last executing test programs: 8.133718889s ago: executing program 1 (id=1879): r0 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@local, @in=@broadcast, 0x8, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3b}, {0x1, 0x0, 0x2, 0x0, 0x9, 0x7fffffffffffffff, 0x10000000000000}, {0x0, 0xfffffffffffffffc, 0x0, 0x9}, 0x0, 0x0, 0x1, 0x0, 0x4, 0x2}, {{@in=@empty, 0x0, 0x3c}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0xa}, 0x0, 0x0, 0x3, 0x42}}, 0xe8) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x318, 0x0, 0x4c, 0x1a, 0x190, 0x73, 0x270, 0x258, 0x258, 0x270, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @mcast2, [], [], 'netdevsim0\x00', 'macvlan1\x00'}, 0x0, 0x138, 0x168, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00', @dev}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x378) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xffffff6a) sendfile(r2, r3, 0x0, 0xffffffff000) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'veth0_to_hsr\x00'}) sendto$packet(r5, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c", 0x3f, 0x0, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000140)=0x1, 0x4) socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB], 0x88}}, 0x0) sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000400)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x60004000}, 0xc, &(0x7f0000000540)={&(0x7f0000000400)=ANY=[], 0x114}, 0x1, 0x0, 0x0, 0x4004050}, 0x2c004000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(r7, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r6, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f40108807000008048000980282100f8060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a034e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d4000980"], 0x21c}, 0x1, 0x0, 0x0, 0x800}, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) 7.525190558s ago: executing program 4 (id=1886): r0 = socket$inet6(0xa, 0x1, 0x0) r1 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc) writev(r1, &(0x7f0000000340)=[{&(0x7f0000000140)="e751dd8f06091c46b225d5c4870c123f", 0x10}], 0x1) setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, 0x0, 0x0) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f00000000c0)={0x1d, r3, 0x0, {0x0, 0xff, 0x3}}, 0x18) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bind$packet(r5, &(0x7f00000000c0)={0x11, 0xf8, r7, 0x1, 0x0, 0x6, @remote}, 0x14) bind$packet(r6, &(0x7f0000000100)={0x11, 0x4, r7}, 0x14) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r8, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000069000010000000000100000018010000696c6c2500000000002020207b1af8ff00000000bfa1000000000000070100fef7ffffffb702000008000000b703000000400000620000001000000095"], &(0x7f0000000040)='syzkaller\x00', 0xe, 0xfe3, &(0x7f0000001e00)=""/4067, 0x100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[], 0x0) bind$can_j1939(r2, &(0x7f00000001c0)={0x1d, r4, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r9, 0x8983, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000054c79cee000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0x5, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffff}, [@exit, @generic={0x4, 0x2, 0x1, 0x6, 0x8}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r10, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76ea090000000000009ba56a88ca", 0x0, 0x6400, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r11, {0xffea}, {0xffff, 0xffff}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x1, 0x4) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) 7.273835278s ago: executing program 4 (id=1889): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00') r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0xc060, 0x8}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_LEARNING={0x5}]}}}]}, 0x44}}, 0x0) 7.156892979s ago: executing program 2 (id=1891): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x7e, &(0x7f0000000080)=ANY=[@ANYBLOB="a9aaaaaaaaaac6eb8947e4e4080045000070000000000001907864010100ac1414aa0bba90780300000045000000000000000089000000000000000000ff0000e388000000054eb9a600129606053d0006acae66ff00800000b61af93a93831300ac1414007f000001e0cf162073f3d84ae0000001e00720ac02fdd3c74a0000000000000000"], 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000200001000000000000fdffff80000000000000000000000008000d"], 0x38}}, 0x0) 7.156262565s ago: executing program 4 (id=1892): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x1, 0x1000000, 0xb000000}}}}}, 0x0) 7.046500168s ago: executing program 1 (id=1893): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r1}, 0x38) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r1}, 0x38) syz_init_net_socket$ax25(0x3, 0x2, 0xcb) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b03d25a806c8c6394f90324fc60100000000a000200053582c137153e37000c0a80fc0b1000f835", 0x33fe0}], 0x1}, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, &(0x7f00000008c0), 0x4) setsockopt$PNPIPE_HANDLE(r4, 0x113, 0x3, &(0x7f00000000c0)=0x6, 0x4) close(r4) pipe(&(0x7f0000000100)) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e}}, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x2e, &(0x7f00000001c0)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local, {[@rr={0x7, 0x3, 0x5b}]}}, @echo={0x8, 0x0, 0x0, 0x0, 0x3}}}}}, 0x0) r6 = socket$nl_rdma(0x10, 0x3, 0x14) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newlink={0x34, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, r9, 0x88a8ffad}, [@IFLA_MASTER={0x8, 0xa, r9}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x34}}, 0x0) pipe(0x0) sendmsg$RDMA_NLDEV_CMD_SET(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x24, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000) connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e22}, 0x6e) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) 6.98845137s ago: executing program 0 (id=1894): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x14, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x9}, {0x0, 0x5}}}, 0xb8}, 0x1, 0x0, 0x3000000}, 0x4000) 6.952140176s ago: executing program 0 (id=1895): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000140)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) r3 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0xc}}], 0x30}], 0x1, 0x0) getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r4, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) syz_init_net_socket$llc(0x1a, 0x3, 0x0) 4.857935084s ago: executing program 2 (id=1896): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_GET_SEC_DEV(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, 0x0, 0x800, 0xffffffff, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) syz_emit_ethernet(0x38, &(0x7f0000000200)=ANY=[], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) connect$bt_sco(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="020e000010000000000000000004830008001200000001000000ff000000400000001ea0abff7f00000000000000d41f9ab9000100700000ebdf000008000000c4fc0000100000000000e2ffff1c004f030006000020"], 0x80}}, 0x4814) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, 0x0, {0x2}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0xa8, 0xf0, 0x0, {0x4300000000000000}}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310) 4.748583527s ago: executing program 4 (id=1898): unshare(0x62040200) r0 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0xb) setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000380)=0x1, 0x4) close(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, @void, @value, @void, @value}, 0x50) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@polexpire={0x188, 0x1b, 0x1, 0x70bd27, 0x25dfdbfc, {{{@in=@loopback, @in6=@mcast2, 0x4e24, 0x9, 0x4e22, 0x6, 0x2, 0x80, 0x20, 0x2b}, {0x9, 0x4, 0x1, 0x0, 0x7fffffff, 0x6, 0x9, 0x5}, {0x8, 0x8001, 0xffff, 0xffffffffffffffff}, 0x81, 0x6e6bb2, 0x0, 0x1, 0x0, 0x2}, 0x40}, [@coaddr={0x14, 0xe, @in6=@loopback}, @XFRMA_SET_MARK={0x8, 0x1d, 0xffff}, @policy={0xac, 0x7, {{@in=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x4e21, 0x0, 0x4e22, 0x8001, 0x2, 0x80, 0x0, 0x1d}, {0x7, 0x0, 0x9, 0x7, 0x4, 0xfffffffffffffff7, 0x800, 0x427}, {0x7, 0x72f, 0x0, 0x9}, 0x325de6c4, 0x6e6bbf, 0x2, 0x0, 0x2}}]}, 0x188}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x6535f20f43ca3a6d, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001030000000000000000fc0100000000000000000000000000003ed30000000000000000000000000000000000000000000002"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000300)="038126a49c604ba34d27d9eead4036d85f581274bb8d7eaa98e5be9bf788883b7a7c6416e1f9024f2c1e52129f936bd97a722d3f35b1108e9e64cad83c977b09c7f1b6e102adb9fdbea3928df3799f24639bbce4b107d3b2a3e41fe366b36bc6d2a8ff77af7720fa5fd1d80bde7b5620501692ed", 0x74) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r5}, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000580)="6700000010008188040f56ecdb4cb9cca7480ef434000000e3bd6efb440009000e000a0010000000ba80010000005a8c3774fa0af3dc59a933c1e7a6d3361d83b20000319cdf5656826edaaa11032701c61ec666d482078ccebcb9a4f187f7a4e98f09cdc2649f", 0x67}], 0x1}, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) r6 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r6, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f00000000c0)={0x0, 0x401}, 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0xfcd66a900070b359, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GENEVE_COLLECT_METADATA={0x4}]}}}]}, 0x38}}, 0x20008090) 4.748407419s ago: executing program 0 (id=1899): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) recvmmsg(r1, &(0x7f0000000640)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x5865}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) write(r1, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000001d00000000000000050009000d000000", 0x24) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="0800030002000000080007006401010108000700ac1414bb0800020003"], 0x78}}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) 4.642011934s ago: executing program 3 (id=1900): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000780)={'netdevsim0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}}, 0x0) 4.593833632s ago: executing program 1 (id=1901): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f00000009c0)}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000fc0)="acc841985992b79554acfc02163bb0fb2bb293e68702bb40b6b870bde5700d368744361ae9fce3a4ff6bb3a17ee224ad30bbcd0ea2b6dd407109da01c147d5f427bda72415547909789e2dfe377c48e13c6bdb5431b1a573a1c15ab7327a5a6a06c11bdee69b1f8716f5c4e9fe98d7b8bd3937be5304d16a6af55db8d58fcaafc4c5fa4881488c93166dd7fdab6afd1887f948082aed58d9fbb7e78ba139ba14e0fdfaeb87b1896471ca35277c5d6c51717f956b81c64970f0fd8ed7a8efd4fe8c2a56f0b8ad0aaa7b90aff8e9792bd0753beec4e9f60ea9bfd6dfcec14e753a9a82a303d06756da739c0288c6a257f19678e9342c9350d4db81dc9cfa92ae541664b42d8298cd0ada5bfbbb2f8f3de47ad749cee3dce49b7f83", 0x11a}, {&(0x7f0000000740)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc487553859348d48e6fc49d81c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b95e269169f5f7b51dd5319b8016623d1863d70581691a79a6678db1e5e7fa1c98c5b9e4a87272e9c4a1bde5fbc390c7ccb9d3c1020e80bd0659e82d861dc6fe4c62639134c54e708601eae992000000", 0xd2}, {&(0x7f0000000940)="5be3b011e12323e4ab88c0472f0700000000000000e71ba62334303d2db97401439932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19545f7a1dcf1449fd59eecae5f52fba1e89d6d34b39297bbbc2580600000000000000d6e36e737691a1c6bd2a64b2a85cbaaf648c910000000000000000", 0x7b}, {&(0x7f0000000b80)="bd2f6aa36cea0e4bccda24dc5bd69ad762e998d923018ec9f30d63c7059c3c786069915581888508ff589f82857ff546b23b88d6bd61f1efc982005bf6c9abc4fe2caf32ef3ff105b69346a4d09afd7b0b8bd5f8c25f0eab84d8ad1b65e2acc2ef0a9b0f9964d5b05db134bdd9f261b734", 0x71}], 0x4}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000500)="e47e", 0x2}], 0x1}}], 0x3, 0xc0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a", 0x3, 0x11, 0x0, 0x0) 4.451517254s ago: executing program 3 (id=1902): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1402005c", @ANYRES16], 0x14}}, 0x2004000) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, &(0x7f0000000280)}, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xb8}}, 0x10) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000f80)=@delchain={0x34, 0x5f, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x5, 0x2}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}}, 0x40) r4 = accept4(r2, 0x0, 0x0, 0x80800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x54, 0x0, 0x1, 0x0, 0x25dfdbfc, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}}}, {0x14, 0x2, @in={0x2, 0x0, @empty}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 4.38852918s ago: executing program 1 (id=1903): r0 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@local, @in=@broadcast, 0x8, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3b}, {0x1, 0x0, 0x2, 0x0, 0x9, 0x7fffffffffffffff, 0x10000000000000}, {0x0, 0xfffffffffffffffc, 0x0, 0x9}, 0x0, 0x0, 0x1, 0x0, 0x4, 0x2}, {{@in=@empty, 0x0, 0x3c}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0xa}, 0x0, 0x0, 0x3, 0x42}}, 0xe8) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x318, 0x0, 0x4c, 0x1a, 0x190, 0x73, 0x270, 0x258, 0x258, 0x270, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @mcast2, [], [], 'netdevsim0\x00', 'macvlan1\x00'}, 0x0, 0x138, 0x168, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00', @dev}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x378) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xffffff6a) sendfile(r2, r3, 0x0, 0xffffffff000) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'veth0_to_hsr\x00'}) sendto$packet(r5, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c", 0x3f, 0x0, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000140)=0x1, 0x4) socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB], 0x88}}, 0x0) sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000400)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x60004000}, 0xc, &(0x7f0000000540)={&(0x7f0000000400)=ANY=[], 0x114}, 0x1, 0x0, 0x0, 0x4004050}, 0x2c004000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(r7, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r6, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f40108807000008048000980282100f8060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a034e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d4000980"], 0x21c}, 0x1, 0x0, 0x0, 0x800}, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) 4.374729703s ago: executing program 2 (id=1904): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x814) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1402005c", @ANYRES16=r1], 0x14}}, 0x2004000) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, 0x0}, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000900000000000000000000000000000003000000000000000200000000000000ffffffffffff00"/67], 0xb8}}, 0x10) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000580), r2) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r2, &(0x7f0000000880)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x3c, r4, 0x200, 0x70bd27, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x54}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x17ce}]}, 0x3c}, 0x1, 0x0, 0x0, 0x5}, 0x4040000) r5 = accept4(r3, 0x0, 0x0, 0x80800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 4.346752546s ago: executing program 3 (id=1905): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x5, 0x6, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r1, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=""/188, 0xbc}, {&(0x7f0000000840)=""/232, 0xe8}, {&(0x7f0000002f80)=""/37, 0x25}, {&(0x7f0000000440)=""/84, 0x54}, {&(0x7f0000003240)=""/4110, 0x100e}, {&(0x7f00000006c0)=""/243, 0xf3}], 0x6}, 0x7fffffff}], 0x4, 0x20, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x2, 0x17, &(0x7f0000000880)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x2, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@llu, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 4.201248928s ago: executing program 2 (id=1906): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000009100000001c001a8008000280", @ANYRES16=r2, @ANYRES32=r2], 