last executing test programs: 2.310423531s ago: executing program 2 (id=3029): r0 = socket$inet6(0xa, 0x3, 0x9) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x6, &(0x7f0000000140)={0x24, {{0x29, 0x0, 0x0, @mcast1}}}, 0x88) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x4, 0x4}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000200000000000000000818110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x2000000, 0x11, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) pwrite64(r2, &(0x7f00000006c0)="22499c7e8fc31a89c5392ec7298d6c112b77e07c2a4844e9a27a7042c5f00eb6905c806ea682b237f2f3c323299f97942cf8e2ffb51a1a93840238a0bfd7f701f36c0d57186234ca7cd9429498e900f7d4e73dbe282be59ceb160ba48eb2bce496ce275d45017820a5266b4de25f1db8328a61864dc0f709f504ff08792572f616febc8a07dd5e99bb4440902f2095952e029386d34fabe8be5757d010c355a5e950bb365fd9740b62bcf12d169a6d83bee6333417610167085035bf1db8505a6e749d9a7169baacb62d370bf596c74a85773a8a8ccce8810ebf65a013877d2f17e441e2a4f4505a8600f5337f5a", 0xee, 0x6) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r6 = socket$inet6(0xa, 0x2, 0x3a) setsockopt$sock_int(r6, 0x1, 0x1d, &(0x7f0000000000)=0x5, 0x4) connect$inet6(r6, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c) sendto$inet6(r6, &(0x7f0000000100)="80000fdc2208a1ce", 0x8, 0x0, 0x0, 0x0) recvmmsg(r6, &(0x7f0000006280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r8 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCDELRT(r8, 0x891e, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r7, @ANYBLOB="0800050003"], 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000640)={0x7c, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x49, 0xe, {{{}, {}, @broadcast, @broadcast, @from_mac}, 0x0, @random, 0x0, @void, @void, @void, @void, @void, @void, @val={0x25, 0x3, {0x0, 0x39}}, @void, @void, @val={0x2d, 0x1a}, @void, @void, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @crypto_settings=[@NL80211_ATTR_SAE_PASSWORD={0x4}]]}, 0x7c}}, 0x0) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x16, &(0x7f00000008c0)=@raw=[@btf_id={0x18, 0x6, 0x3, 0x0, 0x4}, @alu={0x4, 0x0, 0x9, 0x7, 0xa, 0x30, 0x8}, @jmp={0x5, 0x0, 0x8, 0x5, 0xa, 0x50}, @printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x25b}}, @generic={0x0, 0x3, 0x6, 0xc, 0x4}, @exit, @exit, @btf_id={0x18, 0x2, 0x3, 0x0, 0x2}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}], &(0x7f0000000180)='GPL\x00', 0x5, 0x0, &(0x7f00000001c0), 0x41100, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0xa, 0x1}, 0x8, 0x10, &(0x7f0000000380)={0x0, 0x2, 0x4, 0x39}, 0x10, 0x0, 0x0, 0x5, 0x0, &(0x7f00000003c0)=[{0x2, 0x3, 0x1, 0x2}, {0x1, 0x3, 0x10002, 0x7}, {0x2, 0x1, 0x8, 0xb}, {0x0, 0x5, 0x2, 0x1}, {0x5, 0x2, 0xe, 0x3}], 0x10, 0xfffffffa}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r1}, &(0x7f0000000080), &(0x7f0000000580)=r9}, 0x20) 1.403834468s ago: executing program 2 (id=3039): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='kfree\x00'}, 0x10) r0 = socket$tipc(0x1e, 0x4, 0x0) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000840)=0x5, 0x4) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r2 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r2, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'macvlan1\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000003c0)=@newlink={0x48, 0x10, 0x503, 0x0, 0x900, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_ADDRESS={0xa, 0x1, @broadcast}]}, 0x48}}, 0x0) 1.34862407s ago: executing program 1 (id=3041): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xf, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000005000000000000000000000018160000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000000e000000bf0900000000000056090100000000809500000000000000bf91000000000000b7020020000004008500000000000000b70000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x5, 0x1003, &(0x7f0000001e40)=""/4099}, 0x90) 1.229841323s ago: executing program 2 (id=3044): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRESHEX=r1, @ANYRES8=r0], &(0x7f0000000000)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0}, 0x90) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000010140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a60000000060a090400000000000000000200e80034000480300001800e000100696d6d6564696174650000001c000280100002800c00028008000180ffffffff08000140020000000900010073797a30000000000900020073797a32"], 0x88}}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x24}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r4, @ANYBLOB="11002a00dd0b61626364656673b190be26d977d06e6768696a6b00000010002d800a0000"], 0x40}}, 0x0) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="8000000008021100000108021100000008021100000100000000000000000000640001000006020202020202010882848b968c1218240301092a0100de7437bf44dcc263db23aa6684313469e58d34d3a17b5218a3dc19cbc6e95eb6f66776ad33157163f18a51ad77ba508246c72173bca76f98bbb18f3125"], 0x3c) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='blkio.bfq.sectors_recursive\x00', 0x100002, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0xd21, 0x5b, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = socket$inet_smc(0x2b, 0x1, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0xfffffff8, 0x9, 0x10004, 0x120, r5, 0x1ff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000006208500000070000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r9, @ANYRES16=r7], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r10}, 0x10) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x4, 0x42073, 0xffffffffffffffff, 0x4000) ioctl$sock_SIOCGIFINDEX(r8, 0x8931, &(0x7f0000000180)={'batadv0\x00'}) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffef}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='scsi_dispatch_cmd_start\x00', r11}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{}, &(0x7f0000000a00), &(0x7f00000001c0)=r5}, 0x20) write$cgroup_type(r6, &(0x7f0000000140), 0x9) nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000740)=ANY=[@ANYBLOB="5000000008021100000108021100000008021100000000000000000000000000640001000006020202020202010882848b960c1218242d7f37ea1c67341d4515d42b5a578552e5748c65e48d67b2be13a2417a36c25e08148eeaa4a8a561eb201f044882777aae7b2d9a21f82120279c7a4dae4ce57220f9b8cde757fbcc1725cc7ea49cb9ef13e31afe7d6b43d5171fa529e249366ae18f573981d9cf5000c49396ec4e1bcddcc55b9307346e6d4e"], 0x36) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0xe, 0x4, 0x8, 0xb}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.224058435s ago: executing program 4 (id=3045): socketpair(0x15, 0x800, 0x6, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x2, @multicast2, 0x4e23, 0x4, 'nq\x00', 0x3c, 0x1, 0x2b}, 0x2c) r2 = socket$nl_rdma(0x10, 0x3, 0x14) socket$xdp(0x2c, 0x3, 0x0) syz_emit_ethernet(0x45, &(0x7f0000000080)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x31}, @remote, @val={@void, {0x8100, 0x3, 0x1, 0x3}}, {@mpls_mc={0x8848, {[{0x6}, {0x1, 0x0, 0x1}, {0x2, 0x0, 0x1}], @generic="8ec62cbb8ba1f0b8c850034fdc5f3d83e676e955fe5e01df1de9d8fb818467efaa2d3265dc2c4c"}}}}, &(0x7f0000000100)={0x1, 0x1, [0x382, 0xbc, 0xba0, 0x6e2]}) getsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000140), &(0x7f0000000180)=0x4) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000200)=@raw={'raw\x00', 0x9, 0x3, 0x268, 0xc8, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x198, 0xffffffff, 0xffffffff, 0x198, 0xffffffff, 0x3, &(0x7f00000001c0), {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @private=0xa010102}, @private0={0xfc, 0x0, '\x00', 0x1}, [0xffffffff, 0x0, 0xff000000, 0xff], [0xff000000, 0xffffff00, 0xff, 0xffffff00], 'veth0_to_batadv\x00', 'wg0\x00', {0xff}, {0xff}, 0x3c, 0xb, 0x2, 0x2}, 0x0, 0xa8, 0xc8}, @unspec=@TRACE={0x20}}, {{@ipv6={@remote, @local, [0x0, 0x0, 0xffffff00, 0xff000000], [0xffffff00, 0x0, 0x0, 0xff], 'dummy0\x00', 'bond_slave_0\x00', {}, {0xff}, 0x3c, 0x4, 0x4, 0x6}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2c8) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x5}, 0x48) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000740)=0xffffffffffffffff, 0x4) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000007c0)={0x8, 0x0}, 0x8) r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0x4, &(0x7f0000000800)=@raw=[@cb_func={0x18, 0x9, 0x4, 0x0, 0x2}, @map_val={0x18, 0x4, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa}], &(0x7f0000000840)='GPL\x00', 0x4, 0xf1, &(0x7f0000000880)=""/241, 0x41100, 0x11, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, &(0x7f0000000980)={0x0, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x4e6e, 0xffffffffffffffff, 0x3, &(0x7f00000009c0)=[0x1, 0x1, 0x1, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000000a00)=[{0x3, 0x5, 0x9, 0x9}, {0x1, 0x5, 0xa, 0x4}, {0x4, 0x4, 0x6a2b, 0x2}], 0x10, 0xded1}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000b80)={{0x1, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000b40)='%pS \x00'}, 0x20) r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000bc0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xc72, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x3}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000c40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d00)={{0x1, 0xffffffffffffffff}, &(0x7f0000000c80), &(0x7f0000000cc0)='%+9llu \x00'}, 0x20) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000d40)=@bloom_filter={0x1e, 0x2, 0xfffffe00, 0xee, 0xc21, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x2, 0xe}, 0x48) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x1000, 0x0, 0x80, 0x500, 0x1, 0xe6, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x4}, 0x48) r13 = bpf$PROG_LOAD(0x5, &(0x7f0000000f00)={0x1e, 0x22, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7d, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@map_idx_val={0x18, 0x7, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x6fa}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}, @map_fd={0x18, 0x1}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @map_fd={0x18, 0x3, 0x1, 0x0, r3}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000006c0)='GPL\x00', 0x2, 0x22, &(0x7f0000000700)=""/34, 0x40f00, 0x2a, '\x00', 0x0, 0x2, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000780)={0x4, 0x3, 0xffffffff, 0x8}, 0x10, r5, r6, 0x7, &(0x7f0000000e40)=[r7, 0x1, r8, r9, 0xffffffffffffffff, r10, r11, r12, 0xffffffffffffffff], &(0x7f0000000e80)=[{0x5, 0x4, 0x10, 0x9}, {0x1, 0x1, 0x8, 0x9}, {0x4, 0x5, 0x4, 0x3}, {0x3, 0x3, 0x6, 0x2}, {0x0, 0x1, 0x8, 0x4}, {0x3, 0x4, 0x7, 0x4}, {0x0, 0x5, 0x0, 0x8}], 0x10, 0x6}, 0x90) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000fc0)={{{@in=@empty, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@empty}}, &(0x7f00000010c0)=0xe8) r15 = openat$cgroup_ro(r8, &(0x7f0000001100)='blkio.bfq.io_serviced\x00', 0x0, 0x0) r16 = openat$cgroup_ro(r15, &(0x7f0000001140)='cgroup.freeze\x00', 0x0, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000001180)='afs_cb_break\x00', r13}, 0x10) epoll_create1(0x0) r17 = openat$cgroup_ro(r12, &(0x7f0000001200)='pids.current\x00', 0x0, 0x0) r18 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000002440)={0x0, 0x0, 0x10}, 0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002500)={0x6, 0x28, &(0x7f0000001240)=@raw=[@map_fd={0x18, 0x5, 0x1, 0x0, r3}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x7}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r17}}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffffa}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1a7, 0x0, 0x0, 0x0, 0x32506696}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7bb1}}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], &(0x7f0000001380)='GPL\x00', 0x8001, 0x1000, &(0x7f00000013c0)=""/4096, 0x40f00, 0xf, '\x00', r14, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000023c0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000002400)={0x4, 0x7, 0x7, 0x7}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000002480)=[r8, r8, r18, r16, r15, r3, r8, r7], &(0x7f00000024c0)=[{0x1, 0x5, 0x2, 0x9}, {0x1, 0x2, 0xd, 0x8}, {0x5, 0x5, 0x8, 0x2}], 0x10, 0x1}, 0x90) setsockopt$inet_mreqsrc(r15, 0x0, 0x26, &(0x7f00000025c0)={@private=0xa010100, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000002600)={0x0, 0xffffffff}, &(0x7f0000002640)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r16, 0x84, 0x9, &(0x7f0000002680)={r19, @in={{0x2, 0x4e24, @loopback}}, 0x3, 0x3, 0x8, 0x6, 0x40, 0x5, 0xd}, &(0x7f0000002740)=0x9c) 1.141998817s ago: executing program 1 (id=3046): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x240080e4) r1 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) r2 = socket$l2tp(0x2, 0x2, 0x73) r3 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r3, &(0x7f0000000080)={0x2, 0x0, @local, 0x4}, 0x10) bind$l2tp(r2, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0xa00, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="7000000002060508000000000000000000070000120003006269746d61703a69702c6d616300000005000400000000000900020073797a30000000a8240007800c00028008000140000000010c0001800800014000000006080006400000001005000500020000000500010006"], 0x70}}, 0x0) 1.099722717s ago: executing program 4 (id=3048): setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c0000004200010a000000005865"], 0x1c}}, 0x0) 1.016622526s ago: executing program 1 (id=3050): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000240)=[{&(0x7f0000000080)="3900000013fc034700bb5be1c3fbfeff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_mreqsrc(r0, 0xb00, 0x25, &(0x7f0000000100)={@multicast2, @loopback, @empty}, 0xc) 991.253942ms ago: executing program 0 (id=3051): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f00)=@newlink={0x24, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x88a8}, [@IFLA_VFINFO_LIST={0x4}]}, 0x24}}, 0x0) 972.281965ms ago: executing program 4 (id=3052): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = epoll_create1(0x0) r2 = socket$unix(0x1, 0x1, 0x0) close(r2) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)) setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, 0x0, 0x0) r3 = socket(0x2000000000000021, 0x2, 0x10000000000002) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) close(0xffffffffffffffff) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x200001}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x54}}, 0x0) sendmmsg(r3, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[{0xc0, 0x0, 0x0, "69869f9b4a0074586c9f0c522844c65014127e4651d085a89043138706e79a415b0b0d126c51c1215cfe34997eddd2b4a8256b525b5c15b219daa9ce4cca864a73d9c49ae2771bb70203ebd653200a0d37a0c028cb33b28c7532f384febe039d54537e6952f92cc821c13f34a5426d1532ddd442827bd8dae047fac4b17d711520cd27e961b3719609ab712940ecf8144bddecefbabf2f18e909822089ac4fcedea2b8ec7e90d0456d07b3770b67"}, {0x90, 0x0, 0x0, "72a9590a604c03a1efaa205bc9b33fe1e977c3d1d1408ae17ab1ff9118f13db566222a1e12c010521a70c445d97d0cba145ba79178a6d3bbaf70f226652e625fada31ca89eb8c925dd4508fcd45487d3c7adbd913b169777e4af51b9946246bba4c4738a0c7eddb08f69d74199764d908782652867dcd1da4aae"}, {0xe0, 0x0, 0x0, "187ab360a4694eb57bbe6342b5dda581327297f3380b94699ac0c4df81a9904c6b5b40886799022be834dbee1691a0b86881e701b7411036b9d70173dcfe9af0e46c8b97f7a94c1cb39e3ff9ffb5ead3394e9aa03d9a841b579823964df8643ed6ce4a33534bd8f71d23cf382643573c2b096540e8b3015e71ab7ab18d7b0365f8a57e46b31177feadae2f9ba0b1dec676eb60a744f5aac4213806b82bfc2390dc42727cc56d3bbf03700c77441d5e788d6ef2656c82c6b151c4180dbf2b21d7e7f8e824eb8e2c6ab2"}, {0x18, 0x110, 0xd}], 0x248, 0xe000}, 0x5}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[{0x10}], 0x10}}], 0x56, 0xc800) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_udp_int(r7, 0x11, 0x65, 0x0, &(0x7f0000000180)) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000080)={0xa0028000}) 900.036251ms ago: executing program 1 (id=3054): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8008, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x400000, 0x3}, 0x48) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map=r0, 0x7, 0x0, 0x3, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0], &(0x7f00000003c0)=[0x0, 0x0]}, 0x40) (async, rerun: 64) r1 = socket(0x2b, 0x1, 0x0) (async, rerun: 64) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="000000000000001302000000000061612e00"], 0x0, 0x2a}, 0x20) (async) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1f8a9918bc4055eaaeb6db4ee9bcb25b1811dbf40b3a7da5a8a64db04ed6dd26eea2e37229c339b1f91201c2796173864", 0x3d}], 0x1}, 0x0) (async, rerun: 32) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000007d00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) (async, rerun: 32) r5 = socket$inet6(0xa, 0x2, 0x0) (rerun: 32) bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) (async) sendmmsg$inet6(r5, &(0x7f0000001500)=[{{&(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, &(0x7f0000001440)=[{&(0x7f00000000c0)="a6c6c34238f4595563a175ec970bf439024f8ec2dd49af842ad6830044218ebde605b5112fb292cf5d480002739aed74e8bacf37c73b5cdff62e63d3205c2d63c2ae686256cacda6fccf602641752997b84b75cdfd8d156c5fa9fa3f9338f13e0bb9af65d1e645a7f7553972ac", 0x6d}], 0x1}}], 0x1, 0x0) (async, rerun: 64) recvmmsg(r5, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000180)=""/109, 0x6d}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) (rerun: 64) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xc, 0x8, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x5}, 0x48) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) (async, rerun: 64) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 64) unshare(0x6020400) (async) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$FICLONE(r8, 0x40049409, r7) (async) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x17, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68}, 0x90) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r6}, &(0x7f0000000040)=0x18, &(0x7f0000000380)}, 0x20) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000a80)='ext4_writepages\x00', r9}, 0x10) (async) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000500)=ANY=[], 0x8) (async, rerun: 64) write$cgroup_int(r10, &(0x7f0000000200), 0x43400) (rerun: 64) recvmsg(r2, &(0x7f0000000b00)={0x0, 0xfffffffffffffe6f, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1}, 0x40fd) (async) close(r2) (async) ioctl$F2FS_IOC_WRITE_CHECKPOINT(r1, 0xc0189436, 0x1000000000000) (async) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='percpu_alloc_percpu\x00', r11}, 0x10) 846.144561ms ago: executing program 0 (id=3055): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000019000100000000000000000000000000000000000000000000000000fe8000000000000000833449155bf3c2640000000000000002000010"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x10, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000014"], 0x188}, 0x1, 0x0, 0x1000000}, 0x0) 819.499209ms ago: executing program 4 (id=3056): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x0, 0xffff, 0x0, 0x1}, 0x48) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x0, 0xfffffffd, @mcast1, 0x9}, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @in={0x2, 0x0, @local}, @in6={0xa, 0x4e24, 0x401, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x80}], 0x64) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000280)='block_plug\x00'}, 0x10) socket$nl_route(0x10, 0x3, 0x0) gettid() r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c01000021000100000000000000000000000000000000000000ffffe0000001fe8000"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000d71781980835c47144"], 