x10 [ 310.983418][T13296] ? __pfx_vfs_write+0x10/0x10 [ 310.988298][T13296] ? do_sys_openat2+0x17a/0x1d0 [ 310.993210][T13296] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 310.999575][T13296] ? do_syscall_64+0x100/0x230 [ 311.004368][T13296] ? do_syscall_64+0xb6/0x230 [ 311.009073][T13296] do_syscall_64+0xf3/0x230 [ 311.011717][T13298] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2085'. [ 311.013582][T13296] ? clear_bhb_loop+0x35/0x90 [ 311.013617][T13296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.033132][T13296] RIP: 0033:0x7fdf3a985d29 [ 311.037575][T13296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.057823][T13296] RSP: 002b:00007fdf3b6f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 311.066271][T13296] RAX: ffffffffffffffda RBX: 00007fdf3ab75fa0 RCX: 00007fdf3a985d29 [ 311.074288][T13296] RDX: 0000000000008000 RSI: 0000000020000300 RDI: 0000000000000007 [ 311.082291][T13296] RBP: 00007fdf3b6f8090 R08: 0000000000000000 R09: 0000000000000000 [ 311.082426][T13304] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 311.090270][T13296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.090293][T13296] R13: 0000000000000000 R14: 00007fdf3ab75fa0 R15: 00007ffd57c3f118 [ 311.090323][T13296] [ 311.108456][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 311.247262][T13304] netlink: 'syz.1.2086': attribute type 10 has an invalid length. [ 311.255397][ T12] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 311.261182][T13304] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 311.403483][T13322] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2090'. [ 311.637795][T13337] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2094'. [ 311.647667][T13337] gretap0: entered promiscuous mode [ 311.654677][T13337] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2094'. [ 311.676353][T13337] 0ªX¹¦D: renamed from gretap0 [ 311.682827][T13337] 0ªX¹¦D: left promiscuous mode [ 311.687920][T13337] 0ªX¹¦D: entered allmulticast mode [ 311.696131][T13337] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 311.926548][T13342] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2097'. [ 312.022118][T13346] netlink: 'syz.1.2098': attribute type 3 has an invalid length. [ 312.117079][T13351] FAULT_INJECTION: forcing a failure. [ 312.117079][T13351] name failslab, interval 1, probability 0, space 0, times 0 [ 312.132558][T13352] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input8 [ 312.144638][T13351] CPU: 0 UID: 0 PID: 13351 Comm: syz.2.2100 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 312.155434][T13351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 312.165501][T13351] Call Trace: [ 312.168783][T13351] [ 312.171714][T13351] dump_stack_lvl+0x241/0x360 [ 312.176499][T13351] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.181700][T13351] ? __pfx__printk+0x10/0x10 [ 312.186290][T13351] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 312.192274][T13351] ? __pfx___might_resched+0x10/0x10 [ 312.197557][T13351] should_fail_ex+0x3b0/0x4e0 [ 312.202242][T13351] should_failslab+0xac/0x100 [ 312.206922][T13351] kmem_cache_alloc_node_noprof+0x77/0x380 [ 312.212738][T13351] ? __alloc_skb+0x1c3/0x440 [ 312.217338][T13351] __alloc_skb+0x1c3/0x440 [ 312.221762][T13351] ? __pfx___alloc_skb+0x10/0x10 [ 312.226701][T13351] ? netlink_autobind+0xd6/0x2f0 [ 312.231643][T13351] ? netlink_autobind+0x2b0/0x2f0 [ 312.236759][T13351] netlink_sendmsg+0x638/0xcb0 [ 312.241553][T13351] ? __pfx_netlink_sendmsg+0x10/0x10 [ 312.246928][T13351] ? aa_sock_msg_perm+0x91/0x160 [ 312.251867][T13351] ? __pfx_netlink_sendmsg+0x10/0x10 [ 312.257153][T13351] __sock_sendmsg+0x221/0x270 [ 312.261847][T13351] ____sys_sendmsg+0x52a/0x7e0 [ 312.266737][T13351] ? __pfx_____sys_sendmsg+0x10/0x10 [ 312.272041][T13351] __sys_sendmsg+0x269/0x350 [ 312.276639][T13351] ? __pfx___sys_sendmsg+0x10/0x10 [ 312.281761][T13351] ? __pfx_vfs_write+0x10/0x10 [ 312.286528][T13351] ? do_sys_openat2+0x17a/0x1d0 [ 312.291401][T13351] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 312.297728][T13351] ? do_syscall_64+0x100/0x230 [ 312.302495][T13351] ? do_syscall_64+0xb6/0x230 [ 312.307174][T13351] do_syscall_64+0xf3/0x230 [ 312.311688][T13351] ? clear_bhb_loop+0x35/0x90 [ 312.316371][T13351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.322264][T13351] RIP: 0033:0x7f345a385d29 [ 312.326686][T13351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.346522][T13351] RSP: 002b:00007f345b22c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 312.354948][T13351] RAX: ffffffffffffffda RBX: 00007f345a575fa0 RCX: 00007f345a385d29 [ 312.363009][T13351] RDX: 0000000000008000 RSI: 0000000020000300 RDI: 0000000000000007 [ 312.370983][T13351] RBP: 00007f345b22c090 R08: 0000000000000000 R09: 0000000000000000 [ 312.378952][T13351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 312.386919][T13351] R13: 0000000000000000 R14: 00007f345a575fa0 R15: 00007ffd80ad8678 [ 312.394913][T13351] [ 312.622517][ T1161] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 312.691361][T13371] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2104'. [ 312.749101][T13368] syzkaller0: entered promiscuous mode [ 312.766011][T13368] syzkaller0: entered allmulticast mode [ 313.466403][T13380] xt_CT: You must specify a L4 protocol and not use inversions on it [ 313.778933][ T4876] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 314.942698][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 315.085481][T13395] pim6reg: entered allmulticast mode [ 315.095155][T13395] pim6reg: left allmulticast mode [ 315.322204][T13399] syzkaller1: entered promiscuous mode [ 315.327921][T13399] syzkaller1: entered allmulticast mode [ 315.354307][T13399] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2116'. [ 315.439706][T13414] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2119'. [ 315.987725][T13440] xt_l2tp: unknown flags: 10 [ 316.050940][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 316.162341][T13445] FAULT_INJECTION: forcing a failure. [ 316.162341][T13445] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 316.176107][T13445] CPU: 1 UID: 0 PID: 13445 Comm: syz.4.2128 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 316.186923][T13445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 316.197019][T13445] Call Trace: [ 316.200326][T13445] [ 316.203275][T13445] dump_stack_lvl+0x241/0x360 [ 316.207991][T13445] ? __pfx_dump_stack_lvl+0x10/0x10 [ 316.213308][T13445] ? __pfx__printk+0x10/0x10 [ 316.217928][T13445] ? __pfx_lock_release+0x10/0x10 [ 316.222990][T13445] should_fail_ex+0x3b0/0x4e0 [ 316.227724][T13445] _copy_from_iter+0x1e9/0x1c20 [ 316.232618][T13445] ? __virt_addr_valid+0x183/0x530 [ 316.237784][T13445] ? __alloc_skb+0x28f/0x440 [ 316.242413][T13445] ? __pfx__copy_from_iter+0x10/0x10 [ 316.247740][T13445] ? __virt_addr_valid+0x183/0x530 [ 316.252893][T13445] ? __virt_addr_valid+0x183/0x530 [ 316.258039][T13445] ? __virt_addr_valid+0x45f/0x530 [ 316.263189][T13445] ? __phys_addr_symbol+0x2f/0x70 [ 316.268263][T13445] ? __check_object_size+0x47a/0x730 [ 316.273594][T13445] netlink_sendmsg+0x73d/0xcb0 [ 316.278399][T13445] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.283723][T13445] ? aa_sock_msg_perm+0x91/0x160 [ 316.288702][T13445] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.294042][T13445] __sock_sendmsg+0x221/0x270 [ 316.298764][T13445] ____sys_sendmsg+0x52a/0x7e0 [ 316.303581][T13445] ? __pfx_____sys_sendmsg+0x10/0x10 [ 316.308923][T13445] __sys_sendmsg+0x269/0x350 [ 316.313575][T13445] ? __pfx___sys_sendmsg+0x10/0x10 [ 316.318735][T13445] ? __pfx_vfs_write+0x10/0x10 [ 316.323520][T13445] ? do_sys_openat2+0x17a/0x1d0 [ 316.328416][T13445] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 316.334778][T13445] ? do_syscall_64+0x100/0x230 [ 316.339559][T13445] ? do_syscall_64+0xb6/0x230 [ 316.344242][T13445] do_syscall_64+0xf3/0x230 [ 316.348749][T13445] ? clear_bhb_loop+0x35/0x90 [ 316.353433][T13445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.359332][T13445] RIP: 0033:0x7f85c7f85d29 [ 316.363749][T13445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.383387][T13445] RSP: 002b:00007f85c8e77038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 316.391874][T13445] RAX: ffffffffffffffda RBX: 00007f85c8175fa0 RCX: 00007f85c7f85d29 [ 316.399888][T13445] RDX: 0000000000008000 RSI: 0000000020000300 RDI: 0000000000000007 [ 316.407901][T13445] RBP: 00007f85c8e77090 R08: 0000000000000000 R09: 0000000000000000 [ 316.415909][T13445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 316.423940][T13445] R13: 0000000000000000 R14: 00007f85c8175fa0 R15: 00007ffd86834fe8 [ 316.431977][T13445] [ 316.695158][T13455] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2132'. [ 316.766310][T13455] veth0_to_batadv: entered promiscuous mode [ 316.790634][T13455] A link change request failed with some changes committed already. Interface veth0_to_batadv may have been left with an inconsistent configuration, please check. [ 316.965240][T13470] netlink: 'syz.4.2140': attribute type 5 has an invalid length. [ 316.997521][T13473] x_tables: unsorted entry at hook 1 [ 317.012214][T13473] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2137'. [ 317.084565][T13480] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2138'. [ 317.215117][T13483] FAULT_INJECTION: forcing a failure. [ 317.215117][T13483] name failslab, interval 1, probability 0, space 0, times 0 [ 317.221560][ T1161] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 317.228297][T13483] CPU: 1 UID: 0 PID: 13483 Comm: syz.3.2141 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 317.246854][T13483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 317.256938][T13483] Call Trace: [ 317.260239][T13483] [ 317.263191][T13483] dump_stack_lvl+0x241/0x360 [ 317.267908][T13483] ? __pfx_dump_stack_lvl+0x10/0x10 [ 317.273144][T13483] ? __pfx__printk+0x10/0x10 [ 317.277785][T13483] ? __pfx_lock_acquire+0x10/0x10 [ 317.282855][T13483] should_fail_ex+0x3b0/0x4e0 [ 317.287592][T13483] should_failslab+0xac/0x100 [ 317.292323][T13483] __kmalloc_cache_noprof+0x70/0x390 [ 317.297647][T13483] ? nfulnl_recv_config+0x7ae/0x1200 [ 317.302987][T13483] nfulnl_recv_config+0x7ae/0x1200 [ 317.308152][T13483] ? nfnetlink_rcv_msg+0x225/0x1180 [ 317.313432][T13483] nfnetlink_rcv_msg+0xbec/0x1180 [ 317.318503][T13483] ? nfnetlink_rcv_msg+0x225/0x1180 [ 317.323791][T13483] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 317.326398][T13489] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2143'. [ 317.329313][T13483] netlink_rcv_skb+0x1e3/0x430 [ 317.343258][T13483] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 317.348756][T13483] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 317.354162][T13483] ? apparmor_capable+0x13b/0x1b0 [ 317.360084][T13483] ? bpf_lsm_capable+0x9/0x10 [ 317.364881][T13483] ? security_capable+0x7e/0x2d0 [ 317.369878][T13483] nfnetlink_rcv+0x297/0x2ab0 [ 317.374613][T13483] ? __pfx_validate_chain+0x10/0x10 [ 317.379974][T13483] ? mark_lock+0x9a/0x360 [ 317.384527][T13483] ? __pfx_validate_chain+0x10/0x10 [ 317.389793][T13483] ? __lock_acquire+0x1397/0x2100 [ 317.394977][T13483] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 317.400252][T13483] ? mark_lock+0x9a/0x360 [ 317.404634][T13483] ? __lock_acquire+0x1397/0x2100 [ 317.409820][T13483] ? __pfx_lock_release+0x10/0x10 [ 317.410270][T13485] syzkaller0: entered promiscuous mode [ 317.414861][T13483] ? netlink_deliver_tap+0x2e/0x1b0 [ 317.414895][T13483] ? __pfx_lock_release+0x10/0x10 [ 317.414930][T13483] ? netlink_deliver_tap+0x2e/0x1b0 [ 317.414952][T13483] netlink_unicast+0x7f6/0x990 [ 317.421249][T13485] syzkaller0: entered allmulticast mode [ 317.426101][T13483] ? __pfx_netlink_unicast+0x10/0x10 [ 317.426134][T13483] ? __virt_addr_valid+0x45f/0x530 [ 317.426159][T13483] ? __phys_addr_symbol+0x2f/0x70 [ 317.462193][T13483] ? __check_object_size+0x47a/0x730 [ 317.467538][T13483] netlink_sendmsg+0x8e4/0xcb0 [ 317.472339][T13483] ? __pfx_netlink_sendmsg+0x10/0x10 [ 317.477629][T13483] ? aa_sock_msg_perm+0x91/0x160 [ 317.482571][T13483] ? __pfx_netlink_sendmsg+0x10/0x10 [ 317.487861][T13483] __sock_sendmsg+0x221/0x270 [ 317.492560][T13483] ____sys_sendmsg+0x52a/0x7e0 [ 317.497335][T13483] ? __pfx_____sys_sendmsg+0x10/0x10 [ 317.502645][T13483] __sys_sendmsg+0x269/0x350 [ 317.507243][T13483] ? __pfx___sys_sendmsg+0x10/0x10 [ 317.512366][T13483] ? __pfx_vfs_write+0x10/0x10 [ 317.517149][T13483] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 317.523479][T13483] ? do_syscall_64+0x100/0x230 [ 317.528275][T13483] ? do_syscall_64+0xb6/0x230 [ 317.532956][T13483] do_syscall_64+0xf3/0x230 [ 317.537460][T13483] ? clear_bhb_loop+0x35/0x90 [ 317.542162][T13483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.548080][T13483] RIP: 0033:0x7f1af1d85d29 [ 317.552500][T13483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 317.572111][T13483] RSP: 002b:00007f1af2b1a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 317.580549][T13483] RAX: ffffffffffffffda RBX: 00007f1af1f75fa0 RCX: 00007f1af1d85d29 [ 317.588527][T13483] RDX: 0000000000008000 RSI: 0000000020000300 RDI: 0000000000000007 [ 317.596504][T13483] RBP: 00007f1af2b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 317.604474][T13483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 317.612445][T13483] R13: 0000000000000000 R14: 00007f1af1f75fa0 R15: 00007fff68106908 [ 317.620463][T13483] [ 317.629502][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.805899][T13496] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2144'. [ 317.849076][T13496] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2144'. [ 318.256304][T13514] netlink: 'syz.4.2148': attribute type 8 has an invalid length. [ 318.322333][T13515] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2148'. [ 318.478936][T13521] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2150'. [ 