0x44}}, 0x0) 3.964613049s ago: executing program 2 (id=1907): socket$inet_mptcp(0x2, 0x1, 0x106) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000340), r2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f0000000d00)=[{&(0x7f0000000100)="89e7ee2c7cdad9b4b47380c988ca", 0xe}], 0x1) 3.851230547s ago: executing program 0 (id=1908): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000013c0)=ANY=[@ANYBLOB="b70200002600e400bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe000000008500000028000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f34e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5124948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44bd84bf6770157e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c238e545b28211a92000000001501aed8d72af0fcd540a9d4e293690c5e697b3a1480e46df5071bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db996e633792118efdb6b88023e80da74fdf723c7f0"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 3.650504823s ago: executing program 0 (id=1909): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000a80)='kfree\x00', r0}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000004000000000000a20000000000a01010000000000000000010000040900010073797a300000000040000000030a01080000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000191400"], 0xd8}}, 0x80) 3.592098688s ago: executing program 4 (id=1910): r0 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x18, 0x4, &(0x7f0000002880)=ANY=[@ANYRESDEC=r0], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB="ec000000", @ANYRES16=r2, @ANYBLOB="01000000000000000000010000000800050001000000140002007767310000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5420800050000000000900008808c00008024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c640009801c000080060001000200000008000200ffffffff05000300030000001c000080060001000200000008000200ac141427050003"], 0xec}, 0x1, 0x0, 0x0, 0x4084}, 0x20000010) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto$inet6(r3, 0x0, 0x0, 0x6000001, 0x0, 0x0) 3.332446274s ago: executing program 0 (id=1911): r0 = socket$kcm(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWSETELEM={0x1c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x3}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x900, 0x0, 0x0, {0x5, 0x0, 0x8}}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x2}}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x7}}, @NFT_MSG_DELSET={0x14, 0xb, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x3}}, @NFT_MSG_NEWFLOWTABLE={0x24, 0x16, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0xd8}}, 0x20008000) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r2, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600000000"], 0x5b0}, 0x20008001) sendmsg$inet6(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000140)="376cd97cb39285495ddf4bd660c811b4dca74500799dac8f26884d6d4cc781a3b510574bd853ed8eae31de87a5", 0x2d}], 0x1}, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000100)={0x66, 0xfe, 0x4, 0x0, 0x40, 0x0, 0x0, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9}, 0xe) shutdown(r3, 0x1) r4 = socket$inet(0xa, 0x801, 0x84) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000040)=0x891c) shutdown(0xffffffffffffffff, 0x0) setsockopt(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000200)="b970f6aa2bfdc9d7afbfe5c81e0b9b00b49015199ee375d7bd1e9a044aead3faf4a0f39154893e76f7c07b1ef464add3dac1272dfb540106eff5d18585394f8978a2a6e597b9479e904e68cfe4474d047fbd2a138da70c600c760ce32fdd162b9866cd8b1d2908ea2599011aba31a4b1193250944e602609300cbbb8f2bd89acef5fd0471e96cd071c31f8", 0x8b) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) shutdown(r4, 0x0) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x4040850) socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$kcm(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x0) ppoll(&(0x7f0000000500)=[{r5}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) recvmmsg(r3, &(0x7f0000005000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_SECURITY(r8, 0x112, 0x4, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90324fc6004001c000a000200053582c137153e37000c0480fc0b10000300", 0x33fe0}], 0x1}, 0x0) 3.193694007s ago: executing program 1 (id=1912): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000940)='ns/net\x00') r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xe, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) openat$ppp(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000240)=@generic={&(0x7f00000001c0)='./file0\x00', 0x0, 0x8}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='contention_end\x00', r4}, 0x18) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000140)={r4, r3}, 0xc) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000080)={0x3c, r1, 0xa72704fd2dfb5147, 0x70bd2d, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r2}}]}, 0x3c}}, 0x0) 3.106157319s ago: executing program 3 (id=1913): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000013000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a310000000070000000060a010400000000000000000100000008000b400000000048000480440001800b000100657874686472000034000280080001400000000c080003400000000008000440000000220500020007000000080006400000000308000540000000000900010073797a300000000020000000030a010300000000000000000a0000020900030073797a300000000044010000080a01080000000000000000010000073a00074032e97608c07b8f34d704cc507d07a8d4c429672a9b6841e516ce194f03354b3c46a930469ce36ee8391a02352a70d543c633dc17a9d300007900074012119f33dbd27dbba871f33b8206fc0a59dac6df96baf86f3deffa20b8a2b13fa2fbc917a33ad4b9dc903553ff1e7533cd9d1e3f6a3248b10a63552977fab38d9ad7409cbd223b094a0bb6f0884c8839890d122f9b9963668c97749b2304852a8d461ccc39dc307f41ac41688a4f2d64a916dc532d00000008000a40000000000900010073797a30"], 0x248}}, 0x0) 2.900695534s ago: executing program 3 (id=1914): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000001c0), 0x8) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x134, 0x134, 0x5, [@typedef={0xc, 0x0, 0x0, 0x8, 0x1}, @type_tag={0x8, 0x0, 0x0, 0x12, 0x4}, @struct={0x4, 0x9, 0x0, 0x4, 0x1, 0x80000001, [{0xb, 0x4, 0xcb0}, {0xd, 0x5, 0x7}, {0x10, 0x5, 0x9}, {0x6, 0x3, 0xc6c}, {0xd, 0x4}, {0x6, 0x3, 0x400}, {0x0, 0x4, 0x6113}, {0x3, 0x5, 0x7}, {0xf, 0x101, 0x9}]}, @union={0x3, 0x2, 0x0, 0x5, 0x0, 0x5, [{0x2, 0x5, 0x2}, {0xd, 0x5, 0x8}]}, @typedef={0x6, 0x0, 0x0, 0x8, 0x4}, @int={0x3, 0x0, 0x0, 0x1, 0x0, 0x34, 0x0, 0x40, 0x6}, @struct={0x8, 0x6, 0x0, 0x4, 0x1, 0x1, [{0x2, 0x4, 0x7}, {0x7, 0x4, 0x5}, {0xe, 0x5, 0x3}, {0x809, 0x0, 0x7ff}, {0x3, 0x0, 0x5}, {0xb, 0x0, 0x6}]}, @var={0x8, 0x0, 0x0, 0xe, 0x1, 0x2}]}, {0x0, [0x61, 0x61, 0x30]}}, &(0x7f0000000a40)=""/4096, 0x151, 0x1000, 0x0, 0x9, 0x0, @void, @value}, 0x28) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="18020000fcffffff00000000000000008500000041000000850000000800000095"], &(0x7f00000001c0)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0xe, 0x0, &(0x7f0000000a00)="2cbd805c88d340ee699d2e7150f6", 0x0, 0xf7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) 2.802116901s ago: executing program 3 (id=1915): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x814) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1402005c", @ANYRES16=r1], 0x14}}, 0x2004000) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, 0x0}, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xb8}}, 0x10) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x80800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffff"], 0x6f4}}, 0x0) 66.90049ms ago: executing program 1 (id=1916): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x814) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1402005c", @ANYRES16=r1], 0x14}}, 0x2004000) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, 0x0}, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000900000000000000000000000000000003000000000000000200000000000000ffffffffffff00"/67], 0xb8}}, 0x10) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000580), r2) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r2, &(0x7f0000000880)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x3c, r4, 0x200, 0x70bd27, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x54}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x17ce}]}, 0x3c}, 0x1, 0x0, 0x0, 0x5}, 0x4040000) r5 = accept4(r3, 0x0, 0x0, 0x80800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 533.429µs ago: executing program 4 (id=1917): r0 = socket$key(0xf, 0x3, 0x2) close(r0) 0s ago: executing program 2 (id=1918): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000011c0)={0x1c, 0x2c, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x800}, @nested={0x8, 0x18, 0x0, 0x1, [@generic="06ac0f00"]}]}, 0x1c}], 0x1}, 0x0) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000080)=0x5, 0x4) kernel console output (not intermixed with test programs): 124.975629][ T7383] team0: left allmulticast mode [ 124.991861][ T7383] team_slave_0: left allmulticast mode [ 125.015568][ T7389] netlink: 'syz.2.516': attribute type 10 has an invalid length. [ 125.046052][ T7383] team_slave_1: left allmulticast mode [ 125.052909][ T7389] netlink: 2 bytes leftover after parsing attributes in process `syz.2.516'. [ 125.072011][ T7383] vlan2: left allmulticast mode [ 125.092469][ T7383] batadv0: left allmulticast mode [ 125.122147][ T7383] team0: left promiscuous mode [ 125.172591][ T7383] team_slave_0: left promiscuous mode [ 125.208328][ T7383] team_slave_1: left promiscuous mode [ 125.224563][ T7383] bridge0: port 3(team0) entered disabled state [ 125.245936][ T7389] team0: entered promiscuous mode [ 125.269347][ T7389] team_slave_0: entered promiscuous mode [ 125.303949][ T7389] team_slave_1: entered promiscuous mode [ 125.339274][ T7389] 8021q: adding VLAN 0 to HW filter on device team0 [ 125.371497][ T7389] bridge0: port 3(team0) entered blocking state [ 125.403758][ T7410] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.516'. [ 125.429465][ T7389] bridge0: port 3(team0) entered disabled state [ 125.447818][ T7389] team0: entered allmulticast mode [ 125.459801][ T7389] team_slave_0: entered allmulticast mode [ 125.469140][ T7389] team_slave_1: entered allmulticast mode [ 125.481419][ T7389] vlan2: entered allmulticast mode [ 125.487013][ T7389] batadv0: entered allmulticast mode [ 125.514126][ T7387] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 125.545646][ T7406] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 125.773539][ T7418] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.523'. [ 126.199607][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.215567][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.391575][ T7442] netlink: 44 bytes leftover after parsing attributes in process `syz.1.533'. [ 126.430655][ T7442] netlink: 8 bytes leftover after parsing attributes in process `syz.1.533'. [ 126.442808][ T7442] netlink: 16 bytes leftover after parsing attributes in process `syz.1.533'. [ 126.717851][ T7453] netlink: 'syz.4.539': attribute type 10 has an invalid length. [ 126.745853][ T7453] team0: Device veth1_macvtap failed to register rx_handler [ 126.835437][ T7453] netlink: 'syz.4.539': attribute type 1 has an invalid length. [ 126.843399][ T7453] netlink: 224 bytes leftover after parsing attributes in process `syz.4.539'. [ 126.866023][ T7459] netlink: 'syz.1.541': attribute type 7 has an invalid length. [ 128.416505][ T7498] netlink: 'syz.1.559': attribute type 9 has an invalid length. [ 128.447006][ T7498] __nla_validate_parse: 3 callbacks suppressed [ 128.447023][ T7498] netlink: 8 bytes leftover after parsing attributes in process `syz.1.559'. [ 128.465463][ T7501] netlink: 148 bytes leftover after parsing attributes in process `syz.4.560'. [ 128.477384][ T7498] macvlan3: entered promiscuous mode [ 128.488339][ T7498] hsr0: entered promiscuous mode [ 128.495021][ T7498] macvlan3: entered allmulticast mode [ 128.501689][ T7498] hsr0: entered allmulticast mode [ 128.512051][ T7498] hsr_slave_0: entered allmulticast mode [ 128.526111][ T7504] netlink: 'syz.4.560': attribute type 3 has an invalid length. [ 128.534066][ T7504] netlink: 20 bytes leftover after parsing attributes in process `syz.4.560'. [ 128.542925][ T7501] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 128.550561][ T7498] hsr_slave_1: entered allmulticast mode [ 129.480307][ T7531] netlink: 12 bytes leftover after parsing attributes in process `syz.3.569'. [ 130.891634][ T7555] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 131.124248][ T7574] netlink: 24 bytes leftover after parsing attributes in process `syz.1.584'. [ 131.143453][ T7574] netlink: 24 bytes leftover after parsing attributes in process `syz.1.584'. [ 131.412938][ T7577] netlink: 36 bytes leftover after parsing attributes in process `syz.1.585'. [ 131.434009][ T7577] netlink: 4 bytes leftover after parsing attributes in process `syz.1.585'. [ 131.469202][ T7577] netlink: 4 bytes leftover after parsing attributes in process `syz.1.585'. [ 131.509522][ T7577] netlink: 4 bytes leftover after parsing attributes in process `syz.1.585'. [ 131.555841][ T7577] netlink: 'syz.1.585': attribute type 4 has an invalid length. [ 132.398970][ T7596] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 132.841031][ T7611] vlan2: entered allmulticast mode [ 132.865217][ T7611] bond0: (slave vlan2): Opening slave failed [ 133.087856][ T7622] netlink: 'syz.2.601': attribute type 1 has an invalid length. [ 133.129177][ T5836] block nbd1: Receive control failed (result -107) [ 133.225963][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.510785][ T7643] netlink: 'syz.0.612': attribute type 72 has an invalid length. [ 133.688846][ T7656] __nla_validate_parse: 4 callbacks suppressed [ 133.688864][ T7656] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.617'. [ 133.989906][ T7671] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.624'. [ 134.000413][ T7672] FAULT_INJECTION: forcing a failure. [ 134.000413][ T7672] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 134.019769][ T7672] CPU: 0 UID: 0 PID: 7672 Comm: syz.4.623 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 134.019795][ T7672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 134.019805][ T7672] Call Trace: [ 134.019810][ T7672] [ 134.019817][ T7672] dump_stack_lvl+0x241/0x360 [ 134.019843][ T7672] ? __pfx_dump_stack_lvl+0x10/0x10 [ 134.019859][ T7672] ? __pfx__printk+0x10/0x10 [ 134.019874][ T7672] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 134.019902][ T7672] should_fail_ex+0x40a/0x550 [ 134.019927][ T7672] prepare_alloc_pages+0x1da/0x5b0 [ 134.019953][ T7672] __alloc_frozen_pages_noprof+0x16f/0x710 [ 134.019974][ T7672] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 134.020010][ T7672] alloc_pages_mpol+0x311/0x660 [ 134.020034][ T7672] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 134.020061][ T7672] vma_alloc_folio_noprof+0x12b/0x260 [ 134.020082][ T7672] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 134.020155][ T7672] ? do_raw_spin_unlock+0x13c/0x8b0 [ 134.020178][ T7672] folio_prealloc+0x2e/0x170 [ 134.020194][ T7672] do_wp_page+0x1253/0x49b0 [ 134.020228][ T7672] ? __pfx_do_wp_page+0x10/0x10 [ 134.020256][ T7672] ? __pfx_lock_acquire+0x10/0x10 [ 134.020276][ T7672] ? rcu_is_watching+0x15/0xb0 [ 134.020297][ T7672] ? do_raw_spin_lock+0x14f/0x370 [ 134.020315][ T7672] ? __pfx____pte_offset_map+0x10/0x10 [ 134.020363][ T7672] __handle_mm_fault+0x24d5/0x70f0 [ 134.020413][ T7672] ? __pfx___handle_mm_fault+0x10/0x10 [ 134.020447][ T7672] ? mt_find+0x2a9/0x920 [ 134.020466][ T7672] ? __pfx_lock_release+0x10/0x10 [ 134.020499][ T7672] ? mt_find+0x2a9/0x920 [ 134.020518][ T7672] ? mt_find+0x6c8/0x920 [ 134.020545][ T7672] ? __pfx_mt_find+0x10/0x10 [ 134.020580][ T7672] ? find_vma+0xf9/0x170 [ 134.020595][ T7672] ? __pfx_find_vma+0x10/0x10 [ 134.020620][ T7672] handle_mm_fault+0x3e5/0x8d0 [ 134.020653][ T7672] exc_page_fault+0x2b9/0x8b0 [ 134.020677][ T7672] asm_exc_page_fault+0x26/0x30 [ 134.020698][ T7672] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 134.020721][ T7672] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 [ 134.020734][ T7672] RSP: 0018:ffffc90003e2fb68 EFLAGS: 00050202 [ 134.020750][ T7672] RAX: ffffffff84f57701 RBX: 000040000002180c RCX: 000000000001a80c [ 134.020761][ T7672] RDX: 0000000000000000 RSI: ffff8880593c58cf RDI: 0000400000007000 [ 134.020771][ T7672] RBP: ffffc90003e2fd00 R08: 0000000000000002 R09: ffffed100b27c01b [ 134.020781][ T7672] R10: dffffc0000000000 R11: ffffed100b27c01b R12: 00000000000200cc [ 134.020791][ T7672] R13: 00007ffffffff000 R14: ffff8880593c000f R15: 0000400000001740 [ 134.020810][ T7672] ? __pfx__copy_to_user+0x1/0x10 [ 134.020836][ T7672] _copy_to_user+0x8b/0xb0 [ 134.020857][ T7672] generic_map_lookup_batch+0x98a/0xf20 [ 134.020895][ T7672] ? __pfx_generic_map_lookup_batch+0x10/0x10 [ 134.020921][ T7672] ? __pfx_generic_map_lookup_batch+0x10/0x10 [ 134.020941][ T7672] bpf_map_do_batch+0x288/0x660 [ 134.020968][ T7672] __sys_bpf+0x653/0x820 [ 134.020991][ T7672] ? __pfx___sys_bpf+0x10/0x10 [ 134.021025][ T7672] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 134.021050][ T7672] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 134.021073][ T7672] ? do_syscall_64+0x100/0x230 [ 134.021096][ T7672] __x64_sys_bpf+0x7c/0x90 [ 134.021116][ T7672] do_syscall_64+0xf3/0x230 [ 134.021134][ T7672] ? clear_bhb_loop+0x35/0x90 [ 134.021158][ T7672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.021176][ T7672] RIP: 0033:0x7fce83b8d169 [ 134.021190][ T7672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.021202][ T7672] RSP: 002b:00007fce8496a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 134.021218][ T7672] RAX: ffffffffffffffda RBX: 00007fce83da5fa0 RCX: 00007fce83b8d169 [ 134.021229][ T7672] RDX: 0000000000000038 RSI: 0000400000000700 RDI: 0000000000000018 [ 134.021238][ T7672] RBP: 00007fce8496a090 R08: 0000000000000000 R09: 0000000000000000 [ 134.021248][ T7672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 134.021257][ T7672] R13: 0000000000000000 R14: 00007fce83da5fa0 R15: 00007ffd671e9938 [ 134.021284][ T7672] [ 134.591787][ T7682] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 134.664507][ T7686] netlink: 156 bytes leftover after parsing attributes in process `syz.0.631'. [ 134.707658][ T7685] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.630'. [ 135.027552][ T7706] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.637'. [ 135.119077][ T7708] netlink: 'syz.2.638': attribute type 1 has an invalid length. [ 135.297241][ T7712] netlink: 56 bytes leftover after parsing attributes in process `syz.2.640'. [ 135.493716][ T7720] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.644'. [ 135.695456][ T7728] netlink: 'syz.1.647': attribute type 4 has an invalid length. [ 135.776249][ T7732] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.648'. [ 135.782898][ T7734] FAULT_INJECTION: forcing a failure. [ 135.782898][ T7734] name failslab, interval 1, probability 0, space 0, times 0 [ 135.834687][ T7734] CPU: 0 UID: 0 PID: 7734 Comm: syz.2.649 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 135.834712][ T7734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 135.834721][ T7734] Call Trace: [ 135.834726][ T7734] [ 135.834734][ T7734] dump_stack_lvl+0x241/0x360 [ 135.834760][ T7734] ? __pfx_dump_stack_lvl+0x10/0x10 [ 135.834778][ T7734] ? __pfx__printk+0x10/0x10 [ 135.834808][ T7734] should_fail_ex+0x40a/0x550 [ 135.834836][ T7734] should_failslab+0xac/0x100 [ 135.834859][ T7734] __kmalloc_cache_noprof+0x70/0x390 [ 135.834878][ T7734] ? sctp_add_bind_addr+0x89/0x3a0 [ 135.834901][ T7734] sctp_add_bind_addr+0x89/0x3a0 [ 135.834924][ T7734] sctp_copy_local_addr_list+0x311/0x500 [ 135.834946][ T7734] ? sctp_copy_local_addr_list+0xab/0x500 [ 135.834966][ T7734] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 135.834987][ T7734] ? sctp_v6_is_any+0x60/0x70 [ 135.835008][ T7734] ? sctp_copy_one_addr+0x94/0x360 [ 135.835031][ T7734] sctp_bind_addr_copy+0xad/0x3b0 [ 135.835049][ T7734] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 135.835083][ T7734] sctp_connect_new_asoc+0x2f3/0x6c0 [ 135.835108][ T7734] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 135.835127][ T7734] ? sctp_sendmsg+0xf1a/0x35d0 [ 135.835154][ T7734] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 135.835173][ T7734] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 135.835198][ T7734] sctp_sendmsg+0x1f64/0x35d0 [ 135.835237][ T7734] ? __pfx_sctp_sendmsg+0x10/0x10 [ 135.835262][ T7734] ? aa_sk_perm+0x96d/0xab0 [ 135.835300][ T7734] ? inet_sendmsg+0x330/0x390 [ 135.835322][ T7734] __sock_sendmsg+0x1a6/0x270 [ 135.835347][ T7734] ____sys_sendmsg+0x53a/0x860 [ 135.835373][ T7734] ? __pfx_____sys_sendmsg+0x10/0x10 [ 135.835389][ T7734] ? __fget_files+0x2a/0x410 [ 135.835413][ T7734] ? __fget_files+0x2a/0x410 [ 135.835443][ T7734] __sys_sendmmsg+0x36a/0x720 [ 135.835473][ T7734] ? __pfx___sys_sendmmsg+0x10/0x10 [ 135.835503][ T7734] ? __pfx_lock_release+0x10/0x10 [ 135.835523][ T7734] ? kstrtouint_from_user+0x128/0x190 [ 135.835566][ T7734] ? ksys_write+0x22a/0x2b0 [ 135.835583][ T7734] ? __pfx_lock_release+0x10/0x10 [ 135.835611][ T7734] ? sb_end_write+0xe9/0x1c0 [ 135.835633][ T7734] ? vfs_write+0x7fa/0xd10 [ 135.835652][ T7734] ? __mutex_unlock_slowpath+0x227/0x800 [ 135.835700][ T7734] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 135.835728][ T7734] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 135.835752][ T7734] ? do_syscall_64+0x100/0x230 [ 135.835775][ T7734] __x64_sys_sendmmsg+0xa0/0xb0 [ 135.835794][ T7734] do_syscall_64+0xf3/0x230 [ 135.835813][ T7734] ? clear_bhb_loop+0x35/0x90 [ 135.835837][ T7734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.835856][ T7734] RIP: 0033:0x7fdc0ef8d169 [ 135.835871][ T7734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.835884][ T7734] RSP: 002b:00007fdc0febc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 135.835902][ T7734] RAX: ffffffffffffffda RBX: 00007fdc0f1a5fa0 RCX: 00007fdc0ef8d169 [ 135.835913][ T7734] RDX: 0000000000000001 RSI: 0000400000000940 RDI: 0000000000000003 [ 135.835922][ T7734] RBP: 00007fdc0febc090 R08: 0000000000000000 R09: 0000000000000000 [ 135.835932][ T7734] R10: 0000000000048081 R11: 0000000000000246 R12: 0000000000000002 [ 135.835941][ T7734] R13: 0000000000000000 R14: 00007fdc0f1a5fa0 R15: 00007fff7a5954d8 [ 135.835969][ T7734] [ 136.265278][ T7738] netlink: 'syz.1.655': attribute type 13 has an invalid length. [ 136.361209][ T7744] netlink: 'syz.4.657': attribute type 72 has an invalid length. [ 136.481324][ T7748] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.656'. [ 136.609371][ T7755] xt_CT: You must specify a L4 protocol and not use inversions on it [ 136.759575][ T7764] netlink: 56 bytes leftover after parsing attributes in process `syz.3.664'. [ 137.144846][ T7778] netlink: 'syz.0.669': attribute type 72 has an invalid length. [ 138.584614][ T7847] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 138.903162][ T7859] __nla_validate_parse: 4 callbacks suppressed [ 138.903181][ T7859] netlink: 4 bytes leftover after parsing attributes in process `syz.3.702'. [ 139.616406][ T7886] netlink: 148 bytes leftover after parsing attributes in process `syz.3.712'. [ 139.643031][ T7886] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 139.651962][ T7882] netlink: 44 bytes leftover after parsing attributes in process `syz.2.711'. [ 139.738717][ T7886] netlink: 'syz.3.712': attribute type 3 has an invalid length. [ 139.795099][ T7886] netlink: 20 bytes leftover after parsing attributes in process `syz.3.712'. [ 139.942140][ T7900] netlink: 8 bytes leftover after parsing attributes in process `syz.2.716'. [ 139.973336][ T7902] netlink: 8 bytes leftover after parsing attributes in process `syz.0.719'. [ 140.028629][ T7900] netlink: 4 bytes leftover after parsing attributes in process `syz.2.716'. [ 140.059221][ T7900] netlink: 'syz.2.716': attribute type 1 has an invalid length. [ 140.095808][ T7900] netlink: 10 bytes leftover after parsing attributes in process `syz.2.716'. [ 140.225641][ T5836] block nbd2: Receive control failed (result -107) [ 141.134152][ T7936] Bluetooth: MGMT ver 1.23 [ 141.141003][ T7937] netlink: 36 bytes leftover after parsing attributes in process `syz.2.732'. [ 141.169338][ T7936] netlink: 16 bytes leftover after parsing attributes in process `syz.1.731'. [ 141.571442][ T7957] lo speed is unknown, defaulting to 1000 [ 141.632785][ T7957] lo speed is unknown, defaulting to 1000 [ 141.640477][ T7957] lo speed is unknown, defaulting to 1000 [ 141.693778][ T7957] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 141.725125][ T7957] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 141.780891][ T7957] lo speed is unknown, defaulting to 1000 [ 141.791000][ T7957] lo speed is unknown, defaulting to 1000 [ 141.805475][ T7957] lo speed is unknown, defaulting to 1000 [ 141.817774][ T7957] lo speed is unknown, defaulting to 1000 [ 141.826347][ T7957] lo speed is unknown, defaulting to 1000 [ 143.651259][ T8004] 8021q: adding VLAN 0 to HW filter on device bond2 [ 143.932262][ T8004] bond2 (unregistering): Released all slaves [ 143.958421][ T8016] macvlan3: entered promiscuous mode [ 144.115648][ T8023] __nla_validate_parse: 2 callbacks suppressed [ 144.115666][ T8023] netlink: 36 bytes leftover after parsing attributes in process `syz.4.763'. [ 144.299032][ T8033] netlink: 40 bytes leftover after parsing attributes in process `syz.4.765'. [ 144.340603][ T8035] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (511) [ 144.370759][ T8035] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255 [ 144.579814][ T8051] netlink: 'syz.4.769': attribute type 1 has an invalid length. [ 144.648725][ T8051] bond2: entered promiscuous mode [ 144.670491][ T8051] bond2: entered allmulticast mode [ 144.708806][ T8057] batadv1: entered allmulticast mode [ 144.724271][ T8057] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 144.806062][ T8051] netlink: 28 bytes leftover after parsing attributes in process `syz.4.769'. [ 144.836994][ T8057] bond2: (slave batadv1): making interface the new active one [ 144.854983][ T8057] batadv1: entered promiscuous mode [ 144.872406][ T8064] netlink: 104 bytes leftover after parsing attributes in process `syz.1.773'. [ 144.893625][ T8057] bond2: (slave batadv1): Enslaving as an active interface with an up link [ 144.941753][ T8067] netlink: 64 bytes leftover after parsing attributes in process `syz.4.769'. [ 144.962220][ T8051] bond2: left promiscuous mode [ 145.032393][ T8051] batadv1: left promiscuous mode [ 145.053019][ T8051] bond2: left allmulticast mode [ 145.093992][ T8051] 8021q: adding VLAN 0 to HW filter on device bond2 [ 145.131784][ T8072] netlink: 8 bytes leftover after parsing attributes in process `syz.1.775'. [ 145.656015][ T8096] lo speed is unknown, defaulting to 1000 [ 145.851549][ T8103] FAULT_INJECTION: forcing a failure. [ 145.851549][ T8103] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 145.930384][ T8103] CPU: 0 UID: 0 PID: 8103 Comm: syz.4.783 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 145.930410][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 145.930419][ T8103] Call Trace: [ 145.930424][ T8103] [ 145.930431][ T8103] dump_stack_lvl+0x241/0x360 [ 145.930458][ T8103] ? __pfx_dump_stack_lvl+0x10/0x10 [ 145.930475][ T8103] ? __pfx__printk+0x10/0x10 [ 145.930501][ T8103] ? snprintf+0xda/0x120 [ 145.930526][ T8103] should_fail_ex+0x40a/0x550 [ 145.930553][ T8103] _copy_to_user+0x31/0xb0 [ 145.930576][ T8103] simple_read_from_buffer+0xca/0x150 [ 145.930600][ T8103] proc_fail_nth_read+0x1e9/0x250 [ 145.930623][ T8103] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 145.930646][ T8103] ? rw_verify_area+0x243/0x630 [ 145.930662][ T8103] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 145.930684][ T8103] vfs_read+0x1f8/0xb40 [ 145.930701][ T8103] ? fdget_pos+0x254/0x320 [ 145.930723][ T8103] ? __pfx___mutex_lock+0x10/0x10 [ 145.930742][ T8103] ? __pfx_vfs_read+0x10/0x10 [ 145.930755][ T8103] ? do_sys_openat2+0x17a/0x1d0 [ 145.930780][ T8103] ? __fget_files+0x2a/0x410 [ 145.930801][ T8103] ? __fget_files+0x395/0x410 [ 145.930820][ T8103] ? __fget_files+0x2a/0x410 [ 145.930848][ T8103] ksys_read+0x18f/0x2b0 [ 145.930867][ T8103] ? __pfx_ksys_read+0x10/0x10 [ 145.930884][ T8103] ? do_syscall_64+0x100/0x230 [ 145.930906][ T8103] ? do_syscall_64+0xb6/0x230 [ 145.930927][ T8103] do_syscall_64+0xf3/0x230 [ 145.930945][ T8103] ? clear_bhb_loop+0x35/0x90 [ 145.930967][ T8103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.930987][ T8103] RIP: 0033:0x7fce83b8bb7c [ 145.931001][ T8103] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 145.931013][ T8103] RSP: 002b:00007fce8496a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 145.931030][ T8103] RAX: ffffffffffffffda RBX: 00007fce83da5fa0 RCX: 00007fce83b8bb7c [ 145.931041][ T8103] RDX: 000000000000000f RSI: 00007fce8496a0a0 RDI: 0000000000000006 [ 145.931051][ T8103] RBP: 00007fce8496a090 R08: 0000000000000000 R09: 0000000000000000 [ 145.931061][ T8103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 145.931070][ T8103] R13: 0000000000000000 R14: 00007fce83da5fa0 R15: 00007ffd671e9938 [ 145.931096][ T8103] [ 146.419381][ T8113] netlink: 16 bytes leftover after parsing attributes in process `syz.2.782'. [ 147.645272][ T8140] netlink: 24 bytes leftover after parsing attributes in process `syz.4.788'. [ 147.838160][ T8140] netlink: 4 bytes leftover after parsing attributes in process `syz.4.788'. [ 147.904202][ T8146] netlink: 24 bytes leftover after parsing attributes in process `syz.0.791'. [ 148.476345][ T8155] netlink: 'syz.3.795': attribute type 10 has an invalid length. [ 148.505414][ T8155] netlink: 'syz.3.795': attribute type 10 has an invalid length. [ 148.532224][ T8155] team0: entered promiscuous mode [ 148.545350][ T8155] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.568124][ T8155] bridge0: port 1(team0) entered blocking state [ 148.582557][ T8155] bridge0: port 1(team0) entered disabled state [ 148.593523][ T8155] team0: entered allmulticast mode [ 148.702416][ T8166] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 148.823830][ T8172] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 148.868031][ T8171] lo speed is unknown, defaulting to 1000 [ 149.218436][ T8169] __nla_validate_parse: 5 callbacks suppressed [ 149.218454][ T8169] netlink: 16 bytes leftover after parsing attributes in process `syz.4.800'. [ 149.369891][ T8184] netlink: 24 bytes leftover after parsing attributes in process `syz.2.803'. [ 149.427184][ T8177] lo speed is unknown, defaulting to 1000 [ 149.526291][ T8184] FAULT_INJECTION: forcing a failure. [ 149.526291][ T8184] name failslab, interval 1, probability 0, space 0, times 0 [ 149.558166][ T8184] CPU: 0 UID: 0 PID: 8184 Comm: syz.2.803 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 149.558192][ T8184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 149.558202][ T8184] Call Trace: [ 149.558208][ T8184] [ 149.558215][ T8184] dump_stack_lvl+0x241/0x360 [ 149.558240][ T8184] ? __pfx_dump_stack_lvl+0x10/0x10 [ 149.558257][ T8184] ? __pfx__printk+0x10/0x10 [ 149.558276][ T8184] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 149.558298][ T8184] ? __pfx___might_resched+0x10/0x10 [ 149.558322][ T8184] should_fail_ex+0x40a/0x550 [ 149.558349][ T8184] should_failslab+0xac/0x100 [ 149.558370][ T8184] kmem_cache_alloc_node_noprof+0x77/0x380 [ 149.558390][ T8184] ? __alloc_skb+0x1c3/0x440 [ 149.558410][ T8184] __alloc_skb+0x1c3/0x440 [ 149.558429][ T8184] ? __pfx___alloc_skb+0x10/0x10 [ 149.558447][ T8184] ? netlink_autobind+0xd6/0x2f0 [ 149.558466][ T8184] ? netlink_autobind+0x2b0/0x2f0 [ 149.558491][ T8184] netlink_sendmsg+0x634/0xcb0 [ 149.558522][ T8184] ? __pfx_netlink_sendmsg+0x10/0x10 [ 149.558547][ T8184] ? aa_sock_msg_perm+0x91/0x160 [ 149.558574][ T8184] ? __pfx_netlink_sendmsg+0x10/0x10 [ 149.558592][ T8184] __sock_sendmsg+0x221/0x270 [ 149.558615][ T8184] ____sys_sendmsg+0x53a/0x860 [ 149.558640][ T8184] ? __pfx_____sys_sendmsg+0x10/0x10 [ 149.558655][ T8184] ? __fget_files+0x2a/0x410 [ 149.558679][ T8184] ? __fget_files+0x2a/0x410 [ 149.558707][ T8184] __sys_sendmsg+0x269/0x350 [ 149.558729][ T8184] ? __pfx___sys_sendmsg+0x10/0x10 [ 149.558757][ T8184] ? do_sys_openat2+0x17a/0x1d0 [ 149.558809][ T8184] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 149.558833][ T8184] ? do_syscall_64+0x100/0x230 [ 149.558855][ T8184] ? do_syscall_64+0xb6/0x230 [ 149.558875][ T8184] do_syscall_64+0xf3/0x230 [ 149.558893][ T8184] ? clear_bhb_loop+0x35/0x90 [ 149.558916][ T8184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.558936][ T8184] RIP: 0033:0x7fdc0ef8d169 [ 149.558950][ T8184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.558963][ T8184] RSP: 002b:00007fdc0febc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 149.558981][ T8184] RAX: ffffffffffffffda RBX: 00007fdc0f1a5fa0 RCX: 00007fdc0ef8d169 [ 149.558992][ T8184] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000000000000005 [ 149.559002][ T8184] RBP: 00007fdc0febc090 R08: 0000000000000000 R09: 0000000000000000 [ 149.559012][ T8184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.559021][ T8184] R13: 0000000000000000 R14: 00007fdc0f1a5fa0 R15: 00007fff7a5954d8 [ 149.559045][ T8184] [ 150.174561][ T8196] FAULT_INJECTION: forcing a failure. [ 150.174561][ T8196] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 150.237011][ T8196] CPU: 0 UID: 0 PID: 8196 Comm: syz.4.806 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 150.237038][ T8196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 150.237054][ T8196] Call Trace: [ 150.237060][ T8196] [ 150.237067][ T8196] dump_stack_lvl+0x241/0x360 [ 150.237093][ T8196] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.237111][ T8196] ? __pfx__printk+0x10/0x10 [ 150.237130][ T8196] ? __pfx_lock_release+0x10/0x10 [ 150.237160][ T8196] should_fail_ex+0x40a/0x550 [ 150.237186][ T8196] _copy_from_iter+0x1df/0x1c40 [ 150.237205][ T8196] ? __virt_addr_valid+0x183/0x530 [ 150.237222][ T8196] ? __pfx_lock_release+0x10/0x10 [ 150.237250][ T8196] ? __alloc_skb+0x28f/0x440 [ 150.237265][ T8196] ? __pfx__copy_from_iter+0x10/0x10 [ 150.237284][ T8196] ? __virt_addr_valid+0x183/0x530 [ 150.237298][ T8196] ? __virt_addr_valid+0x183/0x530 [ 150.237320][ T8196] ? __virt_addr_valid+0x45f/0x530 [ 150.237335][ T8196] ? __phys_addr_symbol+0x2f/0x70 [ 150.237348][ T8196] ? __check_object_size+0x47a/0x730 [ 150.237372][ T8196] netlink_sendmsg+0x742/0xcb0 [ 150.237405][ T8196] ? __pfx_netlink_sendmsg+0x10/0x10 [ 150.237429][ T8196] ? aa_sock_msg_perm+0x91/0x160 [ 150.237457][ T8196] ? __pfx_netlink_sendmsg+0x10/0x10 [ 150.237476][ T8196] __sock_sendmsg+0x221/0x270 [ 150.237499][ T8196] ____sys_sendmsg+0x53a/0x860 [ 150.237524][ T8196] ? __pfx_____sys_sendmsg+0x10/0x10 [ 150.237539][ T8196] ? __fget_files+0x2a/0x410 [ 150.237563][ T8196] ? __fget_files+0x2a/0x410 [ 150.237591][ T8196] __sys_sendmsg+0x269/0x350 [ 150.237613][ T8196] ? __pfx___sys_sendmsg+0x10/0x10 [ 150.237642][ T8196] ? do_sys_openat2+0x17a/0x1d0 [ 150.237687][ T8196] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 150.237711][ T8196] ? do_syscall_64+0x100/0x230 [ 150.237732][ T8196] ? do_syscall_64+0xb6/0x230 [ 150.237753][ T8196] do_syscall_64+0xf3/0x230 [ 150.237771][ T8196] ? clear_bhb_loop+0x35/0x90 [ 150.237794][ T8196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.237813][ T8196] RIP: 0033:0x7fce83b8d169 [ 150.237828][ T8196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.237842][ T8196] RSP: 002b:00007fce8496a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 150.237860][ T8196] RAX: ffffffffffffffda RBX: 00007fce83da5fa0 RCX: 00007fce83b8d169 [ 150.237872][ T8196] RDX: 0000000000008000 RSI: 0000400000000100 RDI: 0000000000000003 [ 150.237882][ T8196] RBP: 00007fce8496a090 R08: 0000000000000000 R09: 0000000000000000 [ 150.237892][ T8196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 150.237901][ T8196] R13: 0000000000000000 R14: 00007fce83da5fa0 R15: 00007ffd671e9938 [ 150.237925][ T8196] [ 151.569097][ T8225] netlink: 24 bytes leftover after parsing attributes in process `syz.1.818'. [ 151.610346][ T8221] tipc: Started in network mode [ 151.624279][ T8221] tipc: Node identity 7eb09ffa8cea, cluster identity 4711 [ 151.640292][ T8221] tipc: Enabled bearer , priority 0 [ 151.713759][ T52] wlan0: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 151.751595][ T8220] tipc: Resetting bearer [ 151.894566][ T8235] netlink: 1264 bytes leftover after parsing attributes in process `syz.1.820'. [ 151.930458][ T8235] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 152.749888][ T6041] tipc: Node number set to 4066025466 [ 154.139748][ T8220] tipc: Disabling bearer [ 154.164856][ T8230] lo speed is unknown, defaulting to 1000 [ 154.710455][ T8269] netlink: 24 bytes leftover after parsing attributes in process `syz.2.832'. [ 154.925098][ T8267] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 155.003187][ T8278] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 155.043907][ T8278] bridge0: port 1(vlan2) entered disabled state [ 155.196198][ T8286] FAULT_INJECTION: forcing a failure. [ 155.196198][ T8286] name failslab, interval 1, probability 0, space 0, times 0 [ 155.242779][ T8286] CPU: 1 UID: 0 PID: 8286 Comm: syz.3.839 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 155.242807][ T8286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 155.242816][ T8286] Call Trace: [ 155.242822][ T8286] [ 155.242830][ T8286] dump_stack_lvl+0x241/0x360 [ 155.242857][ T8286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.242874][ T8286] ? __pfx__printk+0x10/0x10 [ 155.242892][ T8286] ? kmem_cache_alloc_noprof+0x48/0x380 [ 155.242914][ T8286] ? __pfx___might_resched+0x10/0x10 [ 155.242939][ T8286] should_fail_ex+0x40a/0x550 [ 155.242966][ T8286] should_failslab+0xac/0x100 [ 155.242987][ T8286] ? ptlock_alloc+0x20/0x70 [ 155.243001][ T8286] kmem_cache_alloc_noprof+0x70/0x380 [ 155.243027][ T8286] ptlock_alloc+0x20/0x70 [ 155.243042][ T8286] pte_alloc_one+0x73/0x160 [ 155.243066][ T8286] __pte_alloc+0x79/0x220 [ 155.243087][ T8286] ? __pfx___pte_alloc+0x10/0x10 [ 155.243106][ T8286] ? __pfx_validate_chain+0x10/0x10 [ 155.243132][ T8286] __handle_mm_fault+0x5ea0/0x70f0 [ 155.243159][ T8286] ? mark_lock+0x9a/0x360 [ 155.243201][ T8286] ? __pfx___handle_mm_fault+0x10/0x10 [ 155.243233][ T8286] ? mt_find+0x2a9/0x920 [ 155.243252][ T8286] ? __pfx_lock_release+0x10/0x10 [ 155.243284][ T8286] ? mt_find+0x2a9/0x920 [ 155.243304][ T8286] ? mt_find+0x6c8/0x920 [ 155.243322][ T8286] ? mt_find+0x2a9/0x920 [ 155.243345][ T8286] ? __pfx_mt_find+0x10/0x10 [ 155.243383][ T8286] ? find_vma+0xf9/0x170 [ 155.243397][ T8286] ? __pfx_find_vma+0x10/0x10 [ 155.243417][ T8286] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 155.243443][ T8286] handle_mm_fault+0x3e5/0x8d0 [ 155.243475][ T8286] exc_page_fault+0x2b9/0x8b0 [ 155.243499][ T8286] asm_exc_page_fault+0x26/0x30 [ 155.243525][ T8286] RIP: 0010:rep_movs_alternative+0x30/0x70 [ 155.243548][ T8286] Code: f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 [ 155.243561][ T8286] RSP: 0018:ffffc90002fe7938 EFLAGS: 00050206 [ 155.243576][ T8286] RAX: 00007ffffffff001 RBX: 0000400000000040 RCX: 0000000000000038 [ 155.243588][ T8286] RDX: 0000000000000001 RSI: 0000400000000040 RDI: ffffc90002fe79c0 [ 155.243599][ T8286] RBP: ffffc90002fe7a70 R08: ffffc90002fe79f7 R09: 1ffff920005fcf3e [ 155.243611][ T8286] R10: dffffc0000000000 R11: fffff520005fcf3f R12: ffffc90002fe79c0 [ 155.243622][ T8286] R13: dffffc0000000000 R14: ffffc90002fe79c0 R15: 0000000000000038 [ 155.243655][ T8286] _copy_from_user+0x7b/0xb0 [ 155.243674][ T8286] copy_msghdr_from_user+0xae/0x680 [ 155.243692][ T8286] ? __lock_acquire+0x1397/0x2100 [ 155.243715][ T8286] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 155.243732][ T8286] ? __fget_files+0x2a/0x410 [ 155.243755][ T8286] ? __fget_files+0x2a/0x410 [ 155.243783][ T8286] do_recvmmsg+0x3bd/0xab0 [ 155.243809][ T8286] ? __pfx_do_recvmmsg+0x10/0x10 [ 155.243845][ T8286] ? ksys_write+0x22a/0x2b0 [ 155.243861][ T8286] ? __pfx_lock_release+0x10/0x10 [ 155.243885][ T8286] ? sb_end_write+0xe9/0x1c0 [ 155.243905][ T8286] ? vfs_write+0x7fa/0xd10 [ 155.243920][ T8286] ? __mutex_unlock_slowpath+0x227/0x800 [ 155.243945][ T8286] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 155.243962][ T8286] ? __fget_files+0x2a/0x410 [ 155.243998][ T8286] __x64_sys_recvmmsg+0x199/0x250 [ 155.244019][ T8286] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 155.244038][ T8286] ? do_syscall_64+0x100/0x230 [ 155.244059][ T8286] ? do_syscall_64+0xb6/0x230 [ 155.244079][ T8286] do_syscall_64+0xf3/0x230 [ 155.244097][ T8286] ? clear_bhb_loop+0x35/0x90 [ 155.244120][ T8286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.244138][ T8286] RIP: 0033:0x7ff89338d169 [ 155.244152][ T8286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.244164][ T8286] RSP: 002b:00007ff8942a0038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 155.244181][ T8286] RAX: ffffffffffffffda RBX: 00007ff8935a5fa0 RCX: 00007ff89338d169 [ 155.244192][ T8286] RDX: 0400000000000284 RSI: 0000400000000040 RDI: 0000000000000003 [ 155.244203][ T8286] RBP: 00007ff8942a0090 R08: 0000000000000000 R09: 0000000000000000 [ 155.244212][ T8286] R10: 000000000000002b R11: 0000000000000246 R12: 0000000000000001 [ 155.244222][ T8286] R13: 0000000000000000 R14: 00007ff8935a5fa0 R15: 00007fffed5905f8 [ 155.244247][ T8286] [ 156.351864][ T8318] netlink: 20 bytes leftover after parsing attributes in process `syz.3.853'. [ 156.384021][ T8318] netlink: 32 bytes leftover after parsing attributes in process `syz.3.853'. [ 156.501975][ T8324] netlink: 36 bytes leftover after parsing attributes in process `syz.4.856'. [ 156.737052][ T8334] netlink: 4 bytes leftover after parsing attributes in process `syz.4.860'. [ 156.765501][ T8332] netlink: 'syz.0.859': attribute type 10 has an invalid length. [ 156.781144][ T8334] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 156.795768][ T8339] netlink: 'syz.1.855': attribute type 15 has an invalid length. [ 156.805392][ T8332] team0: left allmulticast mode [ 156.812491][ T8332] team0: left promiscuous mode [ 156.817617][ T8332] bridge0: port 2(team0) entered disabled state [ 156.851777][ T8338] netlink: 'syz.0.859': attribute type 10 has an invalid length. [ 156.860053][ T8338] netlink: 2 bytes leftover after parsing attributes in process `syz.0.859'. [ 156.878451][ T8332] batman_adv: batadv0: Adding interface: team0 [ 156.896367][ T8332] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1560. [ 156.925258][ T8339] netlink: 24 bytes leftover after parsing attributes in process `syz.1.855'. [ 156.939520][ T8332] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 156.954236][ T8338] team0: entered promiscuous mode [ 156.960737][ T8338] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.967899][ T8338] batman_adv: batadv0: Interface activated: team0 [ 156.975727][ T8338] batman_adv: batadv0: Interface deactivated: team0 [ 156.982628][ T8338] batman_adv: batadv0: Removing interface: team0 [ 157.006928][ T8338] bridge0: port 2(team0) entered blocking state [ 157.013559][ T8338] bridge0: port 2(team0) entered disabled state [ 157.020277][ T8338] team0: entered allmulticast mode [ 157.296302][ T8353] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.859'. [ 157.504571][ T8355] bridge0: port 3(team0) entered disabled state [ 157.511200][ T8355] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.518682][ T8355] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.640984][ T8355] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 157.670146][ T8355] batadv_slave_1: left promiscuous mode [ 157.693106][ T8355] batadv_slave_1: left allmulticast mode [ 157.710774][ T8359] openvswitch: netlink: Actions may not be safe on all matching packets [ 157.892811][ T8355] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.901853][ T8355] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.942155][ T8355] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.962713][ T8355] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.032119][ T8355] macvlan2: left promiscuous mode [ 158.054476][ T8355] macvlan3: left promiscuous mode [ 158.079620][ T8355] batadv1: left allmulticast mode [ 158.162874][ T8361] dvmrp5: entered allmulticast mode [ 158.206470][ T8364] dvmrp5: left allmulticast mode [ 158.787979][ T8388] netlink: 8 bytes leftover after parsing attributes in process `syz.1.878'. [ 159.015657][ T8397] netlink: 36 bytes leftover after parsing attributes in process `syz.2.880'. [ 160.042564][ T8424] __nla_validate_parse: 2 callbacks suppressed [ 160.042580][ T8424] netlink: 28 bytes leftover after parsing attributes in process `syz.2.891'. [ 160.488757][ T8440] FAULT_INJECTION: forcing a failure. [ 160.488757][ T8440] name failslab, interval 1, probability 0, space 0, times 0 [ 160.508875][ T8440] CPU: 1 UID: 0 PID: 8440 Comm: syz.4.896 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 160.508897][ T8440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 160.508907][ T8440] Call Trace: [ 160.508913][ T8440] [ 160.508921][ T8440] dump_stack_lvl+0x241/0x360 [ 160.508946][ T8440] ? __pfx_dump_stack_lvl+0x10/0x10 [ 160.508964][ T8440] ? __pfx__printk+0x10/0x10 [ 160.508983][ T8440] ? __kmalloc_cache_noprof+0x48/0x390 [ 160.509004][ T8440] ? __pfx___might_resched+0x10/0x10 [ 160.509026][ T8440] should_fail_ex+0x40a/0x550 [ 160.509052][ T8440] should_failslab+0xac/0x100 [ 160.509073][ T8440] __kmalloc_cache_noprof+0x70/0x390 [ 160.509091][ T8440] ? sctp_association_new+0x8a/0x2540 [ 160.509109][ T8440] ? __asan_memcpy+0x40/0x70 [ 160.509125][ T8440] sctp_association_new+0x8a/0x2540 [ 160.509146][ T8440] ? sctp_do_bind+0x679/0x950 [ 160.509172][ T8440] ? __ipv6_addr_type+0x112/0x2f0 [ 160.509198][ T8440] sctp_connect_new_asoc+0x2d8/0x6c0 [ 160.509223][ T8440] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 160.509243][ T8440] ? sctp_sendmsg+0xf1a/0x35d0 [ 160.509270][ T8440] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 160.509289][ T8440] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 160.509314][ T8440] sctp_sendmsg+0x1f64/0x35d0 [ 160.509352][ T8440] ? __pfx_sctp_sendmsg+0x10/0x10 [ 160.509375][ T8440] ? aa_sk_perm+0x96d/0xab0 [ 160.509410][ T8440] ? inet_sendmsg+0x330/0x390 [ 160.509431][ T8440] __sock_sendmsg+0x1a6/0x270 [ 160.509456][ T8440] ____sys_sendmsg+0x53a/0x860 [ 160.509482][ T8440] ? __pfx_____sys_sendmsg+0x10/0x10 [ 160.509497][ T8440] ? __fget_files+0x2a/0x410 [ 160.509522][ T8440] ? __fget_files+0x2a/0x410 [ 160.509552][ T8440] __sys_sendmmsg+0x36a/0x720 [ 160.509581][ T8440] ? __pfx___sys_sendmmsg+0x10/0x10 [ 160.509611][ T8440] ? __pfx_lock_release+0x10/0x10 [ 160.509632][ T8440] ? kstrtouint_from_user+0x128/0x190 [ 160.509673][ T8440] ? ksys_write+0x22a/0x2b0 [ 160.509691][ T8440] ? __pfx_lock_release+0x10/0x10 [ 160.509719][ T8440] ? sb_end_write+0xe9/0x1c0 [ 160.509740][ T8440] ? vfs_write+0x7fa/0xd10 [ 160.509759][ T8440] ? __mutex_unlock_slowpath+0x227/0x800 [ 160.509807][ T8440] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 160.509836][ T8440] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 160.509866][ T8440] ? do_syscall_64+0x100/0x230 [ 160.509889][ T8440] __x64_sys_sendmmsg+0xa0/0xb0 [ 160.509908][ T8440] do_syscall_64+0xf3/0x230 [ 160.509927][ T8440] ? clear_bhb_loop+0x35/0x90 [ 160.509951][ T8440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.509970][ T8440] RIP: 0033:0x7fce83b8d169 [ 160.509985][ T8440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.509999][ T8440] RSP: 002b:00007fce8496a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 160.510016][ T8440] RAX: ffffffffffffffda RBX: 00007fce83da5fa0 RCX: 00007fce83b8d169 [ 160.510029][ T8440] RDX: 0000000000000001 RSI: 00004000000049c0 RDI: 0000000000000003 [ 160.510039][ T8440] RBP: 00007fce8496a090 R08: 0000000000000000 R09: 0000000000000000 [ 160.510050][ T8440] R10: 0000000030000840 R11: 0000000000000246 R12: 0000000000000001 [ 160.510060][ T8440] R13: 0000000000000000 R14: 00007fce83da5fa0 R15: 00007ffd671e9938 [ 160.510088][ T8440] [ 161.500986][ T8452] netlink: 148 bytes leftover after parsing attributes in process `syz.3.903'. [ 161.530709][ T8452] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 161.645119][ T8453] netlink: 'syz.3.903': attribute type 3 has an invalid length. [ 161.712165][ T8455] lo speed is unknown, defaulting to 1000 [ 161.735201][ T8453] netlink: 20 bytes leftover after parsing attributes in process `syz.3.903'. [ 162.119883][ T8465] netlink: 36 bytes leftover after parsing attributes in process `syz.1.907'. [ 162.608461][ T8483] 8021q: adding VLAN 