last executing test programs: 1m27.604193151s ago: executing program 3 (id=240): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x9e7, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @empty}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) (fail_nth: 4) 1m9.367722667s ago: executing program 3 (id=240): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x9e7, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @empty}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) (fail_nth: 4) 53.847571252s ago: executing program 3 (id=240): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x9e7, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @empty}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) (fail_nth: 4) 39.25784115s ago: executing program 3 (id=240): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x9e7, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @empty}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) (fail_nth: 4) 21.065857024s ago: executing program 3 (id=240): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x9e7, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @empty}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) (fail_nth: 4) 8.133094746s ago: executing program 3 (id=240): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x9e7, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @empty}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) (fail_nth: 4) 3.838877833s ago: executing program 1 (id=2123): unshare(0x62040200) r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0x8, 0xa}}}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0x100b, &(0x7f0000001e40)=""/4107}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000240)=ANY=[@ANYRES64], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0x8005, 0x0, &(0x7f0000000000)='\a\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x8005, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a1d010000000000000000020000000900010073797a3000000000080002400000000098000000030a01020000000000000000020000000900010073797a30000000000900030073797a32000000006b00030091abc12404cf378042f26c43"], 0xfc}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newtaction={0x6c, 0x30, 0x9, 0x0, 0x0, {}, [{0x58, 0x1, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x20000000}, 0x3}}, @TCA_VLAN_PUSH_VLAN_ID={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001940)={0x114, 0x2b, 0x1, 0x0, 0x0, "", [@nested={0x103, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x0, 0x0, 0x0, @ipv6=@mcast2}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd"]}]}, 0x114}], 0x1}, 0x0) 3.725486528s ago: executing program 4 (id=2126): socket$nl_route(0x10, 0x3, 0x0) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_aout(r0, &(0x7f0000000800)=ANY=[@ANYBLOB="000046dce4122393df69e33fce4c41ffff000000000000000000000000000000fa0061233d0ab8dfac"], 0xc1) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r0, 0x0) (async) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000006c0)={'syztnl0\x00', &(0x7f0000000640)={'ip6_vti0\x00', 0x0, 0x30, 0x2, 0x7, 0xfffffff7, 0x78, @empty, @local, 0x10, 0x1, 0x0, 0x3}}) (async, rerun: 32) socket$netlink(0x10, 0x3, 0x0) (async, rerun: 32) r2 = socket(0x10, 0x803, 0x0) write$binfmt_script(r2, 0x0, 0xfffffe5d) (async) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x44, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010008506000000ff0100000000000000", @ANYRES32=r3, @ANYBLOB="01ff00e1c2ed00001c0012000c000100626f6e64000000000c0002000800010006", @ANYRES32=r2], 0x3c}, 0x1, 0x0, 0x0, 0x20008040}, 0x0) (async) sendmsg$ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f0000001cc0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000480)={&(0x7f0000000140)=ANY=[@ANYBLOB="2020000042d3391fb0e13ac2afb7064e1b5ce173ca4a4c7ba9ab20dbceee3418d1", @ANYRES16=0x0, @ANYBLOB="200029bd7000fcdbdf25190000000c00018008000100", @ANYRES32=r1, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x40000c1}, 0x8880) r4 = socket$netlink(0x10, 0x3, 0x4) sendmsg$IPSET_CMD_RENAME(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="34000000050601"], 0x34}}, 0x90) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x7ecff34ed9fc0875) (async, rerun: 32) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) (async, rerun: 32) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYRES16=r1], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r6}, 0x10) (async, rerun: 64) socket$nl_sock_diag(0x10, 0x3, 0x4) (async, rerun: 64) ioctl$int_in(r5, 0x5452, &(0x7f0000000100)=0x3) (async, rerun: 64) bind$inet6(r5, &(0x7f00000003c0)={0xa, 0x4e22, 0x3, @empty}, 0x1c) (async, rerun: 64) connect$unix(r0, &(0x7f0000000400)=@file={0x42ece029b56185d9, './file0\x00'}, 0x6e) (async) listen(r5, 0x0) (async) r7 = epoll_create(0x689) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r5, &(0x7f00000000c0)) syz_emit_ethernet(0xfc0, &(0x7f0000002cc0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd606eb3bb0f8a1100fe8000000000000000000000000000bbff02000000000000000000000000000100080404004000000000000000000000000000000000000120010000000000000000000000000002fc000000000000000000000000000000000000000000000000000000000000010002040100000000000000000000000000000000000000010005000000000000c91000000000000000000000000000000000071800000000040000000000000000000000000000000000000000000000000e0000000000000758000000001400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000400000000000000000000000000000000000000000000000002040100000000fe8000000000000000000000000000aa00be000000000000000100008442af3b23b338ace6b89c51334f781702cc4526851fd44f0a58742a96dbd79d06252221b623ca59ea71ffc63fffa66e502862330f579e10fe27f0738402761d3d7048a0701b7e3970925ad124eba6dc488edee06ee43ae0ede46e3706c921baf6593ddea9c55c15e12a7118bf580eaf9dcf5f99a917349fa70a702c5ee99aa039fd9c2a26050200000062c7f8e99066b4532c0286b8f0199baab14663c8b855ccfc6e451e2e5521557db7b43c65fefd6eb748b55d2ac16a1189d573e61e700b608d6fe52c9e17172516b332f18507d9f2a758f0e62e721a0919d0b676a88a442879ce2bc750ab744d4920f3961a2f10dbebc068c5405ab823f34f3703ca670000b043123b558f985fded4b2b6499194dfa629bdd0ff5c20f7ace05669f22c7997efb9d845ec5bf794539acc77c605aa60c860e91c3c086272fbcb6b2a4d506e050b25818687d81c983a8c6f69dbc6ca9c80afc985e0bff6679406a33f41cd4444a5d1fc7665cadae0d089acca44797eb471401943ad571d1886e5b297962fb8b983fd10aca4c2e372aaf94fd2186deec776ef9f0aafd0adfd3237fc3425bae6cfee6155a05685aea458393f54c8e0e66b3ca4a50c2a88a6f6049edc392bfd9d8444f7aca48d54f5807e9b8295321492aaf9677fb1469fc228031c69615a3aef5d882f8f951c42dbf1f2db70ec37a637a2bbca4843a44c5d1f921284d2faa065c714807d2977dc8783868782176ce9c38aa877b04cb6b1ad28a0eac1698b332cbf28f32b3b21ba0e0eabeff883d326caae6c1efb326b0d2a4aeb97f53f5c6f82d4ba278fd4b84ebfed860aafa6e558b177a5495d07406d5c5e4876af22a287ac8339d1e218fdf8c2c2acbb8cc21490d89db9d068d84d03d1ff02f23fcf959e63efb4387f19e91ba8467bbaf40935a72ee0a9f6821222c2ff53bb4a696a5152dd812248148ab08b193cdc13a6e06e06a7ca3e26681fc1107c07e136e205b0ddc110dc5464fd1ada2675559e47f46dcaa5a8f47055963f2e8ef21da9c2968804e553ec55b0db9934f6590bca1452f2c0ef428a8ab5488535de85a2383f38a58c73331001e87799c5a1dbd7464eead1f80f1d10cadda8ebe2ee1059fa6ea088774a51fa8ea44e63cdd7c3dcd3dc47716425d31818d95aad3cc328de6166a10e174f437d98e64bdedf5b736bdf2e106f6d4a6d9423edd02e7072b33cbd0d7a0d750a61bab884b296d8cd3b33fa2df8b4366753acf6a2e1751eef6ea303247eef8d28c856921654334497259acf6a05d540ff2b509d55bb214c8ea311e7e4425aa3ac3a052a7d09ea3e5a3adf2bb345311cef5e30ebcef54aa6f2ad427f52e7aeb34b4d9c3a9ccdea9cf14c908e01277e2f923351f597125538f3ad5a0735de24268328a5041df95822a138ec6c7bdb0377cc5c428c5f5fab4731299008fe3a0dd890dda3e02b0ccd33da36bfe18d07188bf7afd8b60d13ff3fbba67ab47f79e76f7c5414bc6e6bfde0636cacdc90a1b41a2144b9793febee25f6dadf4534368161c2ae03a7adf69c882db6034e4d9d4745ba0b0ec6dc8a973cfeed85f0b129b1d4355eee124d64adb6f4f93abed57964d100b3d96b043b64440100000000000000098f47d831c39b832c9b5e9c86f7a5b93c95e751c581625e8f83bd900ec6755714ba53e0720d0ae13a14aec18dca9a0c1b52836232be76469da3b18e4e56cdde9f282f1203cced0d699f68cf4267788750041e0413ead1bc9cf33ed05e97c6e11f466bd10f812efe7f6e674f116b8552062d1f271740bb58765d8356d7cd2de1f8eea557170febc5830d3c36e86d40b4a3ce040cffec1c493bbc6da1e73ee4da9cd4043cb428ee25b51044c1a8ed438d1771c56a53ae9a8bd380166e7218a59a6d0e996955d91fe57f02a5f49827f670a34d38b8f0332c7b0dcfef4387f329ba78cb0cf73d754f3917d533d3da8221c0f14528f1ae22fa417dba68093b07dd40023cd51d51b50da72032deff5fab0afdc43d940ff5fdb92ecd9da360bdd1fa62eba07d34bfc5a9dd40b0a07e7d9477d2bb3b9a3fa46ed60a0715c8974482d19dde87038c34314c1fd1f479eadd7c0da28c4e31f4a14fa6963559462e69e136c2a8d534d7c50d6fe4c18c31cebda190564b916c0e318c0c589d31017f16925588379b08e91c3f29da734c61b6dd72c68c8f1e97208b023f09a1d9ea890d96cc4a6fc9656d760eedca9c4f2459e10880a88a11f00961e1d210187aa0cc13c7b5bd76e264acd03bc3bfed9149769072f7b09af8c90020500f0f0aa42ea5ff874e472d64c4be6706b2ccb17d4aa07e216a50811a0a3cb50bdf9189b34dc2f29d1406029737b719aa08732a854a137813f2db738068a98e0016e7237438be36dfffb8b55516cf672c15af594b6185d9c9000b7f0a5835df5eaa57ea14145152691eb3bb2aa55e567277cf36a735a06b3f5747410f43790c99b1a8c60196b3e482c3792451958ffc1679daaa2984f3eb313737f85bb6bba5bdec9ec6d16f4a8bec7f614f56ce971208d15051e3152b782a840f6e8a5ba8481dba43e4d68d69e788456f3bde403a6f207ddb95cef6971e719021431c8baaa62501d49ca90690478dbd7abed91d7d07e050395f29e5251e19f5d5e58d22200446984615c55f775888619c08b208b4c5a45e4b46f3126f5aa25553532d50e108a3c2206e98bb2e7b1bf56e8d3642f8616a1b245332a0914f090fd9705545d143ec2b1ee29d9defade5228c44c859888e0d02bbdbbb9c2f2fda2c3871a689424b74fc05f2e13e8b4052940d02bd80a76ef734dd2bc597351244af467f7663ecfa1dc06c789505274f8d3998c5fc774cb51477f1aa02d7b3059a8f6b99573094efa821769fe7bd93e8e8ea650495ff177876b84f89674fa40a50965da100f64c15a780a40b8d7d55d0e6008e178453f3eccaee57226cd9199d18d464412f572a18ebb4206f0a00eb396e1727569d63ba13875cc37d72ddde5654fda13b4b0aec3aa970a685f195f457ab254d72168fa137979c217db1ce489497b13b105413bf91386aeada658a33fa5de25ff42d17daef9e6f0c8f38fe29a58909bf0add3fa3da347a339ef3feb45805c685bcd401160d06ac19b02c142e61a496bd840ec97ad89d1d0c6009609bb77d225a9c3665f148fd41ae823d81bdacaaa316270df935b24e88be91788789d3274ab1deb62e7c970291ebf1c2a97d3a4269ad192ea5064ccbfb9a66e3c10e93055245c1b02697c105587ac1016d975de9f46a6f5ccbde7622cea3649eb8a10e28045287475e4dbf8d76b64c412ee994282d429e5afe608c9e73b459b81fbd9b6192f9b6d6bf544091c6d849ecd7eb1c70a50f830d58087800262395edbc68cad5b54cf80ae31df50cf9c2899b1d0e1edbba94d8cebfd8bef1db81f70a1ab5d1d907ed19508f83df0f1400b9d1fca8a48b7e267b80d8bdfff0730bb696c845b66303c899285a47832a6dd95d84191dce4ddbab13dff5065da64dc2de0fa36cb7c3419e6f8dc28f1e36e963ff7278bb3e0cd17687ed176d940b1daf473d6cfdd8a119314c6a065b9fce72dcf03209d792e201bb0624887169c22173888fb256635cceae7673b634134e87d7550213f0e9c03ec4ec4bf3710bbe0a4b5cff8dade9f1f6f727f0043ad5aa00f968fbd3cae5bd6f83c8ea33596a7ff9ef4b51687d77cdc1f33e16a6b374038f1db7316c25582bcd2b50e66baefc620766c00680c0d306d6aaa58224d17f3050b08ae492c7b96032574dee57f8c475b0055007f0edf41f6ad2192bc1aca2ad48fdedd024b8cea53e491d717aa76e0d2f7de4b9bc3617bbb2d4c3df3aec455bb4f17d93741e99b3053f13a31494f1f4d0f3caf3dae7286b9b4ec2a3802c9dfac7cb73ac58370469fe09f3834c54c88921c4038aa57318216cc6a49ec7070c0418ade746671286e161240e8c0de08f190211cfefe662dc5968bd90083a957815dbd29f9dbd14fbfa1a52bc3fed8fd2305be7e0b69eca6e0b1adbfa513c3c6f4c6d8c88ddbc39588d081e042025b7885e699272f085a7f2306e4d39f667ca5cfb6aeab1f4cfa3c0e07adb21e41cf37f709df601783f002aaa708edc777d2db455dcc9672d9edda9c871460671609af44dd4b54e4385a0efbeb3ba9eac3c16863a2bfd477ef084152261092c178b4d4a1561a2b60d8ebf19609ff41fdcc5bb3935e6786abca4d9a7bccb35e21ce7b3ed6c7e49df3afc3ff44f00fd49f7c00aa1ebb7598ee701984c8389731c827b3f1d797bbf0100008000000000a282062b63dd89db95c63349fe9747e8467c5cc7f7800fce43b00300000000000000d4910bfdf36096e80db5b0b7057c9c850f983cc5d8b9e2430974d73d9889df7ecf0cc6bc945b5a5972ddd73f82a2c812bed1478cfcb5caf4db95db71be54880b7cc585fb3a5ac47cc71889f3eb7571c167d08d7d6ff379644b32008e8ef14ed71930420647f3f8146928c0696f5cd9cfe889ebbea038c8f5db88cf9fbf98360bab3645f5473cb1220e6b5d5f417ba5d205a7957f29764eb0fc6752d715a01fd3cb0051da3319d32232e6ebe68bf0db8b8bc21d419ba67fea7c78e07d6671b706ed66e33e1c092d7101b6a027a64eeca0f0847f52f108617fd5f6b7b756a29fde2f1eec66766890fa462fcf505573891d2a7539925a6e9552fc4a05b16b0bc78169a222ac728d62b8ce25d17bc9bd9e62fdc586dbf1be531059d6a94c06c8201db1ac9203914b663a7a0eddd58f8b0c2cd29895e8805de5ffcd8afe430526409019cbd55f3ae4fb320661773d96cde096ec0cdf870d0a4aabdea471f2b07b7eac57dfe668500e903778472c1ae14b303c67ec619dee28aa96ded734db446aae160b58d6584b2916852e3315d7bdc4b95bc23495ae87b92d36c9009bccac7b720c9d61a30069db6b1e53bc48cdb236843cc74a71eed0349212225d915c75686759b83f17fa0a03d41dc8264151c36de218a0e1b4b8f36a4cb311f17453e145fa29b676bfaa4f38875103eb000000000000000000000000000000000000000052907801000000d60505f9b57f0c0a4aac4414a82490037ac331aaa6511c7755318ef0a2ffb1eaeef1443fe804d5357471a6c65ebc408afeb8fbd0b2e96659cd6037d94d0dc89b12d9042271ff00"/4041], 0x0) (async, rerun: 32) r8 = socket$netlink(0x10, 0x3, 0x4) (rerun: 32) writev(r8, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001500add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) r9 = socket$packet(0x11, 0x3, 0x300) (rerun: 32) setsockopt$packet_int(r9, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) 3.396099588s ago: executing program 4 (id=2128): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000005dc0)=@delchain={0x20c, 0x65, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_matchall={{0xd}, {0x1c, 0x2, [@TCA_MATCHALL_FLAGS={0x8}, @TCA_MATCHALL_FLAGS={0x8}, @TCA_MATCHALL_CLASSID={0x8}]}}, @TCA_RATE={0x6}, @TCA_RATE={0x6}, @filter_kind_options=@f_route={{0xa}, {0x1a0, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_ACT={0x18c, 0x6, [@m_ife={0x130, 0x0, 0x0, 0x0, {{0x8}, {0x64, 0x2, 0x0, 0x1, [@TCA_IFE_SMAC={0xa, 0x4, @dev}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_PARMS={0x1c}, @TCA_IFE_METALST={0x14, 0x6, [@IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x8}, @IFE_META_TCINDEX={0x4, 0x5, @void}]}, @TCA_IFE_PARMS={0x1c}]}, {0xa5, 0x6, "21b2caeba32a6f7c5900697624a17b85a9db3a31b129a4976a84cfb4f5d651fd8aa24a645c8f63c025fcca463a6b79a3d7e6c9a8b89a140805ef63939ac2e37b49004b0dc3b8446aa7038eceef52fe7bdca153fe865c65015a3b208b282c16472e451aa10a8631235c49cae271f5fc8ce5e34d9938e3d5f43ac7a0e31b0acfc73199ca90e81246819f4c740a4fa3247a2af88d6569da09be7179b89f9f024c9f46"}, {0xc}, {0xc}}}, @m_nat={0x58, 0x0, 0x0, 0x0, {{0x8}, {0x4}, {0x2d, 0x6, "ef93daeef78df7f9a037a0d7a2f92a1cc341deabba437fc636cbf66a843bc4e0304e79be1f16cfa199"}, {0xc}, {0xc}}}]}]}}]}, 0x20c}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x900}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 3.156241938s ago: executing program 4 (id=2132): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvmmsg$unix(r0, &(0x7f00000027c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=""/104, 0x68}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 3.144937086s ago: executing program 2 (id=2133): r0 = socket(0x2, 0x80805, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000003140)=""/4095, &(0x7f0000000000)=0xfff) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000300009500000000000000"], &(0x7f00000003c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r3}, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x8001000000000000, 0x40, &(0x7f0000000c40)=@raw={'raw\x00', 0x8, 0x3, 0x2c0, 0x0, 0x18c, 0x148, 0x0, 0x0, 0x228, 0x2a8, 0x2a8, 0x228, 0x2a8, 0x3, 0x0, {[{{@ip={@dev, @remote, 0x0, 0x0, 'gretap0\x00', 'veth0_to_bond\x00'}, 0x0, 0xb0, 0x110, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0xffffffffffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}}}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth0_to_bridge\x00', 'geneve1\x00'}, 0x0, 0xf8, 0x118, 0x0, {}, [@common=@unspec=@rateest={{0x68}, {'rose0\x00', 'pimreg0\x00'}}, @common=@socket0={{0x20}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x320) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x214000, 0x800}, 0x20) setsockopt$XDP_TX_RING(r6, 0x11b, 0x3, &(0x7f00000001c0)=0x800, 0x4) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000280)={'veth0_to_hsr\x00', 0x0}) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062c30bc068829afff36b31fa7e358e95cfa"], &(0x7f0000281ffc)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000200)={r8, 0x2000000, 0x14, 0x0, &(0x7f00000001c0)="5cdd3086ddffff6633c9bbac88a8861000dffd00", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$XDP_UMEM_COMPLETION_RING(r6, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r6, &(0x7f0000000100)={0x2c, 0x0, r7}, 0x10) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000680)={0x0}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) getsockopt$bt_hci(r0, 0x84, 0x7b, &(0x7f0000000000)=""/4087, &(0x7f0000001080)=0xff7) syz_extract_tcp_res(&(0x7f0000001000), 0x3ff, 0x100) 2.688018075s ago: executing program 2 (id=2135): socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet6(0xa, 0x6, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x5, 0x8, 0x8, 0x105}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1, 0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f00000005c0)}, 0x20) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000740)={@map, 0xffffffffffffffff, 0x25, 0x14}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xd, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000f0000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000e80)={0x3, 0x0, 0x1000}, 0x10, 0x1b471, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000001640)=[{0x0, 0x1, 0x0, 0xb}, {0x5}, {0x2, 0x0, 0x9, 0xc}], 0x10, 0x1}, 0x90) socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x4, 0x0, @rand_addr=0x64010101}, {0x2, 0x4e23, @remote}, 0x184, 0x0, 0x0, 0x0, 0xffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket$unix(0x1, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x2d0, r8, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_FRAME={0x2b1, 0x33, @beacon={{{}, {}, @device_b, @device_b}, 0x0, @random, 0x0, @void, @val, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x3}, @void, @void, @val={0x3c, 0x4}, @void, @void, @void, @val={0x76, 0x6}, [{0xdd, 0xb7, "31851c27f0515dccb7554d54162c7b9db37edff2415d5589b53027d4db2f9527a9858f2910b19c7737136d933c4cb8b186a2cb77d33dc186120309d0107aae1822ca939dc88880a147e71f89f5936e8d68041d7e8bcc0f1b2831ed25db982a9cd8fcd5160c5cdc0cbe25dce28dc9925779fc4799284de17406d9ac3b5e35515e37ca5568297e0d3e19d80a5d5addb3184fec9543e41f70eb1bcd9a87da2f4b39e15dca2e549f43749edc5d2150d9349f08894e39ac26f6"}, {0xdd, 0xba, "1cb11f4c9767b25df19d1cb86cc9f4059996ff0021375555251d74cf6f777d24ac2b13bbd9b9d6f27b608e3a58d27ba7b7e16a8e13f0d8f288fa3e9a5e6c9ba0bd7028c0866f7cec56d3e0ae5cb3c8963c4d6e991fbd1547b046152bed86b40dc529d6663ed96a2f54759ca9fd4841407c6fb63f588fed1344890b04c3914826eaa5b022f53aa9fb6bffaa0370be496fc201cd5b33db589eb87730dee906175a89a626342c521f0b18b5cb5ed9de356bf155e503ca39d841b335"}, {0xdd, 0x25, "523a4aa23e4123ca5c555c2b2bf412911511b4b39a758f6e3a496d64414c19f01ba62cf366"}, {0xdd, 0x12, "0941a0e096d40b7d3b60bec79aa8aaa3f566"}, {0xdd, 0x3f, "7b1f666daa2c5732ac642cd918aea5ee68d9287e589b7d5326dd3b2bfb9e3d1679ee7c57f9ddfe7cc6179e25076e5fbf36bd5882a567a92f5c2ba4e5d1fe2e"}, {0xdd, 0x9, "0da71e815422994325"}, {0xdd, 0x6b, "30d8ac98fdedffdf2ad390d8c532101bdebf905f4f96a12b5400578c02f802cac6cedd077c38a52b4fb790de3ab2c28eed8f45baef37217a654a07159fd6efe9fc5a4effdb0327c0802a3a873e92979e62ab34d31a748ae171a86d656075c5a8c88eaba15c64afa0d2a1d2"}, {0xdd, 0x6, "4f3fef835ea8"}]}}]}, 0x2d0}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) 2.19945562s ago: executing program 4 (id=2137): socket$inet(0x2, 0x4000000000000001, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000010200)='blkio.bfq.sectors\x00', 0x275a, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={0x0}}, 0x0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvmmsg(r2, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000040)=""/19, 0x13}, {&(0x7f0000000180)=""/109, 0x6d}, {0x0}], 