0x15c}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000140), 0xc, &(0x7f0000000680)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b0000000", @ANYRES16, @ANYBLOB="00000000000000000000100000004c0002800800020000000000040004000800020000000000040004001c0003800800010000000080080002000000000008000200000000b23cdfe7e8130003800800020008000000080002004c000000100006800400030004000200040005003800800800030000000000110001006574683a6970365f767469300000ca0d2c0000220001007564703a73797a320000000008000300000000000800c851790cce46c1c0ea65aad376a8b05b74f316197ea594b0f77695e2d451e9592dc0b84fb7537dd6f4360dc218410175361573a994a7cf08d75eb36e09a3463299d7bbba7f826acdedbfb86faf3c9ec3e6123d55a9a215154e0d50688b6e0040ba4bf7467cba3a21f6f34988654b4e8b2e55533fef7a8bd9b93723a5a5235194b7503c07bddfa83a6a778e9466c88e7cc9d295ea150cd9ac11a129a67ce10bb1aea6882b5fcd"], 0xb0}, 0x1, 0x0, 0x0, 0x4c040}, 0x40) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) r5 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r5, &(0x7f0000000000)={0x1d, r4}, 0x10) setsockopt$CAN_RAW_FILTER(r5, 0x65, 0x1, &(0x7f00000002c0), 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 760.526977ms ago: executing program 3 (id=3057): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_opts(r0, 0x29, 0x40, &(0x7f0000000b40)=ANY=[@ANYBLOB="000a0000000000000730000000000a0000c287000000000000000000000000001000000087c200000000000000000000000000000003000000000720000000000600000000000000000000000000000000000000fe"], 0x60) 712.641759ms ago: executing program 0 (id=3058): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x3010000}, {{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x1a}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xa, 0x9}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 675.264204ms ago: executing program 3 (id=3059): socket(0x10, 0x803, 0x0) (async) r0 = socket(0x10, 0x803, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000004c0)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newlink={0x44, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r1}, @IFLA_GRE_PMTUDISC={0x5}]}}}]}, 0x44}}, 0x0) 515.911141ms ago: executing program 3 (id=3060): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8}, @NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac=@broadcast}]}, 0x30}, 0x1, 0x30000000}, 0x0) 515.151884ms ago: executing program 0 (id=3061): socket$nl_rdma(0x10, 0x3, 0x14) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f00000011c0)=ANY=[@ANYBLOB="280000000b14010000e0ffffffffffff070001"], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x44000) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0xd, 0x200cc, 0x6, 0x5}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)='D', &(0x7f00000003c0)="b01b851b11776619d0908200272b5860b6a3bc177566c45a882f93ce3db61cd27ba00276729ca492c27a1c43e77df5048d3079f17209bb4e902c1979d79b7e59b859d109c4540742f16dbffb13dc35c250e181533ad3586ce5eb85cc2291e07f4ca1269a79c429588fb1d223098b5d2931c589126253e9b7e162aadb9a84f092cde8af68483e4832f7a49eba483e68d64741c097608ec651fed83cceaf8e867f27fb7fff705b304c4981526ac585682d27a9761bab822de10ed62b6f760ab7d090a59b446e29c900239e740f7a56fa49257c9d781a4c8676b14bdbe8f29a0f36454c483af01561", 0x4b2, r1, 0x4}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000680), 0x2, r1}, 0x38) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="8f", 0x1}], 0x1, &(0x7f00000001c0)=[@rights={{0x14, 0x1, 0x1, [r4]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x22, &(0x7f00000000c0), 0x4) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0xffffffffffffffff, 0x100000, 0x10}, 0xc) recvmsg(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=""/27, 0x1b}, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) connect$unix(r5, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r5, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01080000e0030000000e02000d00090001007300803000000000080002400000000214000000110001"], 0x50}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000e00)={{0x14}, [@NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x301, 0x0, 0x0, {}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8}]}], {0x14}}, 0x5c}}, 0x0) connect$unix(r2, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r2, &(0x7f0000000100)=@abs, 0x6e) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x6e000) r8 = accept4(r7, 0x0, &(0x7f0000000280), 0x80000) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000500), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000540)={'batadv_slave_1\x00', 0x0}) sendmsg$BATADV_CMD_GET_VLAN(r8, &(0x7f0000000640)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x609000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x4c, r9, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r10}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x3}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4080}, 0x20044000) gettid() 499.605374ms ago: executing program 1 (id=3062): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='ext4_es_lookup_extent_enter\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.empty_time\x00', 0x26e1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000240)=@add_del={0x2, &(0x7f00000001c0)='dvmrp0\x00'}) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="20000000100001100001000004750000000a0000", @ANYRES32=r3, @ANYBLOB="da"], 0x20}}, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x17}]}, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)={@map, r5, 0x37, 0x0, 0x0, @link_id}, 0x20) r6 = socket$inet(0xa, 0x801, 0x84) connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r6, 0x8) r7 = accept4(r6, 0x0, 0x0, 0x0) sendto$inet(r7, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0) sendmsg(r7, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000000)="02", 0x1}], 0x1}, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r7, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x3}, 0x8) close(r7) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r3, 0x22a0b}}, 0x20}}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r9 = openat$cgroup_int(r8, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r9, &(0x7f0000000340)=ANY=[@ANYRESDEC], 0x1e4) socket$kcm(0x2, 0x1000000000000002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x8, [@fwd={0x2}, @ptr={0x0, 0x0, 0x0, 0x2, 0x3}, @func={0x6}]}, {0x0, [0x0, 0x61, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x44}, 0x20) socket$inet(0xa, 0x801, 0x84) connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0x8, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000280)={0x0, 0x1}, &(0x7f00000002c0)=0x8) 465.553344ms ago: executing program 3 (id=3063): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000340)={&(0x7f00000000c0)={0xa, 0x4e25, 0x0, @mcast2={0xff, 0x5}}, 0x1c, 0x0, 0xe00}, 0x0) 407.179595ms ago: executing program 4 (id=3064): r0 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = socket$inet6(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000001500)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0021bd2dca8a9848a3c728f1c46b7b31afdc1338d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade", 0x55}], 0x1}, 0x0) 406.934903ms ago: executing program 3 (id=3065): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000040)=@ethtool_ringparam={0x11, 0x0, 0x0, 0x0, 0x0, 0xee1d, 0x3000000}}) 328.532692ms ago: executing program 2 (id=3066): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0xe, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081004000bfa300000000000007030000f1feffff720af0fff8ffffff71a4f0ff0000000071108600000000001d400500000000002604000001ed00000f030000000000007c440000000000006b0a00fe000000007203000000000006b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f18564a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c26fc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccc99069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad24b89b6a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c87852730a3bd7ac923fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca4856ff03b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec860cde7c79f7b4d4e24c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b450100000001000000393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00400000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd599c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb80610eb37bd2d40ebdfed687f0b093e68f10b72146a0b749ee2105e2da94a288146abbbaf7c0b24fe0000000000000000f1a4f4de6a8d12dc9e71a20cbd412898586843b534d36e21379a8a06133c1babde9e5bd5b6afc5f684aada43ee560e800f58cb33b8483f6518abde7c86bd5d389c1b3c40fdd4bebe4adf87b1025ff57eb50984cc5bad9ea1c15484ea627c3c1501d612ed65939266e7332966f03e0376076e7c5dfe25f367dda7f69db89829b360dd2f59cbaad10f13e269eca792725bbacb96aa0a5c426ca76f84322661"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffa3}, 0x48) 308.610251ms ago: executing program 0 (id=3067): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000005000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) 168.139127ms ago: executing program 3 (id=3068): r0 = socket$inet6(0xa, 0x3, 0x7) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_SET_REG(r1, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000328bd7000ffdbdf251a0000000500920081000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x4004841) r2 = socket(0x10, 0x803, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000880)={0xb8, r3, 0x20, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xbe, 0x5a}}}}, [@NL80211_ATTR_TX_RATES={0x88, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x80, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x6b, 0x9, 0x0, 0x6ccf, 0x5, 0x9, 0x3]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_LEGACY={0x14, 0x1, [0x30, 0x1, 0x16, 0x9, 0x1, 0x5, 0x18, 0x3, 0x4, 0x12, 0xf, 0x30, 0x12, 0x0, 0x1, 0x3]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x4, 0x7, 0xc5, 0xa, 0x1f, 0x9d, 0x100]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x401, 0xfff8, 0x0, 0x72, 0x1, 0x33, 0x80]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xea, 0x9, 0x8, 0x9, 0x1, 0xff01, 0xbc, 0x6]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_5GHZ={0x4}]}, @NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x1}, 0x40004) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xe, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r4, &(0x7f0000000000), &(0x7f0000000080)=@buf="1d"}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000380)={r4, &(0x7f00000007c0)="0ff764152d0e1d05094aff38491b19518add9035757994151b58a983f62305999c5b0afb60be20bf26bc50539668b60153dc7210ccdd6e56ad7e484c981bbef4b17f8e0b3347d45eabd32408c2ef0f58806cf5bd6e6c8f9b036a9244895e449d65c806719d6bf6e17a3f5e2272440465dd545f13a3c36f8a20bfa7b5c2ccf78c361fa0b0bff4d9961c206976ecf359fa2f0b", &(0x7f00000002c0)=@tcp6=r2, 0x1}, 0x20) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), r2) sendmsg$NL80211_CMD_PROBE_CLIENT(r2, &(0x7f0000000740)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000980)={0x5c, r5, 0x800, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x5c}, 0x1, 0x0, 0x0, 0x2000c801}, 0x40) sendmsg$IPSET_CMD_TEST(r2, &(0x7f0000000700)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[], 0x98}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000005200000002000000fcdbdf2500000000bbbfc173aeb4ae974d68124272cb7de41e913d2c46c58648cef0ae9461b1df2deb0f0b3d591e9a10f3bdbbc20d471ab1ce5e0000000000000008f1fc9e8c54ee3e3d5dfb636d9f55355fce381b63eed177362bcec90f68c96373c4900469e9c2af752dab8d296e09b2e89b2086ca807533fb57fa99dbf78cfec9ca0afbc2a2fcf34733437f78c2dd76442dcaedfc09e00456ef466f7291e7e93cfe5c29144fff28a84788ca66c6e09d02ae39fe243d22462994a5f62203a540c46c2005e7269667ddb89d366e3968ce60eae84afcbfb628eb3d"], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x40000000) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendto$inet6(r2, &(0x7f0000000080)="bdc31ff1b5342a6fd711de072908c98268d107223299f39438b1945d1a689cf034490f34b6e6c5666d13cd4c68", 0x2d, 0x804, &(0x7f0000000140)={0xa, 0x4e22, 0x9, @empty, 0x7}, 0x1c) r6 = socket$alg(0x26, 0x5, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) bind$alg(r6, &(0x7f00000023c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) r8 = accept4(r6, 0x0, 0x0, 0x0) sendto$inet6(r8, &(0x7f0000847fff)='\x00', 0xfffffffffffffd9f, 0x0, 0x0, 0x25) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NLBL_CALIPSO_C_LISTALL(r9, &(0x7f0000000600)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000300)={&(0x7f0000000b00)={0x54, r10, 0x20, 0x70bd28, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000015}, 0x20000000) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@loopback, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x380000, @loopback}, 0x1c) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000040)={0x8}, 0x4) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x20000000, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x24, 0x29, 0x43}], 0x18}], 0x146, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) 167.325424ms ago: executing program 2 (id=3069): r0 = socket$igmp6(0xa, 0x3, 0x2) sendmmsg$inet6(r0, &(0x7f0000000680)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @local}, 0x1c, 0x0}, 0x3f}, {{&(0x7f0000000340)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="88000000000000002900000039"], 0x148}}], 0x2, 0x0) 151.566457ms ago: executing program 1 (id=3070): unshare(0x68040200) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) ioctl$F2FS_IOC_DEFRAGMENT(0xffffffffffffffff, 0xc010f508, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000400000000001e000000850000000e00000085000000a000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x110, 0xffffffffffffffff, 0x91ac3000) syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000180)={'ip6gre0\x00', &(0x7f00000002c0)={'ip6tnl0\x00', 0x0, 0x9d1ab246113c84c9, 0x40, 0x0, 0x0, 0x0, @private1, @private1}}) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000003b000900000000000000000001000000040000000c0001800600000005470000080002"], 0x2c}}, 0x0) r5 = socket$rxrpc(0x21, 0x2, 0xa) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r8, @ANYBLOB="ff830500000700ffffff", @ANYRES32=r5], 0x4}}, 0x0) sendfile(r7, r6, 0x0, 0x100000002) unshare(0x0) unshare(0x0) socket(0x1, 0x3, 0x0) 119.83971ms ago: executing program 4 (id=3071): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x14, 0x2, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x4) 690.605µs ago: executing program 0 (id=3072): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a"], 0x7c}}, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000001180)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000480)="1f", 0xa01}], 0x2, 0x0, 0x0, 0x12c}}], 0x1, 0x4004841) 0s ago: executing program 2 (id=3073): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x6}]}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}]}, 0x54}}, 0x300000000000000) kernel console output (not intermixed with test programs): as a backup interface with an up link [ 118.419590][ T7722] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 118.469225][ T7722] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 118.500854][ T7716] netlink: 'syz.3.834': attribute type 10 has an invalid length. [ 118.601364][ T7716] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 118.636581][ T7718] netlink: 8 bytes leftover after parsing attributes in process `syz.3.834'. [ 118.736309][ T7731] netlink: 'syz.4.838': attribute type 2 has an invalid length. [ 118.778314][ T7731] netlink: 1 bytes leftover after parsing attributes in process `syz.4.838'. [ 118.906790][ T7736] netlink: 4 bytes leftover after parsing attributes in process `syz.4.838'. [ 119.135685][ T7755] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 119.142992][ T7755] IPv6: NLM_F_CREATE should be set when creating new route [ 119.334971][ T7772] netlink: 'syz.2.856': attribute type 10 has an invalid length. [ 119.361277][ T7772] bridge0: port 3(batadv0) entered blocking state [ 119.374916][ T7772] bridge0: port 3(batadv0) entered disabled state [ 119.388137][ T7772] batadv0: entered allmulticast mode [ 119.404585][ T7772] batadv0: entered promiscuous mode [ 119.419276][ T7772] bridge0: port 3(batadv0) entered blocking state [ 119.425912][ T7772] bridge0: port 3(batadv0) entered forwarding state [ 119.481516][ T7776] macvtap0: entered promiscuous mode [ 119.517403][ T7776] macvtap0: left promiscuous mode [ 119.567143][ T7786] netlink: 'syz.2.860': attribute type 2 has an invalid length. [ 119.858499][ T6598] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 119.868403][ T6598] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 119.966063][ T7814] __nla_validate_parse: 5 callbacks suppressed [ 119.966106][ T7814] netlink: 209816 bytes leftover after parsing attributes in process `syz.4.872'. [ 119.998448][ T7814] openvswitch: netlink: Message has 33 unknown bytes. [ 120.087825][ T7822] netlink: 28 bytes leftover after parsing attributes in process `syz.4.876'. [ 120.192035][ T7833] netlink: 20 bytes leftover after parsing attributes in process `syz.0.871'. [ 120.283608][ T7835] netlink: 4 bytes leftover after parsing attributes in process `syz.3.875'. [ 120.709621][ T7852] netlink: 16 bytes leftover after parsing attributes in process `syz.2.883'. [ 120.811223][ T7861] netlink: 'syz.1.889': attribute type 21 has an invalid length. [ 120.843144][ T7861] netlink: 156 bytes leftover after parsing attributes in process `syz.1.889'. [ 121.393204][ T7905] netlink: 'syz.1.906': attribute type 21 has an invalid length. [ 121.423281][ T7905] netlink: 156 bytes leftover after parsing attributes in process `syz.1.906'. [ 121.503104][ T7898] netlink: 4 bytes leftover after parsing attributes in process `syz.4.904'. [ 121.866162][ T7918] netlink: 24 bytes leftover after parsing attributes in process `syz.2.909'. [ 122.107097][ T7948] netlink: 'syz.4.921': attribute type 21 has an invalid length. [ 122.128637][ T7948] netlink: 156 bytes leftover after parsing attributes in process `syz.4.921'. [ 122.781376][ T8006] batman_adv: batadv0: Adding interface: ipvlan0 [ 122.788334][ T8006] batman_adv: batadv0: The MTU of interface ipvlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.849155][ T8006] batman_adv: batadv0: Not using interface ipvlan0 (retrying later): interface not active [ 122.900897][ T8011] vlan3: entered promiscuous mode [ 122.913141][ T8011] team0: entered promiscuous mode [ 122.918354][ T8011] team_slave_0: entered promiscuous mode [ 122.938189][ T8011] team_slave_1: entered promiscuous mode [ 122.950161][ T8011] team0: Device vlan3 is already an upper device of the team interface [ 122.971939][ T8011] team0: left promiscuous mode [ 122.977476][ T8011] team_slave_0: left promiscuous mode [ 122.983248][ T8011] team_slave_1: left promiscuous mode [ 123.150281][ T8025] tipc: Failed to remove unknown binding: 66,1,1/0:3079438718/3079438720 [ 123.190691][ T8025] tipc: Failed to remove unknown binding: 66,1,1/0:3079438718/3079438720 [ 123.220706][ T8025] tipc: Failed to remove unknown binding: 66,1,1/0:3079438718/3079438720 [ 123.407358][ T8040] netlink: 'syz.0.957': attribute type 4 has an invalid length. [ 123.858630][ T8071] netlink: 'syz.4.966': attribute type 9 has an invalid length. [ 124.418549][ T8113] xfrm1: entered promiscuous mode [ 124.433450][ T8113] xfrm1: entered allmulticast mode [ 124.763417][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 