318.527730][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 319.668905][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 320.492120][T13525] __nla_validate_parse: 1 callbacks suppressed [ 320.492139][T13525] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2151'. [ 320.499855][T13531] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 320.520102][T13529] x_tables: unsorted underflow at hook 2 [ 320.572179][T13529] netlink: 256 bytes leftover after parsing attributes in process `syz.4.2153'. [ 320.735801][T13545] netlink: 'syz.2.2158': attribute type 13 has an invalid length. [ 320.779300][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 320.789435][T13552] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2157'. [ 320.856391][T13554] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2161'. [ 321.085578][T13564] syzkaller0: entered promiscuous mode [ 321.099346][T13564] syzkaller0: entered allmulticast mode [ 321.229435][T13576] xt_SECMARK: invalid mode: 0 [ 321.915893][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 322.019042][T13599] xt_l2tp: unknown flags: 10 [ 322.019317][T13600] xt_l2tp: unknown flags: 10 [ 323.071403][ T4876] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 323.877775][T13594] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2170'. [ 323.907632][T13610] lo speed is unknown, defaulting to 1000 [ 324.123910][T13625] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 324.213783][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 324.387277][T13632] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 324.753149][T13637] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2183'. [ 324.931297][T13644] xt_ecn: cannot match TCP bits for non-tcp packets [ 325.113166][T13656] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2189'. [ 325.232441][T13652] syzkaller0: entered promiscuous mode [ 325.237998][T13652] syzkaller0: entered allmulticast mode [ 325.367428][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 325.774964][T13675] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2195'. [ 326.143603][T13682] No such timeout policy "syz0" [ 326.498932][ T4876] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 327.419916][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 327.502599][T13680] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2197'. [ 327.537308][T13685] lo speed is unknown, defaulting to 1000 [ 327.608257][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 327.700089][T13698] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2199'. [ 327.943751][T13704] netlink: 'syz.0.2203': attribute type 10 has an invalid length. [ 328.296512][T13724] pimreg: left allmulticast mode [ 328.407462][T13729] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2211'. [ 328.430054][T13729] Timeout policy `syz0' can only be used by L3 protocol number 59477 [ 328.508944][T13733] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2213'. [ 328.527794][T13731] syzkaller0: entered promiscuous mode [ 328.546025][T13733] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2213'. [ 328.561062][T13731] syzkaller0: entered allmulticast mode [ 328.718679][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 328.810789][T13748] x_tables: duplicate underflow at hook 3 [ 329.059592][T13764] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2222'. [ 329.854145][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 330.748722][T13770] Timeout policy `syz0' can only be used by L3 protocol number 0 [ 330.971205][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 331.008636][T13769] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2225'. [ 331.084546][T13773] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 331.101346][T13774] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 331.204929][T13781] netlink: 'syz.1.2229': attribute type 1 has an invalid length. [ 331.225998][T13781] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2229'. [ 331.757272][T13809] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2237'. [ 331.789457][T13811] mac80211_hwsim hwsim9 syzkaller0: entered promiscuous mode [ 331.799318][T13811] mac80211_hwsim hwsim9 syzkaller0: entered allmulticast mode [ 332.140707][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 332.312485][T13831] netlink: 'syz.1.2241': attribute type 11 has an invalid length. [ 332.373691][T13828] bond0: (slave dummy0): Releasing backup interface [ 332.453683][T13828] bond0: (slave bond_slave_0): Releasing backup interface [ 332.470368][T13828] bond0: (slave bond_slave_1): Releasing backup interface [ 332.478922][T13840] netlink: 'syz.1.2247': attribute type 1 has an invalid length. [ 332.487367][T13828] team0: Port device team_slave_0 removed [ 332.497740][T13828] team0: Port device team_slave_1 removed [ 332.506356][T13828] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 332.515921][T13828] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 332.540284][T13828] bond0: (slave wlan1): Releasing backup interface [ 332.563662][T13828] bond1: (slave gretap1): Releasing active interface [ 332.783360][T13858] ieee802154 phy1 wpan1: encryption failed: -22 [ 332.931898][T13867] openvswitch: netlink: Tunnel attr 54 out of range max 16 [ 333.243177][T13890] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2261'. [ 333.259653][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 333.433100][T13897] syzkaller0: entered promiscuous mode [ 333.439380][T13897] syzkaller0: entered allmulticast mode [ 333.498455][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 333.503464][T13909] set match dimension is over the limit! [ 334.393183][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 335.518735][ T12] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 335.609458][T13909] pim6reg: entered allmulticast mode [ 335.732278][T13935] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 335.774058][T13937] netlink: 'syz.3.2275': attribute type 29 has an invalid length. [ 335.870052][T13942] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2277'. [ 335.885930][T13942] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 336.107804][T13967] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2283'. [ 336.152762][T13967] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2283'. [ 336.437827][T13988] xt_ipvs: protocol family 7 not supported [ 336.479743][T13993] lo speed is unknown, defaulting to 1000 [ 336.648508][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 336.898687][T14013] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2299'. [ 336.924434][T14018] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2300'. [ 336.965430][T14014] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2299'. [ 336.988400][T14014] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2299'. [ 337.210937][T14028] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2303'. [ 337.230779][T14028] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2303'. [ 