0x3, &(0x7f0000000740)=""/202, 0xca}, 0x9}, {{&(0x7f0000000840)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f00000008c0)=""/209, 0xd1}], 0x1, &(0x7f0000000cc0)=""/4096, 0x1000}, 0x7}], 0x2, 0x0, &(0x7f0000000200)={0x0, 0x989680}) recvmmsg$unix(r2, &(0x7f00000027c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=""/104, 0x68}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000100)={'wg2\x00'}) 1.655000264s ago: executing program 2 (id=2139): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000006c0), r1) sendmsg$IEEE802154_LLSEC_DEL_KEY(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)={0x3c, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc}]}, 0x3c}}, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(0x0, r4) connect$inet6(0xffffffffffffffff, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_GET_DAEMON(r6, &(0x7f0000000440)={0x0, 0x1400, &(0x7f0000000400)={&(0x7f0000001500)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="0d03000000000000000004"], 0x14}}, 0x0) 1.424251608s ago: executing program 2 (id=2141): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32], 0xa0}}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x9000000) 1.411454072s ago: executing program 0 (id=2142): socket$key(0xf, 0x3, 0x2) r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@ipv4_newrule={0x2c, 0x20, 0x1, 0x0, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e20, 0x4e20}}, @FRA_GENERIC_POLICY=@FRA_DPORT_RANGE={0x8, 0x18, {0x4e21, 0x4e22}}]}, 0x2c}}, 0x0) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000800)={0x0, @in={{0x2, 0x4e24, @multicast2}}, 0xa, 0x8, 0x3, 0x8001, 0xedd8}, &(0x7f00000008c0)=0x98) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={r4, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e23, @private=0xa010101}]}, &(0x7f00000007c0)=0x10) r5 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet6(r1, &(0x7f0000000740)=[{{&(0x7f0000000080)={0xa, 0x4e24, 0x9, @private0, 0x18}, 0x1c, &(0x7f0000000100)=[{&(0x7f00000001c0)="11f5d87262efcd319065635d76f3a0dfce9cd784682c8eea7499e4303295e393a40e3c35308070eae941a8f4ff0e658201f8e25cd7325a16f9c9cb7815c579e74336907b9c6eb0a3578ba77ff02c2cebbe03ce9dddca765d9f7d3d7709c28ef0da7a417fe88aaae958b7fea961c0220648dbc646104de65a3c59624f7da4242bb1bba92f7c75f8b12b63ca50e769040e73207ca60a806d77d7b8845e178f83853b3ab71af65f26095eeba211f2", 0xad}, {&(0x7f0000000380)="177d12f7b7d4037ec9e98ccee231abe4de8922e0b6e0a8ca04607aed083d3d5ffed8f5c86e87f5f65b49685659975374c993b87097a9e22dafd1234fd1315080b848f52a66ca0344a08cad33b4c8f1258c8efb479be2c4cb2049d61ce893b5bcdbee69af4a3b651cd0b97a2cbbce6bc0da073c4b4522a09c220f27ce812a80aa3ddda040804860fc02cfa735e8c2cef13f5211f63f72bac5c4ba63ec9fbe8d591689b88f909dc148a874a98d3c79f12817e825c71b29de95cb39099b543646e7c50e4ead73960c785907", 0xca}], 0x2, &(0x7f0000000140)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0x2}}], 0x18}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000280)="809486b8e072d73bd9c161e65e874196693c489a923dae4e6be07b386987d1d42a6c1d06a71ba1a6acb16f020386c2e1318597827ca801a92506a9b46d588956c35e7f65794a41a0faf33e1ac362fd73e51b5c3f0d24c9ad83711352cec27d6e0c13870e0579aa91f79e2f19603fbae6dc0dbe46e40ccbefe47816094657e1ae3ac74b60ccf500ddbbe1812c71b4f3de427812d37f3942c2a039f979458f29de52675146de2e737332aae51416923875a60ee4b4", 0xb4}, {&(0x7f0000000480)="0dc0fdd656e2ab850ac46776bb72a4b1699f4ddaaf258a22c6eb2493276c9e4feefc1b7f5dce51ad0cd12081dd58c0c5ef6d8df3aa13522eb06a3c3138c9ebf502447f2de480f5b901fb7abd198e", 0x4e}, {&(0x7f0000000500)}, {&(0x7f0000000540)="543e881d172d955affa024a868b7762f1189b612e9165969758551417cec48abf29508040e4b332eacf68195e226953b1aeb5c3ec08a9346ba89c584c7f03653900faab1eca54003a4912b05ebd07769", 0x50}], 0x4, &(0x7f0000000600)=[@rthdrdstopts={{0xd0, 0x29, 0x37, {0x0, 0x16, '\x00', [@generic={0xb, 0xa5, "7b02cc24a30b9341b361abeefe5522bf2a5df7ce915f11fc8adde79b4c1a870f406e7c1df9f745aa7e22bd72c229f776146ecc4ab64f337d12378a0fc0ef6fa0d99135acfea5baa7c22ce4c953c841c6635cc578403435b28a433726c8da9a8237323d793067e1fe32adb03b309f7a45d4f9e2d3b749e3478cb89e4756e57a9f0a28388deeec9e33c8023ab2af94463561567eeb67b2e306c89543c4c88de183c46136e43c"}, @jumbo={0xc2, 0x4, 0x5}, @jumbo={0xc2, 0x4, 0x7fffffff}, @pad1]}}}, @hoplimit={{0x14}}, @dontfrag={{0x14, 0x29, 0x3e, 0x5}}, @rthdr={{0x18, 0x29, 0x39, {0x2f, 0x0, 0x2}}}], 0x118}}], 0x2, 0x24004041) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000340)=0x8) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) r7 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r6, 0x84, 0x71, &(0x7f00000000c0)={r8}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x71, &(0x7f00000000c0)={r8, 0x31}, &(0x7f0000000500)=0xfffffdbb) close(r0) 1.356191918s ago: executing program 1 (id=2143): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x107, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'ip_vti0\x00'}]}]}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x80}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000940)=@newlink={0x40, 0x10, 0xfffffe17, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @loopback}, @IFLA_IPTUN_6RD_RELAY_PREFIX={0x8, 0xc, 0x6}]}}}]}, 0x40}}, 0x0) (fail_nth: 2) 1.248238826s ago: executing program 2 (id=2144): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="020200090f00000000000000000000000500060000000053000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000020000000005000500000000000a00000000000000ff01000000000000000000000000000100000000000000000100140000000000"], 0x78}}, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x0, 0x6}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r3, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) connect$pppl2tp(r2, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) getsockopt$bt_BT_SECURITY(r2, 0x111, 0x5, 0x0, 0x20001f00) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 907.785738ms ago: executing program 4 (id=2145): r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x1000042}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x42}, 0x10) syz_emit_ethernet(0x7a, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa008100000086dd60f50400403a00fe8000000000000000000000000000bbff020c0000000000000000000000000102009078000000006050835900000000fc010000000000000000000000000000fc0100000000000000000000000000003a000000000000000000000000000000cb1213aac543d0e16d3eff40de9a1ae736de21cadf11d1dce230234a4d10c353e8dd7fbfe663db9375e51be22fb0eef75f7bc7a84ef15201e83d16c8f3ece83f9fe3126e1ab95a6d4f6035fa9bc3e204c5dfd2330cfc8f98c4e6e7b40e335eb36ef69cae2546ea28f819cf90618fd9749fb8c4a9d8f22c2851b645c218d03ac07f664e178118000000000000"], 0x0) 864.180988ms ago: executing program 0 (id=2146): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="06000005bbbbbbbbbbbbaaaaaaaaaabb8100000086dd1062fe54ac2c05"], 0x66) 768.214169ms ago: executing program 4 (id=2147): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvmmsg$unix(r0, &(0x7f00000027c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=""/104, 0x68}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 767.933657ms ago: executing program 1 (id=2148): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5}]}}, 0x0, 0x2a}, 0x20) openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) r3 = socket$packet(0x11, 0x2, 0x300) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x9, 0x10, &(0x7f0000000040)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffff5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdf0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) ioctl$sock_TIOCOUTQ(r3, 0x5411, &(0x7f0000000000)) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$kcm(0xa, 0x922000000003, 0x11) unshare(0x28000600) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000001c0)={'vlan1\x00', &(0x7f0000000140)=@ethtool_ts_info}) write$binfmt_script(r8, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r8, 0x0) setsockopt$sock_attach_bpf(r7, 0x29, 0x24, &(0x7f00000000c0), 0x4) socket(0x1, 0x803, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000500)=@newlink={0x74, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x34, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_EGRESS_QOS={0x28, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x1ff}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7f}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xffff}}]}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x74}}, 0x0) 567.17998ms ago: executing program 0 (id=2149): socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet6(0xa, 0x6, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x5, 0x8, 0x8, 0x105}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1}, &(0x7f00000004c0), &(0x7f00000005c0)}, 0x20) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000740)={@map, 0xffffffffffffffff, 0x25, 0x14}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000e80)={0x3, 0x0, 0x1000}, 0x10, 0x1b471, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000001640)=[{0x0, 0x1, 0x0, 0xb}, {0x5}, {0x2, 0x0, 0x9, 0xc}], 0x10, 0x1}, 0x90) socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x4, 0x0, @rand_addr=0x64010101}, {0x2, 0x4e23, @remote}, 0x184, 0x0, 0x0, 0x0, 0xffff}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket$unix(0x1, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x2d0, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_FRAME={0x2b1, 0x33, @beacon={{{}, {}, @device_b, @device_b}, 0x0, @random, 0x0, @void, @val, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x3}, @void, @void, @val={0x3c, 0x4}, @void, @void, @void, @val={0x76, 0x6}, [{0xdd, 0xb7, "31851c27f0515dccb7554d54162c7b9db37edff2415d5589b53027d4db2f9527a9858f2910b19c7737136d933c4cb8b186a2cb77d33dc186120309d0107aae1822ca939dc88880a147e71f89f5936e8d68041d7e8bcc0f1b2831ed25db982a9cd8fcd5160c5cdc0cbe25dce28dc9925779fc4799284de17406d9ac3b5e35515e37ca5568297e0d3e19d80a5d5addb3184fec9543e41f70eb1bcd9a87da2f4b39e15dca2e549f43749edc5d2150d9349f08894e39ac26f6"}, {0xdd, 0xba, "1cb11f4c9767b25df19d1cb86cc9f4059996ff0021375555251d74cf6f777d24ac2b13bbd9b9d6f27b608e3a58d27ba7b7e16a8e13f0d8f288fa3e9a5e6c9ba0bd7028c0866f7cec56d3e0ae5cb3c8963c4d6e991fbd1547b046152bed86b40dc529d6663ed96a2f54759ca9fd4841407c6fb63f588fed1344890b04c3914826eaa5b022f53aa9fb6bffaa0370be496fc201cd5b33db589eb87730dee906175a89a626342c521f0b18b5cb5ed9de356bf155e503ca39d841b335"}, {0xdd, 0x25, "523a4aa23e4123ca5c555c2b2bf412911511b4b39a758f6e3a496d64414c19f01ba62cf366"}, {0xdd, 0x12, "0941a0e096d40b7d3b60bec79aa8aaa3f566"}, {0xdd, 0x3f, "7b1f666daa2c5732ac642cd918aea5ee68d9287e589b7d5326dd3b2bfb9e3d1679ee7c57f9ddfe7cc6179e25076e5fbf36bd5882a567a92f5c2ba4e5d1fe2e"}, {0xdd, 0x9, "0da71e815422994325"}, {0xdd, 0x6b, "30d8ac98fdedffdf2ad390d8c532101bdebf905f4f96a12b5400578c02f802cac6cedd077c38a52b4fb790de3ab2c28eed8f45baef37217a654a07159fd6efe9fc5a4effdb0327c0802a3a873e92979e62ab34d31a748ae171a86d656075c5a8c88eaba15c64afa0d2a1d2"}, {0xdd, 0x6, "4f3fef835ea8"}]}}]}, 0x2d0}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) 565.942395ms ago: executing program 1 (id=2150): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, 0x0, 0x0) 448.325055ms ago: executing program 1 (id=2151): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000080)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) (async, rerun: 32) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0) (async, rerun: 32) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], &(0x7f0000000340)=""/4083, 0x1a, 0xff3, 0x1}, 0x20) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x6c, 0x30, 0x1, 0x0, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_TTL={0x5, 0x7, 0x8}, @TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x4}}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) pwritev(r1, &(0x7f0000000280)=[{&(0x7f0000001340)="bcce17bb8bfc0619eeb2703c45d8a1f8239e07f5bd96eda362ada49bba06ac38b9e38b8ef07424ceff3b3c974b222bd39321ce84c3050a9705654c919027009cccea4958902a37e426e8e2e10688eb1c939936f1d17b361309ce14df5c70567a7f25307055a9e831023c92a97b46c7c253e02909f242416c442c213825c45a7651cf4374ace7d89e27d368c445eb7dc9b9baecd7580a591dfcd0c23942aa4937eb1f1d5b4c274c2ee5d2d368c562565ad36bf86aa56e50988bcccc452f21ed5156fea17b830e6f863ed734895513c9fa941a3da590df37815b600dddbc185cd74dd6c835eca0", 0xe6}], 0x1, 0x0, 0x0) 328.063441ms ago: executing program 0 (id=2152): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @match={{0xa}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}}, 0x0) r2 = socket$inet(0x2, 0x4, 0xfffffffa) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(michael_mic-generic,pcbc(fcrypt-generic))\x00'}, 0x58) sendfile(0xffffffffffffffff, r2, &(0x7f0000000040)=0x6, 0x2) setsockopt$inet_mreqn(r2, 0x0, 0x24, 0x0, 0x0) 267.801453ms ago: executing program 1 (id=2153): unshare(0x62040200) r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0x8, 0xa}}}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0x100b, &(0x7f0000001e40)=""/4107}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000240)=ANY=[@ANYRES64], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0x8005, 0x0, &(0x7f0000000000)='\a\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x8005, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a1d010000000000000000020000000900010073797a3000000000080002400000000098000000030a01020000000000000000020000000900010073797a30000000000900030073797a32000000006b00030091abc12404cf378042f26c43"], 0xfc}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newtaction={0x6c, 0x30, 0x9, 0x0, 0x0, {}, [{0x58, 0x1, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x20000000}, 0x3}}, @TCA_VLAN_PUSH_VLAN_ID={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001940)={0x114, 0x2b, 0x1, 0x0, 0x0, "", [@nested={0x103, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x0, 0x0, 0x0, @ipv6=@mcast2}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd"]}]}, 0x114}], 0x1}, 0x0) 251.964995ms ago: executing program 0 (id=2154): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000140)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x300}, 0x10}}, 0x0) 129.396363ms ago: executing program 0 (id=2155): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="580000000206030000000000000000000000000005000100070000000900020073797a31000000000c00078008001200000000000500050002000000050004000000000012000300686173683a6e65742c706f727400000068f136079809734566c496731449d43533a17c556496d47168ea1639021948a1abaa08942575fa5717a2b8ac38be560d62ed7b97361ecb587127e52316275168f16f838313"], 0x58}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @rand_addr, 0x800}, 0x1c) listen(r1, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ppoll(&(0x7f00000003c0)=[{r0, 0x300}, {r0, 0x1610}, {r2, 0x214}], 0x3, &(0x7f0000000400)={0x77359400}, &(0x7f0000000440)={[0x1]}, 0x8) syz_emit_ethernet(0x4e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaac4bc9cac968686dd6003000000180600fe8000000000000000000000000000aafe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="6ec200009078000002046702"], 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, 0x0, 0x0) r3 = socket$key(0xf, 0x3, 0x2) r4 = socket(0x15, 0x5, 0x0) bind$l2tp6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x20) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_int(r5, &(0x7f00000000c0)='cpuset.mems\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70200000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b28448692686ac80d81a89f9c29e2768"], &(0x7f0000000140)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffec3}, 0x48) r7 = epoll_create(0x8) bind$bt_l2cap(r4, &(0x7f00000002c0)={0x1f, 0x5, @any, 0x1}, 0xe) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_MOD(r7, 0x3, r6, &(0x7f0000000180)) write$cgroup_int(r6, &(0x7f0000000280), 0x12) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000180)={@dev, @loopback}, &(0x7f0000000200)=0xc) sendmsg$key(r3, &(0x7f0000000140)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x2, 0x0, 0x0, 0x9, 0x2}, 0x10}}, 0x0) 0s ago: executing program 2 (id=2156): socket$key(0xf, 0x3, 0x2) r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@ipv4_newrule={0x2c, 0x20, 0x1, 0x0, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e20, 0x4e20}}, @FRA_GENERIC_POLICY=@FRA_DPORT_RANGE={0x8, 0x18, {0x4e21, 0x4e22}}]}, 0x2c}}, 0x0) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000800)={0x0, @in={{0x2, 0x4e24, @multicast2}}, 0xa, 0x8, 0x3, 0x8001, 0xedd8}, &(0x7f00000008c0)=0x98) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={r4, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e23, @private=0xa010101}]}, &(0x7f00000007c0)=0x10) r5 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet6(r1, &(0x7f0000000740)=[{{&(0x7f0000000080)={0xa, 0x4e24, 0x9, @private0, 0x18}, 0x1c, &(0x7f0000000100)=[{&(0x7f00000001c0)="11f5d87262efcd319065635d76f3a0dfce9cd784682c8eea7499e4303295e393a40e3c35308070eae941a8f4ff0e658201f8e25cd7325a16f9c9cb7815c579e74336907b9c6eb0a3578ba77ff02c2cebbe03ce9dddca765d9f7d3d7709c28ef0da7a417fe88aaae958b7fea961c0220648dbc646104de65a3c59624f7da4242bb1bba92f7c75f8b12b63ca50e769040e73207ca60a806d77d7b8845e178f83853b3ab71af65f26095eeba211f2", 0xad}, {&(0x7f0000000380)="177d12f7b7d4037ec9e98ccee231abe4de8922e0b6e0a8ca04607aed083d3d5ffed8f5c86e87f5f65b49685659975374c993b87097a9e22dafd1234fd1315080b848f52a66ca0344a08cad33b4c8f1258c8efb479be2c4cb2049d61ce893b5bcdbee69af4a3b651cd0b97a2cbbce6bc0da073c4b4522a09c220f27ce812a80aa3ddda040804860fc02cfa735e8c2cef13f5211f63f72bac5c4ba63ec9fbe8d591689b88f909dc148a874a98d3c79f12817e825c71b29de95cb39099b543646e7c50e4ead73960c785907", 0xca}], 0x2, &(0x7f0000000140)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0x2}}], 0x18}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000280)="809486b8e072d73bd9c161e65e874196693c489a923dae4e6be07b386987d1d42a6c1d06a71ba1a6acb16f020386c2e1318597827ca801a92506a9b46d588956c35e7f65794a41a0faf33e1ac362fd73e51b5c3f0d24c9ad83711352cec27d6e0c13870e0579aa91f79e2f19603fbae6dc0dbe46e40ccbefe47816094657e1ae3ac74b60ccf500ddbbe1812c71b4f3de427812d37f3942c2a039f979458f29de52675146de2e737332aae51416923875a60ee4b4", 0xb4}, {&(0x7f0000000480)="0dc0fdd656e2ab850ac46776bb72a4b1699f4ddaaf258a22c6eb2493276c9e4feefc1b7f5dce51ad0cd12081dd58c0c5ef6d8df3aa13522eb06a3c3138c9ebf502447f2de480f5b901fb7abd198e", 0x4e}, {&(0x7f0000000500)}, {&(0x7f0000000540)="543e881d172d955affa024a868b7762f1189b612e9165969758551417cec48abf29508040e4b332eacf68195e226953b1aeb5c3ec08a9346ba89c584c7f03653900faab1eca54003a4912b05ebd07769", 0x50}], 0x4, &(0x7f0000000600)=[@rthdrdstopts={{0xd0, 0x29, 0x37, {0x0, 0x16, '\x00', [@generic={0xb, 0xa5, "7b02cc24a30b9341b361abeefe5522bf2a5df7ce915f11fc8adde79b4c1a870f406e7c1df9f745aa7e22bd72c229f776146ecc4ab64f337d12378a0fc0ef6fa0d99135acfea5baa7c22ce4c953c841c6635cc578403435b28a433726c8da9a8237323d793067e1fe32adb03b309f7a45d4f9e2d3b749e3478cb89e4756e57a9f0a28388deeec9e33c8023ab2af94463561567eeb67b2e306c89543c4c88de183c46136e43c"}, @jumbo={0xc2, 0x4, 0x5}, @jumbo={0xc2, 0x4, 0x7fffffff}, @pad1]}}}, @hoplimit={{0x14}}, @dontfrag={{0x14, 0x29, 0x3e, 0x5}}, @rthdr={{0x18, 0x29, 0x39, {0x2f, 0x0, 0x2}}}], 0x118}}], 0x2, 0x24004041) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000340)=0x8) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) r7 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r6, 0x84, 0x71, &(0x7f00000000c0)={r8}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x71, &(0x7f00000000c0)={r8, 0x31}, &(0x7f0000000500)=0xfffffdbb) close(r0) kernel console output (not intermixed with test programs): Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 297.742771][T11385] Call Trace: [ 297.746083][T11385] [ 297.749045][T11385] dump_stack_lvl+0x241/0x360 [ 297.753957][T11385] ? __pfx_dump_stack_lvl+0x10/0x10 [ 297.759219][T11385] ? __pfx__printk+0x10/0x10 [ 297.763868][T11385] ? ref_tracker_alloc+0x332/0x490 [ 297.769038][T11385] should_fail_ex+0x3b0/0x4e0 [ 297.773779][T11385] ? skb_clone+0x20c/0x390 [ 297.778219][T11385] should_failslab+0x9/0x20 [ 297.782834][T11385] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 