124.767137][ T8136] xt_CT: You must specify a L4 protocol and not use inversions on it [ 124.912289][ T8143] tipc: Enabling of bearer rejected, already enabled [ 125.055158][ T8150] netlink: 'syz.4.997': attribute type 1 has an invalid length. [ 125.116425][ T8150] bond1: (slave gretap1): Enslaving as a backup interface with an up link [ 125.158643][ T8157] __nla_validate_parse: 7 callbacks suppressed [ 125.158659][ T8157] netlink: 4 bytes leftover after parsing attributes in process `syz.1.999'. [ 125.209083][ T8159] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 125.229660][ T8159] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 125.249412][ T8162] netlink: 4 bytes leftover after parsing attributes in process `syz.1.999'. [ 125.380683][ T8170] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1002'. [ 125.430185][ T8174] TCP segment has incorrect auth options set for [fe80::a:0:bb].0->[ff02::1].20002 [P.] [ 125.451446][ T8172] netlink: 'syz.4.1003': attribute type 1 has an invalid length. [ 125.545488][ T8172] bond2: entered promiscuous mode [ 125.567002][ T8183] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1005'. [ 125.626501][ T8181] bond2: (slave ip6gretap1): making interface the new active one [ 125.689028][ T8181] ip6gretap1: entered promiscuous mode [ 125.753457][ T8184] netlink: 16399 bytes leftover after parsing attributes in process `syz.0.989'. [ 125.768661][ T8181] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 125.795654][ T8186] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1003'. [ 125.829313][ T8186] bond2: entered allmulticast mode [ 125.843222][ T8186] ip6gretap1: entered allmulticast mode [ 125.850208][ T8186] 8021q: adding VLAN 0 to HW filter on device bond2 [ 125.868383][ T8184] netlink: 12 bytes leftover after parsing attributes in process `syz.0.989'. [ 126.545330][ T8224] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1020'. [ 126.902287][ T8243] Bluetooth: MGMT ver 1.22 [ 126.907428][ T8243] Bluetooth: hci3: invalid length 0, exp 1 for type 31 [ 127.124822][ T8259] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1035'. [ 127.196026][ T8266] netlink: 'syz.1.1037': attribute type 21 has an invalid length. [ 127.204162][ T8266] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1037'. [ 127.340914][ T8272] netlink: 'syz.1.1039': attribute type 34 has an invalid length. [ 127.341353][ T8274] smc: net device ip6_vti0 applied user defined pnetid SYZ0 [ 127.787655][ T8289] netlink: 'syz.2.1043': attribute type 3 has an invalid length. [ 128.114448][ T8303] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 128.194509][ T8307] netlink: 'syz.2.1053': attribute type 9 has an invalid length. [ 128.260550][ T8303] bridge0: entered allmulticast mode [ 128.385602][ T8313] netlink: 'syz.2.1053': attribute type 9 has an invalid length. [ 128.431742][ T8321] netlink: 'syz.1.1056': attribute type 5 has an invalid length. [ 128.868339][ T8343] netlink: 'syz.4.1065': attribute type 7 has an invalid length. [ 129.489555][ T8388] netlink: 'syz.3.1081': attribute type 10 has an invalid length. [ 129.512958][ T8388] team0: Device hsr_slave_0 is up. Set it down before adding it as a team port [ 129.677966][ T8407] netlink: 'syz.2.1089': attribute type 9 has an invalid length. [ 129.747477][ T8409] netlink: 'syz.3.1086': attribute type 9 has an invalid length. [ 129.797635][ T8409] netlink: 'syz.3.1086': attribute type 4 has an invalid length. [ 129.809979][ T8411] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 130.015972][ T8421] netlink: 'syz.2.1094': attribute type 1 has an invalid length. [ 130.053157][ T8421] netlink: 'syz.2.1094': attribute type 10 has an invalid length. [ 130.071151][ T8421] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 130.132014][ T8431] netlink: 'syz.1.1097': attribute type 15 has an invalid length. [ 130.891740][ T8491] netlink: 'syz.2.1119': attribute type 11 has an invalid length. [ 130.923496][ T8491] netlink: 'syz.2.1119': attribute type 11 has an invalid length. [ 130.949278][ T8491] debugfs: Directory 'netdev:' with parent 'phy17' already present! [ 131.099005][ T8506] netlink: 'syz.2.1124': attribute type 5 has an invalid length. [ 131.203694][ T8511] tun0: tun_chr_ioctl cmd 35108 [ 131.302708][ T8517] Bluetooth: hci3: invalid len left 7, exp >= 229 [ 131.316776][ T8517] trusted_key: syz.2.1127 sent an empty control message without MSG_MORE. [ 131.431252][ T8524] openvswitch: netlink: Missing key (keys=400040, expected=200000) [ 131.652051][ T8535] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (57800) [ 131.680538][ T8535] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023 [ 131.739808][ T8546] __nla_validate_parse: 17 callbacks suppressed [ 131.739826][ T8546] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1138'. [ 131.938752][ T8555] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 132.238272][ T8576] netlink: 57 bytes leftover after parsing attributes in process `syz.4.1148'. [ 132.379902][ T8585] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 132.453770][ T8589] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1153'. [ 132.481672][ T8585] bridge0: entered allmulticast mode [ 132.579563][ T8592] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 132.604526][ T8592] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 132.615185][ T8592] team0: Failed to send options change via netlink (err -105) [ 132.623220][ T8592] team0: Port device netdevsim0 added [ 132.635928][ T8599] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 132.674681][ T8604] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1158'. [ 132.684931][ T8599] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 132.698053][ T8599] netdevsim netdevsim4 netdevsim0: left allmulticast mode [ 132.717828][ T8604] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1158'. [ 132.741261][ T8599] team0: Failed to send options change via netlink (err -105) [ 132.764019][ T8599] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 132.786398][ T8599] team0: Port device netdevsim0 removed [ 132.811858][ T8599] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 133.051926][ T8623] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1161'. [ 133.075494][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.085066][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.277240][ T8637] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1168'. [ 133.311088][ T8640] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1170'. [ 133.594569][ T8653] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1176'. [ 133.757912][ T8662] validate_nla: 7 callbacks suppressed [ 133.757930][ T8662] netlink: 'syz.3.1177': attribute type 10 has an invalid length. [ 133.787504][ T8665] sctp: [Deprecated]: syz.4.1182 (pid 8665) Use of struct sctp_assoc_value in delayed_ack socket option. [ 133.787504][ T8665] Use struct sctp_sack_info instead [ 134.108728][ T8680] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1185'. [ 134.211945][ T8684] netlink: 'syz.1.1188': attribute type 4 has an invalid length. [ 134.641660][ T8711] bridge0: port 3(geneve1) entered blocking state [ 134.664151][ T8711] bridge0: port 3(geneve1) entered disabled state [ 134.684395][ T8711] geneve1: entered allmulticast mode [ 134.704271][ T8711] geneve1: entered promiscuous mode [ 134.719796][ T8711] bridge0: port 3(geneve1) entered blocking state [ 134.726765][ T8711] bridge0: port 3(geneve1) entered forwarding state [ 135.167733][ T8752] netlink: 'syz.1.1211': attribute type 1 has an invalid length. [ 135.201696][ T8756] netlink: 'syz.2.1210': attribute type 10 has an invalid length. [ 135.251442][ T8755] netlink: 'syz.0.1212': attribute type 1 has an invalid length. [ 135.385632][ T8755] bond2: entered promiscuous mode [ 135.417733][ T8757] ip6gretap1: entered promiscuous mode [ 135.439350][ T8757] bond2: (slave ip6gretap1): making interface the new active one [ 135.479794][ T8757] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 135.543706][ T8757] syz.0.1212 (8757) used greatest stack depth: 18704 bytes left [ 135.601301][ T8768] netlink: 'syz.2.1214': attribute type 4 has an invalid length. [ 135.961735][ T8785] netlink: 'syz.4.1221': attribute type 1 has an invalid length. [ 135.985683][ T8785] netlink: 'syz.4.1221': attribute type 1 has an invalid length. [ 136.060623][ T8791] pim6reg: entered allmulticast mode [ 136.807690][ T8843] pim6reg: entered allmulticast mode [ 136.847409][ T8843] __nla_validate_parse: 13 callbacks suppressed [ 136.847428][ T8843] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1237'. [ 136.998689][ T8855] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1244'. [ 137.267431][ T8877] FAULT_INJECTION: forcing a failure. [ 137.267431][ T8877] name failslab, interval 1, probability 0, space 0, times 0 [ 137.303675][ T8877] CPU: 1 PID: 8877 Comm: syz.4.1251 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 137.313775][ T8877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 137.323842][ T8877] Call Trace: [ 137.327129][ T8877] [ 137.330067][ T8877] dump_stack_lvl+0x241/0x360 [ 137.334768][ T8877] ? __pfx_dump_stack_lvl+0x10/0x10 [ 137.339993][ T8877] ? __pfx__printk+0x10/0x10 [ 137.344613][ T8877] ? netlink_insert+0x10b7/0x14b0 [ 137.349660][ T8877] should_fail_ex+0x3b0/0x4e0 [ 137.354361][ T8877] ? __alloc_skb+0x1c3/0x440 [ 137.358955][ T8877] should_failslab+0x9/0x20 [ 137.363460][ T8877] kmem_cache_alloc_node_noprof+0x71/0x320 [ 137.369292][ T8877] __alloc_skb+0x1c3/0x440 [ 137.373719][ T8877] ? __pfx___alloc_skb+0x10/0x10 [ 137.378651][ T8877] ? netlink_autobind+0xd6/0x2f0 [ 137.383582][ T8877] ? netlink_autobind+0x2b0/0x2f0 [ 137.388600][ T8877] netlink_sendmsg+0x631/0xcb0 [ 137.393369][ T8877] ? __pfx_netlink_sendmsg+0x10/0x10 [ 137.398649][ T8877] ? __import_iovec+0x536/0x820 [ 137.403489][ T8877] ? aa_sock_msg_perm+0x91/0x160 [ 137.408425][ T8877] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 137.413700][ T8877] ? security_socket_sendmsg+0x87/0xb0 [ 137.419157][ T8877] ? __pfx_netlink_sendmsg+0x10/0x10 [ 137.424434][ T8877] __sock_sendmsg+0x221/0x270 [ 137.429112][ T8877] ____sys_sendmsg+0x525/0x7d0 [ 137.433876][ T8877] ? __pfx_____sys_sendmsg+0x10/0x10 [ 137.439167][ T8877] __sys_sendmsg+0x2b0/0x3a0 [ 137.443750][ T8877] ? __pfx___sys_sendmsg+0x10/0x10 [ 137.448848][ T8877] ? vfs_write+0x7c4/0xc90 [ 137.453281][ T8877] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 137.459600][ T8877] ? do_syscall_64+0x100/0x230 [ 137.464360][ T8877] ? do_syscall_64+0xb6/0x230 [ 137.469030][ T8877] do_syscall_64+0xf3/0x230 [ 137.473526][ T8877] ? clear_bhb_loop+0x35/0x90 [ 137.478198][ T8877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.484085][ T8877] RIP: 0033:0x7fdcfa975bd9 [ 137.488487][ T8877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.508082][ T8877] RSP: 002b:00007fdcfb698048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 137.516501][ T8877] RAX: ffffffffffffffda RBX: 00007fdcfab03f60 RCX: 00007fdcfa975bd9 [ 137.524462][ T8877] RDX: 0000000000000000 RSI: 00000000200005c0 RDI: 0000000000000005 [ 137.532416][ T8877] RBP: 00007fdcfb6980a0 R08: 0000000000000000 R09: 0000000000000000 [ 137.540374][ T8877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.548328][ T8877] R13: 000000000000000b R14: 00007fdcfab03f60 R15: 00007ffc4e4a4b08 [ 137.556298][ T8877] [ 137.658487][ T8887] netlink: 'syz.4.1256': attribute type 1 has an invalid length. [ 137.677706][ T8887] netlink: 112860 bytes leftover after parsing attributes in process `syz.4.1256'. [ 137.820732][ T8900] netlink: 'syz.4.1262': attribute type 7 has an invalid length. [ 137.842705][ T8900] netlink: 244 bytes leftover after parsing attributes in process `syz.4.1262'. [ 137.894144][ T8900] xt_hashlimit: overflow, try lower: 1125899906842624/8 [ 137.994500][ T8913] openvswitch: netlink: Flow actions attr not present in new flow. [ 138.128721][ T8921] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1269'. [ 138.145924][ T8921] tc_dump_action: action bad kind [ 138.432527][ T8930] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1273'. [ 138.446193][ T8930] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1273'. [ 138.531537][ T8947] netlink: 244 bytes leftover after parsing attributes in process `syz.4.1278'. [ 138.564753][ T8948] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1277'. [ 138.586645][ T8947] xt_hashlimit: overflow, try lower: 1125899906842624/8 [ 138.656321][ T8955] workqueue: name exceeds WQ_NAME_LEN. Truncating to: C|+i!‡3§rU&6 bÎOo¸ ' 1© [ 139.194344][ T8995] netlink: 'syz.4.1289': attribute type 11 has an invalid length. [ 139.230115][ T8998] netlink: 9372 bytes leftover after parsing attributes in process `syz.2.1290'. [ 139.341161][ T9000] validate_nla: 1 callbacks suppressed [ 139.341178][ T9000] netlink: 'syz.4.1291': attribute type 7 has an invalid length. [ 139.435609][ T9000] xt_hashlimit: overflow, try lower: 1125899906842624/8 [ 139.597968][ T9008] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 139.605275][ T9008] IPv6: NLM_F_CREATE should be set when creating new route [ 139.754391][ T9024] x_tables: duplicate underflow at hook 1 [ 139.842489][ T9033] macvtap0: entered promiscuous mode [ 139.871564][ T9033] macvtap0: left promiscuous mode [ 140.314908][ T9045] ÊügáG: entered promiscuous mode [ 140.525670][ T9070] netlink: 'syz.1.1314': attribute type 21 has an invalid length. [ 140.667829][ T9079] tipc: Failed to remove unknown binding: 66,1,1/0:4281919711/4281919713 [ 140.716910][ T9079] tipc: Failed to remove unknown binding: 66,1,1/0:4281919711/4281919713 [ 140.731686][ T9079] tipc: Failed to remove unknown binding: 66,1,1/0:4281919711/4281919713 [ 140.879473][ T9089] netlink: 'syz.2.1325': attribute type 10 has an invalid length. [ 140.897345][ T9089] team0: Device netdevsim0 is up. Set it down before adding it as a team port [ 140.961917][ T9092] x_tables: duplicate underflow at hook 3 [ 141.142247][ T9105] sctp: [Deprecated]: syz.0.1328 (pid 9105) Use of int in maxseg socket option. [ 141.142247][ T9105] Use struct sctp_assoc_value instead [ 141.188735][ T9109] netlink: 'syz.2.1329': attribute type 29 has an invalid length. [ 141.209152][ T9104] sctp: [Deprecated]: syz.0.1328 (pid 9104) Use of int in maxseg socket option. [ 141.209152][ T9104] Use struct sctp_assoc_value instead [ 141.235421][ T9109] netlink: 'syz.2.1329': attribute type 29 has an invalid length. [ 141.270613][ T9113] netlink: 'syz.2.1329': attribute type 29 has an invalid length. [ 141.446343][ T9117] gretap0: entered promiscuous mode [ 141.457244][ T9119] smc: net device ip6_vti0 erased user defined pnetid SYZ0 [ 141.470994][ T9117] bridge0: entered promiscuous mode [ 141.488026][ T9117] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 141.503205][ T9117] Cannot create hsr debugfs directory [ 141.522993][ T9117] hsr1: Slave A (gretap0) is not up; please bring it up to get a fully working HSR network [ 141.650328][ T9115] netlink: 'syz.0.1331': attribute type 10 has an invalid length. [ 141.669837][ T9115] hsr0: entered promiscuous mode [ 141.715676][ T9115] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 141.749691][ T9115] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 141.760925][ T9115] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 141.785352][ T9115] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 142.043741][ T9144] __nla_validate_parse: 12 callbacks suppressed [ 142.043759][ T9144] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1338'. [ 142.360995][ T9161] "syz.2.1343" (9161) uses obsolete ecb(arc4) skcipher [ 142.493395][ T9177] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1348'. [ 142.515393][ T9177] xt_CT: You must specify a L4 protocol and not use inversions on it [ 142.516790][ T9175] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1346'. [ 142.687448][ T9189] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1352'. [ 142.790619][ T9193] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1352'. [ 142.846848][ C0] vcan0: j1939_session_tx_dat: 0xffff88807b662000: queue data error: -100 [ 143.062847][ T9211] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1363'. [ 143.081340][ T9211] openvswitch: netlink: Tunnel attr 6 has unexpected len 1 expected 0 [ 143.253353][ T9222] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1367'. [ 143.290855][ T9222] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1367'. [ 143.804733][ T9256] netlink: 5312 bytes leftover after parsing attributes in process `syz.3.1378'. [ 143.869541][ T9256] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 144.133966][ T9279] Êü: entered promiscuous mode [ 144.202862][ T9281] netlink: 'syz.0.1390': attribute type 3 has an invalid length. [ 144.220866][ T9281] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1390'. [ 144.243241][ T9283] tipc: Started in network mode [ 144.255584][ T9283] tipc: Node identity 1, cluster identity 4711 [ 144.261766][ T9283] tipc: Node number set to 1 [ 144.299517][ T9283] tipc: Cannot configure node identity twice [ 144.456848][ T9298] netlink: 'syz.0.1397': attribute type 1 has an invalid length. [ 144.486855][ T9298] netlink: zone id is out of range [ 144.492117][ T9298] netlink: zone id is out of range [ 144.492348][ T9303] tipc: Started in network mode [ 144.505285][ T9298] netlink: zone id is out of range [ 144.510596][ T9298] netlink: zone id is out of range [ 144.517418][ T9303] tipc: Node identity 3a20300a74797065, cluster identity 4711 [ 144.518399][ T9298] netlink: zone id is out of range [ 144.530598][ T9298] netlink: zone id is out of range [ 144.535481][ T9303] tipc: Enabling of bearer rejected, failed to enable media [ 144.546271][ T9298] netlink: del zone limit has 8 unknown bytes [ 145.034256][ T9348] netlink: 'syz.3.1410': attribute type 29 has an invalid length. [ 145.142250][ T9357] netlink: 'syz.0.1413': attribute type 1 has an invalid length. [ 145.285109][ T9369] openvswitch: netlink: IP tunnel dst address not specified [ 145.407947][ T9374] syz.1.1417[9374] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.408200][ T9374] syz.1.1417[9374] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.422745][ T9372] syzkaller0: entered promiscuous mode [ 145.441468][ T9372] syzkaller0: entered allmulticast mode [ 145.467475][ T9374] netlink: 'syz.1.1417': attribute type 1 has an invalid length. [ 147.178566][ T9404] __nla_validate_parse: 8 callbacks suppressed [ 147.178581][ T9404] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1430'. [ 147.394183][ T9423] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1437'. [ 147.506993][ T9427] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1440'. [ 147.523483][ T9427] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1440'. [ 147.529469][ T9430] xt_hashlimit: size too large, truncated to 1048576 [ 147.538191][ T9433] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1443'. [ 147.548868][ T9433] netlink: 31 bytes leftover after parsing attributes in process `syz.3.1443'. [ 147.559564][ T9430] xt_hashlimit: max too large, truncated to 1048576 [ 147.560241][ T9433] netlink: 'syz.3.1443': attribute type 3 has an invalid length. [ 147.574862][ T9433] netlink: 'syz.3.1443': attribute type 2 has an invalid length. [ 147.576997][ T9430] xt_hashlimit: overflow, try lower: 0/0 [ 147.583367][ T9433] netlink: 31 bytes leftover after parsing attributes in process `syz.3.1443'. [ 147.731977][ T9440] FAULT_INJECTION: forcing a failure. [ 147.731977][ T9440] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 147.753067][ T9440] CPU: 0 PID: 9440 Comm: syz.1.1444 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 147.763182][ T9440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 147.773254][ T9440] Call Trace: [ 147.776543][ T9440] [ 147.779487][ T9440] dump_stack_lvl+0x241/0x360 [ 147.784193][ T9440] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.789405][ T9440] ? __pfx__printk+0x10/0x10 [ 147.794011][ T9440] ? snprintf+0xda/0x120 [ 147.798367][ T9440] should_fail_ex+0x3b0/0x4e0 [ 147.803078][ T9440] _copy_to_user+0x2f/0xb0 [ 147.807519][ T9440] simple_read_from_buffer+0xca/0x150 [ 147.812916][ T9440] proc_fail_nth_read+0x1e9/0x250 [ 147.817963][ T9440] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 147.823532][ T9440] ? rw_verify_area+0x520/0x6b0 [ 147.828404][ T9440] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 147.833970][ T9440] vfs_read+0x204/0xbc0 [ 147.838147][ T9440] ? __pfx_lock_release+0x10/0x10 [ 147.843191][ T9440] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 147.849119][ T9440] ? __pfx_vfs_read+0x10/0x10 [ 147.853821][ T9440] ? __fget_files+0x29/0x470 [ 147.858435][ T9440] ? __fget_files+0x3f6/0x470 [ 147.863147][ T9440] ksys_read+0x1a0/0x2c0 [ 147.867441][ T9440] ? __pfx_ksys_read+0x10/0x10 [ 147.872222][ T9440] ? do_syscall_64+0x100/0x230 [ 147.877013][ T9440] ? do_syscall_64+0xb6/0x230 [ 147.881720][ T9440] do_syscall_64+0xf3/0x230 [ 147.886246][ T9440] ? clear_bhb_loop+0x35/0x90 [ 147.890947][ T9440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.896861][ T9440] RIP: 0033:0x7fc3d21746bc [ 147.901289][ T9440] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 147.920897][ T9440] RSP: 002b:00007fc3d2fb2040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 147.929312][ T9440] RAX: ffffffffffffffda RBX: 00007fc3d2303f60 RCX: 00007fc3d21746bc [ 147.937301][ T9440] RDX: 000000000000000f RSI: 00007fc3d2fb20b0 RDI: 0000000000000005 [ 147.945284][ T9440] RBP: 00007fc3d2fb20a0 R08: 0000000000000000 R09: 0000000000000000 [ 147.953270][ T9440] R10: 0000000020000240 R11: 0000000000000246 R12: 0000000000000001 [ 147.961253][ T9440] R13: 000000000000004d R14: 00007fc3d2303f60 R15: 00007ffe13ebab18 [ 147.969254][ T9440] [ 148.374765][ T9465] bond_slave_0: entered promiscuous mode [ 148.380748][ T9465] bond_slave_1: entered promiscuous mode [ 148.386550][ T9465] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 148.419340][ T9459] bond_slave_0: left promiscuous mode [ 148.427225][ T9459] bond_slave_1: left promiscuous mode [ 148.433508][ T9459] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 148.555689][ T9459] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 148.585854][ T9459] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 148.609439][ T9459] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 148.627153][ T9459] bond0 (unregistering): (slave netdevsim0): Releasing backup interface [ 148.638013][ T9476] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1458'. [ 148.666343][ T9459] bond0 (unregistering): Released all slaves [ 148.809247][ T9479] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1459'. [ 148.857389][ T9479] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1459'. [ 148.886280][ T9479] macvlan0: entered promiscuous mode [ 148.908192][ T9479] batadv_slave_0: entered promiscuous mode [ 148.915179][ T9483] netlink: 'syz.1.1460': attribute type 2 has an invalid length. [ 148.958884][ T9483] erspan0: entered promiscuous mode [ 148.981791][ T9483] vlan0: entered promiscuous mode [ 149.013388][ T9483] erspan0: left promiscuous mode [ 149.255707][ T9500] bond1: (slave bridge2): Enslaving as an active interface with an up link [ 149.909376][ T9531] netlink: 'syz.0.1476': attribute type 10 has an invalid length. [ 149.920958][ T9531] team0: Device hsr_slave_0 is up. Set it down before adding it as a team port [ 150.324391][ T9547] netlink: 'syz.3.1483': attribute type 3 has an invalid length. [ 150.339338][ T9542] tipc: Started in network mode [ 150.345011][ T9542] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 150.368193][ T9542] tipc: Enabled bearer , priority 10 [ 150.370715][ T9551] Dead loop on virtual device ip6_vti0, fix it urgently! [ 150.548860][ T9558] netlink: zone id is out of range [ 151.160353][ T9595] netlink: 'syz.2.1497': attribute type 11 has an invalid length. [ 151.182106][ T9595] netlink: 'syz.2.1497': attribute type 11 has an invalid length. [ 151.191089][ T9595] debugfs: Directory 'netdev:' with parent 'phy17' already present! [ 151.485775][ T25] tipc: Node number set to 4269801488 [ 151.842538][ T9633] sctp: [Deprecated]: syz.2.1513 (pid 9633) Use of int in max_burst socket option deprecated. [ 151.842538][ T9633] Use struct sctp_assoc_value instead [ 151.901125][ T9633] xt_bpf: check failed: parse error [ 152.423456][ T9639] __nla_validate_parse: 11 callbacks suppressed [ 152.423476][ T9639] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1515'. [ 152.636976][ T9652] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1518'. [ 152.720784][ T9654] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1519'. [ 152.730320][ T9654] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1519'. [ 152.751095][ T9656] netlink: 'syz.2.1520': attribute type 15 has an invalid length. [ 152.885703][ T9659] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 153.526347][ T9686] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1531'. [ 153.915724][ T9714] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1540'. [ 153.951254][ T9714] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1540'. [ 154.116913][ T9728] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1542'. [ 154.152952][ T9732] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1541'. [ 154.680820][ T9756] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 154.710855][ T9758] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1548'. [ 155.160716][ T9791] xt_CT: You must specify a L4 protocol and not use inversions on it [ 155.912423][ T9828] netlink: 'syz.1.1575': attribute type 3 has an invalid length. [ 156.163459][ T9845] vlan0: entered promiscuous mode [ 156.175344][ T9845] vlan0: entered allmulticast mode [ 156.294735][ T9854] netlink: 'syz.1.1587': attribute type 2 has an invalid length. [ 156.498427][ T5095] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 156.508879][ T5095] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 156.518100][ T5095] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 156.528912][ T5095] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 156.538302][ T5095] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 156.547929][ T5095] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 156.836292][ T9876] bridge4: entered promiscuous mode [ 156.841544][ T9876] bridge4: entered allmulticast mode [ 157.151971][ T9896] veth0_macvtap: left promiscuous mode [ 157.235068][ T9898] netlink: 'syz.1.1602': attribute type 30 has an invalid length. [ 157.642093][ T9865] chnl_net:caif_netlink_parms(): no params data found [ 157.710632][ T9918] netlink: 'syz.3.1609': attribute type 9 has an invalid length. [ 157.733962][ T9918] __nla_validate_parse: 13 callbacks suppressed [ 157.733979][ T9918] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1609'. [ 157.998482][ T9865] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.043506][ T9865] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.050771][ T9865] bridge_slave_0: entered allmulticast mode [ 158.088871][ T9865] bridge_slave_0: entered promiscuous mode [ 158.114504][ T9865] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.142094][ T9865] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.174306][ T9865] bridge_slave_1: entered allmulticast mode [ 158.182218][ T9865] bridge_slave_1: entered promiscuous mode [ 158.289665][ T9865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 158.332345][ T9865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 158.480927][ T9865] team0: Port device team_slave_0 added [ 158.497842][ T9944] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 158.550597][ T9865] team0: Port device team_slave_1 added [ 158.596514][ T5095] Bluetooth: hci5: command tx timeout [ 158.641255][ T9951] openvswitch: netlink: Message has 16 unknown bytes. [ 158.747628][ T9865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 158.760276][ T9865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.810712][ T9865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 158.873553][ T9865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 158.890770][ T9865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.962726][ T9865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 159.029877][ T9971] netlink: 'syz.3.1626': attribute type 1 has an invalid length. [ 159.054167][ T9966] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1624'. [ 159.075780][ T9971] netlink: 'syz.3.1626': attribute type 1 has an invalid length. [ 159.109602][ T9971] netlink: 'syz.3.1626': attribute type 2 has an invalid length. [ 159.264477][ T9865] hsr_slave_0: entered promiscuous mode [ 159.280802][ T9865] hsr_slave_1: entered promiscuous mode [ 159.343264][ T9983] netlink: 'syz.0.1631': attribute type 30 has an invalid length. [ 159.495689][ T9987] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1631'. [ 159.760459][ T9865] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.880764][ T9865] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.914319][T10008] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1639'. [ 160.015457][ T9865] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.132091][ T9865] bond0: (slave netdevsim0): Releasing backup interface [ 160.157385][ T9865] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.255648][T10024] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1642'. [ 160.470936][ T9865] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 160.521593][ T9865] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 160.580691][ T9865] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 160.628248][T10032] netlink: 'syz.1.1647': attribute type 14 has an invalid length. [ 160.655422][ T9865] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 160.682938][ T5095] Bluetooth: hci5: command tx timeout [ 160.828598][ T9865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.856370][ T9865] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.881931][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.889215][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.931165][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.938412][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.993391][T10034] --map-set only usable from mangle table [ 161.164284][T10042] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1651'. [ 161.214749][T10042] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1651'. [ 161.260876][T10051] macvtap0: entered promiscuous mode [ 161.277740][T10053] FAULT_INJECTION: forcing a failure. [ 161.277740][T10053] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 161.295521][T10051] macvtap0: left promiscuous mode [ 161.312902][T10053] CPU: 0 PID: 10053 Comm: syz.0.1654 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 161.323079][T10053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 161.333147][T10053] Call Trace: [ 161.336444][T10053] [ 161.339398][T10053] dump_stack_lvl+0x241/0x360 [ 161.344116][T10053] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.349339][T10053] ? __pfx__printk+0x10/0x10 [ 161.353956][T10053] ? __pfx_lock_release+0x10/0x10 [ 161.359012][T10053] should_fail_ex+0x3b0/0x4e0 [ 161.363716][T10053] _copy_from_user+0x2f/0xe0 [ 161.368330][T10053] copy_msghdr_from_user+0xae/0x680 [ 161.373567][T10053] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 161.379424][T10053] __sys_sendmsg+0x23d/0x3a0 [ 161.384050][T10053] ? __pfx___sys_sendmsg+0x10/0x10 [ 161.389177][T10053] ? vfs_write+0x7c4/0xc90 [ 161.393654][T10053] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 161.399998][T10053] ? do_syscall_64+0x100/0x230 [ 161.404785][T10053] ? do_syscall_64+0xb6/0x230 [ 161.409476][T10053] do_syscall_64+0xf3/0x230 [ 161.413981][T10053] ? clear_bhb_loop+0x35/0x90 [ 161.418685][T10053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.424606][T10053] RIP: 0033:0x7fc1fd375bd9 [ 161.429023][T10053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.448623][T10053] RSP: 002b:00007fc1fe1c6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 161.457054][T10053] RAX: ffffffffffffffda RBX: 00007fc1fd503f60 RCX: 00007fc1fd375bd9 [ 161.465041][T10053] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 161.473109][T10053] RBP: 00007fc1fe1c60a0 R08: 0000000000000000 R09: 0000000000000000 [ 161.481091][T10053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.489069][T10053] R13: 000000000000000b R14: 00007fc1fd503f60 R15: 00007ffdfa6e69a8 [ 161.497070][T10053] [ 161.707376][T10066] netlink: 'syz.3.1659': attribute type 10 has an invalid length. [ 161.715802][ T5180] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 161.740722][T10066] bond0: (slave netdevsim0): Releasing backup interface [ 161.770888][T10066] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 161.800672][T10066] team0: Port device netdevsim0 added [ 161.820077][ T9865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.972866][ T5180] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 162.144161][T10094] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1668'. [ 162.182202][T10099] team0: left promiscuous mode [ 162.193275][T10099] team_slave_0: left promiscuous mode [ 162.198870][T10099] team_slave_1: left promiscuous mode [ 162.209646][T10099] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 162.246158][T10103] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1670'. [ 162.258265][T10094] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1668'. [ 162.416152][T10109] bridge0: entered promiscuous mode [ 162.511479][ T9865] veth0_vlan: entered promiscuous mode [ 162.545688][ T9865] veth1_vlan: entered promiscuous mode [ 162.628907][ T9865] veth0_macvtap: entered promiscuous mode [ 162.664718][T10124] x_tables: ip6_tables: REDIRECT target: used from hooks INPUT, but only usable from PREROUTING/OUTPUT [ 162.665310][ T9865] veth1_macvtap: entered promiscuous mode [ 162.707926][T10124] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 162.718937][T10124] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 162.753525][ T5095] Bluetooth: hci5: command tx timeout [ 162.772433][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.783136][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.795307][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.807187][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.817134][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.827867][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.838615][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.853678][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.867988][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.885072][T10138] __nla_validate_parse: 3 callbacks suppressed [ 162.885086][T10138] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1682'. [ 162.910789][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.926826][ T9865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 162.961791][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.982524][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.995780][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.006547][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.021631][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.042774][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.062865][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.078089][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.089772][ T9865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.109754][ T9865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.115287][T10143] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1685'. [ 163.121351][ T9865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.154820][ T9865] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.183505][ T9865] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.196946][ T9865] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.216885][ T9865] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.239475][T10145] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1685'. [ 163.381484][ T6600] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.398030][ T6600] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.466420][T10152] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1687'. [ 163.509456][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.531639][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.619050][T10158] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1689'. [ 163.906356][T10173] netlink: 268 bytes leftover after parsing attributes in process `syz.4.1696'. [ 163.944623][T10173] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1696'. [ 164.139638][T10188] vlan3: entered promiscuous mode [ 164.145137][T10188] team0: entered promiscuous mode [ 164.150272][T10188] team_slave_0: entered promiscuous mode [ 164.157432][T10188] team_slave_1: entered promiscuous mode [ 164.165617][T10188] team0: Device vlan3 is already an upper device of the team interface [ 164.175952][T10188] team0: left promiscuous mode [ 164.180758][T10188] team_slave_0: left promiscuous mode [ 164.205480][T10188] team_slave_1: left promiscuous mode [ 164.395341][T10203] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1703'. [ 164.484232][T10206] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1706'. [ 164.516967][T10207] sctp: [Deprecated]: syz.2.1707 (pid 10207) Use of int in maxseg socket option. [ 164.516967][T10207] Use struct sctp_assoc_value instead [ 164.645127][T10214] netlink: 'syz.1.1709': attribute type 30 has an invalid length. [ 164.745428][T10219] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1709'. [ 164.833439][ T5095] Bluetooth: hci5: command tx timeout [ 165.220363][T10232] netlink: 'syz.0.1718': attribute type 3 has an invalid length. [ 165.242571][T10233] netlink: 'syz.0.1718': attribute type 3 has an invalid length. [ 165.435250][T10241] netlink: 'syz.4.1720': attribute type 3 has an invalid length. [ 166.401483][T10304] ɶƣ0GC¦: entered promiscuous mode [ 166.984013][T10343] x_tables: ip6_tables: REDIRECT target: used from hooks INPUT, but only usable from PREROUTING/OUTPUT [ 167.041674][T10343] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 167.086954][T10349] Cannot find add_set index 0 as target [ 167.098274][T10343] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 167.310606][T10356] vlan2: entered promiscuous mode [ 167.325591][T10356] team0: entered promiscuous mode [ 167.335713][T10356] team_slave_0: entered promiscuous mode [ 167.348996][T10356] team_slave_1: entered promiscuous mode [ 167.367529][T10356] team0: Device vlan2 is already an upper device of the team interface [ 167.390986][T10356] team0: left promiscuous mode [ 167.406847][T10356] team_slave_0: left promiscuous mode [ 167.423294][T10356] team_slave_1: left promiscuous mode [ 167.615100][T10371] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 167.753122][T10381] netlink: 'syz.1.1769': attribute type 1 has