337.306305][T14032] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2305'. [ 337.326694][T14033] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2305'. [ 337.339612][T14030] lo speed is unknown, defaulting to 1000 [ 337.480884][T14045] netlink: 'syz.3.2308': attribute type 21 has an invalid length. [ 337.802173][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 338.246352][T14086] IPVS: set_ctl: invalid protocol: 44 0.0.0.0:20001 [ 338.569855][T14094] openvswitch: netlink: VXLAN extension message has 2 unknown bytes. [ 338.599337][T14094] xt_hashlimit: max too large, truncated to 1048576 [ 338.891007][T14117] netlink: 'syz.3.2333': attribute type 1 has an invalid length. [ 338.931330][T14117] netlink: 'syz.3.2333': attribute type 2 has an invalid length. [ 338.999305][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 339.369025][T14146] netlink: 'syz.3.2342': attribute type 3 has an invalid length. [ 339.584768][T14157] x_tables: duplicate underflow at hook 1 [ 340.168946][ T12] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 340.429944][T14204] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 340.442804][T14204] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 340.451941][T14204] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 340.730219][ T5830] Bluetooth: hci4: link tx timeout [ 340.735919][ T5830] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 340.746929][ T5830] Bluetooth: hci4: link tx timeout [ 340.752688][ T5830] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 340.760852][ T5830] Bluetooth: hci4: link tx timeout [ 340.766159][ T5830] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 341.053148][T14226] netlink: 'syz.3.2362': attribute type 1 has an invalid length. [ 341.071733][T14226] hsr_slave_0: left promiscuous mode [ 341.090908][T14226] hsr_slave_1: left promiscuous mode [ 341.232762][T14231] bridge0: port 1(ipvlan0) entered blocking state [ 341.248021][T14231] bridge0: port 1(ipvlan0) entered disabled state [ 341.263457][T14231] ipvlan0: entered allmulticast mode [ 341.269449][T14231] bridge0: entered allmulticast mode [ 341.278060][T14231] ipvlan0: left allmulticast mode [ 341.283962][T14231] bridge0: left allmulticast mode [ 341.331473][ T4876] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 341.528738][ T5909] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 341.546574][T14242] netlink: 'syz.0.2366': attribute type 4 has an invalid length. [ 341.573312][T14246] netlink: 'syz.1.2368': attribute type 1 has an invalid length. [ 341.971115][ T5909] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 341.998618][T14242] bond0 (unregistering): (slave syz_tun): Releasing backup interface [ 342.015856][T14242] bond0 (unregistering): Released all slaves [ 342.056589][T14265] netem: change failed [ 342.057615][T14246] netlink: 'syz.1.2368': attribute type 1 has an invalid length. [ 342.098823][T14246] netlink: 'syz.1.2368': attribute type 1 has an invalid length. [ 342.113667][T14246] netlink: 'syz.1.2368': attribute type 1 has an invalid length. [ 342.122488][T14246] netlink: 'syz.1.2368': attribute type 1 has an invalid length. [ 342.130954][T14246] netlink: 'syz.1.2368': attribute type 1 has an invalid length. [ 342.134508][T14265] netlink: 'syz.2.2375': attribute type 1 has an invalid length. [ 342.140307][T14246] netlink: 'syz.1.2368': attribute type 1 has an invalid length. [ 342.146993][ T5912] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 342.225645][T14268] rdma_op ffff8880247e61f0 conn xmit_rdma 0000000000000000 [ 342.246781][T14274] __nla_validate_parse: 15 callbacks suppressed [ 342.246801][T14274] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2378'. [ 342.305043][T14277] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (64) [ 342.348053][T14280] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2381'. [ 342.508866][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 342.522750][T14290] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2383'. [ 342.550123][T14290] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2383'. [ 342.604908][T14302] netlink: 244 bytes leftover after parsing attributes in process `syz.1.2385'. [ 342.630337][T14303] netlink: 244 bytes leftover after parsing attributes in process `syz.1.2385'. [ 342.670447][T14307] netlink: 1284 bytes leftover after parsing attributes in process `syz.4.2383'. [ 342.689752][T14307] openvswitch: netlink: EtherType 0 is less than min 600 [ 342.707830][T14290] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2383'. [ 342.752567][T14297] lo speed is unknown, defaulting to 1000 [ 342.788816][ T5830] Bluetooth: hci4: command 0x0405 tx timeout [ 342.918716][T14311] rdma_op ffff888027db19f0 conn xmit_rdma 0000000000000000 [ 343.036182][T14322] lo speed is unknown, defaulting to 1000 [ 343.098694][ T5912] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 343.327307][T14344] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2397'. [ 343.406298][T14345] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2395'. [ 343.499855][T14356] xt_socket: unknown flags 0xd0 [ 343.640815][ T4876] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 343.697360][T14364] rdma_op ffff88807dc801f0 conn xmit_rdma 0000000000000000 [ 343.913225][T14376] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 344.130946][T14388] sctp: [Deprecated]: syz.3.2412 (pid 14388) Use of int in max_burst socket option. [ 344.130946][T14388] Use struct sctp_assoc_value instead [ 344.276400][T14398] rdma_op ffff88806d7de1f0 conn xmit_rdma 0000000000000000 [ 344.400835][T14405] (unnamed net_device) (uninitialized): down delay (38) is not a multiple of miimon (100), value rounded to 0 ms [ 344.781832][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 345.166048][T14444] rdma_op ffff88805a0a51f0 conn xmit_rdma 0000000000000000 [ 345.313306][T14455] bridge5: entered promiscuous mode [ 345.318966][T14455] bridge5: entered allmulticast mode [ 345.407364][T14460] FAULT_INJECTION: forcing a failure. [ 345.407364][T14460] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 345.421848][T14460] CPU: 1 UID: 0 PID: 14460 Comm: syz.2.2436 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 345.432651][T14460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 345.442742][T14460] Call Trace: [ 345.446031][T14460] [ 345.449153][T14460] dump_stack_lvl+0x241/0x360 [ 345.453847][T14460] ? __pfx_dump_stack_lvl+0x10/0x10 [ 345.459047][T14460] ? __pfx__printk+0x10/0x10 [ 345.463648][T14460] should_fail_ex+0x3b0/0x4e0 [ 345.468334][T14460] _copy_to_user+0x31/0xb0 [ 345.472750][T14460] bpf_test_finish+0x59c/0x890 [ 345.477516][T14460] ? __might_fault+0xaa/0x120 [ 345.482195][T14460] ? __pfx_bpf_test_finish+0x10/0x10 [ 345.487518][T14460] ? _copy_from_user+0x99/0xc0 [ 345.492302][T14460] ? bpf_test_init+0x15a/0x180 [ 345.497082][T14460] bpf_prog_test_run_xdp+0x8f4/0x11e0 [ 