297.788234][T11385] skb_clone+0x20c/0x390 [ 297.792517][T11385] __netlink_deliver_tap+0x3cc/0x7c0 [ 297.797829][T11385] ? netlink_deliver_tap+0x2e/0x1b0 [ 297.803041][T11385] netlink_deliver_tap+0x19d/0x1b0 [ 297.808171][T11385] netlink_unicast+0x7be/0x990 [ 297.812955][T11385] ? __pfx_netlink_unicast+0x10/0x10 [ 297.818261][T11385] ? __virt_addr_valid+0x183/0x520 [ 297.823668][T11385] ? __check_object_size+0x49c/0x900 [ 297.828976][T11385] ? bpf_lsm_netlink_send+0x9/0x10 [ 297.834111][T11385] netlink_sendmsg+0x8e4/0xcb0 [ 297.838900][T11385] ? __pfx_netlink_sendmsg+0x10/0x10 [ 297.844206][T11385] ? __import_iovec+0x536/0x820 [ 297.849067][T11385] ? aa_sock_msg_perm+0x91/0x160 [ 297.855005][T11385] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 297.860309][T11385] ? security_socket_sendmsg+0x87/0xb0 [ 297.865792][T11385] ? __pfx_netlink_sendmsg+0x10/0x10 [ 297.871100][T11385] __sock_sendmsg+0x221/0x270 [ 297.875812][T11385] ____sys_sendmsg+0x525/0x7d0 [ 297.880606][T11385] ? __pfx_____sys_sendmsg+0x10/0x10 [ 297.885944][T11385] __sys_sendmsg+0x2b0/0x3a0 [ 297.890574][T11385] ? __pfx___sys_sendmsg+0x10/0x10 [ 297.895702][T11385] ? vfs_write+0x7c4/0xc90 [ 297.900168][T11385] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 297.906519][T11385] ? do_syscall_64+0x100/0x230 [ 297.911321][T11385] ? do_syscall_64+0xb6/0x230 [ 297.916013][T11385] do_syscall_64+0xf3/0x230 [ 297.920539][T11385] ? clear_bhb_loop+0x35/0x90 [ 297.925417][T11385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.931407][T11385] RIP: 0033:0x7f84e0f75bd9 [ 297.936009][T11385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.955738][T11385] RSP: 002b:00007f84e1cbe048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 297.964175][T11385] RAX: ffffffffffffffda RBX: 00007f84e1103f60 RCX: 00007f84e0f75bd9 [ 297.972161][T11385] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 297.980144][T11385] RBP: 00007f84e1cbe0a0 R08: 0000000000000000 R09: 0000000000000000 [ 297.988221][T11385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 297.996208][T11385] R13: 000000000000000b R14: 00007f84e1103f60 R15: 00007ffecc57d278 [ 298.004207][T11385] [ 298.032839][T11385] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1574'. [ 298.059443][T11066] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 298.141029][T11066] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 298.200824][T11066] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 298.415358][T11406] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1578'. [ 298.483374][T11406] lo speed is unknown, defaulting to 1000 [ 298.513341][T11403] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1578'. [ 298.626042][T11066] 8021q: adding VLAN 0 to HW filter on device bond0 [ 298.699314][T11066] 8021q: adding VLAN 0 to HW filter on device team0 [ 298.731558][ T5153] bridge0: port 1(bridge_slave_0) entered blocking state [ 298.738914][ T5153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 298.777006][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 298.784276][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.557954][T11066] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 299.804881][T11066] veth0_vlan: entered promiscuous mode [ 299.866995][T11066] veth1_vlan: entered promiscuous mode [ 299.989970][T11066] veth0_macvtap: entered promiscuous mode [ 300.050014][T11066] veth1_macvtap: entered promiscuous mode [ 300.111410][T11467] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1593'. [ 300.136906][T11066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 300.174872][T11066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.202335][T11066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 300.228110][T11066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.252129][T11066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 300.264120][T11066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.276938][T11066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 300.299139][T11066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.364961][T11066] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 300.410236][T11066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 300.472747][T11066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.499688][T11066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 300.529598][T11066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.555408][T11066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 300.576734][T11066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.609951][T11066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 300.639046][T11066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.661580][T11066] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 300.723300][T11066] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.762471][T11066] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.773035][T11487] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1599'. [ 300.795187][T11066] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.806183][T11491] FAULT_INJECTION: forcing a failure. [ 300.806183][T11491] name failslab, interval 1, probability 0, space 0, times 0 [ 300.814384][T11066] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.822429][T11491] CPU: 1 PID: 11491 Comm: syz.0.1600 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 300.837766][T11491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 300.847868][T11491] Call Trace: [ 300.851200][T11491] [ 300.854157][T11491] dump_stack_lvl+0x241/0x360 [ 300.858874][T11491] ? __pfx_dump_stack_lvl+0x10/0x10 [ 300.864171][T11491] ? __pfx__printk+0x10/0x10 [ 300.868783][T11491] ? ref_tracker_alloc+0x332/0x490 [ 300.873921][T11491] should_fail_ex+0x3b0/0x4e0 [ 300.878621][T11491] ? skb_clone+0x20c/0x390 [ 300.883052][T11491] should_failslab+0x9/0x20 [ 300.887569][T11491] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 300.892964][T11491] skb_clone+0x20c/0x390 [ 300.897230][T11491] __netlink_deliver_tap+0x3cc/0x7c0 [ 300.902626][T11491] ? netlink_deliver_tap+0x2e/0x1b0 [ 300.907861][T11491] netlink_deliver_tap+0x19d/0x1b0 [ 300.913009][T11491] netlink_unicast+0x7be/0x990 [ 300.917805][T11491] ? __pfx_netlink_unicast+0x10/0x10 [ 300.923096][T11491] ? __virt_addr_valid+0x183/0x520 [ 300.928247][T11491] ? __check_object_size+0x49c/0x900 [ 300.933556][T11491] ? bpf_lsm_netlink_send+0x9/0x10 [ 300.938707][T11491] netlink_sendmsg+0x8e4/0xcb0 [ 300.943567][T11491] ? __pfx_netlink_sendmsg+0x10/0x10 [ 300.948866][T11491] ? __import_iovec+0x536/0x820 [ 300.953741][T11491] ? aa_sock_msg_perm+0x91/0x160 [ 300.958707][T11491] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 300.964008][T11491] ? security_socket_sendmsg+0x87/0xb0 [ 300.969508][T11491] ? __pfx_netlink_sendmsg+0x10/0x10 [ 300.974807][T11491] __sock_sendmsg+0x221/0x270 [ 300.979528][T11491] ____sys_sendmsg+0x525/0x7d0 [ 300.984407][T11491] ? __pfx_____sys_sendmsg+0x10/0x10 [ 300.989733][T11491] __sys_sendmsg+0x2b0/0x3a0 [ 300.994359][T11491] ? __pfx___sys_sendmsg+0x10/0x10 [ 300.999572][T11491] ? vfs_write+0x7c4/0xc90 [ 301.004061][T11491] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 301.010422][T11491] ? do_syscall_64+0x100/0x230 [ 301.015204][T11491] ? do_syscall_64+0xb6/0x230 [ 301.019895][T11491] do_syscall_64+0xf3/0x230 [ 301.024410][T11491] ? clear_bhb_loop+0x35/0x90 [ 301.029106][T11491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.035017][T11491] RIP: 0033:0x7fe2c3375bd9 [ 301.039441][T11491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 301.059093][T11491] RSP: 002b:00007fe2c40bb048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 301.067612][T11491] RAX: ffffffffffffffda RBX: 00007fe2c3503f60 RCX: 00007fe2c3375bd9 [ 301.076115][T11491] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 301.084096][T11491] RBP: 00007fe2c40bb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 301.092084][T11491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 301.100074][T11491] R13: 000000000000000b R14: 00007fe2c3503f60 R15: 00007ffd843451b8 [ 301.108160][T11491] [ 301.143878][T11484] ip6tnl0: Caught tx_queue_len zero misconfig [ 301.344049][T11468] hsr0: entered promiscuous mode [ 301.593210][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.630153][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.818830][T11505] ipip0: entered promiscuous mode [ 301.862813][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.870779][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 302.233138][T11527] FAULT_INJECTION: forcing a failure. [ 302.233138][T11527] name failslab, interval 1, probability 0, space 0, times 0 [ 302.266630][T11527] CPU: 1 PID: 11527 Comm: syz.2.1608 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 302.276864][T11527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 302.286976][T11527] Call Trace: [ 302.290295][T11527] [ 302.293307][T11527] dump_stack_lvl+0x241/0x360 [ 302.298126][T11527] ? __pfx_dump_stack_lvl+0x10/0x10 [ 302.303458][T11527] ? __pfx__printk+0x10/0x10 [ 302.308109][T11527] ? ref_tracker_alloc+0x332/0x490 [ 302.313283][T11527] should_fail_ex+0x3b0/0x4e0 [ 302.318052][T11527] ? skb_clone+0x20c/0x390 [ 302.322609][T11527] should_failslab+0x9/0x20 [ 302.327169][T11527] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 302.332600][T11527] skb_clone+0x20c/0x390 [ 302.336902][T11527] __netlink_deliver_tap+0x3cc/0x7c0 [ 302.342262][T11527] ? netlink_deliver_tap+0x2e/0x1b0 [ 302.347540][T11527] netlink_deliver_tap+0x19d/0x1b0 [ 302.352699][T11527] netlink_unicast+0x7be/0x990 [ 302.357522][T11527] ? __pfx_netlink_unicast+0x10/0x10 [ 302.362849][T11527] ? __virt_addr_valid+0x183/0x520 [ 302.368019][T11527] ? __check_object_size+0x49c/0x900 [ 302.373350][T11527] ? bpf_lsm_netlink_send+0x9/0x10 [ 302.378511][T11527] netlink_sendmsg+0x8e4/0xcb0 [ 302.383335][T11527] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.388667][T11527] ? __import_iovec+0x536/0x820 [ 302.393561][T11527] ? aa_sock_msg_perm+0x91/0x160 [ 302.398558][T11527] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 302.403886][T11527] ? security_socket_sendmsg+0x87/0xb0 [ 302.409396][T11527] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.414755][T11527] __sock_sendmsg+0x221/0x270 [ 302.419485][T11527] ____sys_sendmsg+0x525/0x7d0 [ 302.424311][T11527] ? __pfx_____sys_sendmsg+0x10/0x10 [ 302.429665][T11527] __sys_sendmsg+0x2b0/0x3a0 [ 302.434582][T11527] ? __pfx___sys_sendmsg+0x10/0x10 [ 302.439906][T11527] ? vfs_write+0x7c4/0xc90 [ 302.444433][T11527] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 302.450836][T11527] ? do_syscall_64+0x100/0x230 [ 302.455651][T11527] ? do_syscall_64+0xb6/0x230 [ 302.460380][T11527] do_syscall_64+0xf3/0x230 [ 302.464933][T11527] ? clear_bhb_loop+0x35/0x90 [ 302.469679][T11527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.475723][T11527] RIP: 0033:0x7f84e0f75bd9 [ 302.480176][T11527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.500012][T11527] RSP: 002b:00007f84e1c9d048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 302.508477][T11527] RAX: ffffffffffffffda RBX: 00007f84e1104038 RCX: 00007f84e0f75bd9 [ 302.516610][T11527] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 302.524632][T11527] RBP: 00007f84e1c9d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 302.532650][T11527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 302.540660][T11527] R13: 000000000000006e R14: 00007f84e1104038 R15: 00007ffecc57d278 [ 302.548778][T11527] [ 302.844974][T11539] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.1610'. [ 303.381183][T11562] FAULT_INJECTION: forcing a failure. [ 303.381183][T11562] name failslab, interval 1, probability 0, space 0, times 0 [ 303.410728][T11562] CPU: 0 PID: 11562 Comm: syz.2.1616 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 303.421051][T11562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 303.431306][T11562] Call Trace: [ 303.434599][T11562] [ 303.437539][T11562] dump_stack_lvl+0x241/0x360 [ 303.442239][T11562] ? __pfx_dump_stack_lvl+0x10/0x10 [ 303.447541][T11562] ? __pfx__printk+0x10/0x10 [ 303.452150][T11562] should_fail_ex+0x3b0/0x4e0 [ 303.456846][T11562] ? __alloc_skb+0x1c3/0x440 [ 303.461450][T11562] should_failslab+0x9/0x20 [ 303.465975][T11562] kmem_cache_alloc_node_noprof+0x71/0x320 [ 303.471814][T11562] __alloc_skb+0x1c3/0x440 [ 303.476279][T11562] ? __pfx___alloc_skb+0x10/0x10 [ 303.481240][T11562] ? netlink_ack_tlv_len+0x6e/0x200 [ 303.486464][T11562] netlink_ack+0x13f/0xa30 [ 303.490894][T11562] ? __up_read+0x2c2/0x6b0 [ 303.495346][T11562] rdma_nl_rcv+0x3f6/0x9e0 [ 303.499795][T11562] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 303.504773][T11562] ? netlink_deliver_tap+0x2e/0x1b0 [ 303.509988][T11562] netlink_unicast+0x7f0/0x990 [ 303.514774][T11562] ? __pfx_netlink_unicast+0x10/0x10 [ 303.520101][T11562] ? __virt_addr_valid+0x183/0x520 [ 303.525239][T11562] ? __check_object_size+0x49c/0x900 [ 303.530543][T11562] ? bpf_lsm_netlink_send+0x9/0x10 [ 303.535678][T11562] netlink_sendmsg+0x8e4/0xcb0 [ 303.540480][T11562] ? __pfx_netlink_sendmsg+0x10/0x10 [ 303.545787][T11562] ? __import_iovec+0x536/0x820 [ 303.550683][T11562] ? aa_sock_msg_perm+0x91/0x160 [ 303.555661][T11562] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 303.561150][T11562] ? security_socket_sendmsg+0x87/0xb0 [ 303.566646][T11562] ? __pfx_netlink_sendmsg+0x10/0x10 [ 303.572120][T11562] __sock_sendmsg+0x221/0x270 [ 303.576903][T11562] ____sys_sendmsg+0x525/0x7d0 [ 303.581717][T11562] ? __pfx_____sys_sendmsg+0x10/0x10 [ 303.587205][T11562] __sys_sendmsg+0x2b0/0x3a0 [ 303.591832][T11562] ? __pfx___sys_sendmsg+0x10/0x10 [ 303.596969][T11562] ? vfs_write+0x7c4/0xc90 [ 303.601500][T11562] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 303.607850][T11562] ? do_syscall_64+0x100/0x230 [ 303.612651][T11562] ? do_syscall_64+0xb6/0x230 [ 303.617361][T11562] do_syscall_64+0xf3/0x230 [ 303.621896][T11562] ? clear_bhb_loop+0x35/0x90 [ 303.626597][T11562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.632509][T11562] RIP: 0033:0x7f84e0f75bd9 [ 303.637110][T11562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.656921][T11562] RSP: 002b:00007f84e1c9d048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 303.665357][T11562] RAX: ffffffffffffffda RBX: 00007f84e1104038 RCX: 00007f84e0f75bd9 [ 303.673357][T11562] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000004 [ 303.681336][T11562] RBP: 00007f84e1c9d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 303.689406][T11562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 303.697388][T11562] R13: 000000000000006e R14: 00007f84e1104038 R15: 00007ffecc57d278 [ 303.705499][T11562] [ 303.953022][T11568] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1617'. [ 304.028066][T11573] dummy0: entered promiscuous mode [ 304.042084][T11573] dummy0: left promiscuous mode [ 304.056700][T11573] RDS: rds_bind could not find a transport for ::ffff:172.30.0.1, load rds_tcp or rds_rdma? [ 304.495440][T11591] sctp: [Deprecated]: syz.1.1622 (pid 11591) Use of int in maxseg socket option. [ 304.495440][T11591] Use struct sctp_assoc_value instead [ 304.619551][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.206666][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.303816][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.397667][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.584539][ T35] bridge_slave_1: left allmulticast mode [ 305.590354][ T35] bridge_slave_1: left promiscuous mode [ 305.602730][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.619639][ T35] bridge_slave_0: left allmulticast mode [ 305.625481][ T35] bridge_slave_0: left promiscuous mode [ 305.631401][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.363889][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 306.384870][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 306.410819][ T35] bond0 (unregistering): Released all slaves [ 306.436043][T11648] netlink: 'syz.0.1624': attribute type 1 has an invalid length. [ 306.458025][T11648] netlink: 'syz.0.1624': attribute type 1 has an invalid length. [ 306.472490][T11648] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1624'. [ 306.525526][ T5105] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 306.537586][ T5105] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 306.563196][ T5105] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 306.583151][ T5105] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 306.618947][ T5105] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 306.628542][T11644] lo speed is unknown, defaulting to 1000 [ 306.635501][ T5105] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 306.652583][T11654] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1627'. [ 307.227977][T11655] lo speed is unknown, defaulting to 1000 [ 307.738303][T11686] veth0_vlan: left promiscuous mode [ 308.009437][ T35] hsr_slave_0: left promiscuous mode [ 308.048407][ T35] hsr_slave_1: left promiscuous mode [ 308.075971][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 308.092720][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 308.118178][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 308.144259][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 308.219960][ T35] veth1_macvtap: left promiscuous mode [ 308.226242][ T35] veth0_macvtap: left promiscuous mode [ 308.240030][ T35] veth1_vlan: left promiscuous mode [ 308.249235][ T35] veth0_vlan: left promiscuous mode [ 308.492034][T11685] delete_channel: no stack [ 308.712725][ T5105] Bluetooth: hci3: command tx timeout [ 308.794742][T11705] FAULT_INJECTION: forcing a failure. [ 308.794742][T11705] name failslab, interval 1, probability 0, space 0, times 0 [ 308.808715][T11705] CPU: 0 PID: 11705 Comm: syz.2.1635 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 308.818922][T11705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 308.828999][T11705] Call Trace: [ 308.832291][T11705] [ 308.835255][T11705] dump_stack_lvl+0x241/0x360 [ 308.839994][T11705] ? __pfx_dump_stack_lvl+0x10/0x10 [ 308.845202][T11705] ? __pfx__printk+0x10/0x10 [ 308.849831][T11705] ? ref_tracker_alloc+0x332/0x490 [ 308.854967][T11705] should_fail_ex+0x3b0/0x4e0 [ 308.859670][T11705] ? skb_clone+0x20c/0x390 [ 308.864133][T11705] should_failslab+0x9/0x20 [ 308.868668][T11705] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 308.874072][T11705] skb_clone+0x20c/0x390 [ 308.878327][T11705] __netlink_deliver_tap+0x3cc/0x7c0 [ 308.883637][T11705] ? netlink_deliver_tap+0x2e/0x1b0 [ 308.888853][T11705] netlink_deliver_tap+0x19d/0x1b0 [ 308.894002][T11705] netlink_unicast+0x7be/0x990 [ 308.898819][T11705] ? __pfx_netlink_unicast+0x10/0x10 [ 308.904131][T11705] ? __virt_addr_valid+0x183/0x520 [ 308.909453][T11705] ? __check_object_size+0x49c/0x900 [ 308.914928][T11705] ? bpf_lsm_netlink_send+0x9/0x10 [ 308.920193][T11705] netlink_sendmsg+0x8e4/0xcb0 [ 308.925114][T11705] ? __pfx_netlink_sendmsg+0x10/0x10 [ 308.930423][T11705] ? __import_iovec+0x536/0x820 [ 308.935329][T11705] ? aa_sock_msg_perm+0x91/0x160 [ 308.940289][T11705] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 308.945763][T11705] ? security_socket_sendmsg+0x87/0xb0 [ 308.951264][T11705] ? __pfx_netlink_sendmsg+0x10/0x10 [ 308.956562][T11705] __sock_sendmsg+0x221/0x270 [ 308.961606][T11705] ____sys_sendmsg+0x525/0x7d0 [ 308.966409][T11705] ? __pfx_____sys_sendmsg+0x10/0x10 [ 308.971820][T11705] __sys_sendmsg+0x2b0/0x3a0 [ 308.976443][T11705] ? __pfx___sys_sendmsg+0x10/0x10 [ 308.981748][T11705] ? vfs_write+0x7c4/0xc90 [ 308.986215][T11705] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 308.992662][T11705] ? do_syscall_64+0x100/0x230 [ 308.997441][T11705] ? do_syscall_64+0xb6/0x230 [ 309.002216][T11705] do_syscall_64+0xf3/0x230 [ 309.006754][T11705] ? clear_bhb_loop+0x35/0x90 [ 309.011463][T11705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.017395][T11705] RIP: 