an invalid length. [ 167.820064][T10385] bond0: (slave gre2): The slave device specified does not support setting the MAC address [ 167.832980][T10385] bond0: (slave gre2): Setting fail_over_mac to active for active-backup mode [ 167.847343][T10385] bond0: (slave gre2): making interface the new active one [ 167.856169][T10385] bond0: (slave gre2): Enslaving as an active interface with an up link [ 168.467472][T10424] __nla_validate_parse: 26 callbacks suppressed [ 168.467491][T10424] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1784'. [ 168.507171][T10422] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1783'. [ 168.525815][T10426] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1785'. [ 168.584230][T10422] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1783'. [ 168.594729][T10426] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1785'. [ 168.674010][T10435] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1785'. [ 169.169745][T10460] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1799'. [ 169.197596][T10460] nbd: nbd0 already in use [ 169.510928][T10483] netlink: 'syz.0.1807': attribute type 9 has an invalid length. [ 169.764564][T10498] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1812'. [ 169.774289][T10501] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1813'. [ 169.860421][T10503] netlink: 'syz.1.1814': attribute type 11 has an invalid length. [ 169.871587][T10506] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1812'. [ 169.910423][T10503] netlink: 'syz.1.1814': attribute type 11 has an invalid length. [ 169.919043][T10503] debugfs: Directory 'netdev:' with parent 'phy5' already present! [ 171.028844][T10585] syz.0.1846[10585] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 171.029465][T10585] syz.0.1846[10585] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 171.087546][T10585] netlink: 'syz.0.1846': attribute type 2 has an invalid length. [ 171.131726][T10585] netlink: 'syz.0.1846': attribute type 8 has an invalid length. [ 171.878151][T10639] netlink: 'syz.0.1868': attribute type 1 has an invalid length. [ 171.995229][T10643] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 172.018944][T10643] netlink: 'syz.0.1870': attribute type 5 has an invalid length. [ 172.639130][T10685] netlink: 'syz.1.1884': attribute type 10 has an invalid length. [ 172.654092][T10685] team0: Port device wlan1 added [ 172.953829][T10691] tipc: Enabling of bearer rejected, already enabled [ 173.425432][T10713] xt_hashlimit: max too large, truncated to 1048576 [ 173.432490][T10713] xt_hashlimit: overflow, try lower: 0/0 [ 173.561477][T10727] atomic_op ffff88807a701198 conn xmit_atomic 0000000000000000 [ 173.717923][T10738] __nla_validate_parse: 19 callbacks suppressed [ 173.717941][T10738] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1903'. [ 173.728356][T10740] openvswitch: netlink: Flow actions attr not present in new flow. [ 173.890315][T10747] netlink: 'syz.3.1905': attribute type 4 has an invalid length. [ 173.903188][T10747] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 174.264255][T10772] atomic_op ffff888062288198 conn xmit_atomic 0000000000000000 [ 174.465466][T10783] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 174.477965][T10784] netlink: 'syz.2.1919': attribute type 1 has an invalid length. [ 174.488035][T10786] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 174.504901][T10784] netlink: 9352 bytes leftover after parsing attributes in process `syz.2.1919'. [ 174.516331][T10784] netlink: 'syz.2.1919': attribute type 1 has an invalid length. [ 174.557429][T10784] netlink: 'syz.2.1919': attribute type 2 has an invalid length. [ 174.583329][T10784] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1919'. [ 174.740124][T10799] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1927'. [ 174.954477][T10814] netlink: 'syz.2.1929': attribute type 14 has an invalid length. [ 175.137161][T10819] netlink: 'syz.2.1933': attribute type 10 has an invalid length. [ 175.173706][T10819] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1933'. [ 175.316951][T10834] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1940'. [ 175.336330][T10834] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1940'. [ 175.360024][T10836] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1940'. [ 175.379361][T10836] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1940'. [ 175.509846][T10849] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1946'. [ 175.735062][T10864] IPv6: NLM_F_REPLACE set, but no existing node found! [ 176.002280][T10881] netlink: 'syz.2.1958': attribute type 10 has an invalid length. [ 176.010955][T10881] team0: Device netdevsim0 is up. Set it down before adding it as a team port [ 176.062434][T10880] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 176.069740][T10880] IPv6: NLM_F_CREATE should be set when creating new route [ 176.171499][T10888] –: renamed from bridge_slave_1 (while UP) [ 178.215272][ T5145] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 178.483626][ T5145] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 178.792393][T11018] x_tables: ip_tables: udp match: only valid for protocol 17 [ 178.887151][T11031] __nla_validate_parse: 19 callbacks suppressed [ 178.887172][T11031] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2008'. [ 178.929514][T11033] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 179.015796][T11037] netlink: 'syz.4.2012': attribute type 2 has an invalid length. [ 179.025290][T11038] netlink: 'syz.4.2012': attribute type 2 has an invalid length. [ 179.357785][T11048] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2017'. [ 179.450182][T11055] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2019'. [ 180.044388][T11092] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2028'. [ 180.068506][T11091] netlink: 'syz.1.2029': attribute type 10 has an invalid length. [ 180.077665][T11091] bridge0: port 4(team0) entered blocking state [ 180.085078][T11091] bridge0: port 4(team0) entered disabled state [ 180.091702][T11091] team0: entered allmulticast mode [ 180.099083][T11091] team_slave_0: entered allmulticast mode [ 180.105631][T11091] team_slave_1: entered allmulticast mode [ 180.111595][T11091] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 180.134124][T11091] team0: entered promiscuous mode [ 180.139264][T11091] team_slave_0: entered promiscuous mode [ 180.145856][T11091] team_slave_1: entered promiscuous mode [ 180.151788][T11091] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode [ 180.363073][T11111] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2034'. [ 180.394420][T11115] netlink: 'syz.4.2035': attribute type 2 has an invalid length. [ 180.437584][T11117] openvswitch: ɶƣ0GC¦: Dropping previously announced user features [ 180.522512][T11121] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2039'. [ 180.530934][T11123] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2040'. [ 180.556605][T11121] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2039'. [ 180.632016][T11128] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2041'. [ 180.776217][T11134] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2043'. [ 180.798997][T11134] 0·: renamed from hsr_slave_1 (while UP) [ 180.807726][T11134] 0·: entered allmulticast mode [ 180.830798][T11134] A link change request failed with some changes committed already. Interface c0· may have been left with an inconsistent configuration, please check. [ 181.232983][ T5095] Bluetooth: hci3: command 0x0406 tx timeout [ 181.243153][ T5095] Bluetooth: hci1: command 0x0406 tx timeout [ 181.634451][T11182] FAULT_INJECTION: forcing a failure. [ 181.634451][T11182] name failslab, interval 1, probability 0, space 0, times 0 [ 181.663009][T11182] CPU: 0 PID: 11182 Comm: syz.4.2059 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 181.673201][T11182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 181.683253][T11182] Call Trace: [ 181.686525][T11182] [ 181.689445][T11182] dump_stack_lvl+0x241/0x360 [ 181.694131][T11182] ? __pfx_dump_stack_lvl+0x10/0x10 [ 181.699325][T11182] ? __pfx__printk+0x10/0x10 [ 181.703912][T11182] ? netlink_insert+0x10b7/0x14b0 [ 181.708932][T11182] should_fail_ex+0x3b0/0x4e0 [ 181.713614][T11182] ? __alloc_skb+0x1c3/0x440 [ 181.718204][T11182] should_failslab+0x9/0x20 [ 181.722700][T11182] kmem_cache_alloc_node_noprof+0x71/0x320 [ 181.728508][T11182] __alloc_skb+0x1c3/0x440 [ 181.732932][T11182] ? __pfx___alloc_skb+0x10/0x10 [ 181.737882][T11182] ? netlink_autobind+0xd6/0x2f0 [ 181.742814][T11182] ? netlink_autobind+0x2b0/0x2f0 [ 181.747834][T11182] netlink_sendmsg+0x631/0xcb0 [ 181.752606][T11182] ? __pfx_netlink_sendmsg+0x10/0x10 [ 181.757896][T11182] ? __import_iovec+0x536/0x820 [ 181.762737][T11182] ? aa_sock_msg_perm+0x91/0x160 [ 181.767670][T11182] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 181.772943][T11182] ? security_socket_sendmsg+0x87/0xb0 [ 181.778392][T11182] ? __pfx_netlink_sendmsg+0x10/0x10 [ 181.783668][T11182] __sock_sendmsg+0x221/0x270 [ 181.788345][T11182] ____sys_sendmsg+0x525/0x7d0 [ 181.793107][T11182] ? __pfx_____sys_sendmsg+0x10/0x10 [ 181.798398][T11182] __sys_sendmsg+0x2b0/0x3a0 [ 181.802983][T11182] ? __pfx___sys_sendmsg+0x10/0x10 [ 181.808083][T11182] ? vfs_write+0x7c4/0xc90 [ 181.812518][T11182] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 181.818835][T11182] ? do_syscall_64+0x100/0x230 [ 181.823596][T11182] ? do_syscall_64+0xb6/0x230 [ 181.828266][T11182] do_syscall_64+0xf3/0x230 [ 181.832764][T11182] ? clear_bhb_loop+0x35/0x90 [ 181.837440][T11182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.843332][T11182] RIP: 0033:0x7f264cb75bd9 [ 181.847735][T11182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.867328][T11182] RSP: 002b:00007f264d8f1048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 181.875735][T11182] RAX: ffffffffffffffda RBX: 00007f264cd03f60 RCX: 00007f264cb75bd9 [ 181.883695][T11182] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 181.891651][T11182] RBP: 00007f264d8f10a0 R08: 0000000000000000 R09: 0000000000000000 [ 181.899608][T11182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 181.907565][T11182] R13: 000000000000000b R14: 00007f264cd03f60 R15: 00007ffe26dc5e18 [ 181.915537][T11182] [ 182.011462][T11188] ɶƣ0GC¦: entered promiscuous mode [ 182.634846][T11236] netlink: 'syz.4.2075': attribute type 23 has an invalid length. [ 183.202148][T11248] netlink: 'syz.1.2079': attribute type 4 has an invalid length. [ 183.593105][T11266] netlink: 'syz.2.2084': attribute type 2 has an invalid length. [ 183.600893][T11266] netlink: 'syz.2.2084': attribute type 8 has an invalid length. [ 183.799645][T11280] syz.0.2090 (11280) used greatest stack depth: 18648 bytes left [ 183.854936][T11284] nbd: nbd0 already in use [ 184.044447][T11293] netlink: 'syz.4.2093': attribute type 3 has an invalid length. [ 184.052299][T11293] __nla_validate_parse: 20 callbacks suppressed [ 184.052313][T11293] netlink: 130984 bytes leftover after parsing attributes in process `syz.4.2093'. [ 184.157137][T11299] netlink: 268 bytes leftover after parsing attributes in process `syz.1.2095'. [ 184.227676][T11305] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2095'. [ 184.257349][T11306] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2098'. [ 184.476038][T11316] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2102'. [ 184.486655][T11316] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2102'. [ 184.808593][T11334] netlink: 'syz.1.2109': attribute type 15 has an invalid length. [ 184.816635][T11334] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2109'. [ 184.941128][T11338] netlink: 268 bytes leftover after parsing attributes in process `syz.1.2110'. [ 185.013586][T11338] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2110'. [ 185.262224][T11357] team0: No ports can be present during mode change [ 185.391529][T11365] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2118'. [ 185.691093][T11378] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 33830 - 0 [ 185.713515][T11378] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 33830 - 0 [ 185.722706][T11378] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 33830 - 0 [ 185.734437][T11378] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 33830 - 0 [ 185.744939][T11378] netdevsim netdevsim0 netdevsim0: set [1, 2] type 2 family 0 port 60612 - 0 [ 185.764456][T11378] netdevsim netdevsim0 netdevsim1: set [1, 2] type 2 family 0 port 60612 - 0 [ 185.775045][T11378] netdevsim netdevsim0 netdevsim2: set [1, 2] type 2 family 0 port 60612 - 0 [ 185.784279][T11378] netdevsim netdevsim0 netdevsim3: set [1, 2] type 2 family 0 port 60612 - 0 [ 185.794165][T11378] geneve2: entered promiscuous mode [ 185.812506][T11378] netdevsim netdevsim0 netdevsim0: unset [1, 2] type 2 family 0 port 60612 - 0 [ 185.821929][T11378] netdevsim netdevsim0 netdevsim1: unset [1, 2] type 2 family 0 port 60612 - 0 [ 185.848912][T11378] netdevsim netdevsim0 netdevsim2: unset [1, 2] type 2 family 0 port 60612 - 0 [ 185.876198][T11378] netdevsim netdevsim0 netdevsim3: unset [1, 2] type 2 family 0 port 60612 - 0 [ 185.906094][T11378] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 33830 - 0 [ 185.936523][T11378] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 33830 - 0 [ 185.962097][T11378] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 33830 - 0 [ 185.978873][ T5095] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 185.987712][T11378] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 33830 - 0 [ 185.997067][ T5095] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 186.005730][ T5095] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 186.024409][ T5095] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 186.032115][ T5095] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 186.046431][ T5095] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 186.648613][T11429] netlink: 'syz.1.2145': attribute type 10 has an invalid length. [ 186.688862][T11429] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 186.709514][T11429] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 186.727909][T11429] team0: Port device netdevsim0 added [ 186.736931][T11394] chnl_net:caif_netlink_parms(): no params data found [ 186.783862][T11435] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.792531][T11435] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.022384][T11394] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.029996][T11394] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.038064][T11394] bridge_slave_0: entered allmulticast mode [ 187.047051][T11394] bridge_slave_0: entered promiscuous mode [ 187.072915][T11394] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.080470][T11394] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.088843][T11452] "syz.1.2150" (11452) uses obsolete ecb(arc4) skcipher [ 187.090607][T11394] bridge_slave_1: entered allmulticast mode [ 187.104195][T11394] bridge_slave_1: entered promiscuous mode [ 187.179881][T11455] netlink: 'syz.1.2151': attribute type 9 has an invalid length. [ 187.188395][T11394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.200466][T11455] netlink: 'syz.1.2151': attribute type 7 has an invalid length. [ 187.219033][T11394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.228340][T11455] netlink: 'syz.1.2151': attribute type 8 has an invalid length. [ 187.307472][T11394] team0: Port device team_slave_0 added [ 187.327812][T11394] team0: Port device team_slave_1 added [ 187.391638][T11394] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 187.402066][T11394] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.428190][T11465] netlink: 'syz.1.2156': attribute type 9 has an invalid length. [ 187.442384][T11394] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.453958][T11459] netlink: 'syz.0.2153': attribute type 21 has an invalid length. [ 187.461883][T11459] netlink: 'syz.0.2153': attribute type 4 has an invalid length. [ 187.482865][T11467] netlink: 'syz.1.2156': attribute type 9 has an invalid length. [ 187.484176][T11394] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.534188][T11394] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.588824][T11394] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.761788][T11394] hsr_slave_0: entered promiscuous mode [ 187.782407][T11394] hsr_slave_1: entered promiscuous mode [ 187.805813][T11394] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 187.822878][T11394] Cannot create hsr debugfs directory [ 188.113407][ T5095] Bluetooth: hci6: command tx timeout [ 188.258256][T11394] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.294549][T11511] openvswitch: netlink: Message has 16 unknown bytes. [ 188.425137][T11394] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.463087][T11519] openvswitch: netlink: Flow actions attr not present in new flow. [ 188.513276][T11525] openvswitch: netlink: ct_state flags 0000d2dc unsupported [ 188.606301][T11394] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.775399][T11394] team0: Port device netdevsim0 removed [ 188.803059][T11394] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.865116][T11535] vlan4: entered promiscuous mode [ 188.893052][T11535] vlan4: entered allmulticast mode [ 188.972083][T11550] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 189.197898][T11553] __nla_validate_parse: 11 callbacks suppressed [ 189.197916][T11553] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2185'. [ 189.231100][T11394] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 189.340608][T11394] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 189.388863][T11569] FAULT_INJECTION: forcing a failure. [ 189.388863][T11569] name failslab, interval 1, probability 0, space 0, times 0 [ 189.391701][T11394] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 189.410075][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 189.427721][T11569] CPU: 1 PID: 11569 Comm: syz.2.2190 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 189.427748][T11569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 189.427760][T11569] Call Trace: [ 189.427768][T11569] [ 189.427777][T11569] dump_stack_lvl+0x241/0x360 [ 189.427810][T11569] ? __pfx_dump_stack_lvl+0x10/0x10 [ 189.427840][T11569] ? __pfx__printk+0x10/0x10 [ 189.427866][T11569] ? __pfx___might_resched+0x10/0x10 [ 189.427894][T11569] should_fail_ex+0x3b0/0x4e0 [ 189.427924][T11569] ? skb_clone+0x20c/0x390 [ 189.427946][T11569] should_failslab+0x9/0x20 [ 189.427970][T11569] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 189.428000][T11569] skb_clone+0x20c/0x390 [ 189.428026][T11569] nfnetlink_rcv+0x575/0x2a80 [ 189.428049][T11569] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 189.428075][T11569] ? __local_bh_enable_ip+0x168/0x200 [ 189.428098][T11569] ? __local_bh_enable_ip+0x168/0x200 [ 189.428117][T11569] ? __dev_queue_xmit+0x2d2/0x3d30 [ 189.428150][T11569] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 189.428176][T11569] ? __dev_queue_xmit+0x2d2/0x3d30 [ 189.428200][T11569] ? __dev_queue_xmit+0x16c9/0x3d30 [ 189.428223][T11569] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 189.428258][T11569] ? __dev_queue_xmit+0x2d2/0x3d30 [ 189.428292][T11569] ? ref_tracker_free+0x643/0x7e0 [ 189.428317][T11569] ? __asan_memcpy+0x40/0x70 [ 189.428336][T11569] ? __pfx_ref_tracker_free+0x10/0x10 [ 189.428378][T11569] ? netlink_deliver_tap+0x2e/0x1b0 [ 