345.502470][T14460] ? __pfx_lock_release+0x10/0x10 [ 345.507509][T14460] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 345.513312][T14460] ? __fget_files+0x2a/0x410 [ 345.517905][T14460] ? __fget_files+0x2a/0x410 [ 345.522521][T14460] ? fput+0x21b/0x290 [ 345.526509][T14460] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 345.532318][T14460] bpf_prog_test_run+0x2e4/0x360 [ 345.537323][T14460] __sys_bpf+0x48d/0x810 [ 345.541589][T14460] ? __pfx___sys_bpf+0x10/0x10 [ 345.546382][T14460] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 345.552475][T14460] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 345.558817][T14460] ? do_syscall_64+0x100/0x230 [ 345.563591][T14460] __x64_sys_bpf+0x7c/0x90 [ 345.568012][T14460] do_syscall_64+0xf3/0x230 [ 345.572526][T14460] ? clear_bhb_loop+0x35/0x90 [ 345.577239][T14460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.583187][T14460] RIP: 0033:0x7f345a385d29 [ 345.587617][T14460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 345.607251][T14460] RSP: 002b:00007f345b22c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 345.615675][T14460] RAX: ffffffffffffffda RBX: 00007f345a575fa0 RCX: 00007f345a385d29 [ 345.623653][T14460] RDX: 0000000000000050 RSI: 0000000020000600 RDI: 000000000000000a [ 345.631663][T14460] RBP: 00007f345b22c090 R08: 0000000000000000 R09: 0000000000000000 [ 345.639652][T14460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 345.647820][T14460] R13: 0000000000000000 R14: 00007f345a575fa0 R15: 00007ffd80ad8678 [ 345.655821][T14460] [ 345.668458][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 345.757952][T14465] tipc: Enabling of bearer rejected, failed to enable media [ 345.771659][T14465] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 346.045737][T14484] rdma_op ffff88806d1439f0 conn xmit_rdma 0000000000000000 [ 346.110181][ T4876] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 347.178617][ T5830] Bluetooth: hci4: command 0x0405 tx timeout [ 347.240785][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 347.285770][T14545] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 347.316748][T14547] xt_CT: You must specify a L4 protocol and not use inversions on it [ 347.571569][T14560] __nla_validate_parse: 16 callbacks suppressed [ 347.571590][T14560] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2471'. [ 347.841498][T14558] lo speed is unknown, defaulting to 1000 [ 348.360252][T14595] tipc: Enabled bearer , priority 0 [ 348.379112][ T12] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 348.610872][T14603] tipc: Resetting bearer [ 348.813025][T14609] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2481'. [ 348.822637][T14609] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2481'. [ 348.838066][T14609] validate_nla: 65 callbacks suppressed [ 348.838086][T14609] netlink: 'syz.1.2481': attribute type 13 has an invalid length. [ 348.854745][T14609] netlink: 'syz.1.2481': attribute type 12 has an invalid length. [ 349.037734][T14623] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2486'. [ 349.048694][T14623] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2486'. [ 349.128345][T14625] FAULT_INJECTION: forcing a failure. [ 349.128345][T14625] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 349.157300][T14625] CPU: 1 UID: 0 PID: 14625 Comm: syz.1.2487 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 349.168143][T14625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 349.178239][T14625] Call Trace: [ 349.181554][T14625] [ 349.184510][T14625] dump_stack_lvl+0x241/0x360 [ 349.189233][T14625] ? __pfx_dump_stack_lvl+0x10/0x10 [ 349.194472][T14625] ? __pfx__printk+0x10/0x10 [ 349.199121][T14625] should_fail_ex+0x3b0/0x4e0 [ 349.203869][T14625] _copy_to_user+0x31/0xb0 [ 349.208349][T14625] bpf_test_finish+0x2e6/0x890 [ 349.213166][T14625] ? __pfx_bpf_test_finish+0x10/0x10 [ 349.218500][T14625] ? _copy_from_user+0x99/0xc0 [ 349.223314][T14625] ? bpf_test_init+0x15a/0x180 [ 349.228118][T14625] bpf_prog_test_run_xdp+0x8f4/0x11e0 [ 349.233541][T14625] ? __pfx_lock_release+0x10/0x10 [ 349.238624][T14625] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 349.244474][T14625] ? __fget_files+0x2a/0x410 [ 349.249112][T14625] ? __fget_files+0x2a/0x410 [ 349.253753][T14625] ? fput+0x21b/0x290 [ 349.257777][T14625] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 349.263623][T14625] bpf_prog_test_run+0x2e4/0x360 [ 349.268595][T14625] __sys_bpf+0x48d/0x810 [ 349.272865][T14625] ? __pfx___sys_bpf+0x10/0x10 [ 349.277673][T14625] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 349.283713][T14625] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 349.290093][T14625] ? do_syscall_64+0x100/0x230 [ 349.294904][T14625] __x64_sys_bpf+0x7c/0x90 [ 349.299375][T14625] do_syscall_64+0xf3/0x230 [ 349.303921][T14625] ? clear_bhb_loop+0x35/0x90 [ 349.308649][T14625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.314682][T14625] RIP: 0033:0x7f657fd85d29 [ 349.319132][T14625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.338936][T14625] RSP: 002b:00007f6580b10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 349.347420][T14625] RAX: ffffffffffffffda RBX: 00007f657ff75fa0 RCX: 00007f657fd85d29 [ 349.355441][T14625] RDX: 0000000000000050 RSI: 0000000020000000 RDI: 000000000000000a [ 349.363537][T14625] RBP: 00007f6580b10090 R08: 0000000000000000 R09: 0000000000000000 [ 349.371541][T14625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 349.379610][T14625] R13: 0000000000000000 R14: 00007f657ff75fa0 R15: 00007ffc5ae8dfa8 [ 349.387644][T14625] [ 349.401757][T14638] netlink: 'syz.0.2490': attribute type 58 has an invalid length. [ 349.418428][T14638] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2490'. [ 349.580521][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 349.926617][T14660] tipc: Enabling of bearer rejected, already enabled [ 350.347915][T14682] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2508'. [ 350.524313][T14693] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 350.544309][T14687] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2510'. [ 350.646469][T14693] blackhole_netdev_xmit(): Dropping skb. [ 350.704057][T14696] netlink: 'syz.3.2511': attribute type 3 has an invalid length. [ 350.738784][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 351.103375][T14720] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2521'. [ 351.214102][T14725] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2523'. [ 351.524371][T14735] netlink: 'syz.3.2526': attribute type 15 has an invalid length. [ 351.533636][T14735] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 351.631893][T14744] lo speed is unknown, defaulting to 1000 [ 351.848887][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 352.227236][T14769] veth0_to_team: entered promiscuous mode [ 352.237603][T14777] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 352.246303][T14777] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 