0 to HW filter on device bond2 [ 162.623329][ T8483] bond2: entered promiscuous mode [ 162.632961][ T8483] bond2: entered allmulticast mode [ 162.649042][ T8483] team0: Port device bond2 added [ 162.896176][ T8489] FAULT_INJECTION: forcing a failure. [ 162.896176][ T8489] name failslab, interval 1, probability 0, space 0, times 0 [ 162.922837][ T8489] CPU: 1 UID: 0 PID: 8489 Comm: syz.4.912 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 162.922862][ T8489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 162.922873][ T8489] Call Trace: [ 162.922879][ T8489] [ 162.922887][ T8489] dump_stack_lvl+0x241/0x360 [ 162.922910][ T8489] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.922924][ T8489] ? __pfx__printk+0x10/0x10 [ 162.922938][ T8489] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 162.922957][ T8489] ? __pfx___might_resched+0x10/0x10 [ 162.922976][ T8489] should_fail_ex+0x40a/0x550 [ 162.922997][ T8489] should_failslab+0xac/0x100 [ 162.923015][ T8489] kmem_cache_alloc_node_noprof+0x77/0x380 [ 162.923031][ T8489] ? __alloc_skb+0x1c3/0x440 [ 162.923046][ T8489] __alloc_skb+0x1c3/0x440 [ 162.923061][ T8489] ? __pfx___alloc_skb+0x10/0x10 [ 162.923075][ T8489] ? netlink_autobind+0xd6/0x2f0 [ 162.923092][ T8489] ? netlink_autobind+0x2b0/0x2f0 [ 162.923111][ T8489] netlink_sendmsg+0x634/0xcb0 [ 162.923135][ T8489] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.923154][ T8489] ? aa_sock_msg_perm+0x91/0x160 [ 162.923176][ T8489] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.923191][ T8489] __sock_sendmsg+0x221/0x270 [ 162.923209][ T8489] ____sys_sendmsg+0x53a/0x860 [ 162.923228][ T8489] ? __pfx_____sys_sendmsg+0x10/0x10 [ 162.923240][ T8489] ? __fget_files+0x2a/0x410 [ 162.923259][ T8489] ? __fget_files+0x2a/0x410 [ 162.923281][ T8489] __sys_sendmsg+0x269/0x350 [ 162.923297][ T8489] ? __pfx___sys_sendmsg+0x10/0x10 [ 162.923319][ T8489] ? do_sys_openat2+0x17a/0x1d0 [ 162.923353][ T8489] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 162.923372][ T8489] ? do_syscall_64+0x100/0x230 [ 162.923389][ T8489] ? do_syscall_64+0xb6/0x230 [ 162.923405][ T8489] do_syscall_64+0xf3/0x230 [ 162.923419][ T8489] ? clear_bhb_loop+0x35/0x90 [ 162.923438][ T8489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.923454][ T8489] RIP: 0033:0x7fce83b8d169 [ 162.923466][ T8489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.923476][ T8489] RSP: 002b:00007fce8496a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 162.923492][ T8489] RAX: ffffffffffffffda RBX: 00007fce83da5fa0 RCX: 00007fce83b8d169 [ 162.923501][ T8489] RDX: 0000000000000080 RSI: 0000400000000740 RDI: 0000000000000003 [ 162.923509][ T8489] RBP: 00007fce8496a090 R08: 0000000000000000 R09: 0000000000000000 [ 162.923517][ T8489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.923525][ T8489] R13: 0000000000000000 R14: 00007fce83da5fa0 R15: 00007ffd671e9938 [ 162.923544][ T8489] [ 163.474136][ T8497] netlink: 4 bytes leftover after parsing attributes in process `syz.3.916'. [ 163.514802][ T8497] FAULT_INJECTION: forcing a failure. [ 163.514802][ T8497] name failslab, interval 1, probability 0, space 0, times 0 [ 163.578198][ T8497] CPU: 1 UID: 0 PID: 8497 Comm: syz.3.916 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 163.578225][ T8497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 163.578236][ T8497] Call Trace: [ 163.578242][ T8497] [ 163.578250][ T8497] dump_stack_lvl+0x241/0x360 [ 163.578278][ T8497] ? __pfx_dump_stack_lvl+0x10/0x10 [ 163.578296][ T8497] ? __pfx__printk+0x10/0x10 [ 163.578315][ T8497] ? __kmalloc_cache_noprof+0x48/0x390 [ 163.578339][ T8497] ? __pfx___might_resched+0x10/0x10 [ 163.578365][ T8497] should_fail_ex+0x40a/0x550 [ 163.578393][ T8497] should_failslab+0xac/0x100 [ 163.578414][ T8497] __kmalloc_cache_noprof+0x70/0x390 [ 163.578432][ T8497] ? alloc_netdev_mqs+0xc1a/0x1210 [ 163.578448][ T8497] ? __xdp_rxq_info_reg+0x186/0x290 [ 163.578473][ T8497] alloc_netdev_mqs+0xc1a/0x1210 [ 163.578499][ T8497] rtnl_create_link+0x2f9/0xc90 [ 163.578524][ T8497] rtnl_newlink_create+0x2e1/0xbd0 [ 163.578554][ T8497] ? __pfx_aa_get_newest_label+0x10/0x10 [ 163.578581][ T8497] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 163.578608][ T8497] ? __pfx___mutex_lock+0x10/0x10 [ 163.578635][ T8497] ? ns_capable+0x8a/0xf0 [ 163.578656][ T8497] rtnl_newlink+0x167a/0x1d90 [ 163.578692][ T8497] ? __pfx_rtnl_newlink+0x10/0x10 [ 163.578714][ T8497] ? __pfx_validate_chain+0x10/0x10 [ 163.578752][ T8497] ? validate_chain+0x11e/0x5920 [ 163.578777][ T8497] ? __pfx_lock_acquire+0x10/0x10 [ 163.578803][ T8497] ? __pfx_lock_release+0x10/0x10 [ 163.578829][ T8497] ? __pfx_validate_chain+0x10/0x10 [ 163.578849][ T8497] ? mark_lock+0x9a/0x360 [ 163.578869][ T8497] ? __lock_acquire+0x1397/0x2100 [ 163.578924][ T8497] ? __pfx_lock_release+0x10/0x10 [ 163.578962][ T8497] ? __pfx_rtnl_newlink+0x10/0x10 [ 163.578985][ T8497] rtnetlink_rcv_msg+0x791/0xcf0 [ 163.579004][ T8497] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 163.579026][ T8497] ? __lock_acquire+0x1397/0x2100 [ 163.579049][ T8497] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 163.579087][ T8497] netlink_rcv_skb+0x206/0x480 [ 163.579111][ T8497] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 163.579134][ T8497] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 163.579179][ T8497] ? netlink_deliver_tap+0x2e/0x1b0 [ 163.579202][ T8497] netlink_unicast+0x7f6/0x990 [ 163.579230][ T8497] ? __pfx_netlink_unicast+0x10/0x10 [ 163.579247][ T8497] ? __virt_addr_valid+0x45f/0x530 [ 163.579263][ T8497] ? __phys_addr_symbol+0x2f/0x70 [ 163.579277][ T8497] ? __check_object_size+0x47a/0x730 [ 163.579301][ T8497] netlink_sendmsg+0x8de/0xcb0 [ 163.579335][ T8497] ? __pfx_netlink_sendmsg+0x10/0x10 [ 163.579360][ T8497] ? aa_sock_msg_perm+0x91/0x160 [ 163.579388][ T8497] ? __pfx_netlink_sendmsg+0x10/0x10 [ 163.579407][ T8497] __sock_sendmsg+0x221/0x270 [ 163.579432][ T8497] ____sys_sendmsg+0x53a/0x860 [ 163.579458][ T8497] ? __pfx_____sys_sendmsg+0x10/0x10 [ 163.579474][ T8497] ? __fget_files+0x2a/0x410 [ 163.579499][ T8497] ? __fget_files+0x2a/0x410 [ 163.579528][ T8497] __sys_sendmmsg+0x36a/0x720 [ 163.579556][ T8497] ? __pfx___sys_sendmmsg+0x10/0x10 [ 163.579585][ T8497] ? __pfx_lock_release+0x10/0x10 [ 163.579605][ T8497] ? kstrtouint_from_user+0x128/0x190 [ 163.579648][ T8497] ? ksys_write+0x22a/0x2b0 [ 163.579665][ T8497] ? __pfx_lock_release+0x10/0x10 [ 163.579693][ T8497] ? sb_end_write+0xe9/0x1c0 [ 163.579715][ T8497] ? vfs_write+0x7fa/0xd10 [ 163.579735][ T8497] ? __mutex_unlock_slowpath+0x227/0x800 [ 163.579788][ T8497] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 163.579814][ T8497] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 163.579837][ T8497] ? do_syscall_64+0x100/0x230 [ 163.579860][ T8497] __x64_sys_sendmmsg+0xa0/0xb0 [ 163.579879][ T8497] do_syscall_64+0xf3/0x230 [ 163.579898][ T8497] ? clear_bhb_loop+0x35/0x90 [ 163.579921][ T8497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.579940][ T8497] RIP: 0033:0x7ff89338d169 [ 163.579954][ T8497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.579967][ T8497] RSP: 002b:00007ff8942a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 163.579985][ T8497] RAX: ffffffffffffffda RBX: 00007ff8935a5fa0 RCX: 00007ff89338d169 [ 163.579997][ T8497] RDX: 0492492492492627 RSI: 00004000000000c0 RDI: 0000000000000003 [ 163.580008][ T8497] RBP: 00007ff8942a0090 R08: 0000000000000000 R09: 0000000000000000 [ 163.580018][ T8497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 163.580027][ T8497] R13: 0000000000000000 R14: 00007ff8935a5fa0 R15: 00007fffed5905f8 [ 163.580055][ T8497] [ 164.390200][ T8510] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 164.416971][ T8510] bond3: entered promiscuous mode [ 164.422054][ T8510] bond3: entered allmulticast mode [ 164.428254][ T8510] 8021q: adding VLAN 0 to HW filter on device bond3 [ 164.484855][ T8515] bond4: entered promiscuous mode [ 164.508067][ T8515] bond4: entered allmulticast mode [ 164.531409][ T8515] 8021q: adding VLAN 0 to HW filter on device bond4 [ 164.691810][ T8530] netlink: 148 bytes leftover after parsing attributes in process `syz.4.928'. [ 164.701615][ T8530] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 164.794275][ T8535] netlink: 'syz.4.928': attribute type 3 has an invalid length. [ 164.837083][ T8535] netlink: 20 bytes leftover after parsing attributes in process `syz.4.928'. [ 164.852146][ T8527] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 164.995050][ T8538] lo speed is unknown, defaulting to 1000 [ 165.268150][ T8550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.936'. [ 165.355394][ T8552] netlink: 96 bytes leftover after parsing attributes in process `syz.1.937'. [ 165.482940][ T8556] netlink: 148 bytes leftover after parsing attributes in process `syz.0.938'. [ 165.499745][ T8558] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.939'. [ 165.551973][ T8556] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 165.812259][ T8559] lo speed is unknown, defaulting to 1000 [ 166.423200][ T5836] Bluetooth: hci0: command tx timeout [ 166.438289][ T8585] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 167.913941][ T8581] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 168.185008][ T8599] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.951'. [ 168.327790][ T8603] netlink: 16 bytes leftover after parsing attributes in process `syz.0.952'. [ 168.523519][ T8608] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 168.807808][ T8615] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 169.039123][ T8629] netlink: 148 bytes leftover after parsing attributes in process `syz.2.962'. [ 169.083377][ T8629] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 169.223140][ T8635] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.964'. [ 169.298194][ T8633] lo speed is unknown, defaulting to 1000 [ 170.070421][ T8671] pim6reg: entered allmulticast mode [ 170.826802][ T8680] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.976'. [ 170.919191][ T8681] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 171.799601][ T8705] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.987'. [ 171.844883][ T8707] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744071562067969) [ 171.867373][ T8707] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647 [ 172.449765][ T8747] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1001'. [ 172.686841][ T8759] 8021q: adding VLAN 0 to HW filter on device bond1 [ 172.769474][ T8770] Cannot find add_set index 0 as target [ 172.861786][ T8773] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1011'. [ 172.862376][ T8759] bond1 (unregistering): Released all slaves [ 173.073882][ T8775] tipc: Started in network mode [ 173.078812][ T8775] tipc: Node identity ac14142f, cluster identity 4711 [ 173.089675][ T8775] tipc: New replicast peer: 0.0.0.0 [ 173.095863][ T8775] tipc: Enabled bearer , priority 10 [ 173.134041][ T8775] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1012'. [ 173.352612][ T8792] syz_tun: entered allmulticast mode [ 173.449174][ T8799] netlink: 'syz.1.1022': attribute type 12 has an invalid length. [ 173.506688][ T8804] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1025'. [ 173.655851][ T8813] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1029'. [ 173.810532][ T8819] netlink: 'syz.3.1032': attribute type 9 has an invalid length. [ 173.825196][ T8817] tap0: tun_chr_ioctl cmd 1074025677 [ 173.830726][ T8817] tap0: linktype set to 804 [ 174.214658][ T6048] tipc: Node number set to 2886997039 [ 174.254978][ T8838] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1038'. [ 174.424110][ T8848] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1044'. [ 174.463043][ T8851] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1045'. [ 174.483693][ T8846] geneve1: entered promiscuous mode [ 174.670171][ T8011] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.684780][ T8011] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.028614][ T8873] netlink: 'syz.4.1057': attribute type 14 has an invalid length. [ 175.124220][ T8883] bond1 (unregistering): Released all slaves [ 175.906145][ T8931] FAULT_INJECTION: forcing a failure. [ 175.906145][ T8931] name failslab, interval 1, probability 0, space 0, times 0 [ 175.926010][ T8931] CPU: 0 UID: 0 PID: 8931 Comm: syz.3.1077 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 175.926038][ T8931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 175.926049][ T8931] Call Trace: [ 175.926056][ T8931] [ 175.926063][ T8931] dump_stack_lvl+0x241/0x360 [ 175.926090][ T8931] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.926108][ T8931] ? __pfx__printk+0x10/0x10 [ 175.926127][ T8931] ? __kmalloc_noprof+0xb5/0x4c0 [ 175.926148][ T8931] ? __pfx___might_resched+0x10/0x10 [ 175.926173][ T8931] should_fail_ex+0x40a/0x550 [ 175.926201][ T8931] should_failslab+0xac/0x100 [ 175.926224][ T8931] __kmalloc_noprof+0xdd/0x4c0 [ 175.926243][ T8931] ? __alloc_workqueue+0x11c/0x1bb0 [ 175.926264][ T8931] __alloc_workqueue+0x11c/0x1bb0 [ 175.926296][ T8931] alloc_workqueue+0xd6/0x210 [ 175.926318][ T8931] ? __pfx_alloc_workqueue+0x10/0x10 [ 175.926340][ T8931] ? net_generic+0x1f/0x240 [ 175.926364][ T8931] bond_init+0xd5/0x8e0 [ 175.926386][ T8931] ? __pfx_bond_init+0x10/0x10 [ 175.926402][ T8931] ? __kasan_kmalloc+0x98/0xb0 [ 175.926422][ T8931] ? __kmalloc_cache_noprof+0x243/0x390 [ 175.926447][ T8931] register_netdevice+0x6d7/0x1b70 [ 175.926474][ T8931] ? __pfx_bond_changelink+0x10/0x10 [ 175.926493][ T8931] ? validate_linkmsg+0x828/0xa40 [ 175.926518][ T8931] ? __pfx_register_netdevice+0x10/0x10 [ 175.926537][ T8931] ? alloc_netdev_mqs+0xe01/0x1210 [ 175.926562][ T8931] ? rtnl_create_link+0x95b/0xc90 [ 175.926584][ T8931] bond_newlink+0x5e/0xb0 [ 175.926602][ T8931] ? __pfx_bond_newlink+0x10/0x10 [ 175.926634][ T8931] rtnl_newlink_create+0x37b/0xbd0 [ 175.926663][ T8931] ? __pfx_aa_get_newest_label+0x10/0x10 [ 175.926690][ T8931] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 175.926716][ T8931] ? __pfx___mutex_lock+0x10/0x10 [ 175.926746][ T8931] ? ns_capable+0x8a/0xf0 [ 175.926768][ T8931] rtnl_newlink+0x167a/0x1d90 [ 175.926792][ T8931] ? __lock_acquire+0x1397/0x2100 [ 175.926828][ T8931] ? __pfx_rtnl_newlink+0x10/0x10 [ 175.926850][ T8931] ? __pfx_validate_chain+0x10/0x10 [ 175.926888][ T8931] ? validate_chain+0x11e/0x5920 [ 175.926905][ T8931] ? __pfx_lock_acquire+0x10/0x10 [ 175.926930][ T8931] ? __pfx_lock_release+0x10/0x10 [ 175.926955][ T8931] ? __pfx_validate_chain+0x10/0x10 [ 175.926977][ T8931] ? mark_lock+0x9a/0x360 [ 175.926997][ T8931] ? __lock_acquire+0x1397/0x2100 [ 175.927051][ T8931] ? __pfx_lock_release+0x10/0x10 [ 175.927088][ T8931] ? __pfx_rtnl_newlink+0x10/0x10 [ 175.927111][ T8931] rtnetlink_rcv_msg+0x791/0xcf0 [ 175.927130][ T8931] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 175.927153][ T8931] ? __lock_acquire+0x1397/0x2100 [ 175.927176][ T8931] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 175.927213][ T8931] netlink_rcv_skb+0x206/0x480 [ 175.927236][ T8931] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 175.927259][ T8931] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 175.927303][ T8931] ? netlink_deliver_tap+0x2e/0x1b0 [ 175.927327][ T8931] netlink_unicast+0x7f6/0x990 [ 175.927355][ T8931] ? __pfx_netlink_unicast+0x10/0x10 [ 175.927371][ T8931] ? __virt_addr_valid+0x45f/0x530 [ 175.927388][ T8931] ? __phys_addr_symbol+0x2f/0x70 [ 175.927401][ T8931] ? __check_object_size+0x47a/0x730 [ 175.927425][ T8931] netlink_sendmsg+0x8de/0xcb0 [ 175.927457][ T8931] ? __pfx_netlink_sendmsg+0x10/0x10 [ 175.927482][ T8931] ? aa_sock_msg_perm+0x91/0x160 [ 175.927508][ T8931] ? __pfx_netlink_sendmsg+0x10/0x10 [ 175.927527][ T8931] __sock_sendmsg+0x221/0x270 [ 175.927551][ T8931] ____sys_sendmsg+0x53a/0x860 [ 175.927578][ T8931] ? __pfx_____sys_sendmsg+0x10/0x10 [ 175.927593][ T8931] ? __fget_files+0x2a/0x410 [ 175.927625][ T8931] ? __fget_files+0x2a/0x410 [ 175.927655][ T8931] __sys_sendmsg+0x269/0x350 [ 175.927678][ T8931] ? __pfx___sys_sendmsg+0x10/0x10 [ 175.927710][ T8931] ? do_sys_openat2+0x17a/0x1d0 [ 175.927758][ T8931] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 175.927782][ T8931] ? do_syscall_64+0x100/0x230 [ 175.927804][ T8931] ? do_syscall_64+0xb6/0x230 [ 175.927826][ T8931] do_syscall_64+0xf3/0x230 [ 175.927844][ T8931] ? clear_bhb_loop+0x35/0x90 [ 175.927869][ T8931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.927888][ T8931] RIP: 0033:0x7ff89338d169 [ 175.927904][ T8931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.927918][ T8931] RSP: 002b:00007ff8942a0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 175.927937][ T8931] RAX: ffffffffffffffda RBX: 00007ff8935a5fa0 RCX: 00007ff89338d169 [ 175.927949][ T8931] RDX: 0000000000004000 RSI: 0000400000000280 RDI: 0000000000000003 [ 175.927960][ T8931] RBP: 00007ff8942a0090 R08: 0000000000000000 R09: 0000000000000000 [ 175.927970][ T8931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 175.927979][ T8931] R13: 0000000000000000 R14: 00007ff8935a5fa0 R15: 00007fffed5905f8 [ 175.928007][ T8931] [ 176.490390][ T8935] openvswitch: netlink: Actions may not be safe on all matching packets [ 177.055761][ T8958] __nla_validate_parse: 5 callbacks suppressed [ 177.055856][ T8958] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1087'. [ 177.237995][ T8963] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1090'. [ 177.404154][ T8965] syzkaller0: entered allmulticast mode [ 177.954165][ T8980] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1099'. [ 178.234316][ T8990] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1103'. [ 178.267480][ T8988] netlink: 'syz.1.1102': attribute type 10 has an invalid length. [ 178.317997][ T8991] netlink: 'syz.1.1102': attribute type 10 has an invalid length. [ 178.326144][ T8991] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1102'. [ 178.378938][ T8994] openvswitch: netlink: Missing valid actions attribute. [ 178.387225][ T8994] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 178.408291][ T8994] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1103'. [ 178.580931][ T9000] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1102'. [ 181.841685][ T8994] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 181.859953][ T8994] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 181.883885][ T8994] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 181.899752][ T8994] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 182.638430][ T9024] lo speed is unknown, defaulting to 1000 [ 182.960288][ T9038] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1119'. [ 182.975673][ T9038] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1119'. [ 183.001249][ T9041] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1120'. [ 183.359489][ T9057] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1121'. [ 183.411129][ T9055] netlink: 'syz.1.1126': attribute type 10 has an invalid length. [ 183.446514][ T9055] netlink: 'syz.1.1126': attribute type 10 has an invalid length. [ 183.461225][ T9055] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1126'. [ 183.466799][ T9024] openvswitch: netlink: Missing valid actions attribute. [ 183.483825][ T9024] openvswitch: netlink: Actions may not be safe on all matching packets [ 183.590019][ T9065] erspan0: left allmulticast mode [ 183.597351][ T9065] erspan0: left promiscuous mode [ 183.657712][ T9067] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1126'. [ 183.927077][ T9065] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.942887][ T9065] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.952046][ T9065] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.971001][ T9065] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.040362][ T6062] lo speed is unknown, defaulting to 1000 [ 184.082291][ T9060] erspan0: entered allmulticast mode [ 184.095862][ T9060] erspan0: entered promiscuous mode [ 184.122545][ T9060] bridge0: port 1(vlan2) entered blocking state [ 184.129102][ T9060] bridge0: port 1(vlan2) entered listening state [ 184.149262][ T9060] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.176010][ T9060] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.209615][ T9060] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 184.235404][ T6062] lo speed is unknown, defaulting to 1000 [ 184.421854][ T9072] dvmrp5: entered allmulticast mode [ 184.450673][ T9077] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1133'. [ 184.505202][ T9072] dvmrp5: left allmulticast mode [ 184.748126][ T9089] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1138'. [ 184.769800][ T9089] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1138'. [ 184.789012][ T9089] netlink: 'syz.2.1138': attribute type 1 has an invalid length. [ 184.805766][ T9089] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1138'. [ 184.895342][ T5836] block nbd4: Receive control failed (result -107) [ 185.073703][ T9102] netlink: 'syz.3.1141': attribute type 10 has an invalid length. [ 185.098140][ T9102] team0: left allmulticast mode [ 185.109711][ T9102] team0: left promiscuous mode [ 185.122960][ T9102] bridge0: port 1(team0) entered disabled state [ 185.134498][ T9105] netlink: 'syz.3.1141': attribute type 10 has an invalid length. [ 185.164859][ T9105] team0: entered promiscuous mode [ 185.179593][ T9105] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.233546][ T9105] bridge0: port 1(team0) entered blocking state [ 185.239996][ T9105] bridge0: port 1(team0) entered disabled state [ 185.247942][ T9105] team0: entered allmulticast mode [ 185.674807][ T9123] netlink: 'syz.4.1147': attribute type 1 has an invalid length. [ 185.717861][ T5836] block nbd5: Receive control failed (result -107) [ 186.100587][ T9133] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 186.257863][ T9137] team0: left allmulticast mode [ 186.292367][ T9137] team0: left promiscuous mode [ 186.303330][ T9137] bridge0: port 2(team0) entered disabled state [ 186.318494][ T9137] vlan2: left allmulticast mode [ 186.324512][ T9137] erspan0: left allmulticast mode [ 186.352782][ T9137] vlan2: left promiscuous mode [ 186.357655][ T9137] erspan0: left promiscuous mode [ 186.388863][ T9137] bridge0: port 1(vlan2) entered disabled state [ 186.417910][ T9138] team0: Unable to change to the same mode the team is in [ 186.828908][ T9150] delete_channel: no stack [ 187.015165][ T9153] openvswitch: netlink: Actions may not be safe on all matching packets [ 188.624660][ T9190] __nla_validate_parse: 13 callbacks suppressed [ 188.624679][ T9190] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1173'. [ 188.681591][ T9190] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 188.778026][ T9190] lo speed is unknown, defaulting to 1000 [ 188.832951][ T5845] Bluetooth: hci4: command 0x0405 tx timeout [ 188.923304][ T9197] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1175'. [ 189.111816][ T9199] batadv_slave_1: entered promiscuous mode [ 189.323948][ T9198] batadv_slave_1: left promiscuous mode [ 189.823972][ T9212] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 190.198552][ T9221] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1185'. [ 190.360622][ T9229] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1187'. [ 190.543495][ T9235] Cannot find del_set index 65533 as target [ 190.716164][ T9243] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1194'. [ 190.757859][ T9243] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 190.789093][ T9244] batadv_slave_1: entered promiscuous mode [ 190.862788][ T9244] batadv_slave_1: entered allmulticast mode [ 190.890801][ T9244] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 190.944577][ T9249] netlink: 'syz.0.1196': attribute type 10 has an invalid length. [ 190.986270][ T9249] batman_adv: batadv0: Adding interface: team0 [ 191.002761][ T9249] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 191.062848][ T9249] netlink: 'syz.0.1196': attribute type 10 has an invalid length. [ 191.087423][ T9243] lo speed is unknown, defaulting to 1000 [ 191.142909][ T9249] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1196'. [ 191.162351][ T9249] team0: entered promiscuous mode [ 191.176152][ T9249] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.210606][ T9249] batman_adv: batadv0: Interface activated: team0 [ 191.248128][ T9249] batman_adv: batadv0: Interface deactivated: team0 [ 191.278487][ T9249] batman_adv: batadv0: Removing interface: team0 [ 191.341071][ T9263] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1196'. [ 191.384955][ T9249] bridge0: port 1(team0) entered blocking state [ 191.413085][ T9249] bridge0: port 1(team0) entered disabled state [ 191.435318][ T9249] team0: entered allmulticast mode [ 191.634145][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 191.634269][ T5842] Bluetooth: hci3: command 0x0406 tx timeout [ 191.640217][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 192.005665][ T9269] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1201'. [ 192.329599][ T9277] xt_hashlimit: size too large, truncated to 1048576 [ 192.563369][ T9280] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1203'. [ 193.190009][ T9296] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1210'. [ 193.270371][ T9303] bridge0: left promiscuous mode [ 193.290334][ T9303] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 193.299906][ T9303] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 193.309222][ T9303] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 193.318177][ T9303] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 193.344602][ T9303] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 20000 - 0 [ 193.354096][ T9303] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 20000 - 0 [ 193.378733][ T9303] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 20000 - 0 [ 193.399085][ T9303] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 20000 - 0 [ 193.432051][ T9300] macvlan4: entered promiscuous mode [ 193.546561][ T9296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.555253][ T9296] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.567098][ T9296] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 193.589944][ T9298] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 193.787610][ T9311] Cannot find add_set index 0 as target [ 194.242224][ T9330] __nla_validate_parse: 1 callbacks suppressed [ 194.242243][ T9330] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1224'. [ 194.419218][ T9338] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1228'. [ 194.484115][ T9344] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1230'. [ 194.497764][ T9344] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 194.643402][ T9348] lo speed is unknown, defaulting to 1000 [ 194.667082][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.239679][ T9366] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1239'. [ 195.781066][ T9379] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1244'. [ 196.335867][ T9393] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1250'. [ 196.389501][ T9395] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1251'. [ 196.413074][ T9395] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1251'. [ 196.633085][ T9407] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1255'. [ 196.688720][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.717375][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.259062][ T9399] 8021q: adding VLAN 0 to HW filter on device bond4 [ 197.751037][ T9431] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1261'. [ 197.955136][ T9435] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 198.226524][ T9445] bond2 (unregistering): Released all slaves [ 198.266472][ T9447] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 198.508086][ T9461] netlink: 'syz.4.1272': attribute type 10 has an invalid length. [ 198.532891][ T9461] team0: left allmulticast mode [ 198.538193][ T9461] team_slave_0: left allmulticast mode [ 198.552771][ T9461] team_slave_1: left allmulticast mode [ 198.573327][ T9469] netlink: 'syz.4.1272': attribute type 10 has an invalid length. [ 198.581302][ T9461] team0: left promiscuous mode [ 198.616958][ T9461] team_slave_0: left promiscuous mode [ 198.626578][ T9461] team_slave_1: left promiscuous mode [ 198.632405][ T9461] bridge0: port 3(team0) entered disabled state [ 198.718903][ T9461] batman_adv: batadv0: Adding interface: team0 [ 198.756786][ T9461] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 198.773045][ T9469] team0: entered promiscuous mode [ 198.780545][ T9469] team_slave_0: entered promiscuous mode [ 198.793134][ T9469] team_slave_1: entered promiscuous mode [ 198.818704][ T9469] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.833446][ T9469] batman_adv: batadv0: Interface activated: team0 [ 198.846972][ T9469] batman_adv: batadv0: Interface deactivated: team0 [ 198.978164][ T9469] batman_adv: batadv0: Removing interface: team0 [ 199.000821][ T9469] bridge0: port 3(team0) entered blocking state [ 199.039899][ T9469] bridge0: port 3(team0) entered disabled state [ 199.074060][ T9469] team0: entered allmulticast mode [ 199.104241][ T9469] team_slave_0: entered allmulticast mode [ 199.138849][ T9469] team_slave_1: entered allmulticast mode [ 199.508017][ T9490] netlink: 'syz.2.1283': attribute type 1 has an invalid length. [ 199.532779][ T9490] __nla_validate_parse: 5 callbacks suppressed [ 199.532797][ T9490] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1283'. [ 199.714542][ T9496] tipc: Started in network mode [ 199.729596][ T9496] tipc: Node identity ac14142f, cluster identity 4711 [ 199.740806][ T9496] tipc: New replicast peer: 0.0.0.0 [ 199.754769][ T9496] tipc: Enabled bearer , priority 10 [ 199.762018][ T9496] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1285'. [ 199.972893][ T9505] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 200.157501][ T9514] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1290'. [ 200.490255][ T9522] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1293'. [ 200.510267][ T9522] unsupported nlmsg_type 40 [ 200.873986][ T6053] tipc: Node number set to 2886997039 [ 200.895165][ T9532] netlink: 'syz.0.1297': attribute type 1 has an invalid length. [ 200.922879][ T9532] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1297'. [ 201.187112][ T9537] tipc: Started in network mode [ 201.192047][ T9537] tipc: Node identity ac14142f, cluster identity 4711 [ 201.244943][ T9537] tipc: New replicast peer: 0.0.0.0 [ 201.271266][ T9537] tipc: Enabled bearer , priority 10 [ 201.292130][ T9540] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1299'. [ 201.406443][ T9547] veth0_to_bridge: entered promiscuous mode [ 201.499577][ T9546] veth0_to_bridge: left promiscuous mode [ 201.597858][ T9558] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1303'. [ 201.765185][ T9564] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1306'. [ 201.802601][ T9564] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 201.959610][ T9568] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 202.064246][ T9572] netlink: 'syz.2.1309': attribute type 1 has an invalid length. [ 202.079766][ T9572] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1309'. [ 202.386300][ T6053] tipc: Node number set to 2886997039 [ 202.450919][ T9581] tipc: New replicast peer: 0.0.0.0 [ 202.477057][ T9581] tipc: Enabled bearer , priority 10 [ 202.515858][ T9585] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1312'. [ 203.146076][ T9603] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 203.156562][ T5845] Bluetooth: hci4: command 0x0405 tx timeout [ 203.582272][ T9616] tipc: Enabling of bearer rejected, already enabled [ 203.765979][ T9625] FAULT_INJECTION: forcing a failure. [ 203.765979][ T9625] name failslab, interval 1, probability 0, space 0, times 0 [ 203.809316][ T9625] CPU: 0 UID: 0 PID: 9625 Comm: syz.2.1330 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 203.809344][ T9625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 203.809354][ T9625] Call Trace: [ 203.809360][ T9625] [ 203.809369][ T9625] dump_stack_lvl+0x241/0x360 [ 203.809405][ T9625] ? __pfx_dump_stack_lvl+0x10/0x10 [ 203.809423][ T9625] ? __pfx__printk+0x10/0x10 [ 203.809443][ T9625] ? __kmalloc_cache_noprof+0x48/0x390 [ 203.809465][ T9625] ? __pfx___might_resched+0x10/0x10 [ 203.809491][ T9625] should_fail_ex+0x40a/0x550 [ 203.809518][ T9625] should_failslab+0xac/0x100 [ 203.809541][ T9625] __kmalloc_cache_noprof+0x70/0x390 [ 203.809561][ T9625] ? sctp_auth_asoc_copy_shkeys+0x13b/0x580 [ 203.809586][ T9625] sctp_auth_asoc_copy_shkeys+0x13b/0x580 [ 203.809614][ T9625] sctp_association_new+0x15ad/0x2540 [ 203.809651][ T9625] sctp_connect_new_asoc+0x2d8/0x6c0 [ 203.809677][ T9625] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 203.809697][ T9625] ? sctp_sendmsg+0xf1a/0x35d0 [ 203.809724][ T9625] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 203.809743][ T9625] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 203.809768][ T9625] sctp_sendmsg+0x1f64/0x35d0 [ 203.809814][ T9625] ? __pfx_sctp_sendmsg+0x10/0x10 [ 203.809838][ T9625] ? aa_sk_perm+0x96d/0xab0 [ 203.809875][ T9625] ? inet_sendmsg+0x330/0x390 [ 203.809897][ T9625] __sock_sendmsg+0x1a6/0x270 [ 203.809922][ T9625] ____sys_sendmsg+0x53a/0x860 [ 203.809948][ T9625] ? __pfx_____sys_sendmsg+0x10/0x10 [ 203.809964][ T9625] ? __fget_files+0x2a/0x410 [ 203.809989][ T9625] ? __fget_files+0x2a/0x410 [ 203.810018][ T9625] __sys_sendmmsg+0x36a/0x720 [ 203.810047][ T9625] ? __pfx___sys_sendmmsg+0x10/0x10 [ 203.810077][ T9625] ? __pfx_lock_release+0x10/0x10 [ 203.810097][ T9625] ? kstrtouint_from_user+0x128/0x190 [ 203.810139][ T9625] ? ksys_write+0x22a/0x2b0 [ 203.810157][ T9625] ? __pfx_lock_release+0x10/0x10 [ 203.810185][ T9625] ? sb_end_write+0xe9/0x1c0 [ 203.810206][ T9625] ? vfs_write+0x7fa/0xd10 [ 203.810225][ T9625] ? __mutex_unlock_slowpath+0x227/0x800 [ 203.810273][ T9625] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 203.810299][ T9625] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 203.810322][ T9625] ? do_syscall_64+0x100/0x230 [ 203.810345][ T9625] __x64_sys_sendmmsg+0xa0/0xb0 [ 203.810365][ T9625] do_syscall_64+0xf3/0x230 [ 203.810383][ T9625] ? clear_bhb_loop+0x35/0x90 [ 203.810407][ T9625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.810427][ T9625] RIP: 0033:0x7fdc0ef8d169 [ 203.810447][ T9625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.810461][ T9625] RSP: 002b:00007fdc0febc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 203.810485][ T9625] RAX: ffffffffffffffda RBX: 00007fdc0f1a5fa0 RCX: 00007fdc0ef8d169 [ 203.810497][ T9625] RDX: 0000000000000001 RSI: 00004000000049c0 RDI: 0000000000000003 [ 203.810508][ T9625] RBP: 00007fdc0febc090 R08: 0000000000000000 R09: 0000000000000000 [ 203.810518][ T9625] R10: 0000000030000840 R11: 0000000000000246 R12: 0000000000000001 [ 203.810528][ T9625] R13: 0000000000000000 R14: 00007fdc0f1a5fa0 R15: 00007fff7a5954d8 [ 203.810556][ T9625] [ 204.740357][ T9646] __nla_validate_parse: 2 callbacks suppressed [ 204.740378][ T9646] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1337'. [ 204.775844][ T9650] netlink: 'syz.3.1338': attribute type 4 has an invalid length. [ 204.803311][ T9646] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 204.811369][ T9650] netlink: 'syz.3.1338': attribute type 4 has an invalid length. [ 204.917645][ T9646] lo speed is unknown, defaulting to 1000 [ 204.956098][ T9649] dvmrp5: entered allmulticast mode [ 205.041282][ T9649] dvmrp5: left allmulticast mode [ 205.806944][ T9676] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1346'. [ 205.927265][ T9682] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.1347'. [ 206.076709][ T9688] netlink: 'syz.4.1350': attribute type 1 has an invalid length. [ 206.086920][ T9690] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1351'. [ 206.167419][ T9688] 8021q: adding VLAN 0 to HW filter on device bond6 [ 206.177188][ T9688] bond5: (slave bond6): making interface the new active one [ 206.195319][ T9688] bond5: (slave bond6): Enslaving as an active interface with an up link [ 206.489142][ T9707] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1356'. [ 206.502606][ T9707] nbd: nbd0 already in use [ 206.833975][ T9718] netlink: 'syz.4.1360': attribute type 10 has an invalid length. [ 206.876753][ T9718] team0: left allmulticast mode [ 206.881679][ T9718] team_slave_0: left allmulticast mode [ 206.923013][ T9718] team_slave_1: left allmulticast mode [ 206.992789][ T9719] netlink: 'syz.4.1360': attribute type 10 has an invalid length. [ 207.003129][ T9721] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.1361'. [ 207.029086][ T9719] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1360'. [ 207.038344][ T9718] team0: left promiscuous mode [ 207.043737][ T9718] team_slave_0: left promiscuous mode [ 207.059835][ T9718] team_slave_1: left promiscuous mode [ 207.073133][ T9718] bridge0: port 3(team0) entered disabled state [ 207.091841][ T9718] batman_adv: batadv0: Adding interface: team0 [ 207.112878][ T9718] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 207.160947][ T9719] team0: entered promiscuous mode [ 207.215025][ T9718] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1360'. [ 207.226178][ T9728] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1363'. [ 207.269074][ T9719] team_slave_0: entered promiscuous mode [ 207.288406][ T9719] team_slave_1: entered promiscuous mode [ 207.298447][ T9719] 8021q: adding VLAN 0 to HW filter on device team0 [ 207.308996][ T9719] batman_adv: batadv0: Interface activated: team0 [ 207.316188][ T9719] batman_adv: batadv0: Interface deactivated: team0 [ 207.323500][ T9719] batman_adv: batadv0: Removing interface: team0 [ 207.331842][ T9719] bridge0: port 3(team0) entered blocking state [ 207.342089][ T9719] bridge0: port 3(team0) entered disabled state [ 207.353100][ T9719] team0: entered allmulticast mode [ 207.358422][ T9719] team_slave_0: entered allmulticast mode [ 207.364637][ T9719] team_slave_1: entered allmulticast mode [ 207.376158][ T9728] FAULT_INJECTION: forcing a failure. [ 207.376158][ T9728] name failslab, interval 1, probability 0, space 0, times 0 [ 207.397211][ T9728] CPU: 0 UID: 0 PID: 9728 Comm: syz.3.1363 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 207.397237][ T9728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 207.397247][ T9728] Call Trace: [ 207.397254][ T9728] [ 207.397261][ T9728] dump_stack_lvl+0x241/0x360 [ 207.397288][ T9728] ? __pfx_dump_stack_lvl+0x10/0x10 [ 207.397328][ T9728] ? __pfx__printk+0x10/0x10 [ 207.397356][ T9728] should_fail_ex+0x40a/0x550 [ 207.397384][ T9728] should_failslab+0xac/0x100 [ 207.397407][ T9728] __kmalloc_cache_noprof+0x70/0x390 [ 207.397427][ T9728] ? __hw_addr_add_ex+0x1fb/0x760 [ 207.397448][ T9728] __hw_addr_add_ex+0x1fb/0x760 [ 207.397473][ T9728] dev_addr_init+0x157/0x240 [ 207.397493][ T9728] ? __pfx_dev_addr_init+0x10/0x10 [ 207.397514][ T9728] ? read_word_at_a_time+0xe/0x20 [ 207.397540][ T9728] alloc_netdev_mqs+0x307/0x1210 [ 207.397558][ T9728] ? __pfx_vxlan_setup+0x10/0x10 [ 207.397584][ T9728] rtnl_create_link+0x2f9/0xc90 [ 207.397610][ T9728] rtnl_newlink_create+0x2e1/0xbd0 [ 207.397639][ T9728] ? __mutex_lock+0x602/0x1010 [ 207.397662][ T9728] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 207.397689][ T9728] ? __pfx___mutex_lock+0x10/0x10 [ 207.397718][ T9728] ? ns_capable+0x8a/0xf0 [ 207.397749][ T9728] rtnl_newlink+0x167a/0x1d90 [ 207.397773][ T9728] ? stack_depot_save_flags+0x37/0x940 [ 207.397810][ T9728] ? __pfx_rtnl_newlink+0x10/0x10 [ 207.397829][ T9728] ? __netlink_deliver_tap+0x561/0x7f0 [ 207.397851][ T9728] ? __pfx_validate_chain+0x10/0x10 [ 207.397867][ T9728] ? __sock_sendmsg+0x221/0x270 [ 207.397885][ T9728] ? ____sys_sendmsg+0x53a/0x860 [ 207.397900][ T9728] ? __sys_sendmmsg+0x36a/0x720 [ 207.397914][ T9728] ? __x64_sys_sendmmsg+0xa0/0xb0 [ 207.397929][ T9728] ? do_syscall_64+0xf3/0x230 [ 207.397946][ T9728] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.397987][ T9728] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 207.398013][ T9728] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 207.398044][ T9728] ? mark_lock+0x9a/0x360 [ 207.398064][ T9728] ? __lock_acquire+0x1397/0x2100 [ 207.398119][ T9728] ? __pfx_lock_release+0x10/0x10 [ 207.398156][ T9728] ? __pfx_rtnl_newlink+0x10/0x10 [ 207.398183][ T9728] rtnetlink_rcv_msg+0x791/0xcf0 [ 207.398203][ T9728] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 207.398230][ T9728] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 207.398259][ T9728] ? ref_tracker_free+0x643/0x7e0 [ 207.398281][ T9728] netlink_rcv_skb+0x206/0x480 [ 207.398304][ T9728] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 207.398327][ T9728] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 207.398372][ T9728] ? netlink_deliver_tap+0x2e/0x1b0 [ 207.398396][ T9728] netlink_unicast+0x7f6/0x990 [ 207.398425][ T9728] ? __pfx_netlink_unicast+0x10/0x10 [ 207.398442][ T9728] ? __virt_addr_valid+0x45f/0x530 [ 207.398459][ T9728] ? __phys_addr_symbol+0x2f/0x70 [ 207.398474][ T9728] ? __check_object_size+0x47a/0x730 [ 207.398498][ T9728] netlink_sendmsg+0x8de/0xcb0 [ 207.398532][ T9728] ? __pfx_netlink_sendmsg+0x10/0x10 [ 207.398557][ T9728] ? aa_sock_msg_perm+0x91/0x160 [ 207.398586][ T9728] ? __pfx_netlink_sendmsg+0x10/0x10 [ 207.398604][ T9728] __sock_sendmsg+0x221/0x270 [ 207.398628][ T9728] ____sys_sendmsg+0x53a/0x860 [ 207.398654][ T9728] ? __pfx_____sys_sendmsg+0x10/0x10 [ 207.398669][ T9728] ? __fget_files+0x2a/0x410 [ 207.398695][ T9728] ? __fget_files+0x2a/0x410 [ 207.398725][ T9728] __sys_sendmmsg+0x36a/0x720 [ 207.398760][ T9728] ? __pfx___sys_sendmmsg+0x10/0x10 [ 207.398791][ T9728] ? __pfx_lock_release+0x10/0x10 [ 207.398810][ T9728] ? kstrtouint_from_user+0x128/0x190 [ 207.398854][ T9728] ? ksys_write+0x22a/0x2b0 [ 207.398871][ T9728] ? __pfx_lock_release+0x10/0x10 [ 207.398900][ T9728] ? sb_end_write+0xe9/0x1c0 [ 207.398921][ T9728] ? vfs_write+0x7fa/0xd10 [ 207.398942][ T9728] ? __mutex_unlock_slowpath+0x227/0x800 [ 207.398990][ T9728] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 207.399015][ T9728] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 207.399039][ T9728] ? do_syscall_64+0x100/0x230 [ 207.399061][ T9728] __x64_sys_sendmmsg+0xa0/0xb0 [ 207.399080][ T9728] do_syscall_64+0xf3/0x230 [ 207.399099][ T9728] ? clear_bhb_loop+0x35/0x90 [ 207.399122][ T9728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.399142][ T9728] RIP: 0033:0x7ff89338d169 [ 207.399156][ T9728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 207.399170][ T9728] RSP: 002b:00007ff8942a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 207.399189][ T9728] RAX: ffffffffffffffda RBX: 00007ff8935a5fa0 RCX: 00007ff89338d169 [ 207.399201][ T9728] RDX: 0492492492492627 RSI: 00004000000000c0 RDI: 0000000000000003 [ 207.399212][ T9728] RBP: 00007ff8942a0090 R08: 0000000000000000 R09: 0000000000000000 [ 207.399222][ T9728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 207.399232][ T9728] R13: 0000000000000000 R14: 00007ff8935a5fa0 R15: 00007fffed5905f8 [ 207.399260][ T9728] [ 208.430925][ T9744] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 208.734183][ T9754] 8021q: adding VLAN 0 to HW filter on device bond1 [ 208.744497][ T9754] bond0: (slave bond1): Enslaving as an active interface with an up link [ 208.846704][ T9757] 8021q: adding VLAN 0 to HW filter on device bond1 [ 208.880142][ T9757] bond1: entered promiscuous mode [ 208.895007][ T9757] bond1: entered allmulticast mode [ 208.917913][ T9757] team0: Port device bond1 added [ 209.681373][ T9796] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1383'. [ 209.713480][ T9796] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 209.826584][ T9802] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1383'. [ 209.917389][ T9805] lo speed is unknown, defaulting to 1000 [ 210.899235][ T9814] lo speed is unknown, defaulting to 1000 [ 210.954714][ T9829] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 211.529834][ T9843] sctp: [Deprecated]: syz.0.1399 (pid 9843) Use of struct sctp_assoc_value in delayed_ack socket option. [ 211.529834][ T9843] Use struct sctp_sack_info instead [ 211.644117][ T9848] netlink: 'syz.3.1400': attribute type 10 has an invalid length. [ 212.743605][ T9870] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1409'. [ 212.780487][ T9870] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 212.864595][ T9873] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1409'. [ 212.953485][ T9873] lo speed is unknown, defaulting to 1000 [ 213.783064][ T5836] Bluetooth: hci4: command 0x0405 tx timeout [ 214.105869][ T9904] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.1424'. [ 214.321428][ T9914] openvswitch: netlink: Actions may not be safe on all matching packets [ 214.402298][ T9917] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1430'. [ 215.130695][ T9939] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1437'. [ 215.192467][ T9939] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 215.326258][ T9939] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1437'. [ 215.343054][ T9946] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1441'. [ 215.362535][ T9946] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1441'. [ 215.383113][ T9946] netlink: 'syz.2.1441': attribute type 1 has an invalid length. [ 215.390902][ T9946] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1441'. [ 215.418248][ T9939] lo speed is unknown, defaulting to 1000 [ 215.496062][ T5845] block nbd6: Receive control failed (result -107) [ 216.235820][ T9975] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.1449'. [ 218.662838][T10001] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1457'. [ 218.703685][T10001] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1457'. [ 218.753987][T10001] netlink: 'syz.4.1457': attribute type 1 has an invalid length. [ 218.769397][T10001] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1457'. [ 218.816595][ T5845] block nbd7: Receive control failed (result -107) [ 219.235844][T10034] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1468'. [ 219.664932][T10055] Cannot find del_set index 65533 as target [ 219.896647][T10068] netlink: 'syz.1.1484': attribute type 72 has an invalid length. [ 219.896827][T10069] team0: left allmulticast mode [ 219.922178][T10069] bridge0: port 1(team0) entered disabled state [ 219.957199][T10069] bond0: (slave bond1): Releasing backup interface [ 220.004213][T10074] team0: Unable to change to the same mode the team is in [ 220.027711][T10073] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (511) [ 220.080300][T10073] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255 [ 220.133562][T10073] netlink: 'syz.4.1487': attribute type 10 has an invalid length. [ 220.206694][T10073] team0: left allmulticast mode [ 220.214513][T10073] team_slave_0: left allmulticast mode [ 220.235061][T10073] team_slave_1: left allmulticast mode [ 220.250879][T10073] team0: left promiscuous mode [ 220.265125][T10073] team_slave_0: left promiscuous mode [ 220.292454][T10073] team_slave_1: left promiscuous mode [ 220.299852][T10090] __nla_validate_parse: 3 callbacks suppressed [ 220.299873][T10090] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1493'. [ 220.325047][T10073] bridge0: port 3(team0) entered disabled state [ 220.354323][T10073] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.362455][T10073] bond0: (slave team0): Enslaving as an active interface with an up link [ 220.386201][T10085] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1492'. [ 220.499154][T10095] netlink: 'syz.1.1495': attribute type 11 has an invalid length. [ 220.592163][T10099] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.1498'. [ 220.758648][T10112] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1502'. [ 220.859563][T10118] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1504'. [ 220.870236][T10118] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 220.880765][T10119] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1505'. [ 220.951332][T10124] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1504'. [ 221.085377][T10124] lo speed is unknown, defaulting to 1000 [ 221.433927][T10137] 8021q: adding VLAN 0 to HW filter on device bond3 [ 221.444488][T10137] bond0: (slave bond3): Enslaving as an active interface with an up link [ 221.623917][T10140] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1511'. [ 221.657410][T10142] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1512'. [ 221.815159][T10126] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 