189.428399][T11569] ? skb_clone+0x240/0x390 [ 189.428421][T11569] ? __pfx_lock_release+0x10/0x10 [ 189.428442][T11569] ? __netlink_deliver_tap+0x77e/0x7c0 [ 189.428476][T11569] ? netlink_deliver_tap+0x2e/0x1b0 [ 189.428503][T11569] netlink_unicast+0x7ea/0x980 [ 189.428534][T11569] ? __pfx_netlink_unicast+0x10/0x10 [ 189.428554][T11569] ? __virt_addr_valid+0x183/0x520 [ 189.428582][T11569] ? __check_object_size+0x49c/0x900 [ 189.428605][T11569] ? bpf_lsm_netlink_send+0x9/0x10 [ 189.428637][T11569] netlink_sendmsg+0x8db/0xcb0 [ 189.428677][T11569] ? __pfx_netlink_sendmsg+0x10/0x10 [ 189.428703][T11569] ? __import_iovec+0x536/0x820 [ 189.428721][T11569] ? aa_sock_msg_perm+0x91/0x160 [ 189.428749][T11569] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 189.428766][T11569] ? security_socket_sendmsg+0x87/0xb0 [ 189.428790][T11569] ? __pfx_netlink_sendmsg+0x10/0x10 [ 189.428812][T11569] __sock_sendmsg+0x221/0x270 [ 189.428842][T11569] ____sys_sendmsg+0x525/0x7d0 [ 189.428874][T11569] ? __pfx_____sys_sendmsg+0x10/0x10 [ 189.428917][T11569] __sys_sendmsg+0x2b0/0x3a0 [ 189.428942][T11569] ? __pfx___sys_sendmsg+0x10/0x10 [ 189.428963][T11569] ? vfs_write+0x7c4/0xc90 [ 189.429027][T11569] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 189.429049][T11569] ? do_syscall_64+0x100/0x230 [ 189.429076][T11569] ? do_syscall_64+0xb6/0x230 [ 189.429103][T11569] do_syscall_64+0xf3/0x230 [ 189.429128][T11569] ? clear_bhb_loop+0x35/0x90 [ 189.429162][T11569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.429186][T11569] RIP: 0033:0x7fa459d75bd9 [ 189.429205][T11569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.429221][T11569] RSP: 002b:00007fa45aab3048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 189.429244][T11569] RAX: ffffffffffffffda RBX: 00007fa459f03f60 RCX: 00007fa459d75bd9 [ 189.429259][T11569] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 189.429272][T11569] RBP: 00007fa45aab30a0 R08: 0000000000000000 R09: 0000000000000000 [ 189.429285][T11569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 189.429297][T11569] R13: 000000000000004d R14: 00007fa459f03f60 R15: 00007ffc5bf361a8 [ 189.429327][T11569] [ 189.884674][T11575] bond0: entered allmulticast mode [ 189.899656][T11575] bond_slave_0: entered allmulticast mode [ 189.906531][T11575] bond_slave_1: entered allmulticast mode [ 189.914623][T11575] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.932820][T11394] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 190.151850][T11592] validate_nla: 1 callbacks suppressed [ 190.151870][T11592] netlink: 'syz.2.2197': attribute type 1 has an invalid length. [ 190.192815][ T4490] Bluetooth: hci6: command tx timeout [ 190.268595][T11592] bond2: (slave bridge4): Enslaving as a backup interface with an up link [ 190.382976][T11606] netlink: 'syz.2.2204': attribute type 21 has an invalid length. [ 190.391000][T11606] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2204'. [ 190.425732][T11608] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2201'. [ 190.436319][T11610] netlink: 'syz.1.2203': attribute type 10 has an invalid length. [ 190.480896][T11394] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.577957][T11394] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.603967][T11619] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2209'. [ 190.654445][ T5145] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.661606][ T5145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.704580][ T5145] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.708561][T11624] netlink: 268 bytes leftover after parsing attributes in process `syz.2.2210'. [ 190.711700][ T5145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.804738][T11631] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2210'. [ 190.858710][T11630] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2213'. [ 190.900532][T11630] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2213'. [ 190.910131][T11630] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 191.168788][T11648] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2217'. [ 191.226487][T11394] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.262153][T11649] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2217'. [ 191.309928][T11394] veth0_vlan: entered promiscuous mode [ 191.335366][T11394] veth1_vlan: entered promiscuous mode [ 191.408304][T11394] veth0_macvtap: entered promiscuous mode [ 191.440120][T11394] veth1_macvtap: entered promiscuous mode [ 191.475233][ T4490] Bluetooth: hci4: command 0x0406 tx timeout [ 191.508587][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.559921][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.578546][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.589337][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.599576][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.610324][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.622371][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.637837][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.657296][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.684809][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.715832][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 191.730666][T11667] netlink: 'syz.0.2221': attribute type 29 has an invalid length. [ 191.746613][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.783615][T11394] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 191.816886][T11667] netlink: 'syz.0.2221': attribute type 29 has an invalid length. [ 191.842861][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.895006][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.925138][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.944640][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.957437][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 191.968133][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.979553][T11672] xt_CT: You must specify a L4 protocol and not use inversions on it [ 191.979923][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 192.029018][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.053181][T11394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 192.067779][T11394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.108892][T11394] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 192.125648][T11394] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.143889][T11394] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.163233][T11394] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.185519][T11394] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.197240][T11668] netlink: 'syz.0.2221': attribute type 29 has an invalid length. [ 192.272941][ T5095] Bluetooth: hci6: command tx timeout [ 192.494122][ T6599] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 192.523646][ T6599] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 192.685617][ T6598] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 192.710723][ T6598] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 192.729270][T11709] netlink: 'syz.4.2235': attribute type 4 has an invalid length. [ 192.744045][T11706] xt_CT: You must specify a L4 protocol and not use inversions on it [ 192.775262][T11712] netlink: 'syz.0.2232': attribute type 27 has an invalid length. [ 192.907047][T11720] FAULT_INJECTION: forcing a failure. [ 192.907047][T11720] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 192.936596][T11720] CPU: 0 PID: 11720 Comm: syz.1.2239 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 192.946779][T11720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 192.956840][T11720] Call Trace: [ 192.960120][T11720] [ 192.963056][T11720] dump_stack_lvl+0x241/0x360 [ 192.967754][T11720] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.972961][T11720] ? __pfx__printk+0x10/0x10 [ 192.977560][T11720] ? __pfx_lock_release+0x10/0x10 [ 192.982599][T11720] should_fail_ex+0x3b0/0x4e0 [ 192.987288][T11720] _copy_from_iter+0x1f6/0x1960 [ 192.992152][T11720] ? __virt_addr_valid+0x183/0x520 [ 192.997271][T11720] ? __pfx_lock_release+0x10/0x10 [ 193.002306][T11720] ? __alloc_skb+0x28f/0x440 [ 193.006905][T11720] ? __pfx__copy_from_iter+0x10/0x10 [ 193.012202][T11720] ? __virt_addr_valid+0x183/0x520 [ 193.017324][T11720] ? __virt_addr_valid+0x183/0x520 [ 193.022443][T11720] ? __virt_addr_valid+0x44e/0x520 [ 193.027570][T11720] ? __check_object_size+0x49c/0x900 [ 193.032869][T11720] netlink_sendmsg+0x743/0xcb0 [ 193.037655][T11720] ? __pfx_netlink_sendmsg+0x10/0x10 [ 193.042952][T11720] ? __import_iovec+0x536/0x820 [ 193.047817][T11720] ? aa_sock_msg_perm+0x91/0x160 [ 193.052786][T11720] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 193.058085][T11720] ? security_socket_sendmsg+0x87/0xb0 [ 193.063566][T11720] ? __pfx_netlink_sendmsg+0x10/0x10 [ 193.068874][T11720] __sock_sendmsg+0x221/0x270 [ 193.073580][T11720] ____sys_sendmsg+0x525/0x7d0 [ 193.078366][T11720] ? __pfx_____sys_sendmsg+0x10/0x10 [ 193.083684][T11720] __sys_sendmsg+0x2b0/0x3a0 [ 193.088302][T11720] ? __pfx___sys_sendmsg+0x10/0x10 [ 193.093429][T11720] ? vfs_write+0x7c4/0xc90 [ 193.097904][T11720] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 193.104252][T11720] ? do_syscall_64+0x100/0x230 [ 193.109037][T11720] ? do_syscall_64+0xb6/0x230 [ 193.113742][T11720] do_syscall_64+0xf3/0x230 [ 193.118266][T11720] ? clear_bhb_loop+0x35/0x90 [ 193.122967][T11720] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.128884][T11720] RIP: 0033:0x7fc3d2175bd9 [ 193.133315][T11720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.152932][T11720] RSP: 002b:00007fc3d2fb2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 193.161363][T11720] RAX: ffffffffffffffda RBX: 00007fc3d2303f60 RCX: 00007fc3d2175bd9 [ 193.169361][T11720] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 193.177343][T11720] RBP: 00007fc3d2fb20a0 R08: 0000000000000000 R09: 0000000000000000 [ 193.185324][T11720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.193304][T11720] R13: 000000000000004d R14: 00007fc3d2303f60 R15: 00007ffe13ebab18 [ 193.201303][T11720] [ 193.327687][T11712] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.335509][T11712] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.395118][T11712] bond0: left allmulticast mode [ 193.401100][T11712] bond_slave_0: left allmulticast mode [ 193.412596][T11712] bond_slave_1: left allmulticast mode [ 193.481853][T11712] batadv0: left promiscuous mode [ 193.705756][T11712] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 193.776835][T11712] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 193.838083][T11712] hsr0: left promiscuous mode [ 193.871624][T11756] netlink: 'syz.3.2247': attribute type 1 has an invalid length. [ 193.912107][T11712] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.936075][T11712] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.945422][T11712] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.955801][T11712] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.086646][T11712] gretap1: left promiscuous mode [ 194.101865][T11712] gretap1: left allmulticast mode [ 194.125088][T11712] vlan0: left promiscuous mode [ 194.154168][T11712] bond2: left promiscuous mode [ 194.159773][T11712] ip6gretap1: left promiscuous mode [ 194.203138][T11744] netlink: 'syz.1.2245': attribute type 21 has an invalid length. [ 194.223140][T11712] syz.0.2232 (11712) used greatest stack depth: 18384 bytes left [ 194.231925][T11744] __nla_validate_parse: 5 callbacks suppressed [ 194.231939][T11744] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2245'. [ 194.255487][T11745] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2245'. [ 194.353701][ T5095] Bluetooth: hci6: command tx timeout [ 194.543497][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.200028][T11811] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2263'. [ 195.380293][T11815] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2265'. [ 195.438350][T11818] netlink: 268 bytes leftover after parsing attributes in process `syz.4.2267'. [ 195.499520][T11822] validate_nla: 2 callbacks suppressed [ 195.499538][T11822] netlink: 'syz.0.2266': attribute type 3 has an invalid length. [ 195.548870][T11822] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2266'. [ 195.583521][T11823] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2267'. [ 195.778955][T11832] netlink: 'syz.1.2272': attribute type 23 has an invalid length. [ 195.787126][T11832] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2272'. [ 195.988227][T11842] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2274'. [ 196.153004][T11851] netlink: 'syz.3.2277': attribute type 27 has an invalid length. [ 196.397800][T11858] netlink: 268 bytes leftover after parsing attributes in process `syz.3.2281'. [ 196.722566][T11876] IPv6: NLM_F_REPLACE set, but no existing node found! [ 196.751990][ T5180] IPVS: starting estimator thread 0... [ 196.759307][T11876] IPVS: rr: TCP 172.20.20.170:0 - no destination available [ 196.776159][T11885] netlink: 'syz.0.2292': attribute type 33 has an invalid length. [ 196.802182][T11885] sch_fq: defrate 0 ignored. [ 196.852905][T11884] IPVS: using max 21 ests per chain, 50400 per kthread [ 196.936122][T11894] openvswitch: netlink: Flow key attr not present in new flow. [ 197.674731][T11935] raw_sendmsg: syz.4.2307 forgot to set AF_INET. Fix it! [ 197.978267][T11954] smc: net device ip6_vti0 applied user defined pnetid SYZ0 [ 198.163877][T11961] netlink: 'syz.4.2316': attribute type 33 has an invalid length. [ 198.417139][T11975] netlink: 'syz.1.2318': attribute type 10 has an invalid length. [ 198.820745][T11981] bond2: (slave bridge3): Enslaving as an active interface with an up link [ 198.834898][T11995] netlink: 'syz.0.2326': attribute type 8 has an invalid length. [ 199.121750][T12012] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 199.301672][T12026] __nla_validate_parse: 19 callbacks suppressed [ 199.301692][T12026] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2336'. [ 199.337880][T12023] vlan5: entered promiscuous mode [ 199.353898][T12023] bond0: entered promiscuous mode [ 199.363642][T12023] bond_slave_0: entered promiscuous mode [ 199.381541][T12023] bond_slave_1: entered promiscuous mode [ 199.391253][T12023] bond0: left promiscuous mode [ 199.397361][T12023] bond_slave_0: left promiscuous mode [ 199.404246][T12023] bond_slave_1: left promiscuous mode [ 199.463009][T12026] tc_dump_action: action bad kind [ 199.624907][T12042] netlink: 47 bytes leftover after parsing attributes in process `syz.3.2343'. [ 199.670797][T12044] netlink: 'syz.4.2344': attribute type 9 has an invalid length. [ 199.684430][T12044] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.2344'. [ 199.694855][T12041] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2342'. [ 199.796037][T12046] netlink: 'syz.4.2344': attribute type 9 has an invalid length. [ 199.833054][T12046] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.2344'. [ 200.053799][T12062] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2351'. [ 200.085467][T12065] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2351'. [ 200.154832][T12072] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2356'. [ 200.265617][T12079] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 200.563083][T12095] netlink: 'syz.0.2366': attribute type 1 has an invalid length. [ 200.594461][T12100] netlink: 'syz.2.2368': attribute type 32 has an invalid length. [ 200.607196][T12095] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 200.613108][T12096] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2366'. [ 200.782579][T12119] FAULT_INJECTION: forcing a failure. [ 200.782579][T12119] name failslab, interval 1, probability 0, space 0, times 0 [ 200.810399][T12119] CPU: 0 PID: 12119 Comm: syz.0.2374 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 200.820594][T12119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 200.830669][T12119] Call Trace: [ 200.833960][T12119] [ 200.836902][T12119] dump_stack_lvl+0x241/0x360 [ 200.841616][T12119] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.846839][T12119] ? __pfx__printk+0x10/0x10 [ 200.851459][T12119] ? __lock_acquire+0x1346/0x1fd0 [ 200.856511][T12119] should_fail_ex+0x3b0/0x4e0 [ 200.861207][T12119] ? __alloc_skb+0x1c3/0x440 [ 200.865812][T12119] should_failslab+0x9/0x20 [ 200.870337][T12119] kmem_cache_alloc_node_noprof+0x71/0x320 [ 200.876171][T12119] __alloc_skb+0x1c3/0x440 [ 200.880607][T12119] ? validate_chain+0x11e/0x5900 [ 200.885565][T12119] ? __pfx___alloc_skb+0x10/0x10 [ 200.890534][T12119] alloc_skb_with_frags+0xc3/0x770 [ 200.895671][T12119] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 200.901063][T12119] sock_alloc_send_pskb+0x91a/0xa60 [ 200.906296][T12119] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 200.912040][T12119] ? aa_sk_perm+0x967/0xab0 [ 200.916566][T12119] hci_sock_sendmsg+0x22b/0x11c0 [ 200.921534][T12119] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 200.926922][T12119] ? aa_sock_msg_perm+0x91/0x160 [ 200.931879][T12119] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 200.937173][T12119] ? security_socket_sendmsg+0x87/0xb0 [ 200.942646][T12119] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 200.948024][T12119] __sock_sendmsg+0x221/0x270 [ 200.952722][T12119] sock_write_iter+0x2dd/0x400 [ 200.957508][T12119] ? __pfx_sock_write_iter+0x10/0x10 [ 200.962820][T12119] ? bpf_lsm_file_permission+0x9/0x10 [ 200.968208][T12119] ? security_file_permission+0x7f/0xa0 [ 200.973783][T12119] vfs_write+0xa72/0xc90 [ 200.978043][T12119] ? __pfx_sock_write_iter+0x10/0x10 [ 200.983345][T12119] ? __pfx_vfs_write+0x10/0x10 [ 200.988150][T12119] ksys_write+0x1a0/0x2c0 [ 200.992500][T12119] ? __pfx_ksys_write+0x10/0x10 [ 200.997367][T12119] ? do_syscall_64+0x100/0x230 [ 201.002150][T12119] ? do_syscall_64+0xb6/0x230 [ 201.006848][T12119] do_syscall_64+0xf3/0x230 [ 201.011372][T12119] ? clear_bhb_loop+0x35/0x90 [ 201.016074][T12119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.021984][T12119] RIP: 0033:0x7fc1fd375bd9 [ 201.026412][T12119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.046029][T12119] RSP: 002b:00007fc1fe1c6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 201.054460][T12119] RAX: ffffffffffffffda RBX: 00007fc1fd503f60 RCX: 00007fc1fd375bd9 [ 201.062441][T12119] RDX: 0000000000000007 RSI: 0000000020000340 RDI: 0000000000000008 [ 201.070423][T12119] RBP: 00007fc1fe1c60a0 R08: 0000000000000000 R09: 0000000000000000 [ 201.078407][T12119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 201.086392][T12119] R13: 000000000000004d R14: 00007fc1fd503f60 R15: 00007ffdfa6e69a8 [ 201.094390][T12119] [ 201.275575][T12135] netlink: 'syz.0.2378': attribute type 1 has an invalid length. [ 201.275929][T12134] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2379'. [ 201.283594][T12135] netlink: 'syz.0.2378': attribute type 1 has an invalid length. [ 201.283613][T12135] netlink: 'syz.0.2378': attribute type 2 has an invalid length. [ 201.390444][T12134] bridge4: entered promiscuous mode [ 201.425763][T12140] dccp_invalid_packet: P.Data Offset(4) too small [ 201.432524][T12134] bridge4: entered allmulticast mode [ 201.466338][T12134] team0: Port device bridge4 added [ 201.665454][T12152] smc: net device ip6_vti0 erased user defined pnetid SYZ0 [ 201.984421][ T5098] IPVS: starting estimator thread 0... [ 202.067309][T12178] netlink: 'syz.0.2392': attribute type 1 has an invalid