0033:0x7f84e0f75bd9 [ 309.021840][T11705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.041735][T11705] RSP: 002b:00007f84e1cbe048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 309.050180][T11705] RAX: ffffffffffffffda RBX: 00007f84e1103f60 RCX: 00007f84e0f75bd9 [ 309.058198][T11705] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 309.066217][T11705] RBP: 00007f84e1cbe0a0 R08: 0000000000000000 R09: 0000000000000000 [ 309.074322][T11705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 309.082322][T11705] R13: 000000000000000b R14: 00007f84e1103f60 R15: 00007ffecc57d278 [ 309.090322][T11705] [ 309.241862][ T35] team0 (unregistering): Port device team_slave_1 removed [ 309.289314][ T35] team0 (unregistering): Port device team_slave_0 removed [ 309.873321][T11711] FAULT_INJECTION: forcing a failure. [ 309.873321][T11711] name failslab, interval 1, probability 0, space 0, times 0 [ 309.888044][T11711] CPU: 1 PID: 11711 Comm: syz.1.1636 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 309.898811][T11711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 309.908982][T11711] Call Trace: [ 309.912509][T11711] [ 309.915455][T11711] dump_stack_lvl+0x241/0x360 [ 309.920335][T11711] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.925570][T11711] ? __pfx__printk+0x10/0x10 [ 309.930176][T11711] ? __pfx___might_resched+0x10/0x10 [ 309.935565][T11711] ? trace_contention_end+0x3c/0x120 [ 309.941042][T11711] ? __mutex_lock+0x2ef/0xd70 [ 309.945749][T11711] should_fail_ex+0x3b0/0x4e0 [ 309.950450][T11711] ? genl_start+0x1cb/0x6d0 [ 309.955068][T11711] should_failslab+0x9/0x20 [ 309.959593][T11711] kmalloc_trace_noprof+0x6c/0x2c0 [ 309.964739][T11711] genl_start+0x1cb/0x6d0 [ 309.969102][T11711] __netlink_dump_start+0x45c/0x780 [ 309.974330][T11711] genl_rcv_msg+0x88c/0xec0 [ 309.978863][T11711] ? mark_lock+0x9a/0x350 [ 309.983254][T11711] ? __pfx_genl_rcv_msg+0x10/0x10 [ 309.988309][T11711] ? __pfx_genl_start+0x10/0x10 [ 309.993179][T11711] ? __pfx_genl_dumpit+0x10/0x10 [ 309.998141][T11711] ? __pfx_genl_done+0x10/0x10 [ 310.002940][T11711] ? __pfx_lock_acquire+0x10/0x10 [ 310.008063][T11711] ? __pfx_nfc_genl_dump_devices+0x10/0x10 [ 310.013893][T11711] ? __pfx_nfc_genl_dump_devices_done+0x10/0x10 [ 310.020155][T11711] ? __pfx___might_resched+0x10/0x10 [ 310.025464][T11711] netlink_rcv_skb+0x1e3/0x430 [ 310.030244][T11711] ? __pfx_genl_rcv_msg+0x10/0x10 [ 310.035287][T11711] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 310.040627][T11711] genl_rcv+0x28/0x40 [ 310.044629][T11711] netlink_unicast+0x7f0/0x990 [ 310.049600][T11711] ? __pfx_netlink_unicast+0x10/0x10 [ 310.054925][T11711] ? __virt_addr_valid+0x183/0x520 [ 310.060064][T11711] ? __check_object_size+0x49c/0x900 [ 310.065373][T11711] ? bpf_lsm_netlink_send+0x9/0x10 [ 310.070865][T11711] netlink_sendmsg+0x8e4/0xcb0 [ 310.075660][T11711] ? __pfx_netlink_sendmsg+0x10/0x10 [ 310.080962][T11711] ? __import_iovec+0x536/0x820 [ 310.085822][T11711] ? aa_sock_msg_perm+0x91/0x160 [ 310.090779][T11711] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 310.096274][T11711] ? security_socket_sendmsg+0x87/0xb0 [ 310.101750][T11711] ? __pfx_netlink_sendmsg+0x10/0x10 [ 310.107048][T11711] __sock_sendmsg+0x221/0x270 [ 310.111777][T11711] ____sys_sendmsg+0x525/0x7d0 [ 310.116570][T11711] ? __pfx_____sys_sendmsg+0x10/0x10 [ 310.121891][T11711] __sys_sendmsg+0x2b0/0x3a0 [ 310.126505][T11711] ? __pfx___sys_sendmsg+0x10/0x10 [ 310.131629][T11711] ? vfs_write+0x7c4/0xc90 [ 310.136101][T11711] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 310.142467][T11711] ? do_syscall_64+0x100/0x230 [ 310.147278][T11711] ? do_syscall_64+0xb6/0x230 [ 310.151986][T11711] do_syscall_64+0xf3/0x230 [ 310.156518][T11711] ? clear_bhb_loop+0x35/0x90 [ 310.161507][T11711] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.167434][T11711] RIP: 0033:0x7faf21975bd9 [ 310.171873][T11711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.191502][T11711] RSP: 002b:00007faf2279b048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 310.199956][T11711] RAX: ffffffffffffffda RBX: 00007faf21b03f60 RCX: 00007faf21975bd9 [ 310.207975][T11711] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000006 [ 310.215966][T11711] RBP: 00007faf2279b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 310.223967][T11711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 310.231955][T11711] R13: 000000000000000b R14: 00007faf21b03f60 R15: 00007ffd4fe49cc8 [ 310.239975][T11711] [ 310.602155][T11722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1639'. [ 310.669834][T11655] chnl_net:caif_netlink_parms(): no params data found [ 310.711707][T11722] netlink: 'syz.0.1639': attribute type 15 has an invalid length. [ 310.792997][ T5105] Bluetooth: hci3: command tx timeout [ 311.050117][T11655] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.059886][T11655] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.088549][T11655] bridge_slave_0: entered allmulticast mode [ 311.115245][T11655] bridge_slave_0: entered promiscuous mode [ 311.163720][T11655] bridge0: port 2(bridge_slave_1) entered blocking state [ 311.170968][T11655] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.206120][T11655] bridge_slave_1: entered allmulticast mode [ 311.217908][T11655] bridge_slave_1: entered promiscuous mode [ 311.358859][T11655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 311.387366][T11756] Bluetooth: MGMT ver 1.22 [ 311.408666][T11655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 311.583937][T11655] team0: Port device team_slave_0 added [ 311.599465][T11655] team0: Port device team_slave_1 added [ 311.713432][T11763] @ÿ: renamed from veth0_vlan (while UP) [ 311.754896][T11655] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 311.798199][T11655] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 311.827878][T11655] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 311.886189][T11655] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 311.919934][T11655] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 311.961132][T11655] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 312.133182][T11655] hsr_slave_0: entered promiscuous mode [ 312.146819][T11655] hsr_slave_1: entered promiscuous mode [ 312.171323][T11655] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 312.189978][T11785] FAULT_INJECTION: forcing a failure. [ 312.189978][T11785] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 312.220776][T11655] Cannot create hsr debugfs directory [ 312.233306][T11785] CPU: 1 PID: 11785 Comm: syz.0.1654 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 312.243528][T11785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 312.253598][T11785] Call Trace: [ 312.256886][T11785] [ 312.259825][T11785] dump_stack_lvl+0x241/0x360 [ 312.264518][T11785] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.269725][T11785] ? __pfx__printk+0x10/0x10 [ 312.274331][T11785] should_fail_ex+0x3b0/0x4e0 [ 312.279028][T11785] _copy_from_user+0x2f/0xe0 [ 312.283628][T11785] bpf_test_init+0x11f/0x180 [ 312.288338][T11785] bpf_prog_test_run_xdp+0x48e/0x11b0 [ 312.293724][T11785] ? __pfx_lock_acquire+0x10/0x10 [ 312.298771][T11785] ? __pfx_lock_release+0x10/0x10 [ 312.303915][T11785] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 312.309761][T11785] ? __fget_files+0x29/0x470 [ 312.314412][T11785] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 312.320234][T11785] bpf_prog_test_run+0x33a/0x3b0 [ 312.325210][T11785] __sys_bpf+0x48d/0x810 [ 312.329476][T11785] ? __pfx___sys_bpf+0x10/0x10 [ 312.334268][T11785] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 312.340359][T11785] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 312.347222][T11785] ? do_syscall_64+0x100/0x230 [ 312.352000][T11785] __x64_sys_bpf+0x7c/0x90 [ 312.356457][T11785] do_syscall_64+0xf3/0x230 [ 312.360990][T11785] ? clear_bhb_loop+0x35/0x90 [ 312.365717][T11785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.371636][T11785] RIP: 0033:0x7fe2c3375bd9 [ 312.376098][T11785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.395823][T11785] RSP: 002b:00007fe2c40bb048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 312.404488][T11785] RAX: ffffffffffffffda RBX: 00007fe2c3503f60 RCX: 00007fe2c3375bd9 [ 312.412567][T11785] RDX: 0000000000000050 RSI: 0000000020000340 RDI: 000000000000000a [ 312.420696][T11785] RBP: 00007fe2c40bb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 312.428697][T11785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 312.436689][T11785] R13: 000000000000000b R14: 00007fe2c3503f60 R15: 00007ffd843451b8 [ 312.444882][T11785] [ 312.872989][ T5105] Bluetooth: hci3: command tx timeout [ 312.991834][T11809] dccp_invalid_packet: P.Data Offset(0) too small [ 314.061605][T11862] xt_cgroup: invalid path, errno=-2 [ 314.086280][T11655] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 314.125351][T11655] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 314.156876][T11655] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 314.209375][T11655] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 314.534843][T11878] dummy0: entered promiscuous mode [ 314.607694][T11878] dummy0: left promiscuous mode [ 314.648929][T11878] RDS: rds_bind could not find a transport for ::ffff:172.30.0.2, load rds_tcp or rds_rdma? [ 314.666685][T11655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 314.717620][T11655] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.778501][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.785842][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 314.879707][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.887166][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 314.963412][ T5105] Bluetooth: hci3: command tx timeout [ 314.976244][T11893] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 315.518451][T11906] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 315.666728][ T51] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.706181][ T5111] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 315.717505][ T5111] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 315.729384][ T5111] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 315.740049][ T5111] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 315.749757][ T5111] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 315.759399][ T5111] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 315.765113][ T51] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.871443][T11914] lo speed is unknown, defaulting to 1000 [ 315.940760][ T51] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.974913][ T51] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.021293][T11923] FAULT_INJECTION: forcing a failure. [ 316.021293][T11923] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 316.044307][T11923] CPU: 0 PID: 11923 Comm: syz.0.1688 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 316.054541][T11923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 316.064663][T11923] Call Trace: [ 316.068062][T11923] [ 316.071016][T11923] dump_stack_lvl+0x241/0x360 [ 316.075732][T11923] ? __pfx_dump_stack_lvl+0x10/0x10 [ 316.080996][T11923] ? __pfx__printk+0x10/0x10 [ 316.086413][T11923] should_fail_ex+0x3b0/0x4e0 [ 316.091154][T11923] _copy_from_user+0x2f/0xe0 [ 316.095781][T11923] bpf_test_init+0x11f/0x180 [ 316.100409][T11923] bpf_prog_test_run_xdp+0x48e/0x11b0 [ 316.105820][T11923] ? __pfx_lock_acquire+0x10/0x10 [ 316.110887][T11923] ? __pfx_lock_release+0x10/0x10 [ 316.115970][T11923] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 316.121822][T11923] ? __fget_files+0x29/0x470 [ 316.126472][T11923] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 316.132327][T11923] bpf_prog_test_run+0x33a/0x3b0 [ 316.137287][T11923] __sys_bpf+0x48d/0x810 [ 316.141551][T11923] ? __pfx___sys_bpf+0x10/0x10 [ 316.146351][T11923] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 316.152348][T11923] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 316.158701][T11923] ? do_syscall_64+0x100/0x230 [ 316.163483][T11923] __x64_sys_bpf+0x7c/0x90 [ 316.167919][T11923] do_syscall_64+0xf3/0x230 [ 316.172433][T11923] ? clear_bhb_loop+0x35/0x90 [ 316.177124][T11923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.183029][T11923] RIP: 0033:0x7fe2c3375bd9 [ 316.187467][T11923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.207090][T11923] RSP: 002b:00007fe2c40bb048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 316.215518][T11923] RAX: ffffffffffffffda RBX: 00007fe2c3503f60 RCX: 00007fe2c3375bd9 [ 316.223504][T11923] RDX: 0000000000000050 RSI: 0000000020000600 RDI: 000000000000000a [ 316.231501][T11923] RBP: 00007fe2c40bb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 316.239695][T11923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 316.247761][T11923] R13: 000000000000000b R14: 00007fe2c3503f60 R15: 00007ffd843451b8 [ 316.255781][T11923] [ 316.514033][ T51] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 316.538825][ T51] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.568896][T11655] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 316.732846][ T51] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 316.752983][ T51] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 316.908148][T11947] FAULT_INJECTION: forcing a failure. [ 316.908148][T11947] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 316.930881][T11947] CPU: 0 PID: 11947 Comm: syz.0.1694 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 316.941156][T11947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 316.951397][T11947] Call Trace: [ 316.954721][T11947] [ 316.957694][T11947] dump_stack_lvl+0x241/0x360 [ 316.962517][T11947] ? __pfx_dump_stack_lvl+0x10/0x10 [ 316.967855][T11947] ? __pfx__printk+0x10/0x10 [ 316.972599][T11947] should_fail_ex+0x3b0/0x4e0 [ 316.977339][T11947] _copy_from_user+0x2f/0xe0 [ 316.981985][T11947] bpf_test_init+0x11f/0x180 [ 316.986726][T11947] bpf_prog_test_run_xdp+0x48e/0x11b0 [ 316.992177][T11947] ? __pfx_lock_acquire+0x10/0x10 [ 316.997262][T11947] ? __pfx_lock_release+0x10/0x10 [ 317.002363][T11947] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 317.008335][T11947] ? __fget_files+0x29/0x470 [ 317.012992][T11947] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 317.018854][T11947] bpf_prog_test_run+0x33a/0x3b0 [ 317.023843][T11947] __sys_bpf+0x48d/0x810 [ 317.028198][T11947] ? __pfx___sys_bpf+0x10/0x10 [ 317.033038][T11947] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 317.039064][T11947] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 317.045527][T11947] ? do_syscall_64+0x100/0x230 [ 317.047228][T11655] veth0_vlan: entered promiscuous mode [ 317.050750][T11947] __x64_sys_bpf+0x7c/0x90 [ 317.050795][T11947] do_syscall_64+0xf3/0x230 [ 317.065421][T11947] ? clear_bhb_loop+0x35/0x90 [ 317.070160][T11947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.076140][T11947] RIP: 0033:0x7fe2c3375bd9 [ 317.080600][T11947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 317.100513][T11947] RSP: 002b:00007fe2c40bb048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 317.109502][T11947] RAX: ffffffffffffffda RBX: 00007fe2c3503f60 RCX: 00007fe2c3375bd9 [ 317.117697][T11947] RDX: 0000000000000050 RSI: 0000000020000340 RDI: 000000000000000a [ 317.125712][T11947] RBP: 00007fe2c40bb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 317.133730][T11947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 317.141744][T11947] R13: 000000000000000b R14: 00007fe2c3503f60 R15: 00007ffd843451b8 [ 317.149787][T11947] [ 317.263171][T11655] veth1_vlan: entered promiscuous mode [ 317.523108][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.585399][T11655] veth0_macvtap: entered promiscuous mode [ 317.639523][ T51] bridge_slave_1: left allmulticast mode [ 317.651743][ T51] bridge_slave_1: left promiscuous mode [ 317.662887][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.707185][ T51] bridge_slave_0: left allmulticast mode [ 317.720656][ T51] bridge_slave_0: left promiscuous mode [ 317.736595][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.833645][ T5105] Bluetooth: hci0: command tx timeout [ 318.336013][T11987] netlink: 'syz.0.1704': attribute type 20 has an invalid length. [ 318.397496][ T51] team0: Port device bond0 removed [ 318.406370][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 318.420866][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 318.432589][ T51] bond0 (unregistering): Released all slaves [ 318.448498][T11914] chnl_net:caif_netlink_parms(): no params data found [ 318.556878][T11655] veth1_macvtap: entered promiscuous mode [ 318.636277][ T51] ɶƣ0GCTw: left promiscuous mode [ 318.863469][T11914] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.870881][T11914] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.878843][T11914] bridge_slave_0: entered allmulticast mode [ 318.888524][T11914] bridge_slave_0: entered promiscuous mode [ 318.935816][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.947808][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.960192][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.970851][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.981144][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.991901][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.002199][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 319.013076][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.027414][T11655] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 319.039839][T11914] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.052085][T11914] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.070994][T11914] bridge_slave_1: entered allmulticast mode [ 319.080010][T11914] bridge_slave_1: entered promiscuous mode [ 319.100155][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.122091][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.141762][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.158494][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.172504][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.184176][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.194812][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.205762][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.218136][T11655] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 319.328751][T11914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 319.354974][T11655] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.377620][T11655] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.387123][T11655] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.404574][T11655] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.443251][T12011] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1711'. [ 319.524738][T11914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 319.594050][T12011] lo speed is unknown, defaulting to 1000 [ 319.620171][T12007] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1711'. [ 319.642676][T12020] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1712'. [ 319.700145][T11914] team0: Port device team_slave_0 added [ 319.808023][T11914] team0: Port device team_slave_1 added [ 319.913055][ T5105] Bluetooth: hci0: command tx timeout [ 319.925943][T11914] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 319.942345][T11914] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 319.969075][T11914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 319.983092][T11914] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 319.990343][T11914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 320.017365][T11914] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 320.230137][T12032] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1714'. [ 320.406677][T11914] hsr_slave_0: entered promiscuous mode [ 320.429532][T11914] hsr_slave_1: entered promiscuous mode [ 320.447369][T11914] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 