352.247843][T14769] veth0_to_team: entered allmulticast mode [ 352.447148][T14785] bond2: entered promiscuous mode [ 352.487031][T14785] bond2: entered allmulticast mode [ 352.653348][T14790] veth3: entered promiscuous mode [ 352.668490][T14790] veth3: entered allmulticast mode [ 352.679548][T14790] bond2: (slave veth3): Enslaving as an active interface with an up link [ 352.911912][T14807] __nla_validate_parse: 6 callbacks suppressed [ 352.911935][T14807] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2545'. [ 352.978463][ T12] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 353.329776][T14835] netlink: 'syz.3.2552': attribute type 2 has an invalid length. [ 353.338078][T14835] netlink: 'syz.3.2552': attribute type 9 has an invalid length. [ 353.350912][T14835] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2552'. [ 353.540536][T14843] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2554'. [ 353.564764][T14843] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2554'. [ 353.588401][T14843] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2554'. [ 353.620246][T14843] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2554'. [ 353.672096][T14848] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2555'. [ 353.703907][T14848] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2555'. [ 353.843752][T14853] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2558'. [ 354.020976][T14859] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2560'. [ 354.108672][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 354.377229][T14887] netlink: 'syz.3.2570': attribute type 3 has an invalid length. [ 355.012646][T14924] netlink: 'syz.2.2582': attribute type 21 has an invalid length. [ 355.233918][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 355.260099][T14932] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 355.376558][T14935] netlink: 'syz.1.2586': attribute type 1 has an invalid length. [ 355.407082][T14935] netlink: 'syz.1.2586': attribute type 3 has an invalid length. [ 355.530016][T14947] netlink: 'syz.0.2590': attribute type 1 has an invalid length. [ 355.990332][T14969] bond7: entered promiscuous mode [ 355.996130][T14969] 8021q: adding VLAN 0 to HW filter on device bond7 [ 356.006353][T14974] netlink: 'syz.1.2596': attribute type 1 has an invalid length. [ 356.338904][T14969] bond7 (unregistering): Released all slaves [ 356.361542][T14997] GUP no longer grows the stack in syz.3.2604 (14997): 20006000-2000a000 (20005000) [ 356.371715][T14997] CPU: 0 UID: 0 PID: 14997 Comm: syz.3.2604 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 356.382529][T14997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 356.392604][T14997] Call Trace: [ 356.395893][T14997] [ 356.398838][T14997] dump_stack_lvl+0x241/0x360 [ 356.403535][T14997] ? __pfx_dump_stack_lvl+0x10/0x10 [ 356.408782][T14997] ? __pfx__printk+0x10/0x10 [ 356.413402][T14997] ? find_vma+0xf9/0x170 [ 356.417682][T14997] ? vma_is_secretmem+0xd/0x50 [ 356.422470][T14997] ? check_vma_flags+0x52b/0x5a0 [ 356.427424][T14997] __get_user_pages+0x4385/0x49e0 [ 356.432469][T14997] ? 0xffffffffa0000950 [ 356.436668][T14997] ? __pfx___get_user_pages+0x10/0x10 [ 356.442074][T14997] __gup_longterm_locked+0x49a/0x17f0 [ 356.447459][T14997] ? __pfx___might_resched+0x10/0x10 [ 356.452858][T14997] ? __pfx___gup_longterm_locked+0x10/0x10 [ 356.458702][T14997] ? down_read+0x82b/0xa40 [ 356.463279][T14997] ? is_valid_gup_args+0x124/0x200 [ 356.468418][T14997] pin_user_pages+0x137/0x1f0 [ 356.473109][T14997] ? __pfx_pin_user_pages+0x10/0x10 [ 356.478318][T14997] ? trace_kmalloc+0x1f/0xd0 [ 356.482989][T14997] xdp_umem_create+0x978/0xf30 [ 356.487779][T14997] xsk_setsockopt+0x732/0x950 [ 356.492471][T14997] ? __pfx_xsk_setsockopt+0x10/0x10 [ 356.497690][T14997] ? __pfx_lock_acquire+0x10/0x10 [ 356.502764][T14997] ? aa_sock_opt_perm+0x79/0x120 [ 356.507753][T14997] ? __pfx_xsk_setsockopt+0x10/0x10 [ 356.512964][T14997] do_sock_setsockopt+0x3af/0x720 [ 356.518004][T14997] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 356.523597][T14997] ? __fget_files+0x395/0x410 [ 356.528308][T14997] ? __fget_files+0x2a/0x410 [ 356.532939][T14997] __x64_sys_setsockopt+0x1ee/0x280 [ 356.538198][T14997] do_syscall_64+0xf3/0x230 [ 356.542774][T14997] ? clear_bhb_loop+0x35/0x90 [ 356.547473][T14997] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.553376][T14997] RIP: 0033:0x7f1af1d85d29 [ 356.557803][T14997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 356.577458][T14997] RSP: 002b:00007f1af2b1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 356.586078][T14997] RAX: ffffffffffffffda RBX: 00007f1af1f75fa0 RCX: 00007f1af1d85d29 [ 356.594654][T14997] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000008 [ 356.602664][T14997] RBP: 00007f1af1e01b08 R08: 0000000000000020 R09: 0000000000000000 [ 356.610653][T14997] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 [ 356.618674][T14997] R13: 0000000000000000 R14: 00007f1af1f75fa0 R15: 00007fff68106908 [ 356.626684][T14997] [ 356.629917][ T11] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 356.807545][T15001] sch_fq: defrate 511 ignored. [ 356.904320][T15009] netlink: 'syz.1.2609': attribute type 3 has an invalid length. [ 357.147232][T15022] veth0_to_team: entered promiscuous mode [ 357.147782][T15026] netlink: 'syz.4.2612': attribute type 10 has an invalid length. [ 357.170508][T15022] veth0_to_team: entered allmulticast mode [ 357.195378][T15027] A link change request failed with some changes committed already. Interface veth0 may have been left with an inconsistent configuration, please check. [ 357.351895][T15041] netlink: 'syz.0.2614': attribute type 1 has an invalid length. [ 357.415981][T15041] 8021q: adding VLAN 0 to HW filter on device bond5 [ 357.696766][T15056] netlink: 'syz.2.2619': attribute type 2 has an invalid length. [ 357.759084][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 357.991829][T15065] __nla_validate_parse: 20 callbacks suppressed [ 357.991852][T15065] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2621'. [ 359.119152][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 359.610789][T15119] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2636'. [ 359.702583][T15125] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2636'. [ 359.712280][T15126] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2634'. [ 359.997298][T15136] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2641'. [ 360.022548][T15136] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2641'. [ 360.037113][T15136] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2641'. [ 360.059309][T15136] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2641'. [ 360.269688][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 360.681741][T15189] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048) [ 360.738830][ T5838] Bluetooth: hci4: command 0x0405 tx timeout [ 