length. [ 202.093191][T12173] IPVS: using max 21 ests per chain, 50400 per kthread [ 202.102468][T12180] netlink: 'syz.0.2392': attribute type 1 has an invalid length. [ 202.147225][T12181] netlink: 'syz.1.2393': attribute type 1 has an invalid length. [ 202.386432][T12201] netlink: 'syz.3.2397': attribute type 13 has an invalid length. [ 202.411499][T12201] veth0_macvtap: left promiscuous mode [ 202.453991][T12201] macvtap0: entered allmulticast mode [ 202.500958][T12201] macvtap0: refused to change device tx_queue_len [ 202.665361][T12221] netlink: 'syz.2.2406': attribute type 1 has an invalid length. [ 202.912899][ T5095] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 203.386185][T12270] netlink: 'syz.0.2426': attribute type 11 has an invalid length. [ 203.425347][T12268] netlink: 'syz.0.2426': attribute type 11 has an invalid length. [ 203.895205][T12304] SET target dimension over the limit! [ 204.444687][T12331] __nla_validate_parse: 16 callbacks suppressed [ 204.444708][T12331] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2451'. [ 204.506706][T12337] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 204.514068][T12337] IPv6: NLM_F_CREATE should be set when creating new route [ 204.636006][T12342] batman_adv: batadv0: Adding interface: team0 [ 204.656191][T12342] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.681492][ T5095] Bluetooth: hci6: command tx timeout [ 204.710671][T12342] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 204.722155][T12348] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2454'. [ 204.741542][T12348] team0: entered promiscuous mode [ 204.747710][T12348] team_slave_0: entered promiscuous mode [ 204.763002][T12348] team_slave_1: entered promiscuous mode [ 204.771083][T12348] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.786567][T12348] batman_adv: batadv0: Interface activated: team0 [ 204.799621][T12348] batman_adv: batadv0: Interface deactivated: team0 [ 204.807700][T12348] batman_adv: batadv0: Removing interface: team0 [ 204.821746][T12344] veth0_virt_wifi: entered promiscuous mode [ 204.952862][T12355] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2458'. [ 204.968279][T12355] bridge0: port 3(batadv0) entered blocking state [ 204.984128][T12355] bridge0: port 3(batadv0) entered disabled state [ 204.995358][T12355] batadv0: entered allmulticast mode [ 205.006803][T12355] batadv0: entered promiscuous mode [ 205.367141][ T6600] batman_adv: batadv0: IGMP Querier appeared [ 205.373578][ T6600] batman_adv: batadv0: MLD Querier appeared [ 205.397952][T12375] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2465'. [ 205.443165][T12342] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 205.489964][T12368] bridge0: entered promiscuous mode [ 205.509591][T12368] macsec1: entered promiscuous mode [ 205.528012][T12368] bridge0: left promiscuous mode [ 205.601497][T12382] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2467'. [ 205.636272][T12385] validate_nla: 8 callbacks suppressed [ 205.636289][T12385] netlink: 'syz.2.2468': attribute type 4 has an invalid length. [ 205.701094][T12385] netlink: 17 bytes leftover after parsing attributes in process `syz.2.2468'. [ 205.861139][T12395] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2473'. [ 205.887728][T12395] netlink: 'syz.2.2473': attribute type 10 has an invalid length. [ 205.899841][T12395] bridge0: port 3(batadv0) entered disabled state [ 205.906790][T12395] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.915450][T12395] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.358149][T12416] veth1_macvtap: left promiscuous mode [ 206.397268][T12416] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2482'. [ 206.442441][T12416] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2482'. [ 206.465973][T12416] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 206.648361][T12425] Unsupported ieee802154 address type: 0 [ 206.944454][T12432] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2488'. [ 207.017782][T12441] x_tables: duplicate underflow at hook 2 [ 208.307218][T12522] FAULT_INJECTION: forcing a failure. [ 208.307218][T12522] name failslab, interval 1, probability 0, space 0, times 0 [ 208.347330][T12522] CPU: 0 PID: 12522 Comm: syz.4.2518 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 208.357500][T12522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 208.367544][T12522] Call Trace: [ 208.370842][T12522] [ 208.373781][T12522] dump_stack_lvl+0x241/0x360 [ 208.378481][T12522] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.383693][T12522] ? __pfx__printk+0x10/0x10 [ 208.388306][T12522] ? ref_tracker_alloc+0x332/0x490 [ 208.393448][T12522] should_fail_ex+0x3b0/0x4e0 [ 208.398149][T12522] ? skb_clone+0x20c/0x390 [ 208.402564][T12522] should_failslab+0x9/0x20 [ 208.407074][T12522] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 208.412485][T12522] skb_clone+0x20c/0x390 [ 208.416752][T12522] __netlink_deliver_tap+0x3cc/0x7c0 [ 208.422039][T12522] ? netlink_deliver_tap+0x2e/0x1b0 [ 208.427253][T12522] netlink_deliver_tap+0x19d/0x1b0 [ 208.432379][T12522] netlink_unicast+0x7b8/0x980 [ 208.437159][T12522] ? __pfx_netlink_unicast+0x10/0x10 [ 208.442455][T12522] ? __virt_addr_valid+0x183/0x520 [ 208.447589][T12522] ? __check_object_size+0x49c/0x900 [ 208.452901][T12522] ? bpf_lsm_netlink_send+0x9/0x10 [ 208.458019][T12522] netlink_sendmsg+0x8db/0xcb0 [ 208.462803][T12522] ? __pfx_netlink_sendmsg+0x10/0x10 [ 208.468090][T12522] ? __import_iovec+0x536/0x820 [ 208.472933][T12522] ? aa_sock_msg_perm+0x91/0x160 [ 208.477869][T12522] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 208.483147][T12522] ? security_socket_sendmsg+0x87/0xb0 [ 208.488620][T12522] ? __pfx_netlink_sendmsg+0x10/0x10 [ 208.493901][T12522] __sock_sendmsg+0x221/0x270 [ 208.498598][T12522] ____sys_sendmsg+0x525/0x7d0 [ 208.503364][T12522] ? __pfx_____sys_sendmsg+0x10/0x10 [ 208.508654][T12522] __sys_sendmsg+0x2b0/0x3a0 [ 208.513241][T12522] ? __pfx___sys_sendmsg+0x10/0x10 [ 208.518343][T12522] ? vfs_write+0x7c4/0xc90 [ 208.522783][T12522] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 208.529103][T12522] ? do_syscall_64+0x100/0x230 [ 208.533869][T12522] ? do_syscall_64+0xb6/0x230 [ 208.538549][T12522] do_syscall_64+0xf3/0x230 [ 208.543051][T12522] ? clear_bhb_loop+0x35/0x90 [ 208.547730][T12522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.553628][T12522] RIP: 0033:0x7f264cb75bd9 [ 208.558035][T12522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.577636][T12522] RSP: 002b:00007f264d8f1048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 208.586053][T12522] RAX: ffffffffffffffda RBX: 00007f264cd03f60 RCX: 00007f264cb75bd9 [ 208.594020][T12522] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 208.601984][T12522] RBP: 00007f264d8f10a0 R08: 0000000000000000 R09: 0000000000000000 [ 208.609945][T12522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.617908][T12522] R13: 000000000000000b R14: 00007f264cd03f60 R15: 00007ffe26dc5e18 [ 208.625894][T12522] [ 208.965993][T12553] netlink: 'syz.1.2525': attribute type 33 has an invalid length. [ 209.229002][T12561] FAULT_INJECTION: forcing a failure. [ 209.229002][T12561] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 209.252994][T12561] CPU: 1 PID: 12561 Comm: syz.0.2528 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 209.263189][T12561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 209.273261][T12561] Call Trace: [ 209.276560][T12561] [ 209.279508][T12561] dump_stack_lvl+0x241/0x360 [ 209.284216][T12561] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.289430][T12561] ? __pfx__printk+0x10/0x10 [ 209.294026][T12561] ? __pfx_lock_release+0x10/0x10 [ 209.299072][T12561] should_fail_ex+0x3b0/0x4e0 [ 209.303776][T12561] _copy_from_user+0x2f/0xe0 [ 209.308383][T12561] copy_msghdr_from_user+0xae/0x680 [ 209.313599][T12561] ? __pfx___might_resched+0x10/0x10 [ 209.318882][T12561] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 209.324786][T12561] ? __might_fault+0xaa/0x120 [ 209.329481][T12561] __sys_sendmmsg+0x374/0x740 [ 209.334171][T12561] ? __pfx___sys_sendmmsg+0x10/0x10 [ 209.339432][T12561] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 209.345327][T12561] ? ksys_write+0x23e/0x2c0 [ 209.349825][T12561] ? __pfx_lock_release+0x10/0x10 [ 209.354859][T12561] ? vfs_write+0x7c4/0xc90 [ 209.359274][T12561] ? __mutex_unlock_slowpath+0x21d/0x750 [ 209.364902][T12561] ? __pfx_vfs_write+0x10/0x10 [ 209.369675][T12561] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 209.375649][T12561] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 209.381973][T12561] ? do_syscall_64+0x100/0x230 [ 209.386742][T12561] __x64_sys_sendmmsg+0xa0/0xb0 [ 209.391599][T12561] do_syscall_64+0xf3/0x230 [ 209.396099][T12561] ? clear_bhb_loop+0x35/0x90 [ 209.400775][T12561] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.406661][T12561] RIP: 0033:0x7fc1fd375bd9 [ 209.411091][T12561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.430690][T12561] RSP: 002b:00007fc1fe1c6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 209.439096][T12561] RAX: ffffffffffffffda RBX: 00007fc1fd503f60 RCX: 00007fc1fd375bd9 [ 209.447055][T12561] RDX: 00000000040001b6 RSI: 0000000020001540 RDI: 000000000000000d [ 209.455012][T12561] RBP: 00007fc1fe1c60a0 R08: 0000000000000000 R09: 0000000000000000 [ 209.462977][T12561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 209.470943][T12561] R13: 000000000000004d R14: 00007fc1fd503f60 R15: 00007ffdfa6e69a8 [ 209.478911][T12561] [ 209.646216][T12586] __nla_validate_parse: 10 callbacks suppressed [ 209.646234][T12586] netlink: 268 bytes leftover after parsing attributes in process `syz.4.2536'. [ 209.737413][T12594] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2536'. [ 209.926541][T12610] xt_CT: You must specify a L4 protocol and not use inversions on it [ 210.128054][T12621] ɶƣ0GC¦: entered promiscuous mode [ 210.276519][T12632] netlink: 268 bytes leftover after parsing attributes in process `syz.2.2551'. [ 210.307472][T12635] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2553'. [ 210.326679][T12635] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 210.347097][T12636] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2550'. [ 210.386002][T12642] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2551'. [ 210.394618][T12639] netlink: 'syz.1.2554': attribute type 1 has an invalid length. [ 210.583421][T12654] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 210.742565][T12666] netlink: 'syz.2.2560': attribute type 29 has an invalid length. [ 210.767706][T12666] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2560'. [ 210.861719][T12668] openvswitch: ɶƣ0GC¦: Dropping previously announced user features [ 210.872726][T12666] netlink: 'syz.2.2560': attribute type 29 has an invalid length. [ 210.906901][T12666] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2560'. [ 211.302280][T12688] x_tables: ip_tables: udp match: only valid for protocol 17 [ 211.350050][T12701] netlink: 'syz.0.2571': attribute type 3 has an invalid length. [ 211.365396][T12701] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2571'. [ 211.377664][T12702] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2572'. [ 211.459281][T12713] openvswitch: ɶƣ0GC¦: Dropping previously announced user features [ 211.555181][T12719] netlink: 'syz.3.2576': attribute type 7 has an invalid length. [ 211.683867][T12726] FAULT_INJECTION: forcing a failure. [ 211.683867][T12726] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 211.701913][T12726] CPU: 1 PID: 12726 Comm: syz.3.2580 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 211.712110][T12726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 211.722185][T12726] Call Trace: [ 211.725480][T12726] [ 211.728434][T12726] dump_stack_lvl+0x241/0x360 [ 211.733142][T12726] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.738371][T12726] ? __pfx__printk+0x10/0x10 [ 211.742995][T12726] ? __pfx_lock_release+0x10/0x10 [ 211.748052][T12726] should_fail_ex+0x3b0/0x4e0 [ 211.752760][T12726] _copy_from_iter+0x1f6/0x1960 [ 211.757633][T12726] ? __virt_addr_valid+0x183/0x520 [ 211.762769][T12726] ? __pfx_lock_release+0x10/0x10 [ 211.767796][T12726] ? __alloc_skb+0x28f/0x440 [ 211.772376][T12726] ? __pfx__copy_from_iter+0x10/0x10 [ 211.777661][T12726] ? __virt_addr_valid+0x183/0x520 [ 211.782765][T12726] ? __virt_addr_valid+0x183/0x520 [ 211.787867][T12726] ? __virt_addr_valid+0x44e/0x520 [ 211.792970][T12726] ? __check_object_size+0x49c/0x900 [ 211.798251][T12726] netlink_sendmsg+0x743/0xcb0 [ 211.803030][T12726] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.808325][T12726] ? __import_iovec+0x536/0x820 [ 211.813166][T12726] ? aa_sock_msg_perm+0x91/0x160 [ 211.818097][T12726] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 211.823372][T12726] ? security_socket_sendmsg+0x87/0xb0 [ 211.828824][T12726] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.834098][T12726] __sock_sendmsg+0x221/0x270 [ 211.838774][T12726] ____sys_sendmsg+0x525/0x7d0 [ 211.843538][T12726] ? __pfx_____sys_sendmsg+0x10/0x10 [ 211.848824][T12726] __sys_sendmsg+0x2b0/0x3a0 [ 211.853409][T12726] ? __pfx___sys_sendmsg+0x10/0x10 [ 211.858509][T12726] ? vfs_write+0x7c4/0xc90 [ 211.862944][T12726] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 211.869259][T12726] ? do_syscall_64+0x100/0x230 [ 211.874017][T12726] ? do_syscall_64+0xb6/0x230 [ 211.878686][T12726] do_syscall_64+0xf3/0x230 [ 211.883181][T12726] ? clear_bhb_loop+0x35/0x90 [ 211.887853][T12726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.893739][T12726] RIP: 0033:0x7f9e71375bd9 [ 211.898140][T12726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.917740][T12726] RSP: 002b:00007f9e721e8048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 211.926146][T12726] RAX: ffffffffffffffda RBX: 00007f9e71503f60 RCX: 00007f9e71375bd9 [ 211.934105][T12726] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 211.942063][T12726] RBP: 00007f9e721e80a0 R08: 0000000000000000 R09: 0000000000000000 [ 211.950024][T12726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.957984][T12726] R13: 000000000000000b R14: 00007f9e71503f60 R15: 00007ffdf20ce128 [ 211.965956][T12726] [ 212.752495][T12779] netlink: 'syz.0.2599': attribute type 7 has an invalid length. [ 214.674277][T12907] __nla_validate_parse: 17 callbacks suppressed [ 214.674295][T12907] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2644'. [ 215.300148][T12935] IPv4: Oversized IP packet from 127.202.26.0 [ 215.317841][T12939] netlink: 'syz.0.2659': attribute type 1 has an invalid length. [ 215.489128][T12941] bond3: (slave gre1): The slave device specified does not support setting the MAC address [ 215.553246][T12941] bond3: (slave gre1): Setting fail_over_mac to active for active-backup mode [ 215.593246][T12941] bond3: (slave gre1): making interface the new active one [ 215.611564][T12941] bond3: (slave gre1): Enslaving as an active interface with an up link [ 215.643076][T12946] team0: No ports can be present during mode change [ 215.750877][T12958] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2665'. [ 215.783218][T12958] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 215.803212][T12958] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 216.163549][T12975] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2672'. [ 216.524934][T12983] netlink: 'syz.2.2675': attribute type 1 has an invalid length. [ 216.589862][T12985] bond3: (slave gre1): The slave device specified does not support setting the MAC address [ 216.633047][T12985] bond3: (slave gre1): Setting fail_over_mac to active for active-backup mode [ 216.660072][T12985] bond3: (slave gre1): making interface the new active one [ 216.712080][T12985] bond3: (slave gre1): Enslaving as an active interface with an up link [ 216.895488][T12997] IPv6: Can't replace route, no match found [ 216.921006][T12997] xt_HMARK: spi-set and port-set can't be combined [ 217.060018][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 217.101253][T13010] FAULT_INJECTION: forcing a failure. [ 217.101253][T13010] name failslab, interval 1, probability 0, space 0, times 0 [ 217.131018][T13013] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2684'. [ 217.145258][T13010] CPU: 0 PID: 13010 Comm: syz.1.2685 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 217.155438][T13010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 217.165504][T13010] Call Trace: [ 217.168797][T13010] [ 217.171744][T13010] dump_stack_lvl+0x241/0x360 [ 217.176450][T13010] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.181760][T13010] ? __pfx__printk+0x10/0x10 [ 217.186377][T13010] ? ref_tracker_alloc+0x332/0x490 [ 217.191516][T13010] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 217.197001][T13010] should_fail_ex+0x3b0/0x4e0 [ 217.201714][T13010] ? skb_clone+0x20c/0x390 [ 217.206156][T13010] should_failslab+0x9/0x20 [ 217.209785][T13015] netlink: 268 bytes leftover after parsing attributes in process `syz.3.2686'. [ 217.210694][T13010] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 217.225129][T13010] skb_clone+0x20c/0x390 [ 217.229395][T13010] __netlink_deliver_tap+0x3cc/0x7c0 [ 217.234723][T13010] ? netlink_deliver_tap+0x2e/0x1b0 [ 217.239951][T13010] netlink_deliver_tap+0x19d/0x1b0 [ 217.245090][T13010] netlink_sendskb+0x68/0x140 [ 217.249786][T13010] netlink_unicast+0x39d/0x980 [ 217.254566][T13010] ? __asan_memcpy+0x40/0x70 [ 217.259190][T13010] ? __pfx_netlink_unicast+0x10/0x10 [ 217.264509][T13010] netlink_rcv_skb+0x262/0x430 [ 217.269295][T13010] ? __pfx_genl_rcv_msg+0x10/0x10 [ 217.274342][T13010] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 217.279665][T13010] ? __netlink_deliver_tap+0x77e/0x7c0 [ 217.285173][T13010] genl_rcv+0x28/0x40 [ 217.289165][T13010] netlink_unicast+0x7ea/0x980 [ 217.293952][T13010] ? __pfx_netlink_unicast+0x10/0x10 [ 217.299256][T13010] ? __virt_addr_valid+0x183/0x520 [ 217.304392][T13010] ? __check_object_size+0x49c/0x900 [ 217.306565][T13012] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2686'. [ 217.309685][T13010] ? bpf_lsm_netlink_send+0x9/0x10 [ 217.323652][T13010] netlink_sendmsg+0x8db/0xcb0 [ 217.328454][T13010] ? __pfx_netlink_sendmsg+0x10/0x10 [ 217.333764][T13010] ? __import_iovec+0x536/0x820 [ 217.338630][T13010] ? aa_sock_msg_perm+0x91/0x160 [ 217.343591][T13010] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 217.348890][T13010] ? security_socket_sendmsg+0x87/0xb0 [ 217.354367][T13010] ? __pfx_netlink_sendmsg+0x10/0x10 [ 217.359674][T13010] __sock_sendmsg+0x221/0x270 [ 217.364383][T13010] ____sys_sendmsg+0x525/0x7d0 [ 217.369180][T13010] ? __pfx_____sys_sendmsg+0x10/0x10 [ 217.374513][T13010] __sys_sendmsg+0x2b0/0x3a0 [ 217.379128][T13010] ? __pfx___sys_sendmsg+0x10/0x10 [ 217.384261][T13010] ? vfs_write+0x7c4/0xc90 [ 217.388744][T13010] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 217.395092][T13010] ? do_syscall_64+0x100/0x230 [ 217.399887][T13010] ? do_syscall_64+0xb6/0x230 [ 217.404592][T13010] do_syscall_64+0xf3/0x230 [ 217.409120][T13010] ? clear_bhb_loop+0x35/0x90 [ 217.413827][T13010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.419745][T13010] RIP: 0033:0x7fc3d2175bd9 [ 217.424175][T13010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.443802][T13010] RSP: 002b:00007fc3d2fb2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 217.452244][T13010] RAX: ffffffffffffffda RBX: 00007fc3d2303f60 RCX: 00007fc3d2175bd9 [ 217.460233][T13010] RDX: 