320.461316][T11914] Cannot create hsr debugfs directory [ 320.532704][ T51] hsr_slave_0: left promiscuous mode [ 320.549510][ T51] hsr_slave_1: left promiscuous mode [ 320.564711][ T51] batman_adv: batadv0: Removing interface: team0 [ 320.577266][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 320.590928][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 320.600962][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 320.615093][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 320.660140][ T51] veth1_macvtap: left promiscuous mode [ 320.668457][ T51] veth0_macvtap: left promiscuous mode [ 320.675752][ T51] veth1_vlan: left promiscuous mode [ 320.680315][T12048] ax25_connect(): syz.4.1716 uses autobind, please contact jreuter@yaina.de [ 321.157150][ T51] batadv_slave_0 (unregistering): left allmulticast mode [ 321.213007][ T51] team0 (unregistering): Port device team_slave_1 removed [ 321.256747][ T51] team0 (unregistering): Port device team_slave_0 removed [ 321.546483][ T51] team0 (unregistering): Port device dummy0 removed [ 321.719738][T12044] syz.4.1716 (12044) used obsolete PPPIOCDETACH ioctl [ 321.902427][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.924970][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.992416][ T5105] Bluetooth: hci0: command tx timeout [ 322.133700][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 322.172625][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 322.763422][ T2464] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.811950][T12074] ip6gretap0: entered promiscuous mode [ 322.853253][T12074] batadv_slave_0: entered promiscuous mode [ 323.061741][ T2464] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.199296][ T2464] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.282190][ T2464] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.311966][T11914] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 323.334883][T11914] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 323.353293][T11914] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 323.371097][T11914] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 323.604480][ T2464] bridge_slave_1: left allmulticast mode [ 323.610467][ T2464] bridge_slave_1: left promiscuous mode [ 323.618377][ T2464] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.634814][ T2464] bridge_slave_0: left allmulticast mode [ 323.640544][ T2464] bridge_slave_0: left promiscuous mode [ 323.653636][ T2464] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.083210][ T5105] Bluetooth: hci0: command tx timeout [ 324.233571][ T2464] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 324.246807][ T2464] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 324.258007][ T2464] bond0 (unregistering): Released all slaves [ 324.344899][T11914] 8021q: adding VLAN 0 to HW filter on device bond0 [ 324.408004][T11914] 8021q: adding VLAN 0 to HW filter on device team0 [ 324.440302][ T784] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.447589][ T784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 324.516935][ T5150] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.524282][ T5150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 324.541936][T12115] FAULT_INJECTION: forcing a failure. [ 324.541936][T12115] name failslab, interval 1, probability 0, space 0, times 0 [ 324.553361][T12111] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1726'. [ 324.567349][T12115] CPU: 0 PID: 12115 Comm: syz.0.1725 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 324.577577][T12115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 324.587766][T12115] Call Trace: [ 324.591177][T12115] [ 324.594161][T12115] dump_stack_lvl+0x241/0x360 [ 324.598885][T12115] ? __pfx_dump_stack_lvl+0x10/0x10 [ 324.604135][T12115] ? __pfx__printk+0x10/0x10 [ 324.608760][T12115] ? ref_tracker_alloc+0x332/0x490 [ 324.614015][T12115] should_fail_ex+0x3b0/0x4e0 [ 324.618750][T12115] ? skb_clone+0x20c/0x390 [ 324.623218][T12115] should_failslab+0x9/0x20 [ 324.627765][T12115] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 324.633188][T12115] skb_clone+0x20c/0x390 [ 324.637486][T12115] __netlink_deliver_tap+0x3cc/0x7c0 [ 324.642827][T12115] ? netlink_deliver_tap+0x2e/0x1b0 [ 324.648068][T12115] netlink_deliver_tap+0x19d/0x1b0 [ 324.653225][T12115] netlink_unicast+0x7be/0x990 [ 324.658039][T12115] ? __pfx_netlink_unicast+0x10/0x10 [ 324.663534][T12115] ? __virt_addr_valid+0x183/0x520 [ 324.668782][T12115] ? __check_object_size+0x49c/0x900 [ 324.674112][T12115] ? bpf_lsm_netlink_send+0x9/0x10 [ 324.679268][T12115] netlink_sendmsg+0x8e4/0xcb0 [ 324.684065][T12115] ? __pfx_netlink_sendmsg+0x10/0x10 [ 324.689366][T12115] ? __import_iovec+0x536/0x820 [ 324.694232][T12115] ? aa_sock_msg_perm+0x91/0x160 [ 324.699194][T12115] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 324.704500][T12115] ? security_socket_sendmsg+0x87/0xb0 [ 324.709986][T12115] ? __pfx_netlink_sendmsg+0x10/0x10 [ 324.715296][T12115] __sock_sendmsg+0x221/0x270 [ 324.720003][T12115] ____sys_sendmsg+0x525/0x7d0 [ 324.724801][T12115] ? __pfx_____sys_sendmsg+0x10/0x10 [ 324.730125][T12115] __sys_sendmsg+0x2b0/0x3a0 [ 324.734823][T12115] ? __pfx___sys_sendmsg+0x10/0x10 [ 324.739949][T12115] ? vfs_write+0x7c4/0xc90 [ 324.744416][T12115] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 324.750753][T12115] ? do_syscall_64+0x100/0x230 [ 324.755529][T12115] ? do_syscall_64+0xb6/0x230 [ 324.760219][T12115] do_syscall_64+0xf3/0x230 [ 324.764731][T12115] ? clear_bhb_loop+0x35/0x90 [ 324.769421][T12115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.775327][T12115] RIP: 0033:0x7fe2c3375bd9 [ 324.779762][T12115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.799399][T12115] RSP: 002b:00007fe2c40bb048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 324.807844][T12115] RAX: ffffffffffffffda RBX: 00007fe2c3503f60 RCX: 00007fe2c3375bd9 [ 324.815916][T12115] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000007 [ 324.823894][T12115] RBP: 00007fe2c40bb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 324.831874][T12115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 324.839854][T12115] R13: 000000000000000b R14: 00007fe2c3503f60 R15: 00007ffd843451b8 [ 324.847851][T12115] [ 324.965314][T12115] netlink: 'syz.0.1725': attribute type 10 has an invalid length. [ 325.054769][ T5111] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 325.068646][T12115] team0: Failed to send options change via netlink (err -105) [ 325.070638][ T5111] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 325.085294][ T5111] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 325.103214][ T5111] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 325.111691][T12115] team0: Port device netdevsim0 added [ 325.121728][ T5111] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 325.129517][ T5111] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 325.636435][T11914] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 325.697119][T12121] lo speed is unknown, defaulting to 1000 [ 325.855895][T12152] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1732'. [ 325.880093][T12152] lo speed is unknown, defaulting to 1000 [ 325.889468][T12144] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1732'. [ 326.158946][T11914] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 326.470799][T11914] veth0_vlan: entered promiscuous mode [ 326.644695][ T2464] hsr_slave_0: left promiscuous mode [ 326.673517][ T2464] hsr_slave_1: left promiscuous mode [ 326.682985][ T2464] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 326.690471][ T2464] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 326.725174][ T2464] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 326.743321][ T2464] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 326.789802][ T2464] veth1_macvtap: left promiscuous mode [ 326.799089][ T2464] veth0_macvtap: left promiscuous mode [ 326.805898][ T2464] veth1_vlan: left promiscuous mode [ 326.811453][ T2464] veth0_vlan: left promiscuous mode [ 327.192805][ T5105] Bluetooth: hci3: command tx timeout [ 327.389998][ T2464] team0 (unregistering): Port device team_slave_1 removed [ 327.436784][ T2464] team0 (unregistering): Port device team_slave_0 removed [ 328.135193][T11914] veth1_vlan: entered promiscuous mode [ 328.572131][T11914] veth0_macvtap: entered promiscuous mode [ 328.654236][T11914] veth1_macvtap: entered promiscuous mode [ 328.718161][T12121] chnl_net:caif_netlink_parms(): no params data found [ 328.861836][T11914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 328.876708][T11914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 328.899667][T11914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 328.929216][T11914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 328.954614][T11914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 328.991701][T11914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.014734][T11914] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 329.122824][T11914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 329.158050][T11914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.202044][T11914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 329.245690][T11914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.262091][T11914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 329.282669][T11914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.283228][ T5105] Bluetooth: hci3: command tx timeout [ 329.306964][T11914] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 329.465889][T11914] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.483778][T11914] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.522297][T11914] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.540774][T11914] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.562956][T12121] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.575996][T12121] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.588765][T12121] bridge_slave_0: entered allmulticast mode [ 329.600522][T12121] bridge_slave_0: entered promiscuous mode [ 329.647121][T12121] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.661950][T12121] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.688537][T12121] bridge_slave_1: entered allmulticast mode [ 329.709415][T12121] bridge_slave_1: entered promiscuous mode [ 329.940155][T12232] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1750'. [ 329.977671][T12121] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 330.028237][T12121] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 330.086930][T12241] vlan2: entered promiscuous mode [ 330.104931][T12241] gretap0: entered promiscuous mode [ 330.148447][T12241] gretap0: left promiscuous mode [ 330.375724][T12121] team0: Port device team_slave_0 added [ 330.426985][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 330.440929][T12121] team0: Port device team_slave_1 added [ 330.458783][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 330.696279][T12121] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 330.711325][T12272] Timeout policy `syz0' can only be used by L3 protocol number 0 [ 330.717130][T12121] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.781719][T12121] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 330.811394][T12121] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 330.823518][T12121] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.852548][T12121] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 330.871802][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 330.903357][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 330.974614][T12121] hsr_slave_0: entered promiscuous mode [ 330.991213][T12121] hsr_slave_1: entered promiscuous mode [ 331.072052][T12280] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1756'. [ 331.096694][T12280] block nbd0: not configured, cannot reconfigure [ 331.352925][ T5105] Bluetooth: hci3: command tx timeout [ 331.388325][T12283] xt_CONNSECMARK: invalid mode: 0 [ 333.104660][T12121] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 333.140658][T12121] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 333.158074][T12380] Bluetooth: MGMT ver 1.22 [ 333.168685][T12121] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 333.179046][T12380] Bluetooth: hci3: invalid length 0, exp 2 for type 12 [ 333.233771][T12121] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 333.433500][ T5105] Bluetooth: hci3: command tx timeout [ 333.513286][T12399] lo speed is unknown, defaulting to 1000 [ 333.626537][T12121] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.632768][T12400] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1771'. [ 333.738664][T12121] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.848030][T12410] xt_CONNSECMARK: invalid mode: 0 [ 333.919266][ T5150] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.926522][ T5150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 334.005436][ T5150] bridge0: port 2(bridge_slave_1) entered blocking state [ 334.012726][ T5150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 335.163664][T12121] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 335.355509][T12121] veth0_vlan: entered promiscuous mode [ 335.410631][T12121] veth1_vlan: entered promiscuous mode [ 335.575440][T12121] veth0_macvtap: entered promiscuous mode [ 335.597334][T12121] veth1_macvtap: entered promiscuous mode [ 335.620878][T12121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 335.655599][T12121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.696989][T12121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 335.732779][T12121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.761481][T12121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 335.799833][T12121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.813469][T12480] xt_policy: output policy not valid in PREROUTING and INPUT [ 335.821036][T12121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 335.842078][T12121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.874588][T12121] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 335.925646][T12121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 335.978965][T12121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.019480][T12121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.041026][T12121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.059259][T12121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.083893][T12121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.105222][T12121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.125379][T12121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.149582][T12121] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 336.208910][T12121] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.249337][T12121] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.290021][T12121] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.317249][T12121] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.599808][ T2808] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.635162][ T2808] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 336.738038][ T2464] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.755737][ T2464] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 336.971032][T12518] netlink: 'syz.0.1792': attribute type 9 has an invalid length. [ 337.015382][T12518] bond0: entered promiscuous mode [ 337.022648][T12518] bond_slave_0: entered promiscuous mode [ 337.042623][T12518] bond_slave_1: entered promiscuous mode [ 337.082011][T12518] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 337.114882][T12518] bond0: left promiscuous mode [ 337.119736][T12518] bond_slave_0: left promiscuous mode [ 337.135748][T12518] bond_slave_1: left promiscuous mode [ 337.377993][T12528] ip6t_REJECT: ECHOREPLY is not supported [ 337.454228][T12525] netlink: 'syz.4.1793': attribute type 1 has an invalid length. [ 337.490120][T12525] netlink: 9388 bytes leftover after parsing attributes in process `syz.4.1793'. [ 337.607886][T12528] netlink: 'syz.4.1793': attribute type 3 has an invalid length. [ 338.100912][T12556] xt_CT: You must specify a L4 protocol and not use inversions on it [ 338.348779][T12338] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.838536][T12338] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.964597][T12338] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.064177][T12338] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.243807][T12338] bridge_slave_1: left allmulticast mode [ 339.249529][T12338] bridge_slave_1: left promiscuous mode [ 339.257380][T12338] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.268057][T12338] bridge_slave_0: left allmulticast mode [ 339.276683][T12338] bridge_slave_0: left promiscuous mode [ 339.287062][T12338] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.432636][ T5111] Bluetooth: hci0: command 0x0405 tx timeout [ 339.699960][T12338] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 339.712172][T12338] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 339.724818][T12338] bond0 (unregistering): Released all slaves [ 340.153601][T12604] netlink: 'syz.0.1804': attribute type 1 has an invalid length. [ 340.242969][ T11] wlan1: Trigger new scan to find an IBSS to join [ 340.279990][T12604] bond1: entered promiscuous mode [ 340.466875][T12611] ip6gretap1: entered promiscuous mode [ 340.532499][T12611] ip6gretap1: entered allmulticast mode [ 340.591290][T12611] bond1: (slave ip6gretap1): making interface the new active one [ 340.621980][T12611] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 340.693340][T12623] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1810'. [ 340.818903][T12338] hsr_slave_0: left promiscuous mode [ 340.868050][T12338] hsr_slave_1: left promiscuous mode [ 340.917806][T12338] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 340.932324][T12338] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 340.960476][T12338] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 340.988999][ T5111] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 340.992731][T12338] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 341.008882][ T5111] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 341.017394][ T5111] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 341.026775][ T5111] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 341.035682][ T5111] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 341.046375][ T5111] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 341.098313][T12338] veth1_macvtap: left promiscuous mode [ 341.106510][T12338] veth0_macvtap: left promiscuous mode [ 341.119133][T12338] veth1_vlan: left promiscuous mode [ 341.126303][T12338] veth0_vlan: left promiscuous mode [ 341.746080][T12338] team0 (unregistering): Port device team_slave_1 removed [ 341.840976][T12338] team0 (unregistering): Port device team_slave_0 removed [ 342.648240][T12641] lo speed is unknown, defaulting to 1000 [ 342.753642][T12676] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1823'. [ 343.010085][T12690] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1827'. [ 343.127631][ T5105] Bluetooth: hci3: command tx timeout [ 343.224641][ T5147] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.286812][T12346] wlan1: Trigger new scan to find an IBSS to join [ 343.727938][T12641] chnl_net:caif_netlink_parms(): no params data found [ 344.060106][T12726] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1831'. [ 344.172161][T12641] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.199023][T12641] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.207098][ T2464] wlan1: Creating new IBSS network, BSSID de:50:17:77:cc:10 [ 344.215227][T12641] bridge_slave_0: entered allmulticast mode [ 344.233982][T12641] bridge_slave_0: entered promiscuous mode [ 