360.868753][T15196] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2652'. [ 360.988123][T15208] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2657'. [ 361.018419][T15208] tc_dump_action: action bad kind [ 361.065897][T15208] netlink: 'syz.1.2657': attribute type 3 has an invalid length. [ 361.409722][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 362.261449][T15254] No such timeout policy "syz0" [ 362.429570][T15259] lo speed is unknown, defaulting to 1000 [ 362.518846][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 362.766054][T15267] syzkaller0: entered promiscuous mode [ 362.792110][T15267] syzkaller0: entered allmulticast mode [ 362.816523][T15273] FAULT_INJECTION: forcing a failure. [ 362.816523][T15273] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 362.830973][T15273] CPU: 0 UID: 0 PID: 15273 Comm: syz.1.2677 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 362.841813][T15273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 362.851904][T15273] Call Trace: [ 362.855217][T15273] [ 362.858170][T15273] dump_stack_lvl+0x241/0x360 [ 362.862894][T15273] ? __pfx_dump_stack_lvl+0x10/0x10 [ 362.868125][T15273] ? __pfx__printk+0x10/0x10 [ 362.872757][T15273] ? __pfx_lock_release+0x10/0x10 [ 362.878091][T15273] should_fail_ex+0x3b0/0x4e0 [ 362.882821][T15273] _copy_from_user+0x2f/0xc0 [ 362.887458][T15273] __sys_bpf+0x1a4/0x810 [ 362.891735][T15273] ? __pfx___sys_bpf+0x10/0x10 [ 362.896547][T15273] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 362.902659][T15273] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 362.909034][T15273] ? do_syscall_64+0x100/0x230 [ 362.913838][T15273] __x64_sys_bpf+0x7c/0x90 [ 362.918292][T15273] do_syscall_64+0xf3/0x230 [ 362.922833][T15273] ? clear_bhb_loop+0x35/0x90 [ 362.927554][T15273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.933504][T15273] RIP: 0033:0x7f657fd85d29 [ 362.937950][T15273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.957596][T15273] RSP: 002b:00007f6580b10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 362.966056][T15273] RAX: ffffffffffffffda RBX: 00007f657ff75fa0 RCX: 00007f657fd85d29 [ 362.974167][T15273] RDX: 0000000000000050 RSI: 0000000020000340 RDI: 000000000000000a [ 362.982177][T15273] RBP: 00007f6580b10090 R08: 0000000000000000 R09: 0000000000000000 [ 362.990198][T15273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 362.998379][T15273] R13: 0000000000000000 R14: 00007f657ff75fa0 R15: 00007ffc5ae8dfa8 [ 363.006409][T15273] [ 363.322873][T15278] __nla_validate_parse: 7 callbacks suppressed [ 363.322896][T15278] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2679'. [ 363.349082][T15278] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2679'. [ 363.800354][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 364.951558][ T2123] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 366.088859][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 366.828122][T15259] tipc: Started in network mode [ 366.833546][T15259] tipc: Node identity e0000001, cluster identity 4711 [ 366.840562][T15259] tipc: Enabling of bearer rejected, failed to enable media [ 367.119443][T15305] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2688'. [ 367.142965][ T11] tipc: Left network mode [ 367.199610][ T12] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 367.210344][T15305] bond3: entered promiscuous mode [ 367.216833][T15305] 8021q: adding VLAN 0 to HW filter on device bond3 [ 367.337166][T15314] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2691'. [ 367.559866][T15322] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2690'. [ 367.604509][T15321] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2693'. [ 367.719199][T15327] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2693'. [ 367.851939][T15305] bond3 (unregistering): Released all slaves [ 368.362473][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 368.371184][T15332] Cannot find set identified by id 0 to match [ 368.396963][T15332] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2696'. [ 368.428053][T15332] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2696'. [ 368.531054][T15331] pim6reg: entered allmulticast mode [ 368.584033][T15331] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 368.608407][T15331] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 368.631829][T15331] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 368.657143][T15331] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 368.672796][T15343] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2699'. [ 368.875860][T15349] netlink: 'syz.2.2701': attribute type 3 has an invalid length. [ 368.902467][T15349] netlink: 'syz.2.2701': attribute type 3 has an invalid length. [ 368.930518][T15349] netlink: 'syz.2.2701': attribute type 13 has an invalid length. [ 369.112967][T15358] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2705'. [ 369.329128][T15370] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2704'. [ 369.551963][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 369.669212][T15386] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2710'. [ 369.988510][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 370.142381][T15400] netlink: 'syz.2.2714': attribute type 1 has an invalid length. [ 370.437699][T15411] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2717'. [ 370.708604][ T5898] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 370.925586][T15426] syzkaller0: entered promiscuous mode [ 370.931786][T15426] syzkaller0: entered allmulticast mode [ 371.314230][T15443] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2726'. [ 371.852070][ T80] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 372.156840][T15450] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2727'. Connection to 10.128.0.71 closed by remote host. [ 372.989247][ T12] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 373.368346][T15450] team0: left allmulticast mode [ 373.373292][T15450] team0: left promiscuous mode [ 373.388693][T15450] bridge0: port 1(team0) entered disabled state [ 373.681569][T11785] ------------[ cut here ]------------ [ 373.687404][T11785] refcount_t: underflow; use-after-free. [ 373.693366][T11785] WARNING: CPU: 1 PID: 11785 at lib/refcount.c:28 refcount_warn_saturate+0x15a/0x1d0 [ 373.703037][T11785] Modules linked in: [ 373.707367][T11785] CPU: 1 UID: 0 PID: 11785 Comm: kbnepd bnep0 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 373.718421][T11785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 373.728644][T11785] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0 [ 373.734819][T11785] Code: e0 6b 5f 8c e8 17 cb 9d fc 90 0f 0b 90 90 eb 99 e8 fb 26 dd fc c6 05 fe 24 42 0b 01 90 48 c7 c7 40 6c 5f 8c e8 f7 ca 9d fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 d8 26 dd fc c6 05 d8 24 42 0b 01 90 [ 373.754499][T11785] RSP: 0018:ffffc9000485f7c0 EFLAGS: 00010246 [ 373.760750][T11785] RAX: 4710c8c448ad2900 RBX: ffff88806ef3d878 