0000000000000000 RSI: 0000000020000a80 RDI: 0000000000000003 [ 217.468224][T13010] RBP: 00007fc3d2fb20a0 R08: 0000000000000000 R09: 0000000000000000 [ 217.476202][T13010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 217.484167][T13010] R13: 000000000000004d R14: 00007fc3d2303f60 R15: 00007ffe13ebab18 [ 217.492141][T13010] [ 218.011020][T13051] netlink: 'syz.3.2696': attribute type 10 has an invalid length. [ 218.039220][T13051] team0: Device netdevsim0 is up. Set it down before adding it as a team port [ 218.074219][T13050] netlink: 'syz.0.2695': attribute type 1 has an invalid length. [ 218.112492][T13053] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2697'. [ 218.144784][T13055] netlink: 'syz.3.2698': attribute type 11 has an invalid length. [ 218.616352][T13078] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2706'. [ 218.759236][T13080] netlink: 'syz.3.2707': attribute type 10 has an invalid length. [ 218.785715][T13080] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2707'. [ 218.820781][T13080] bridge0: port 3(batadv0) entered blocking state [ 218.839522][T13080] bridge0: port 3(batadv0) entered disabled state [ 218.855620][T13080] batadv0: entered allmulticast mode [ 218.871655][T13080] batadv0: entered promiscuous mode [ 218.888072][T13080] bridge0: port 3(batadv0) entered blocking state [ 218.894739][T13080] bridge0: port 3(batadv0) entered forwarding state [ 219.153703][ T2419] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 219.163255][ T2419] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 219.702208][T13096] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2715'. [ 219.860481][T13103] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2716'. [ 220.251900][T13123] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2724'. [ 220.443916][T13125] SET target dimension over the limit! [ 220.509465][T13130] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 220.554434][T13134] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2729'. [ 220.564389][T13134] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 220.758349][T13145] netlink: 268 bytes leftover after parsing attributes in process `syz.4.2734'. [ 220.779720][T13148] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2730'. [ 220.860493][T13154] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2734'. [ 221.031440][T13164] pim6reg: entered allmulticast mode [ 221.067990][T13164] pim6reg: left allmulticast mode [ 221.330901][T13185] netlink: 'syz.2.2747': attribute type 10 has an invalid length. [ 221.350140][T13185] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2747'. [ 222.270738][T13238] netlink: 'syz.3.2766': attribute type 10 has an invalid length. [ 222.288618][T13238] team0: Device netdevsim0 is up. Set it down before adding it as a team port [ 222.468906][T13247] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2772'. [ 222.666671][T13269] netlink: 'syz.1.2777': attribute type 1 has an invalid length. [ 222.711101][T13271] FAULT_INJECTION: forcing a failure. [ 222.711101][T13271] name failslab, interval 1, probability 0, space 0, times 0 [ 222.713211][T13269] netlink: 101600 bytes leftover after parsing attributes in process `syz.1.2777'. [ 222.793169][T13271] CPU: 0 PID: 13271 Comm: syz.0.2778 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 222.803370][T13271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 222.813444][T13271] Call Trace: [ 222.816734][T13271] [ 222.819678][T13271] dump_stack_lvl+0x241/0x360 [ 222.824386][T13271] ? __pfx_dump_stack_lvl+0x10/0x10 [ 222.829606][T13271] ? __pfx__printk+0x10/0x10 [ 222.834215][T13271] ? __pfx___might_resched+0x10/0x10 [ 222.839529][T13271] should_fail_ex+0x3b0/0x4e0 [ 222.844234][T13271] ? skb_clone+0x20c/0x390 [ 222.848674][T13271] should_failslab+0x9/0x20 [ 222.853202][T13271] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 222.858595][T13271] skb_clone+0x20c/0x390 [ 222.862847][T13271] nfnetlink_rcv+0x575/0x2a80 [ 222.867527][T13271] ? __pfx_validate_chain+0x10/0x10 [ 222.872741][T13271] ? mark_lock+0x9a/0x350 [ 222.877071][T13271] ? __pfx_validate_chain+0x10/0x10 [ 222.882271][T13271] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 222.887384][T13271] ? __lock_acquire+0x1346/0x1fd0 [ 222.892418][T13271] ? __pfx_lock_release+0x10/0x10 [ 222.897431][T13271] ? netlink_deliver_tap+0x2e/0x1b0 [ 222.902627][T13271] ? __pfx_lock_release+0x10/0x10 [ 222.907663][T13271] ? netlink_deliver_tap+0x2e/0x1b0 [ 222.912867][T13271] netlink_unicast+0x7ea/0x980 [ 222.917635][T13271] ? __pfx_netlink_unicast+0x10/0x10 [ 222.922909][T13271] ? __virt_addr_valid+0x183/0x520 [ 222.928016][T13271] ? __check_object_size+0x49c/0x900 [ 222.933296][T13271] ? bpf_lsm_netlink_send+0x9/0x10 [ 222.938403][T13271] netlink_sendmsg+0x8db/0xcb0 [ 222.943167][T13271] ? __pfx_netlink_sendmsg+0x10/0x10 [ 222.948446][T13271] ? __import_iovec+0x536/0x820 [ 222.953285][T13271] ? aa_sock_msg_perm+0x91/0x160 [ 222.958214][T13271] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 222.963487][T13271] ? security_socket_sendmsg+0x87/0xb0 [ 222.968935][T13271] ? __pfx_netlink_sendmsg+0x10/0x10 [ 222.974209][T13271] __sock_sendmsg+0x221/0x270 [ 222.978884][T13271] ____sys_sendmsg+0x525/0x7d0 [ 222.983644][T13271] ? __pfx_____sys_sendmsg+0x10/0x10 [ 222.988932][T13271] __sys_sendmsg+0x2b0/0x3a0 [ 222.993604][T13271] ? __pfx___sys_sendmsg+0x10/0x10 [ 222.998702][T13271] ? vfs_write+0x7c4/0xc90 [ 223.003158][T13271] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 223.009487][T13271] ? do_syscall_64+0x100/0x230 [ 223.014248][T13271] ? do_syscall_64+0xb6/0x230 [ 223.018919][T13271] do_syscall_64+0xf3/0x230 [ 223.023415][T13271] ? clear_bhb_loop+0x35/0x90 [ 223.028091][T13271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.033977][T13271] RIP: 0033:0x7fc1fd375bd9 [ 223.038383][T13271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.057981][T13271] RSP: 002b:00007fc1fe1c6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 223.066386][T13271] RAX: ffffffffffffffda RBX: 00007fc1fd503f60 RCX: 00007fc1fd375bd9 [ 223.074348][T13271] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 223.082305][T13271] RBP: 00007fc1fe1c60a0 R08: 0000000000000000 R09: 0000000000000000 [ 223.090266][T13271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 223.098224][T13271] R13: 000000000000004d R14: 00007fc1fd503f60 R15: 00007ffdfa6e69a8 [ 223.106198][T13271] [ 223.562164][T13315] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 223.726316][T13318] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 223.733656][T13318] IPv6: NLM_F_CREATE should be set when creating new route [ 223.994130][T13329] syzkaller0: entered promiscuous mode [ 223.999815][T13329] syzkaller0: entered allmulticast mode [ 224.365635][T13356] ieee802154 phy1 wpan1: encryption failed: -22 [ 224.374306][T11732] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 224.523078][ T5146] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 224.745229][T13389] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 225.053916][T13401] __nla_validate_parse: 5 callbacks suppressed [ 225.053935][T13401] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2813'. [ 225.239300][T13410] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2817'. [ 225.617660][T13438] xt_hashlimit: max too large, truncated to 1048576 [ 225.666458][T13437] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2827'. [ 225.779741][T13448] netlink: 'syz.0.2829': attribute type 21 has an invalid length. [ 226.325873][T13473] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2842'. [ 226.354109][T13470] ɶƣ0GC¦: entered promiscuous mode [ 226.560029][T13486] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2844'. [ 226.720423][T13498] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2848'. [ 227.186355][T13519] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2856'. [ 227.306121][T13525] netlink: 'syz.4.2860': attribute type 29 has an invalid length. [ 227.329725][T13525] netlink: 'syz.4.2860': attribute type 29 has an invalid length. [ 227.342112][T13525] netlink: 'syz.4.2860': attribute type 29 has an invalid length. [ 227.462650][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 227.667521][T13541] netlink: 'syz.4.2864': attribute type 23 has an invalid length. [ 227.684352][T13541] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2864'. [ 227.761036][T13543] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2865'. [ 227.780920][T13544] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2863'. [ 228.462433][T13579] IPVS: rr: TCP 172.20.20.170:0 - no destination available [ 228.876245][T13597] netlink: 'syz.2.2886': attribute type 3 has an invalid length. [ 228.906728][T13597] netlink: 'syz.2.2886': attribute type 3 has an invalid length. [ 229.343135][T13631] hsr_slave_0: left promiscuous mode [ 229.362980][T13631] hsr_slave_1: left promiscuous mode [ 229.902423][T13654] sock: sock_timestamping_bind_phc: sock not bind to device [ 230.295889][T13680] __nla_validate_parse: 5 callbacks suppressed [ 230.295907][T13680] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2913'. [ 230.316076][T13681] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2915'. [ 230.317670][T13685] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2916'. [ 230.524678][T13696] netlink: 'syz.1.2920': attribute type 3 has an invalid length. [ 230.554466][T13696] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.2920'. [ 230.686382][T13706] netlink: 'syz.4.2923': attribute type 3 has an invalid length. [ 230.697776][T13708] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2921'. [ 230.944074][T13724] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2928'. [ 231.244638][T13736] netlink: 'syz.3.2934': attribute type 11 has an invalid length. [ 231.257729][T13736] netlink: 'syz.3.2934': attribute type 11 has an invalid length. [ 231.269968][T13736] debugfs: Directory 'netdev:' with parent 'phy27' already present! [ 231.546647][T13748] netlink: 'syz.3.2938': attribute type 10 has an invalid length. [ 231.567208][T13748] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2938'. [ 231.593641][T13748] ipvlan1: entered promiscuous mode [ 231.602453][T13748] bridge0: port 4(ipvlan1) entered blocking state [ 231.612751][T13748] bridge0: port 4(ipvlan1) entered disabled state [ 231.619563][T13748] ipvlan1: entered allmulticast mode [ 231.626403][T13748] veth0_vlan: entered allmulticast mode [ 231.648268][T13748] ipvlan1: left allmulticast mode [ 231.662044][T13748] veth0_vlan: left allmulticast mode [ 231.672557][T13748] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 231.835592][T13762] openvswitch: netlink: Missing key (keys=400040, expected=200000) [ 232.171987][T13782] Cannot find set identified by id 0 to match [ 232.228584][T13788] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2949'. [ 232.406843][T13797] IPv6: NLM_F_REPLACE set, but no existing node found! [ 232.602567][T13806] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2961'. [ 232.781086][T13815] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 232.819500][T13822] nbd: device at index 2 is going down [ 232.857761][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 233.203576][T13850] smc: net device ip6_vti0 applied user defined pnetid SYZ0 [ 233.397360][T13859] netlink: 'syz.2.2979': attribute type 10 has an invalid length. [ 233.474901][T13859] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 233.509414][T13859] team0: Port device netdevsim0 added [ 233.673292][T13876] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2982'. [ 234.003131][T13899] Bluetooth: hci3: invalid length 0, exp 2 for type 15 [ 234.066240][T13912] netlink: 'syz.0.2996': attribute type 10 has an invalid length. [ 234.086523][T13912] bridge0: port 3(batadv0) entered blocking state [ 234.105229][T13912] bridge0: port 3(batadv0) entered disabled state [ 234.139673][T13912] batadv0: entered allmulticast mode [ 234.168264][T13912] batadv0: entered promiscuous mode [ 234.309711][ T61] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 234.319206][ T61] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 234.339381][T13926] netlink: 'syz.1.3003': attribute type 33 has an invalid length. [ 234.517604][ T5095] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 234.738873][T13960] openvswitch: netlink: nsh attribute has 1 unknown bytes. [ 234.892902][T13968] openvswitch: netlink: Key type 64 is out of range max 32 [ 235.140595][T13988] x_tables: duplicate underflow at hook 3 [ 235.193245][T13988] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 235.422301][T14009] __nla_validate_parse: 11 callbacks suppressed [ 235.422323][T14009] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3034'. [ 235.515233][T14009] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3034'. [ 235.642354][T14012] IPVS: Error connecting to the multicast addr [ 236.289402][T14041] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3044'. [ 236.704870][T14075] netlink: 268 bytes leftover after parsing attributes in process `syz.4.3056'. [ 236.797243][T14083] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3056'. [ 237.004207][T14090] netlink: 'syz.0.3061': attribute type 1 has an invalid length. [ 237.097507][T14097] bond0: entered allmulticast mode [ 237.110964][T14097] gre2: entered allmulticast mode [ 237.203020][T14097] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.210765][T14100] netlink: 'syz.4.3064': attribute type 4 has an invalid length. [ 237.219745][T14100] netlink: 17 bytes leftover after parsing attributes in process `syz.4.3064'. [ 237.259723][T14106] netlink: 'syz.0.3067': attribute type 10 has an invalid length. [ 237.299896][T14106] team0: Port device netdevsim0 added [ 237.373204][ T5089] skbuff: skb_under_panic: text:ffffffff8a0ac36b len:-1831983724 put:-1831983940 head:ffff8880255a7000 data:ffff887f928c4c04 tail:0x198 end:0x6c0 dev:bond0 [ 237.426506][ T5089] ------------[ cut here ]------------ [ 237.432013][ T5089] kernel BUG at net/core/skbuff.c:205! [ 237.449361][ T5089] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 237.456331][ T5089] CPU: 0 PID: 5089 Comm: kworker/0:3 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 237.466484][ T5089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 237.476540][ T5089] Workqueue: mld mld_ifc_work [ 237.481236][ T5089] RIP: 0010:skb_under_panic+0x14b/0x150 [ 237.486798][ T5089] Code: c5 8c 48 c7 c6 85 56 d3 8d 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 5a 15 32 02 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 [ 237.506405][ T5089] RSP: 0018:ffffc900038b7530 EFLAGS: 00010286 [ 237.512549][ T5089] RAX: 0000000000000099 RBX: dffffc0000000000 RCX: 9e5447a2a094ae00 [ 237.520503][ T5089] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 237.528458][ T5089] RBP: ffff888029d4b150 R08: ffffffff817693cc R09: 1ffff92000716e40 [ 237.536413][ T5089] R10: dffffc0000000000 R11: fffff52000716e41 R12: 00000000000006c0 [ 237.544369][ T5089] R13: ffff8880255a7000 R14: ffff887f928c4c04 R15: 0000000000000198 [ 237.552327][ T5089] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 237.561245][ T5089] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 237.567815][ T5089] CR2: 00007fa45aa356b8 CR3: 0000000065596000 CR4: 00000000003506f0 [ 237.575773][ T5089] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 237.583740][ T5089] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 237.591694][ T5089] Call Trace: [ 237.594960][ T5089] [ 237.597884][ T5089] ? __die_body+0x88/0xe0 [ 237.602205][ T5089] ? die+0xcf/0x110 [ 237.606002][ T5089] ? do_trap+0x15a/0x3a0 [ 237.610229][ T5089] ? skb_under_panic+0x14b/0x150 [ 237.615157][ T5089] ? do_error_trap+0x1dc/0x2c0 [ 237.619906][ T5089] ? skb_under_panic+0x14b/0x150 [ 237.624829][ T5089] ? __pfx_do_error_trap+0x10/0x10 [ 237.630017][ T5089] ? handle_invalid_op+0x34/0x40 [ 237.635197][ T5089] ? skb_under_panic+0x14b/0x150 [ 237.640128][ T5089] ? exc_invalid_op+0x38/0x50 [ 237.644797][ T5089] ? asm_exc_invalid_op+0x1a/0x20 [ 237.649812][ T5089] ? __wake_up_klogd+0xcc/0x110 [ 237.654658][ T5089] ? skb_under_panic+0x14b/0x150 [ 237.659583][ T5089] ? ipgre_header+0x6b/0x440 [ 237.664158][ T5089] ? ipgre_header+0x6b/0x440 [ 237.668742][ T5089] skb_push+0xe5/0x100 [ 237.672806][ T5089] ? __pfx_ipgre_header+0x10/0x10 [ 237.677850][ T5089] ipgre_header+0x6b/0x440 [ 237.682255][ T5089] ? __pfx_ipgre_header+0x10/0x10 [ 237.687266][ T5089] neigh_connected_output+0x27f/0x450 [ 237.692639][ T5089] ip6_finish_output2+0xff8/0x1670 [ 237.697791][ T5089] ? ip6_finish_output2+0x712/0x1670 [ 237.703058][ T5089] ? nf_hook+0x9e/0x450 [ 237.707196][ T5089] ? __pfx_ip6_finish_output2+0x10/0x10 [ 237.712739][ T5089] ? ip6_mtu+0x81/0x3f0 [ 237.716982][ T5089] ip6_finish_output+0x41e/0x810 [ 237.721910][ T5089] NF_HOOK+0x9e/0x430 [ 237.725874][ T5089] ? NF_HOOK+0xfa/0x430 [ 237.730009][ T5089] ? __pfx_NF_HOOK+0x10/0x10 [ 237.734587][ T5089] ? __pfx_dst_output+0x10/0x10 [ 237.739421][ T5089] ? icmp6_dst_alloc+0x3aa/0x420 [ 237.744349][ T5089] mld_sendpack+0x838/0xda0 [ 237.748836][ T5089] ? __pfx_mld_newpack+0x10/0x10 [ 237.753761][ T5089] ? mld_sendpack+0x1de/0xda0 [ 237.758420][ T5089] ? __pfx_mld_sendpack+0x10/0x10 [ 237.763435][ T5089] mld_ifc_work+0x7d6/0xd90 [ 237.767931][ T5089] ? process_scheduled_works+0x945/0x1830 [ 237.773637][ T5089] process_scheduled_works+0xa2c/0x1830 [ 237.779174][ T5089] ? __pfx_process_scheduled_works+0x10/0x10 [ 237.785144][ T5089] ? assign_work+0x364/0x3d0 [ 237.789725][ T5089] worker_thread+0x86d/0xd50 [ 237.794309][ T5089] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 237.800190][ T5089] ? __kthread_parkme+0x169/0x1d0 [ 237.805228][ T5089] ? __pfx_worker_thread+0x10/0x10 [ 237.810411][ T5089] kthread+0x2f0/0x390 [ 237.814467][ T5089] ? __pfx_worker_thread+0x10/0x10 [ 237.819559][ T5089] ? __pfx_kthread+0x10/0x10 [ 237.824221][ T5089] ret_from_fork+0x4b/0x80 [ 237.828625][ T5089] ? __pfx_kthread+0x10/0x10 [ 237.833200][ T5089] ret_from_fork_asm+0x1a/0x30 [ 237.837958][ T5089] [ 237.840958][ T5089] Modules linked in: [ 237.891757][T14117] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 238.009809][ T5089] ---[ end trace 0000000000000000 ]--- [ 238.015390][ T5089] RIP: 0010:skb_under_panic+0x14b/0x150 [ 238.020960][ T5089] Code: c5 8c 48 c7 c6 85 56 d3 8d 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 5a 15 32 02 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 [ 238.044389][ T5089] RSP: 0018:ffffc900038b7530 EFLAGS: 00010286 [ 238.050479][ T5089] RAX: 0000000000000099 RBX: dffffc0000000000 RCX: 9e5447a2a094ae00 [ 238.092639][ T5089] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 238.100638][ T5089] RBP: ffff888029d4b150 R08: ffffffff817693cc R09: 1ffff92000716e40 [ 238.109622][ T5089] R10: dffffc0000000000 R11: fffff52000716e41 R12: 00000000000006c0 [ 238.133387][ T5089] R13: ffff8880255a7000 R14: ffff887f928c4c04 R15: 0000000000000198 [ 238.141379][ T5089] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 238.162647][ T5089] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 238.169245][ T5089] CR2: 00007f9e714ce2d8 CR3: 00000000604c0000 CR4: 00000000003506f0 [ 238.192766][ T5089] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 238.200769][ T5089] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 238.222657][ T5089] Kernel panic - not syncing: Fatal exception [ 238.229021][ T5089] Kernel Offset: disabled [ 238.233416][ T5089] Rebooting in 86400 seconds..