344.255014][T12641] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.263129][T12641] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.280652][T12641] bridge_slave_1: entered allmulticast mode [ 344.301288][T12641] bridge_slave_1: entered promiscuous mode [ 344.317138][T12729] lo speed is unknown, defaulting to 1000 [ 344.493580][T12641] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 344.558679][T12641] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 344.684265][T12641] team0: Port device team_slave_0 added [ 344.706228][T12641] team0: Port device team_slave_1 added [ 344.940049][T12641] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 344.963119][T12641] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.025844][T12641] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 345.062810][T12641] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 345.071200][T12641] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.136356][T12641] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 345.192671][ T5105] Bluetooth: hci3: command tx timeout [ 345.308116][T12766] lo speed is unknown, defaulting to 1000 [ 345.319563][T12768] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1839'. [ 345.353651][T12641] hsr_slave_0: entered promiscuous mode [ 345.381319][T12641] hsr_slave_1: entered promiscuous mode [ 346.700967][T12803] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1844'. [ 346.763562][T12803] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1844'. [ 347.283692][ T5105] Bluetooth: hci3: command tx timeout [ 347.335626][T12641] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 347.412891][T12641] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 347.460454][T12641] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 347.496914][T12641] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 347.854384][T12641] 8021q: adding VLAN 0 to HW filter on device bond0 [ 347.937340][T12641] 8021q: adding VLAN 0 to HW filter on device team0 [ 347.959427][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.966751][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 348.012051][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.019476][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 348.288339][T12865] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1858'. [ 348.369382][T12860] lo speed is unknown, defaulting to 1000 [ 348.541827][T12864] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1859'. [ 349.035635][T12641] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 349.058843][T12888] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1861'. [ 349.221432][T12865] lo speed is unknown, defaulting to 1000 [ 349.256390][T12641] veth0_vlan: entered promiscuous mode [ 349.353218][ T5105] Bluetooth: hci3: command tx timeout [ 349.388047][T12641] veth1_vlan: entered promiscuous mode [ 349.746165][T12641] veth0_macvtap: entered promiscuous mode [ 349.779175][T12641] veth1_macvtap: entered promiscuous mode [ 349.805250][T12911] netlink: 'syz.4.1866': attribute type 22 has an invalid length. [ 349.926435][T12911] bridge_slave_0: Caught tx_queue_len zero misconfig [ 349.934942][T12911] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1866'. [ 349.966930][T12641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 350.005467][T12641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 350.035423][T12641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 350.056831][T12641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 350.075568][T12641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 350.087803][T12641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 350.098049][T12641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 350.110825][T12641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 350.198960][T12641] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 350.258284][T12641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 350.282965][T12641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 350.303921][T12641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 350.322317][T12641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 350.341963][T12641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 350.356610][T12641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 350.367150][T12641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 350.381267][T12641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 350.395385][T12641] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 350.484986][T12641] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.508861][T12641] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.520282][T12641] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.529826][T12641] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.905902][T12344] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 350.927486][T12344] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 350.976316][T12940] lo speed is unknown, defaulting to 1000 [ 351.008108][T12940] lo speed is unknown, defaulting to 1000 [ 351.037588][T12346] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.037690][T12940] lo speed is unknown, defaulting to 1000 [ 351.076460][T12346] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.136640][T12940] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 351.247135][T12940] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 351.392182][T12937] lo speed is unknown, defaulting to 1000 [ 351.470613][T12940] lo speed is unknown, defaulting to 1000 [ 351.598980][T12940] lo speed is unknown, defaulting to 1000 [ 351.649180][T12940] lo speed is unknown, defaulting to 1000 [ 351.858432][T12940] lo speed is unknown, defaulting to 1000 [ 351.952643][T12940] lo speed is unknown, defaulting to 1000 [ 352.018526][T12940] lo speed is unknown, defaulting to 1000 [ 352.732141][T12986] netlink: 'syz.2.1879': attribute type 10 has an invalid length. [ 352.748179][T12986] tipc: Resetting bearer [ 352.896820][T12986] batman_adv: batadv0: Adding interface: team0 [ 352.920630][T12986] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 352.959052][T12986] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 352.976874][T12990] netlink: 'syz.2.1879': attribute type 10 has an invalid length. [ 352.998774][T12990] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1879'. [ 353.021264][T12990] team0: entered promiscuous mode [ 353.044992][T12990] team_slave_0: entered promiscuous mode [ 353.067280][T12990] team_slave_1: entered promiscuous mode [ 353.081183][T12990] 8021q: adding VLAN 0 to HW filter on device team0 [ 353.098054][T12990] batman_adv: batadv0: Interface activated: team0 [ 353.109854][T12990] batman_adv: batadv0: Interface deactivated: team0 [ 353.124868][T12990] batman_adv: batadv0: Removing interface: team0 [ 353.135949][T12990] bridge0: port 3(team0) entered blocking state [ 353.142816][T12990] bridge0: port 3(team0) entered disabled state [ 353.149364][T12990] team0: entered allmulticast mode [ 353.155054][T12990] team_slave_0: entered allmulticast mode [ 353.162093][T12990] team_slave_1: entered allmulticast mode [ 353.168154][T12990] bond0: entered allmulticast mode [ 353.173604][T12990] bond_slave_0: entered allmulticast mode [ 353.179447][T12990] bond_slave_1: entered allmulticast mode [ 353.185511][T12990] bridge0: entered allmulticast mode [ 353.198466][T12990] team0: left allmulticast mode [ 353.203766][T12990] team_slave_0: left allmulticast mode [ 353.209588][T12990] team_slave_1: left allmulticast mode [ 353.218091][T12990] bond0: left allmulticast mode [ 353.223222][T12990] bond_slave_0: left allmulticast mode [ 353.228725][T12990] bond_slave_1: left allmulticast mode [ 353.234507][T12990] bridge0: left allmulticast mode [ 353.566456][T12344] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.649727][T12344] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.730754][T12344] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.809006][T12344] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.937929][T12344] bridge_slave_1: left allmulticast mode [ 353.946353][T12344] bridge_slave_1: left promiscuous mode [ 353.952169][T12344] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.965302][T12344] bridge_slave_0: left allmulticast mode [ 353.970989][T12344] bridge_slave_0: left promiscuous mode [ 353.978114][T12344] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.308205][T12344] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 354.321712][T12344] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 354.343659][T12344] bond0 (unregistering): Released all slaves [ 355.308600][T12344] hsr_slave_0: left promiscuous mode [ 355.360951][T12344] hsr_slave_1: left promiscuous mode [ 355.385627][T12344] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 355.412066][T12344] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 355.422803][T13043] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1889'. [ 355.448298][T12344] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 355.467819][T12344] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 355.509070][T13024] Bluetooth: MGMT ver 1.22 [ 355.511496][T13043] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1889'. [ 355.596164][T12344] veth1_macvtap: left promiscuous mode [ 355.627725][T12344] veth0_macvtap: left promiscuous mode [ 355.635323][ T5111] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 355.646999][ T5111] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 355.662703][ T5111] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 355.676500][ T5111] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 355.679825][T12344] veth1_vlan: left promiscuous mode [ 355.691574][ T5111] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 355.701101][ T5111] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 355.711485][T12344] veth0_vlan: left promiscuous mode [ 355.713608][T13055] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 355.785796][T13050] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 355.882459][T13050] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 356.059144][T13064] xt_l2tp: v2 sid > 0xffff: 16777216 [ 356.719910][T12344] team0 (unregistering): Port device team_slave_1 removed [ 356.761742][T12344] team0 (unregistering): Port device team_slave_0 removed [ 357.244014][T13065] lo speed is unknown, defaulting to 1000 [ 357.599765][ T5111] Bluetooth: hci0: command 0x0405 tx timeout [ 357.752660][ T5111] Bluetooth: hci3: command tx timeout [ 357.964218][T13065] lo speed is unknown, defaulting to 1000 [ 357.978212][T13052] lo speed is unknown, defaulting to 1000 [ 358.122953][T13108] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1901'. [ 358.475294][T13116] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1902'. [ 358.672145][T13052] lo speed is unknown, defaulting to 1000 [ 358.683743][T13125] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1903'. [ 358.713130][T13125] lo speed is unknown, defaulting to 1000 [ 358.733654][T13118] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1903'. [ 358.906773][T13128] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1906'. [ 359.627845][T13160] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1909'. [ 359.654401][T13155] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1909'. [ 359.714049][T13052] chnl_net:caif_netlink_parms(): no params data found [ 359.802775][T13166] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1912'. [ 359.837865][ T5111] Bluetooth: hci3: command tx timeout [ 360.096774][T13052] bridge0: port 1(bridge_slave_0) entered blocking state [ 360.117549][T13052] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.134759][T13052] bridge_slave_0: entered allmulticast mode [ 360.143277][T13052] bridge_slave_0: entered promiscuous mode [ 360.196219][T13052] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.220475][T13052] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.240527][T13052] bridge_slave_1: entered allmulticast mode [ 360.258635][T13052] bridge_slave_1: entered promiscuous mode [ 360.382893][T13052] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 360.427052][T13052] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 360.488762][T13195] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1919'. [ 360.525044][T13195] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 360.661802][T13052] team0: Port device team_slave_0 added [ 360.695329][T13052] team0: Port device team_slave_1 added [ 360.886585][T13052] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 360.898407][T13221] netlink: 'syz.4.1923': attribute type 7 has an invalid length. [ 360.915221][T13052] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.943106][T13221] netlink: 134780 bytes leftover after parsing attributes in process `syz.4.1923'. [ 360.980310][T13052] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 361.026930][T13052] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 361.070708][T13052] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 361.119628][T13052] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 361.284824][T13235] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1926'. [ 361.453544][T13052] hsr_slave_0: entered promiscuous mode [ 361.490431][T13052] hsr_slave_1: entered promiscuous mode [ 361.765348][T13248] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 361.912662][ T5111] Bluetooth: hci3: command tx timeout [ 362.339589][T13257] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1933'. [ 363.919530][T13281] netlink: 116 bytes leftover after parsing attributes in process `syz.4.1940'. [ 363.953914][T13293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1943'. [ 363.992570][ T5111] Bluetooth: hci3: command tx timeout [ 364.471284][T13052] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 364.494973][T13052] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 364.517546][T13052] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 364.593289][T13052] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 364.717606][T13320] FAULT_INJECTION: forcing a failure. [ 364.717606][T13320] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 364.751058][T13320] CPU: 0 PID: 13320 Comm: syz.2.1951 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 364.761299][T13320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 364.771396][T13320] Call Trace: [ 364.774724][T13320] [ 364.777699][T13320] dump_stack_lvl+0x241/0x360 [ 364.782431][T13320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 364.787674][T13320] ? __pfx__printk+0x10/0x10 [ 364.792660][T13320] ? __pfx_lock_release+0x10/0x10 [ 364.797775][T13320] should_fail_ex+0x3b0/0x4e0 [ 364.802598][T13320] _copy_from_user+0x2f/0xe0 [ 364.807253][T13320] tcp_repair_options_est+0x19c/0x690 [ 364.812769][T13320] ? __pfx_tcp_repair_options_est+0x10/0x10 [ 364.818738][T13320] do_tcp_setsockopt+0x1a9d/0x2540 [ 364.824079][T13320] ? __pfx_do_tcp_setsockopt+0x10/0x10 [ 364.829588][T13320] ? __pfx_aa_sk_perm+0x10/0x10 [ 364.834577][T13320] ? __pfx_lock_acquire+0x10/0x10 [ 364.839641][T13320] ? aa_sock_opt_perm+0x79/0x120 [ 364.844677][T13320] ? tcp_setsockopt+0x3e/0xf0 [ 364.849401][T13320] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 364.855860][T13320] do_sock_setsockopt+0x3af/0x720 [ 364.860947][T13320] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 364.866540][T13320] ? __fget_files+0x29/0x470 [ 364.871189][T13320] ? __fget_files+0x3f6/0x470 [ 364.875930][T13320] __sys_setsockopt+0x1ae/0x250 [ 364.880845][T13320] __x64_sys_setsockopt+0xb5/0xd0 [ 364.885924][T13320] do_syscall_64+0xf3/0x230 [ 364.890254][T13325] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1952'. [ 364.890453][T13320] ? clear_bhb_loop+0x35/0x90 [ 364.901851][T13052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 364.904049][T13320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.904082][T13320] RIP: 0033:0x7f84e0f75bd9 [ 364.904105][T13320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.904125][T13320] RSP: 002b:00007f84e1cbe048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 364.904153][T13320] RAX: ffffffffffffffda RBX: 00007f84e1103f60 RCX: 00007f84e0f75bd9 [ 364.904172][T13320] RDX: 0000000000000016 RSI: 0000000000000006 RDI: 0000000000000003 [ 364.904187][T13320] RBP: 00007f84e1cbe0a0 R08: 0000000020000149 R09: 0000000000000000 [ 364.904204][T13320] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000002 [ 364.904219][T13320] R13: 000000000000000b R14: 00007f84e1103f60 R15: 00007ffecc57d278 [ 364.904255][T13320] [ 365.119574][T13052] 8021q: adding VLAN 0 to HW filter on device team0 [ 365.165294][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 365.172546][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 365.227231][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 365.234506][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 365.651743][T13352] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 366.109360][T13052] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 366.318015][T13052] veth0_vlan: entered promiscuous mode [ 366.361843][T13052] veth1_vlan: entered promiscuous mode [ 366.436884][T13387] netlink: 'syz.4.1969': attribute type 1 has an invalid length. [ 366.448082][T13387] netlink: 'syz.4.1969': attribute type 3 has an invalid length. [ 366.460985][T13387] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1969'. [ 366.591876][T13052] veth0_macvtap: entered promiscuous mode [ 366.627228][T13052] veth1_macvtap: entered promiscuous mode [ 366.695324][T13052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 366.732278][T13052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.742176][T13052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 366.776462][T13052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.802816][T13052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 366.852418][T13052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.862606][T13400] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 366.882409][T13052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 366.912416][T13052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.944537][T13052] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 366.998623][T13052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.037461][T13052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.068324][T13052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.090122][T13052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.101865][T13052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.113642][T13052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.124384][T13052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.135660][T13052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.147969][T13052] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 367.191649][T13052] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.233559][T13052] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.255152][T13052] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.264599][T13052] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.310713][T13416] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1978'. [ 367.452567][T13419] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1978'. [ 367.636679][T12346] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 367.640803][T13429] FAULT_INJECTION: forcing a failure. [ 367.640803][T13429] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 367.670414][T12346] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 367.726364][T13429] CPU: 1 PID: 13429 Comm: syz.4.1983 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 367.736595][T13429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 367.746693][T13429] Call Trace: [ 367.750008][T13429] [ 367.752976][T13429] dump_stack_lvl+0x241/0x360 [ 367.757702][T13429] ? __pfx_dump_stack_lvl+0x10/0x10 [ 367.762943][T13429] ? __pfx__printk+0x10/0x10 [ 367.767585][T13429] ? snprintf+0xda/0x120 [ 367.771913][T13429] should_fail_ex+0x3b0/0x4e0 [ 367.776653][T13429] _copy_to_user+0x2f/0xb0 [ 367.781115][T13429] simple_read_from_buffer+0xca/0x150 [ 367.786541][T13429] proc_fail_nth_read+0x1e9/0x250 [ 367.791632][T13429] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 367.797223][T13429] ? rw_verify_area+0x520/0x6b0 [ 367.802092][T13429] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 367.807652][T13429] vfs_read+0x204/0xbc0 [ 367.811854][T13429] ? __pfx_lock_release+0x10/0x10 [ 367.816894][T13429] ? do_sock_setsockopt+0x3e2/0x720 [ 367.822141][T13429] ? __pfx_vfs_read+0x10/0x10 [ 367.826922][T13429] ? __fget_files+0x29/0x470 [ 367.831547][T13429] ? __fget_files+0x3f6/0x470 [ 367.836269][T13429] ksys_read+0x1a0/0x2c0 [ 367.840544][T13429] ? __pfx_ksys_read+0x10/0x10 [ 367.845410][T13429] ? do_syscall_64+0x100/0x230 [ 367.850210][T13429] ? do_syscall_64+0xb6/0x230 [ 367.854915][T13429] do_syscall_64+0xf3/0x230 [ 367.859426][T13429] ? clear_bhb_loop+0x35/0x90 [ 367.864116][T13429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.870023][T13429] RIP: 0033:0x7fbc20b746bc [ 367.874544][T13429] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 367.894180][T13429] RSP: 002b:00007fbc21a32040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 367.902617][T13429] RAX: ffffffffffffffda RBX: 00007fbc20d03f60 RCX: 00007fbc20b746bc [ 367.910609][T13429] RDX: 000000000000000f RSI: 00007fbc21a320b0 RDI: 0000000000000004 [ 367.918589][T13429] RBP: 00007fbc21a320a0 R08: 0000000000000000 R09: 0000000000000000 [ 367.926569][T13429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 367.934546][T13429] R13: 000000000000004d R14: 00007fbc20d03f60 R15: 00007ffe3f689938 [ 367.942540][T13429] [ 367.950076][T12346] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 367.958046][T12346] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 367.981130][T13427] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 368.077574][T13437] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1987'. [ 368.129187][T13439] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 368.856007][T13459] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1997'. [ 368.887920][T13462] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1996'. [ 369.241848][T13468] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1999'. [ 369.322751][T13471] netlink: 9412 bytes leftover after parsing attributes in process `syz.0.2001'. [ 369.358817][T13471] tunl0: entered promiscuous mode [ 369.366959][T13473] FAULT_INJECTION: forcing a failure. [ 369.366959][T13473] name failslab, interval 1, probability 0, space 0, times 0 [ 369.370078][T13471] netlink: 'syz.0.2001': attribute type 1 has an invalid length. [ 369.388808][T13473] CPU: 0 PID: 13473 Comm: syz.1.2002 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 369.399019][T13473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 369.403588][T13471] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2001'. [ 369.409087][T13473] Call Trace: [ 369.409131][T13473] [ 369.409144][T13473] dump_stack_lvl+0x241/0x360 [ 369.429007][T13473] ? __pfx_dump_stack_lvl+0x10/0x10 [ 369.434270][T13473] ? __pfx__printk+0x10/0x10 [ 369.438901][T13473] ? __pfx___might_resched+0x10/0x10 [ 369.444235][T13473] ? dynamic_dname+0x141/0x1b0 [ 369.449052][T13473] should_fail_ex+0x3b0/0x4e0 [ 369.453782][T13473] ? tomoyo_encode+0x26f/0x540 [ 369.459104][T13473] should_failslab+0x9/0x20 [ 369.463655][T13473] __kmalloc_noprof+0xd8/0x400 [ 369.468477][T13473] tomoyo_encode+0x26f/0x540 [ 369.473108][T13473] ? __pfx_sockfs_dname+0x10/0x10 [ 369.478185][T13473] tomoyo_realpath_from_path+0x59e/0x5e0 [ 369.483869][T13473] tomoyo_path_number_perm+0x23a/0x880 [ 369.489388][T13473] ? tomoyo_path_number_perm+0x208/0x880 [ 369.495066][T13473] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 369.501135][T13473] ? __fget_files+0x29/0x470 [ 369.505773][T13473] ? __fget_files+0x3f6/0x470 [ 369.510492][T13473] ? __fget_files+0x29/0x470 [ 369.515142][T13473] security_file_ioctl+0x75/0xb0 [ 369.520353][T13473] __se_sys_ioctl+0x47/0x170 [ 369.525169][T13473] do_syscall_64+0xf3/0x230 [ 369.529720][T13473] ? clear_bhb_loop+0x35/0x90 [ 369.534451][T13473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.540385][T13473] RIP: 0033:0x7f2f47175bd9 [ 369.544843][T13473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.564584][T13473] RSP: 002b:00007f2f46bff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 369.573053][T13473] RAX: ffffffffffffffda RBX: 00007f2f47303f60 RCX: 00007f2f47175bd9 [ 369.581068][T13473] RDX: 0000000020000000 RSI: 00000000000089e0 RDI: 0000000000000005 [ 369.589090][T13473] RBP: 00007f2f46bff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 369.597138][T13473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 369.605150][T13473] R13: 000000000000000b R14: 00007f2f47303f60 R15: 00007fff4839e4e8 [ 369.613181][T13473] [ 369.632737][T13473] ERROR: Out of memory at tomoyo_realpath_from_path. [ 370.004394][T13493] netlink: 'syz.4.2010': attribute type 10 has an invalid length. [ 370.273629][T13501] FAULT_INJECTION: forcing a failure. [ 370.273629][T13501] name failslab, interval 1, probability 0, space 0, times 0 [ 370.310716][T13501] CPU: 1 PID: 13501 Comm: syz.0.2013 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 370.321104][T13501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 370.331203][T13501] Call Trace: [ 370.334520][T13501] [ 370.337500][T13501] dump_stack_lvl+0x241/0x360 [ 370.342226][T13501] ? __pfx_dump_stack_lvl+0x10/0x10 [ 370.347479][T13501] ? __pfx__printk+0x10/0x10 [ 370.352121][T13501] ? ref_tracker_alloc+0x332/0x490 [ 370.357288][T13501] should_fail_ex+0x3b0/0x4e0 [ 370.362023][T13501] ? skb_clone+0x20c/0x390 [ 370.366499][T13501] should_failslab+0x9/0x20 [ 370.371055][T13501] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 370.376503][T13501] skb_clone+0x20c/0x390 [ 370.380888][T13501] __netlink_deliver_tap+0x3cc/0x7c0 [ 370.386241][T13501] ? netlink_deliver_tap+0x2e/0x1b0 [ 370.391485][T13501] netlink_deliver_tap+0x19d/0x1b0 [ 370.397175][T13501] netlink_unicast+0x7be/0x990 [ 370.402025][T13501] ? __pfx_netlink_unicast+0x10/0x10 [ 370.407425][T13501] ? __virt_addr_valid+0x183/0x520 [ 370.412637][T13501] ? __check_object_size+0x49c/0x900 [ 370.417986][T13501] ? bpf_lsm_netlink_send+0x9/0x10 [ 370.423160][T13501] netlink_sendmsg+0x8e4/0xcb0 [ 370.427993][T13501] ? __pfx_netlink_sendmsg+0x10/0x10 [ 370.433427][T13501] ? __import_iovec+0x536/0x820 [ 370.438320][T13501] ? aa_sock_msg_perm+0x91/0x160 [ 370.443310][T13501] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 370.448633][T13501] ? security_socket_sendmsg+0x87/0xb0 [ 370.454145][T13501] ? __pfx_netlink_sendmsg+0x10/0x10 [ 370.459559][T13501] __sock_sendmsg+0x221/0x270 [ 370.464283][T13501] ____sys_sendmsg+0x525/0x7d0 [ 370.469109][T13501] ? __pfx_____sys_sendmsg+0x10/0x10 [ 370.474475][T13501] __sys_sendmsg+0x2b0/0x3a0 [ 370.479116][T13501] ? __pfx___sys_sendmsg+0x10/0x10 [ 370.484276][T13501] ? vfs_write+0x7c4/0xc90 [ 370.488783][T13501] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 370.495160][T13501] ? do_syscall_64+0x100/0x230 [ 370.499976][T13501] ? do_syscall_64+0xb6/0x230 [ 370.504704][T13501] do_syscall_64+0xf3/0x230 [ 370.509243][T13501] ? clear_bhb_loop+0x35/0x90 [ 370.513973][T13501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.519909][T13501] RIP: 0033:0x7fe2c3375bd9 [ 370.524361][T13501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.544011][T13501] RSP: 002b:00007fe2c40bb048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 370.552475][T13501] RAX: ffffffffffffffda RBX: 00007fe2c3503f60 RCX: 00007fe2c3375bd9 [ 370.560495][T13501] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 370.568512][T13501] RBP: 00007fe2c40bb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 370.576526][T13501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 370.584524][T13501] R13: 000000000000000b R14: 00007fe2c3503f60 R15: 00007ffd843451b8 [ 370.592623][T13501] [ 370.807801][T13515] netlink: 596 bytes leftover after parsing attributes in process `syz.0.2016'. [ 370.861895][T13515] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 370.872037][T13515] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 370.881639][T13515] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 370.890857][T13515] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 371.146523][ T990] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.541143][ T990] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.604955][ T990] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.669418][ T990] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.803176][ T990] bridge_slave_1: left allmulticast mode [ 371.808996][ T990] bridge_slave_1: left promiscuous mode [ 371.817286][ T990] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.836334][ T990] bridge_slave_0: left allmulticast mode [ 371.842645][ T990] bridge_slave_0: left promiscuous mode [ 371.848462][ T990] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.206799][ T990] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 372.219383][ T990] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 372.231178][ T990] bond0 (unregistering): Released all slaves [ 372.621999][ T990] hsr_slave_0: left promiscuous mode [ 372.631533][ T990] hsr_slave_1: left promiscuous mode [ 372.638436][ T990] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 372.646091][ T990] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 372.655185][ T990] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 372.663630][ T990] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 372.690212][ T990] veth1_macvtap: left promiscuous mode [ 372.702403][ T990] veth0_macvtap: left promiscuous mode [ 372.708148][ T990] veth1_vlan: left promiscuous mode [ 372.717465][ T990] veth0_vlan: left promiscuous mode [ 373.173670][T13536] x_tables: duplicate underflow at hook 1 [ 373.528570][ T5105] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 373.541048][ T5105] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 373.550039][ T5105] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 373.563383][ T5105] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 373.572951][ T5105] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 373.582510][ T5105] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 373.879717][ T990] team0 (unregistering): Port device team_slave_1 removed [ 373.935362][ T990] team0 (unregistering): Port device team_slave_0 removed [ 374.591041][T13548] lo speed is unknown, defaulting to 1000 [ 375.139209][T13564] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 375.278787][T13548] lo speed is unknown, defaulting to 1000 [ 375.293954][T13580] lo speed is unknown, defaulting to 1000 [ 375.387254][T13587] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2039'. [ 375.650430][T13548] chnl_net:caif_netlink_parms(): no params data found [ 375.682500][ T5111] Bluetooth: hci3: command tx timeout [ 375.728720][T13580] lo speed is unknown, defaulting to 1000 [ 375.728734][T13585] lo speed is unknown, defaulting to 1000 [ 375.812953][T13595] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2040'. [ 376.132641][T13548] bridge0: port 1(bridge_slave_0) entered blocking state [ 376.139808][T13548] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.152761][T13548] bridge_slave_0: entered allmulticast mode [ 376.160125][T13548] bridge_slave_0: entered promiscuous mode [ 376.173919][T13585] lo speed is unknown, defaulting to 1000 [ 376.179970][T13548] bridge0: port 2(bridge_slave_1) entered blocking state [ 376.189140][T13548] bridge0: port 2(bridge_slave_1) entered disabled state [ 376.208231][T13548] bridge_slave_1: entered allmulticast mode [ 376.226924][T13548] bridge_slave_1: entered promiscuous mode [ 376.395313][ T11] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 376.449279][T13548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 376.541503][T13548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 376.621683][T13548] team0: Port device team_slave_0 added [ 376.660496][T13548] team0: Port device team_slave_1 added [ 376.880839][T13548] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 376.892418][T13548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 376.972293][T13548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 377.021120][T13548] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 377.038077][T13548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 377.065066][T13548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 377.199115][T13627] Bluetooth: MGMT ver 1.22 [ 377.203943][T13627] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 377.228865][T13626] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2050'. [ 377.249194][T13626] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2050'. [ 377.260891][T13548] hsr_slave_0: entered promiscuous mode [ 377.281234][T13548] hsr_slave_1: entered promiscuous mode [ 377.669837][T13641] tipc: Enabling of bearer rejected, failed to enable media [ 377.752822][ T5111] Bluetooth: hci3: command tx timeout [ 378.079763][T13650] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2056'. [ 378.094911][T13548] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 378.127819][T13548] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 378.158818][T13548] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 378.210517][T13548] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 378.239538][T13653] x_tables: duplicate underflow at hook 1 [ 378.434153][ T5150] lo speed is unknown, defaulting to 1000 [ 378.551817][T13548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 378.671351][T13548] 8021q: adding VLAN 0 to HW filter on device team0 [ 378.704006][ T5153] bridge0: port 1(bridge_slave_0) entered blocking state [ 378.711308][ T5153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 378.755225][T13663] lo speed is unknown, defaulting to 1000 [ 378.789163][ T5153] bridge0: port 2(bridge_slave_1) entered blocking state [ 378.796395][ T5153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 378.972868][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.982048][T13548] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 379.128863][T13672] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 379.277583][T13663] lo speed is unknown, defaulting to 1000 [ 379.526976][T13548] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 379.626346][T13548] veth0_vlan: entered promiscuous mode [ 379.833704][ T5111] Bluetooth: hci3: command tx timeout [ 379.937108][T13548] veth1_vlan: entered promiscuous mode [ 380.109283][T13548] veth0_macvtap: entered promiscuous mode [ 380.197592][T13548] veth1_macvtap: entered promiscuous mode [ 380.477447][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 380.494448][T13717] netlink: 'syz.4.2076': attribute type 1 has an invalid length. [ 380.517051][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.531008][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 380.559436][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.587978][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 380.600043][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.611025][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 380.622498][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.637295][T13548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 380.725504][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 380.748608][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.758962][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 380.769849][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.811513][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 380.832215][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.882614][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 380.907199][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.925086][T13548] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 380.939967][T13548] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.951586][T13548] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.965579][T13548] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.975245][T13548] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.037852][T13720] lo speed is unknown, defaulting to 1000 [ 381.305558][T12346] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 381.342199][T12346] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 381.410813][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 381.434917][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 381.733642][T13720] lo speed is unknown, defaulting to 1000 [ 381.774394][T13755] netlink: 'syz.4.2088': attribute type 21 has an invalid length. [ 381.783067][T13755] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2088'. [ 381.792893][T13755] netlink: 'syz.4.2088': attribute type 5 has an invalid length. [ 381.800898][T13755] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2088'. [ 381.987132][T13758] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2089'. [ 382.203124][T13762] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2091'. [ 382.665627][T13779] FAULT_INJECTION: forcing a failure. [ 382.665627][T13779] name failslab, interval 1, probability 0, space 0, times 0 [ 382.685796][T13779] CPU: 1 PID: 13779 Comm: syz.0.2097 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 382.696031][T13779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 382.706319][T13779] Call Trace: [ 382.709639][T13779] [ 382.712608][T13779] dump_stack_lvl+0x241/0x360 [ 382.717358][T13779] ? __pfx_dump_stack_lvl+0x10/0x10 [ 382.722619][T13779] ? __pfx__printk+0x10/0x10 [ 382.727302][T13779] should_fail_ex+0x3b0/0x4e0 [ 382.732046][T13779] ? __alloc_skb+0x1c3/0x440 [ 382.736690][T13779] should_failslab+0x9/0x20 [ 382.741245][T13779] kmem_cache_alloc_node_noprof+0x71/0x320 [ 382.747119][T13779] __alloc_skb+0x1c3/0x440 [ 382.751586][T13779] ? __pfx___might_resched+0x10/0x10 [ 382.756933][T13779] ? __pfx___alloc_skb+0x10/0x10 [ 382.761920][T13779] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 382.768081][T13779] ? security_socket_getpeersec_dgram+0x88/0xb0 [ 382.774404][T13779] netlink_sendmsg+0x638/0xcb0 [ 382.779210][T13779] ? __pfx_netlink_sendmsg+0x10/0x10 [ 382.784532][T13779] ? __import_iovec+0x536/0x820 [ 382.789400][T13779] ? aa_sock_msg_perm+0x91/0x160 [ 382.794370][T13779] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 382.799674][T13779] ? security_socket_sendmsg+0x87/0xb0 [ 382.805244][T13779] ? __pfx_netlink_sendmsg+0x10/0x10 [ 382.810552][T13779] __sock_sendmsg+0x221/0x270 [ 382.815263][T13779] ____sys_sendmsg+0x525/0x7d0 [ 382.820077][T13779] ? __pfx_____sys_sendmsg+0x10/0x10 [ 382.825402][T13779] __sys_sendmsg+0x2b0/0x3a0 [ 382.830038][T13779] ? __pfx___sys_sendmsg+0x10/0x10 [ 382.835172][T13779] ? vfs_write+0x7c4/0xc90 [ 382.839641][T13779] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 382.845989][T13779] ? do_syscall_64+0x100/0x230 [ 382.850780][T13779] ? do_syscall_64+0xb6/0x230 [ 382.855482][T13779] do_syscall_64+0xf3/0x230 [ 382.860004][T13779] ? clear_bhb_loop+0x35/0x90 [ 382.864710][T13779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.870624][T13779] RIP: 0033:0x7fe2c3375bd9 [ 382.875054][T13779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 382.894680][T13779] RSP: 002b:00007fe2c40bb048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 382.903112][T13779] RAX: ffffffffffffffda RBX: 00007fe2c3503f60 RCX: 00007fe2c3375bd9 [ 382.911095][T13779] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 000000000000000b [ 382.919081][T13779] RBP: 00007fe2c40bb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 382.927077][T13779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 382.935066][T13779] R13: 000000000000000b R14: 00007fe2c3503f60 