RCX: ffff88805bf8bc00 [ 373.768745][T11785] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 373.776703][T11785] RBP: 0000000000000003 R08: ffffffff81601a82 R09: fffffbfff1cfa210 [ 373.784724][T11785] R10: dffffc0000000000 R11: fffffbfff1cfa210 R12: ffff88806ef3d860 [ 373.792858][T11785] R13: 1ffff1100dde7b0c R14: ffff88806ef3d860 R15: ffffffff860394c0 [ 373.800840][T11785] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 373.809788][T11785] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 373.816378][T11785] CR2: 00007ffc5ae8df40 CR3: 000000000e736000 CR4: 00000000003526f0 [ 373.824564][T11785] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 373.832575][T11785] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 373.840598][T11785] Call Trace: [ 373.843866][T11785] [ 373.846789][T11785] ? __warn+0x165/0x4d0 [ 373.851107][T11785] ? refcount_warn_saturate+0x15a/0x1d0 [ 373.856651][T11785] ? report_bug+0x2b3/0x500 [ 373.861223][T11785] ? refcount_warn_saturate+0x15a/0x1d0 [ 373.866766][T11785] ? handle_bug+0x60/0x90 [ 373.871135][T11785] ? exc_invalid_op+0x1a/0x50 [ 373.875801][T11785] ? asm_exc_invalid_op+0x1a/0x20 [ 373.880994][T11785] ? __pfx_klist_children_put+0x10/0x10 [ 373.886537][T11785] ? __warn_printk+0x292/0x360 [ 373.891366][T11785] ? refcount_warn_saturate+0x15a/0x1d0 [ 373.896921][T11785] klist_dec_and_del+0x3ec/0x3f0 [ 373.901938][T11785] ? __pfx_klist_children_put+0x10/0x10 [ 373.907478][T11785] klist_del+0xa7/0x110 [ 373.911799][T11785] device_del+0x2c9/0x9b0 [ 373.916121][T11785] ? __pfx_device_del+0x10/0x10 [ 373.920983][T11785] ? netdev_unregister_kobject+0x178/0x250 [ 373.926832][T11785] unregister_netdevice_many_notify+0x1859/0x1da0 [ 373.933434][T11785] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 373.940356][T11785] ? rcu_is_watching+0x15/0xb0 [ 373.945116][T11785] ? trace_contention_end+0x3c/0x120 [ 373.950500][T11785] ? __mutex_lock+0x37f/0xee0 [ 373.955218][T11785] ? __pfx_lock_acquire+0x10/0x10 [ 373.960417][T11785] ? unregister_netdev+0x17/0x30 [ 373.965400][T11785] unregister_netdevice_queue+0x303/0x370 [ 373.971373][T11785] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 373.977652][T11785] ? down_write+0x18c/0x220 [ 373.982193][T11785] ? __pfx_down_write+0x10/0x10 [ 373.987043][T11785] unregister_netdev+0x21/0x30 [ 373.991862][T11785] bnep_session+0x2e3c/0x3030 [ 373.996565][T11785] ? __pfx_bnep_session+0x10/0x10 [ 374.001828][T11785] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 374.007729][T11785] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 374.014135][T11785] ? __pfx_woken_wake_function+0x10/0x10 [ 374.019836][T11785] ? __kthread_parkme+0x169/0x1d0 [ 374.024878][T11785] ? __pfx_bnep_session+0x10/0x10 [ 374.030128][T11785] kthread+0x2f0/0x390 [ 374.034234][T11785] ? __pfx_bnep_session+0x10/0x10 [ 374.039348][T11785] ? __pfx_kthread+0x10/0x10 [ 374.043981][T11785] ret_from_fork+0x4b/0x80 [ 374.048507][T11785] ? __pfx_kthread+0x10/0x10 [ 374.053102][T11785] ret_from_fork_asm+0x1a/0x30 [ 374.057864][T11785] [ 374.061106][T11785] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 374.068377][T11785] CPU: 1 UID: 0 PID: 11785 Comm: kbnepd bnep0 Not tainted 6.13.0-rc5-syzkaller-00835-ga8a6531164e5 #0 [ 374.079290][T11785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 374.089351][T11785] Call Trace: [ 374.092624][T11785] [ 374.095547][T11785] dump_stack_lvl+0x241/0x360 [ 374.100226][T11785] ? __pfx_dump_stack_lvl+0x10/0x10 [ 374.105413][T11785] ? __pfx__printk+0x10/0x10 [ 374.109988][T11785] ? _printk+0xd5/0x120 [ 374.114132][T11785] ? __init_begin+0x41000/0x41000 [ 374.119146][T11785] ? vscnprintf+0x5d/0x90 [ 374.123589][T11785] panic+0x349/0x880 [ 374.127653][T11785] ? __warn+0x174/0x4d0 [ 374.131810][T11785] ? __pfx_panic+0x10/0x10 [ 374.136221][T11785] ? ret_from_fork_asm+0x1a/0x30 [ 374.141146][T11785] __warn+0x344/0x4d0 [ 374.145113][T11785] ? refcount_warn_saturate+0x15a/0x1d0 [ 374.150655][T11785] report_bug+0x2b3/0x500 [ 374.154994][T11785] ? refcount_warn_saturate+0x15a/0x1d0 [ 374.160552][T11785] handle_bug+0x60/0x90 [ 374.164711][T11785] exc_invalid_op+0x1a/0x50 [ 374.169217][T11785] asm_exc_invalid_op+0x1a/0x20 [ 374.174080][T11785] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0 [ 374.180279][T11785] Code: e0 6b 5f 8c e8 17 cb 9d fc 90 0f 0b 90 90 eb 99 e8 fb 26 dd fc c6 05 fe 24 42 0b 01 90 48 c7 c7 40 6c 5f 8c e8 f7 ca 9d fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 d8 26 dd fc c6 05 d8 24 42 0b 01 90 [ 374.199903][T11785] RSP: 0018:ffffc9000485f7c0 EFLAGS: 00010246 [ 374.205962][T11785] RAX: 4710c8c448ad2900 RBX: ffff88806ef3d878 RCX: ffff88805bf8bc00 [ 374.213919][T11785] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 374.221894][T11785] RBP: 0000000000000003 R08: ffffffff81601a82 R09: fffffbfff1cfa210 [ 374.229872][T11785] R10: dffffc0000000000 R11: fffffbfff1cfa210 R12: ffff88806ef3d860 [ 374.237880][T11785] R13: 1ffff1100dde7b0c R14: ffff88806ef3d860 R15: ffffffff860394c0 [ 374.245962][T11785] ? __pfx_klist_children_put+0x10/0x10 [ 374.251541][T11785] ? __warn_printk+0x292/0x360 [ 374.256330][T11785] klist_dec_and_del+0x3ec/0x3f0 [ 374.261261][T11785] ? __pfx_klist_children_put+0x10/0x10 [ 374.266850][T11785] klist_del+0xa7/0x110 [ 374.271010][T11785] device_del+0x2c9/0x9b0 [ 374.275349][T11785] ? __pfx_device_del+0x10/0x10 [ 374.280190][T11785] ? netdev_unregister_kobject+0x178/0x250 [ 374.285982][T11785] unregister_netdevice_many_notify+0x1859/0x1da0 [ 374.292393][T11785] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 374.299171][T11785] ? rcu_is_watching+0x15/0xb0 [ 374.303934][T11785] ? trace_contention_end+0x3c/0x120 [ 374.309222][T11785] ? __mutex_lock+0x37f/0xee0 [ 374.313902][T11785] ? __pfx_lock_acquire+0x10/0x10 [ 374.318941][T11785] ? unregister_netdev+0x17/0x30 [ 374.323927][T11785] unregister_netdevice_queue+0x303/0x370 [ 374.329654][T11785] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 374.335889][T11785] ? down_write+0x18c/0x220 [ 374.340385][T11785] ? __pfx_down_write+0x10/0x10 [ 374.345250][T11785] unregister_netdev+0x21/0x30 [ 374.350040][T11785] bnep_session+0x2e3c/0x3030 [ 374.354770][T11785] ? __pfx_bnep_session+0x10/0x10 [ 374.359801][T11785] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 374.365693][T11785] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 374.372010][T11785] ? __pfx_woken_wake_function+0x10/0x10 [ 374.377664][T11785] ? __kthread_parkme+0x169/0x1d0 [ 374.382676][T11785] ? __pfx_bnep_session+0x10/0x10 [ 374.387731][T11785] kthread+0x2f0/0x390 [ 374.391787][T11785] ? __pfx_bnep_session+0x10/0x10 [ 374.396795][T11785] ? __pfx_kthread+0x10/0x10 [ 374.401377][T11785] ret_from_fork+0x4b/0x80 [ 374.405807][T11785] ? __pfx_kthread+0x10/0x10 [ 374.410403][T11785] ret_from_fork_asm+0x1a/0x30 [ 374.415172][T11785] [ 375.487440][T11785] Shutting down cpus with NMI [ 375.492494][T11785] Kernel Offset: disabled [ 375.496977][T11785] Rebooting in 86400 seconds..