R15: 00007ffd843451b8 [ 382.943071][T13779] [ 383.297982][T13806] lo speed is unknown, defaulting to 1000 [ 383.321553][T13809] FAULT_INJECTION: forcing a failure. [ 383.321553][T13809] name failslab, interval 1, probability 0, space 0, times 0 [ 383.340907][T13809] CPU: 0 PID: 13809 Comm: syz.1.2104 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 383.351133][T13809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 383.361496][T13809] Call Trace: [ 383.364832][T13809] [ 383.367798][T13809] dump_stack_lvl+0x241/0x360 [ 383.372532][T13809] ? __pfx_dump_stack_lvl+0x10/0x10 [ 383.378044][T13809] ? __pfx__printk+0x10/0x10 [ 383.382858][T13809] ? __pfx___might_resched+0x10/0x10 [ 383.388289][T13809] should_fail_ex+0x3b0/0x4e0 [ 383.393029][T13809] ? rxrpc_alloc_peer+0x80/0x340 [ 383.398023][T13809] should_failslab+0x9/0x20 [ 383.402577][T13809] kmalloc_trace_noprof+0x6c/0x2c0 [ 383.407916][T13809] rxrpc_alloc_peer+0x80/0x340 [ 383.412741][T13809] ? rxrpc_lookup_peer+0x259/0x8b0 [ 383.417934][T13809] rxrpc_lookup_peer+0x3ea/0x8b0 [ 383.422930][T13809] rxrpc_do_sendmsg+0xdaf/0x1910 [ 383.427951][T13809] ? __pfx_rxrpc_do_sendmsg+0x10/0x10 [ 383.433388][T13809] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 383.439241][T13809] ? do_raw_spin_unlock+0x13c/0x8b0 [ 383.444593][T13809] ? rxrpc_sendmsg+0x578/0x920 [ 383.449493][T13809] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 383.454629][T13809] __sock_sendmsg+0x221/0x270 [ 383.459420][T13809] ____sys_sendmsg+0x525/0x7d0 [ 383.464222][T13809] ? __pfx_____sys_sendmsg+0x10/0x10 [ 383.469553][T13809] __sys_sendmsg+0x2b0/0x3a0 [ 383.474176][T13809] ? __pfx___sys_sendmsg+0x10/0x10 [ 383.479311][T13809] ? vfs_write+0x7c4/0xc90 [ 383.483785][T13809] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 383.490133][T13809] ? do_syscall_64+0x100/0x230 [ 383.494931][T13809] ? do_syscall_64+0xb6/0x230 [ 383.499625][T13809] do_syscall_64+0xf3/0x230 [ 383.504144][T13809] ? clear_bhb_loop+0x35/0x90 [ 383.508846][T13809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.514757][T13809] RIP: 0033:0x7f2f47175bd9 [ 383.519186][T13809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.539247][T13809] RSP: 002b:00007f2f46bff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 383.547685][T13809] RAX: ffffffffffffffda RBX: 00007f2f47303f60 RCX: 00007f2f47175bd9 [ 383.555762][T13809] RDX: 000000000000ff00 RSI: 0000000020000000 RDI: 0000000000000005 [ 383.563755][T13809] RBP: 00007f2f46bff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 383.571831][T13809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 383.579835][T13809] R13: 000000000000000b R14: 00007f2f47303f60 R15: 00007fff4839e4e8 [ 383.587874][T13809] [ 383.628177][T13810] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2105'. [ 384.036050][T12338] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.191156][T13814] lo speed is unknown, defaulting to 1000 [ 384.193339][T13806] lo speed is unknown, defaulting to 1000 [ 384.494558][T12338] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.525348][T13814] lo speed is unknown, defaulting to 1000 [ 384.697753][T12338] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.871140][T12338] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.112040][T12338] bridge_slave_1: left allmulticast mode [ 385.131283][T12338] bridge_slave_1: left promiscuous mode [ 385.137489][T12338] bridge0: port 2(bridge_slave_1) entered disabled state [ 385.178333][T12338] bridge_slave_0: left allmulticast mode [ 385.191259][T12338] bridge_slave_0: left promiscuous mode [ 385.209909][T12338] bridge0: port 1(bridge_slave_0) entered disabled state [ 385.635130][T12338] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 385.648090][T12338] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 385.660680][T12338] bond0 (unregistering): Released all slaves [ 386.394373][T12338] hsr_slave_0: left promiscuous mode [ 386.413274][T12338] hsr_slave_1: left promiscuous mode [ 386.423481][T12338] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 386.430966][T12338] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 386.451592][T12338] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 386.467845][T12338] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 386.562638][T12338] veth1_macvtap: left promiscuous mode [ 386.568263][T12338] veth0_macvtap: left promiscuous mode [ 386.583270][T12338] veth1_vlan: left promiscuous mode [ 386.588809][T12338] veth0_vlan: left promiscuous mode [ 386.746545][ T5105] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 386.758550][ T5105] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 386.783633][ T5105] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 386.801026][ T5105] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 386.813219][ T5105] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 386.821952][ T5105] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 387.511940][T12338] team0 (unregistering): Port device team_slave_1 removed [ 387.579825][T12338] team0 (unregistering): Port device team_slave_0 removed [ 388.242349][T13868] lo speed is unknown, defaulting to 1000 [ 388.424732][T13887] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2123'. [ 388.807020][T13868] lo speed is unknown, defaulting to 1000 [ 388.807074][T13884] lo speed is unknown, defaulting to 1000 [ 388.873432][ T5111] Bluetooth: hci3: command tx timeout [ 389.010202][T13914] SET target dimension over the limit! [ 389.184197][T13884] lo speed is unknown, defaulting to 1000 [ 389.600275][T13868] chnl_net:caif_netlink_parms(): no params data found [ 390.109983][T13868] bridge0: port 1(bridge_slave_0) entered blocking state [ 390.128079][T13868] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.139876][T13868] bridge_slave_0: entered allmulticast mode [ 390.162484][T13868] bridge_slave_0: entered promiscuous mode [ 390.193591][T13868] bridge0: port 2(bridge_slave_1) entered blocking state [ 390.228445][T13868] bridge0: port 2(bridge_slave_1) entered disabled state [ 390.247287][T13868] bridge_slave_1: entered allmulticast mode [ 390.272937][T13868] bridge_slave_1: entered promiscuous mode [ 390.376325][T13868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 390.425655][T13868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 390.650307][T13868] team0: Port device team_slave_0 added [ 390.673082][T13955] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2141'. [ 390.701261][T13868] team0: Port device team_slave_1 added [ 390.748697][T13959] FAULT_INJECTION: forcing a failure. [ 390.748697][T13959] name failslab, interval 1, probability 0, space 0, times 0 [ 390.802659][T13959] CPU: 0 PID: 13959 Comm: syz.1.2143 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 390.812896][T13959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 390.822969][T13959] Call Trace: [ 390.826261][T13959] [ 390.829218][T13959] dump_stack_lvl+0x241/0x360 [ 390.834104][T13959] ? __pfx_dump_stack_lvl+0x10/0x10 [ 390.839333][T13959] ? __pfx__printk+0x10/0x10 [ 390.843954][T13959] ? netlink_insert+0x10b7/0x14b0 [ 390.849000][T13959] should_fail_ex+0x3b0/0x4e0 [ 390.853704][T13959] ? __alloc_skb+0x1c3/0x440 [ 390.858487][T13959] should_failslab+0x9/0x20 [ 390.863015][T13959] kmem_cache_alloc_node_noprof+0x71/0x320 [ 390.868851][T13959] __alloc_skb+0x1c3/0x440 [ 390.873297][T13959] ? __pfx___alloc_skb+0x10/0x10 [ 390.878252][T13959] ? netlink_autobind+0xd6/0x2f0 [ 390.883203][T13959] ? netlink_autobind+0x2b0/0x2f0 [ 390.888256][T13959] netlink_sendmsg+0x638/0xcb0 [ 390.893045][T13959] ? __pfx_netlink_sendmsg+0x10/0x10 [ 390.898349][T13959] ? __import_iovec+0x536/0x820 [ 390.903217][T13959] ? aa_sock_msg_perm+0x91/0x160 [ 390.908176][T13959] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 390.913472][T13959] ? security_socket_sendmsg+0x87/0xb0 [ 390.918948][T13959] ? __pfx_netlink_sendmsg+0x10/0x10 [ 390.924335][T13959] __sock_sendmsg+0x221/0x270 [ 390.929040][T13959] ____sys_sendmsg+0x525/0x7d0 [ 390.933834][T13959] ? __pfx_____sys_sendmsg+0x10/0x10 [ 390.939153][T13959] __sys_sendmsg+0x2b0/0x3a0 [ 390.944028][T13959] ? __pfx___sys_sendmsg+0x10/0x10 [ 390.949164][T13959] ? vfs_write+0x7c4/0xc90 [ 390.953632][T13959] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 390.959972][T13959] ? do_syscall_64+0x100/0x230 [ 390.964755][T13959] ? do_syscall_64+0xb6/0x230 [ 390.969538][T13959] do_syscall_64+0xf3/0x230 [ 390.974064][T13959] ? clear_bhb_loop+0x35/0x90 [ 390.978820][T13959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.984730][T13959] RIP: 0033:0x7f2f47175bd9 [ 390.989176][T13959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 391.008795][T13959] RSP: 002b:00007f2f46bff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 391.017227][T13959] RAX: ffffffffffffffda RBX: 00007f2f47303f60 RCX: 00007f2f47175bd9 [ 391.025246][T13959] RDX: 0000000000000000 RSI: 0000000020001240 RDI: 0000000000000006 [ 391.033242][T13959] RBP: 00007f2f46bff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 391.041226][T13959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 391.049211][T13959] R13: 000000000000000b R14: 00007f2f47303f60 R15: 00007fff4839e4e8 [ 391.057219][T13959] [ 391.068860][ T5111] Bluetooth: hci3: command tx timeout [ 391.192127][T13868] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 391.209363][T13868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 391.265728][T13868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 391.280249][T13868] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 391.291307][T13868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 391.318909][T13868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 391.437669][T13868] hsr_slave_0: entered promiscuous mode [ 391.463256][T13868] hsr_slave_1: entered promiscuous mode [ 391.814952][T13984] lo speed is unknown, defaulting to 1000 [ 391.895765][T13986] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2153'. [ 391.996005][T12344] ================================================================== [ 392.004130][T12344] BUG: KASAN: slab-use-after-free in l2tp_session_delete+0x28/0x9e0 [ 392.012153][T12344] Write of size 8 at addr ffff88806b359808 by task kworker/u8:14/12344 [ 392.020511][T12344] [ 392.022863][T12344] CPU: 0 PID: 12344 Comm: kworker/u8:14 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 392.033570][T12344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 392.043666][T12344] Workqueue: l2tp l2tp_tunnel_del_work [ 392.049191][T12344] Call Trace: [ 392.052507][T12344] [ 392.055472][T12344] dump_stack_lvl+0x241/0x360 [ 392.060193][T12344] ? __pfx_dump_stack_lvl+0x10/0x10 [ 392.065434][T12344] ? __pfx__printk+0x10/0x10 [ 392.070062][T12344] ? _printk+0xd5/0x120 [ 392.074255][T12344] ? __virt_addr_valid+0x183/0x520 [ 392.079390][T12344] ? __virt_addr_valid+0x183/0x520 [ 392.084534][T12344] print_report+0x169/0x550 [ 392.089051][T12344] ? __virt_addr_valid+0x183/0x520 [ 392.094175][T12344] ? __virt_addr_valid+0x183/0x520 [ 392.099381][T12344] ? __virt_addr_valid+0x44e/0x520 [ 392.104593][T12344] ? __phys_addr+0xba/0x170 [ 392.109109][T12344] ? l2tp_session_delete+0x28/0x9e0 [ 392.114326][T12344] kasan_report+0x143/0x180 [ 392.118842][T12344] ? l2tp_session_delete+0x28/0x9e0 [ 392.124053][T12344] kasan_check_range+0x282/0x290 [ 392.129007][T12344] l2tp_session_delete+0x28/0x9e0 [ 392.134042][T12344] ? l2tp_tunnel_del_work+0x1d3/0x330 [ 392.139522][T12344] l2tp_tunnel_del_work+0x1cb/0x330 [ 392.144734][T12344] ? process_scheduled_works+0x945/0x1830 [ 392.150481][T12344] process_scheduled_works+0xa2c/0x1830 [ 392.156052][T12344] ? __pfx_process_scheduled_works+0x10/0x10 [ 392.162048][T12344] ? assign_work+0x364/0x3d0 [ 392.166746][T12344] worker_thread+0x86d/0xd50 [ 392.171359][T12344] ? __kthread_parkme+0x169/0x1d0 [ 392.176397][T12344] ? __pfx_worker_thread+0x10/0x10 [ 392.181684][T12344] kthread+0x2f0/0x390 [ 392.185773][T12344] ? __pfx_worker_thread+0x10/0x10 [ 392.190892][T12344] ? __pfx_kthread+0x10/0x10 [ 392.195497][T12344] ret_from_fork+0x4b/0x80 [ 392.199931][T12344] ? __pfx_kthread+0x10/0x10 [ 392.204663][T12344] ret_from_fork_asm+0x1a/0x30 [ 392.209455][T12344] [ 392.212479][T12344] [ 392.214802][T12344] Allocated by task 13962: [ 392.219316][T12344] kasan_save_track+0x3f/0x80 [ 392.224005][T12344] __kasan_kmalloc+0x98/0xb0 [ 392.228609][T12344] __kmalloc_noprof+0x1f9/0x400 [ 392.233477][T12344] l2tp_session_create+0x3b/0xc20 [ 392.238516][T12344] pppol2tp_connect+0xca3/0x17a0 [ 392.243467][T12344] __sys_connect+0x2df/0x310 [ 392.248414][T12344] __x64_sys_connect+0x7a/0x90 [ 392.253188][T12344] do_syscall_64+0xf3/0x230 [ 392.257876][T12344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.263786][T12344] [ 392.266285][T12344] Freed by task 5108: [ 392.270383][T12344] kasan_save_track+0x3f/0x80 [ 392.275090][T12344] kasan_save_free_info+0x40/0x50 [ 392.280141][T12344] poison_slab_object+0xe0/0x150 [ 392.285087][T12344] __kasan_slab_free+0x37/0x60 [ 392.289948][T12344] kfree+0x149/0x360 [ 392.293855][T12344] __sk_destruct+0x58/0x5f0 [ 392.298456][T12344] rcu_core+0xafd/0x1830 [ 392.302709][T12344] handle_softirqs+0x2c4/0x970 [ 392.307483][T12344] __irq_exit_rcu+0xf4/0x1c0 [ 392.312085][T12344] irq_exit_rcu+0x9/0x30 [ 392.316333][T12344] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 392.321977][T12344] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 392.328146][T12344] [ 392.330477][T12344] Last potentially related work creation: [ 392.336388][T12344] kasan_save_stack+0x3f/0x60 [ 392.341077][T12344] __kasan_record_aux_stack+0xac/0xc0 [ 392.346484][T12344] call_rcu+0x167/0xa70 [ 392.350745][T12344] pppol2tp_release+0x24b/0x350 [ 392.355649][T12344] sock_close+0xbc/0x240 [ 392.359932][T12344] __fput+0x24a/0x8a0 [ 392.364017][T12344] task_work_run+0x24f/0x310 [ 392.368624][T12344] syscall_exit_to_user_mode+0x168/0x360 [ 392.374268][T12344] do_syscall_64+0x100/0x230 [ 392.378906][T12344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.384836][T12344] [ 392.387184][T12344] The buggy address belongs to the object at ffff88806b359800 [ 392.387184][T12344] which belongs to the cache kmalloc-1k of size 1024 [ 392.401332][T12344] The buggy address is located 8 bytes inside of [ 392.401332][T12344] freed 1024-byte region [ffff88806b359800, ffff88806b359c00) [ 392.415146][T12344] [ 392.417741][T12344] The buggy address belongs to the physical page: [ 392.424254][T12344] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6b358 [ 392.433030][T12344] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 392.441583][T12344] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 392.449178][T12344] page_type: 0xffffefff(slab) [ 392.453872][T12344] raw: 00fff00000000040 ffff888015041dc0 dead000000000100 dead000000000122 [ 392.462614][T12344] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 392.471391][T12344] head: 00fff00000000040 ffff888015041dc0 dead000000000100 dead000000000122 [ 392.480199][T12344] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 392.488893][T12344] head: 00fff00000000003 ffffea0001acd601 ffffffffffffffff 0000000000000000 [ 392.497747][T12344] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 392.506433][T12344] page dumped because: kasan: bad access detected [ 392.512866][T12344] page_owner tracks the page as allocated [ 392.518588][T12344] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 990, tgid 990 (kworker/u8:5), ts 379371557557, free_ts 379366318450 [ 392.539439][T12344] post_alloc_hook+0x1f3/0x230 [ 392.544222][T12344] get_page_from_freelist+0x2e4c/0x2f10 [ 392.549889][T12344] __alloc_pages_noprof+0x256/0x6c0 [ 392.555105][T12344] alloc_slab_page+0x5f/0x120 [ 392.559793][T12344] allocate_slab+0x5a/0x2f0 [ 392.564400][T12344] ___slab_alloc+0xcd1/0x14b0 [ 392.569081][T12344] __slab_alloc+0x58/0xa0 [ 392.573524][T12344] __kmalloc_noprof+0x257/0x400 [ 392.578388][T12344] ieee802_11_parse_elems_full+0xdb/0x2880 [ 392.584388][T12344] ieee80211_ibss_rx_queued_mgmt+0x4c8/0x2d70 [ 392.590477][T12344] ieee80211_iface_work+0x8a5/0xf20 [ 392.595693][T12344] cfg80211_wiphy_work+0x2db/0x490 [ 392.600836][T12344] process_scheduled_works+0xa2c/0x1830 [ 392.606502][T12344] worker_thread+0x86d/0xd50 [ 392.611228][T12344] kthread+0x2f0/0x390 [ 392.615338][T12344] ret_from_fork+0x4b/0x80 [ 392.620396][T12344] page last free pid 13681 tgid 13681 stack trace: [ 392.627249][T12344] free_unref_page+0xd22/0xea0 [ 392.632052][T12344] __slab_free+0x31b/0x3d0 [ 392.636641][T12344] qlist_free_all+0x9e/0x140 [ 392.641265][T12344] kasan_quarantine_reduce+0x14f/0x170 [ 392.646750][T12344] __kasan_slab_alloc+0x23/0x80 [ 392.651635][T12344] __kmalloc_noprof+0x1a3/0x400 [ 392.656563][T12344] tomoyo_realpath_from_path+0xcf/0x5e0 [ 392.662407][T12344] tomoyo_path_perm+0x2b7/0x740 [ 392.667274][T12344] security_inode_getattr+0xd8/0x130 [ 392.672600][T12344] vfs_getattr+0x45/0x430 [ 392.676965][T12344] vfs_fstatat+0xd6/0x190 [ 392.681308][T12344] __x64_sys_newfstatat+0x125/0x1b0 [ 392.686631][T12344] do_syscall_64+0xf3/0x230 [ 392.691208][T12344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.697125][T12344] [ 392.699466][T12344] Memory state around the buggy address: [ 392.705102][T12344] ffff88806b359700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 392.713256][T12344] ffff88806b359780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 392.721414][T12344] >ffff88806b359800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 392.729566][T12344] ^ [ 392.733917][T12344] ffff88806b359880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 392.742094][T12344] ffff88806b359900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 392.750166][T12344] ================================================================== [ 392.820820][T12344] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 392.828163][T12344] CPU: 1 PID: 12344 Comm: kworker/u8:14 Not tainted 6.10.0-rc6-syzkaller-01259-g3abbd7ed8b76 #0 [ 392.838791][T12344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 392.848940][T12344] Workqueue: l2tp l2tp_tunnel_del_work [ 392.854447][T12344] Call Trace: [ 392.857764][T12344] [ 392.860726][T12344] dump_stack_lvl+0x241/0x360 [ 392.865491][T12344] ? __pfx_dump_stack_lvl+0x10/0x10 [ 392.870734][T12344] ? __pfx__printk+0x10/0x10 [ 392.875366][T12344] ? preempt_schedule+0xe1/0xf0 [ 392.880303][T12344] ? vscnprintf+0x5d/0x90 [ 392.884681][T12344] panic+0x349/0x860 [ 392.888633][T12344] ? check_panic_on_warn+0x21/0xb0 [ 392.893790][T12344] ? __pfx_panic+0x10/0x10 [ 392.898257][T12344] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 392.904366][T12344] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 392.910765][T12344] ? print_report+0x502/0x550 [ 392.915678][T12344] check_panic_on_warn+0x86/0xb0 [ 392.920708][T12344] ? l2tp_session_delete+0x28/0x9e0 [ 392.925962][T12344] end_report+0x77/0x160 [ 392.930250][T12344] kasan_report+0x154/0x180 [ 392.934803][T12344] ? l2tp_session_delete+0x28/0x9e0 [ 392.940052][T12344] kasan_check_range+0x282/0x290 [ 392.945125][T12344] l2tp_session_delete+0x28/0x9e0 [ 392.950194][T12344] ? l2tp_tunnel_del_work+0x1d3/0x330 [ 392.955613][T12344] l2tp_tunnel_del_work+0x1cb/0x330 [ 392.960859][T12344] ? process_scheduled_works+0x945/0x1830 [ 392.966718][T12344] process_scheduled_works+0xa2c/0x1830 [ 392.972336][T12344] ? __pfx_process_scheduled_works+0x10/0x10 [ 392.978361][T12344] ? assign_work+0x364/0x3d0 [ 392.983094][T12344] worker_thread+0x86d/0xd50 [ 392.987733][T12344] ? __kthread_parkme+0x169/0x1d0 [ 392.992809][T12344] ? __pfx_worker_thread+0x10/0x10 [ 392.997966][T12344] kthread+0x2f0/0x390 [ 393.002197][T12344] ? __pfx_worker_thread+0x10/0x10 [ 393.007361][T12344] ? __pfx_kthread+0x10/0x10 [ 393.011995][T12344] ret_from_fork+0x4b/0x80 [ 393.016455][T12344] ? __pfx_kthread+0x10/0x10 [ 393.021088][T12344] ret_from_fork_asm+0x1a/0x30 [ 393.025914][T12344] [ 393.029261][T12344] Kernel Offset: disabled [ 393.033606][T12344] Rebooting in 86400 seconds..