222.127418][T10158] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1518'. [ 222.276024][T10163] xt_TCPMSS: Only works on TCP SYN packets [ 222.646945][T10186] lo speed is unknown, defaulting to 1000 [ 222.713430][T10189] tipc: Enabled bearer , priority 0 [ 222.758905][T10189] tipc: Resetting bearer [ 222.793247][T10188] tipc: Resetting bearer [ 225.072450][T10188] tipc: Disabling bearer [ 225.316487][T10214] __nla_validate_parse: 4 callbacks suppressed [ 225.316506][T10214] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1540'. [ 225.403099][T10214] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1540'. [ 225.515520][T10223] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1545'. [ 226.031466][T10247] dccp_close: ABORT with 64 bytes unread [ 226.066854][T10254] vlan4: entered allmulticast mode [ 226.072045][T10254] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode [ 226.116976][T10254] mac80211_hwsim hwsim10 wlan0: left allmulticast mode [ 226.391436][T10269] sctp: [Deprecated]: syz.3.1565 (pid 10269) Use of struct sctp_assoc_value in delayed_ack socket option. [ 226.391436][T10269] Use struct sctp_sack_info instead [ 226.645519][T10282] bridge0: port 2(syz_tun) entered blocking state [ 226.652268][T10282] bridge0: port 2(syz_tun) entered disabled state [ 226.659243][T10282] syz_tun: entered allmulticast mode [ 226.671861][T10282] syz_tun: entered promiscuous mode [ 227.198172][T10310] sch_tbf: burst 4398 is lower than device lo mtu (11337746) ! [ 227.200326][T10314] xt_hashlimit: size too large, truncated to 1048576 [ 227.373729][T10320] vlan0: entered promiscuous mode [ 228.096604][T10364] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1590'. [ 228.166727][T10368] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1591'. [ 228.331969][T10375] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1595'. [ 228.480267][T10382] netlink: 'syz.0.1598': attribute type 10 has an invalid length. [ 228.504752][T10389] netlink: 'syz.3.1600': attribute type 1 has an invalid length. [ 228.531110][T10386] netlink: 'syz.0.1598': attribute type 10 has an invalid length. [ 228.543009][T10389] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1600'. [ 228.559197][T10386] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1598'. [ 228.626683][T10382] team0: left promiscuous mode [ 228.650426][T10382] batman_adv: batadv0: Adding interface: team0 [ 228.656833][T10382] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 228.718439][T10386] team0: entered promiscuous mode [ 228.749488][T10386] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.790983][T10397] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1598'. [ 228.833291][T10386] batman_adv: batadv0: Interface activated: team0 [ 228.902825][T10386] batman_adv: batadv0: Interface deactivated: team0 [ 228.925646][T10386] batman_adv: batadv0: Removing interface: team0 [ 228.957978][T10386] bridge0: port 1(team0) entered blocking state [ 228.977718][T10386] bridge0: port 1(team0) entered disabled state [ 229.053940][T10386] team0: entered allmulticast mode [ 229.333663][T10425] bond0: entered promiscuous mode [ 229.334040][T10424] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1609'. [ 229.349055][T10425] bond_slave_0: entered promiscuous mode [ 229.359306][T10425] bond_slave_1: entered promiscuous mode [ 229.378967][T10425] bond3: entered promiscuous mode [ 229.413871][T10423] bond0: left promiscuous mode [ 229.418883][T10423] bond_slave_0: left promiscuous mode [ 229.446811][T10423] bond_slave_1: left promiscuous mode [ 229.452551][T10423] bond3: left promiscuous mode [ 232.589451][T10452] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 232.709289][T10459] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1623'. [ 232.891358][T10468] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.1626'. [ 233.210582][T10483] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1632'. [ 233.529343][T10499] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1639'. [ 233.603364][T10501] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.1640'. [ 233.707766][T10510] FAULT_INJECTION: forcing a failure. [ 233.707766][T10510] name failslab, interval 1, probability 0, space 0, times 0 [ 233.739516][T10509] tipc: Enabled bearer , priority 0 [ 233.740591][T10510] CPU: 0 UID: 0 PID: 10510 Comm: syz.1.1644 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 233.740616][T10510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 233.740626][T10510] Call Trace: [ 233.740633][T10510] [ 233.740644][T10510] dump_stack_lvl+0x241/0x360 [ 233.740672][T10510] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.740690][T10510] ? __pfx__printk+0x10/0x10 [ 233.740709][T10510] ? __kmalloc_cache_noprof+0x48/0x390 [ 233.740730][T10510] ? __pfx___might_resched+0x10/0x10 [ 233.740754][T10510] should_fail_ex+0x40a/0x550 [ 233.740780][T10510] should_failslab+0xac/0x100 [ 233.740803][T10510] __kmalloc_cache_noprof+0x70/0x390 [ 233.740822][T10510] ? genl_start+0x1cb/0x6d0 [ 233.740843][T10510] genl_start+0x1cb/0x6d0 [ 233.740869][T10510] __netlink_dump_start+0x45c/0x790 [ 233.740898][T10510] genl_rcv_msg+0x894/0xec0 [ 233.740935][T10510] ? __pfx_genl_rcv_msg+0x10/0x10 [ 233.740959][T10510] ? __pfx_genl_start+0x10/0x10 [ 233.740974][T10510] ? __pfx_genl_dumpit+0x10/0x10 [ 233.740997][T10510] ? __pfx_genl_done+0x10/0x10 [ 233.741028][T10510] ? __pfx_lock_acquire+0x10/0x10 [ 233.741050][T10510] ? __pfx_tipc_nl_media_dump+0x10/0x10 [ 233.741088][T10510] ? __pfx___might_resched+0x10/0x10 [ 233.741117][T10510] netlink_rcv_skb+0x206/0x480 [ 233.741138][T10510] ? __pfx_genl_rcv_msg+0x10/0x10 [ 233.741156][T10510] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 233.741204][T10510] genl_rcv+0x28/0x40 [ 233.741219][T10510] netlink_unicast+0x7f6/0x990 [ 233.741247][T10510] ? __pfx_netlink_unicast+0x10/0x10 [ 233.741263][T10510] ? __virt_addr_valid+0x45f/0x530 [ 233.741279][T10510] ? __phys_addr_symbol+0x2f/0x70 [ 233.741294][T10510] ? __check_object_size+0x47a/0x730 [ 233.741319][T10510] netlink_sendmsg+0x8de/0xcb0 [ 233.741351][T10510] ? __pfx_netlink_sendmsg+0x10/0x10 [ 233.741376][T10510] ? aa_sock_msg_perm+0x91/0x160 [ 233.741403][T10510] ? __pfx_netlink_sendmsg+0x10/0x10 [ 233.741423][T10510] __sock_sendmsg+0x221/0x270 [ 233.741447][T10510] ____sys_sendmsg+0x53a/0x860 [ 233.741472][T10510] ? __pfx_____sys_sendmsg+0x10/0x10 [ 233.741487][T10510] ? __fget_files+0x2a/0x410 [ 233.741511][T10510] ? __fget_files+0x2a/0x410 [ 233.741540][T10510] __sys_sendmsg+0x269/0x350 [ 233.741562][T10510] ? __pfx___sys_sendmsg+0x10/0x10 [ 233.741592][T10510] ? do_sys_openat2+0x17a/0x1d0 [ 233.741638][T10510] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 233.741661][T10510] ? do_syscall_64+0x100/0x230 [ 233.741682][T10510] ? do_syscall_64+0xb6/0x230 [ 233.741703][T10510] do_syscall_64+0xf3/0x230 [ 233.741721][T10510] ? clear_bhb_loop+0x35/0x90 [ 233.741744][T10510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.741764][T10510] RIP: 0033:0x7f61e4f8d169 [ 233.741780][T10510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.741793][T10510] RSP: 002b:00007f61e5db3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 233.741810][T10510] RAX: ffffffffffffffda RBX: 00007f61e51a5fa0 RCX: 00007f61e4f8d169 [ 233.741822][T10510] RDX: 0000000000000080 RSI: 0000400000000740 RDI: 0000000000000003 [ 233.741832][T10510] RBP: 00007f61e5db3090 R08: 0000000000000000 R09: 0000000000000000 [ 233.741842][T10510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.741851][T10510] R13: 0000000000000000 R14: 00007f61e51a5fa0 R15: 00007ffc6353e788 [ 233.741879][T10510] [ 234.198573][T10516] syzkaller0: entered promiscuous mode [ 234.220619][T10516] syzkaller0: entered allmulticast mode [ 234.228525][T10516] tipc: Resetting bearer [ 234.277755][T10508] tipc: Resetting bearer [ 234.577903][T10533] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1650'. [ 236.404272][T10508] tipc: Disabling bearer [ 236.703088][T10541] netlink: 'syz.2.1655': attribute type 72 has an invalid length. [ 236.708639][T10543] netlink: 'syz.4.1656': attribute type 1 has an invalid length. [ 236.736418][T10547] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 236.748198][T10543] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1656'. [ 236.842376][T10549] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1654'. [ 236.871792][T10549] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1654'. [ 236.892431][T10549] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1654'. [ 236.925057][T10549] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 236.941605][T10550] syzkaller1: entered promiscuous mode [ 236.947819][T10550] syzkaller1: entered allmulticast mode [ 236.962542][T10557] sctp: [Deprecated]: syz.4.1660 (pid 10557) Use of int in max_burst socket option. [ 236.962542][T10557] Use struct sctp_assoc_value instead [ 237.144457][T10560] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 237.233242][T10568] netlink: 'syz.3.1662': attribute type 3 has an invalid length. [ 237.261144][T10563] netlink: 'syz.0.1663': attribute type 72 has an invalid length. [ 237.347682][T10568] lo speed is unknown, defaulting to 1000 [ 237.673646][T10583] netlink: 'syz.0.1670': attribute type 72 has an invalid length. [ 238.013410][T10592] gretap0: left allmulticast mode [ 238.018601][T10592] gretap0: left promiscuous mode [ 238.076208][T10592] bridge0: port 3(gretap0) entered disabled state [ 238.112355][T10592] bridge_slave_0: left allmulticast mode [ 238.122888][T10592] bridge_slave_0: left promiscuous mode [ 238.140028][T10592] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.160709][T10592] bridge_slave_1: left allmulticast mode [ 238.180143][T10592] bridge_slave_1: left promiscuous mode [ 238.198850][T10592] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.243556][T10592] bond0: (slave bond_slave_0): Releasing backup interface [ 238.275061][T10592] bond0: (slave bond_slave_1): Releasing backup interface [ 238.300139][T10592] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 238.330697][T10592] bond0: (slave bond3): Releasing backup interface [ 238.747470][T10605] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 239.127313][T10623] netlink: 'syz.1.1684': attribute type 72 has an invalid length. [ 239.151086][T10627] bridge0: port 4(syz_tun) entered blocking state [ 239.165898][T10627] bridge0: port 4(syz_tun) entered disabled state [ 239.178810][T10627] syz_tun: entered promiscuous mode [ 239.247308][T10631] FAULT_INJECTION: forcing a failure. [ 239.247308][T10631] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 239.266441][T10631] CPU: 1 UID: 0 PID: 10631 Comm: syz.1.1687 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 239.266465][T10631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 239.266484][T10631] Call Trace: [ 239.266489][T10631] [ 239.266496][T10631] dump_stack_lvl+0x241/0x360 [ 239.266520][T10631] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.266535][T10631] ? __pfx__printk+0x10/0x10 [ 239.266558][T10631] ? snprintf+0xda/0x120 [ 239.266578][T10631] should_fail_ex+0x40a/0x550 [ 239.266603][T10631] _copy_to_user+0x31/0xb0 [ 239.266622][T10631] simple_read_from_buffer+0xca/0x150 [ 239.266644][T10631] proc_fail_nth_read+0x1e9/0x250 [ 239.266665][T10631] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 239.266686][T10631] ? rw_verify_area+0x243/0x630 [ 239.266700][T10631] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 239.266720][T10631] vfs_read+0x1f8/0xb40 [ 239.266736][T10631] ? fdget_pos+0x254/0x320 [ 239.266755][T10631] ? __pfx___mutex_lock+0x10/0x10 [ 239.266772][T10631] ? __pfx_vfs_read+0x10/0x10 [ 239.266788][T10631] ? __fget_files+0x2a/0x410 [ 239.266808][T10631] ? __fget_files+0x395/0x410 [ 239.266826][T10631] ? __fget_files+0x2a/0x410 [ 239.266853][T10631] ksys_read+0x18f/0x2b0 [ 239.266869][T10631] ? __pfx_ksys_read+0x10/0x10 [ 239.266885][T10631] ? do_syscall_64+0x100/0x230 [ 239.266907][T10631] ? do_syscall_64+0xb6/0x230 [ 239.266927][T10631] do_syscall_64+0xf3/0x230 [ 239.266945][T10631] ? clear_bhb_loop+0x35/0x90 [ 239.266969][T10631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.266989][T10631] RIP: 0033:0x7f61e4f8bb7c [ 239.267003][T10631] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 239.267014][T10631] RSP: 002b:00007f61e5db3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 239.267030][T10631] RAX: ffffffffffffffda RBX: 00007f61e51a5fa0 RCX: 00007f61e4f8bb7c [ 239.267041][T10631] RDX: 000000000000000f RSI: 00007f61e5db30a0 RDI: 0000000000000004 [ 239.267050][T10631] RBP: 00007f61e5db3090 R08: 0000000000000000 R09: 0000000000000000 [ 239.267058][T10631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 239.267067][T10631] R13: 0000000000000000 R14: 00007f61e51a5fa0 R15: 00007ffc6353e788 [ 239.267093][T10631] [ 239.301771][T10635] __nla_validate_parse: 10 callbacks suppressed [ 239.301789][T10635] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1689'. [ 239.584010][T10635] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 239.656192][ T6048] IPVS: starting estimator thread 0... [ 239.742868][T10650] IPVS: using max 26 ests per chain, 62400 per kthread [ 239.745609][T10636] lo speed is unknown, defaulting to 1000 [ 239.767383][T10654] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.1695'. [ 239.852274][T10659] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1697'. [ 239.942089][T10661] netlink: 'syz.1.1699': attribute type 9 has an invalid length. [ 239.993317][T10661] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1699'. [ 240.021516][T10661] macvlan5: entered promiscuous mode [ 240.046175][T10661] macvlan5: entered allmulticast mode [ 240.056675][T10664] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1700'. [ 240.077614][T10664] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1700'. [ 240.143899][T10664] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1700'. [ 240.181254][T10666] 8021q: adding VLAN 0 to HW filter on device bond3 [ 240.191572][T10666] bond0: (slave bond3): Enslaving as an active interface with an up link [ 240.248228][T10670] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1700'. [ 240.782148][ T974] IPVS: starting estimator thread 0... [ 240.838374][T10699] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1712'. [ 240.848298][T10697] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 240.877283][T10700] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 240.886586][T10694] IPVS: using max 27 ests per chain, 64800 per kthread [ 241.239875][T10719] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1719'. [ 241.249431][T10719] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 241.330528][T10720] lo speed is unknown, defaulting to 1000 [ 242.488012][T10762] netlink: 'syz.0.1732': attribute type 10 has an invalid length. [ 242.514075][T10762] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 242.527264][T10762] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 242.536611][T10762] team0: Port device netdevsim0 added [ 242.921846][T10770] nbd: must specify a device to reconfigure [ 243.122166][T10783] netlink: 'syz.3.1741': attribute type 1 has an invalid length. [ 243.155983][T10772] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 243.184848][ T5845] block nbd8: Receive control failed (result -107) [ 243.332809][T10793] FAULT_INJECTION: forcing a failure. [ 243.332809][T10793] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 243.346389][T10793] CPU: 1 UID: 0 PID: 10793 Comm: syz.3.1747 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 243.346411][T10793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 243.346421][T10793] Call Trace: [ 243.346426][T10793] [ 243.346433][T10793] dump_stack_lvl+0x241/0x360 [ 243.346468][T10793] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.346485][T10793] ? __pfx__printk+0x10/0x10 [ 243.346503][T10793] ? __pfx_lock_release+0x10/0x10 [ 243.346532][T10793] should_fail_ex+0x40a/0x550 [ 243.346561][T10793] _copy_from_user+0x2d/0xb0 [ 243.346580][T10793] copy_msghdr_from_user+0xae/0x680 [ 243.346601][T10793] ? __pfx___might_resched+0x10/0x10 [ 243.346622][T10793] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 243.346645][T10793] ? do_recvmmsg+0x44e/0xab0 [ 243.346661][T10793] ? __might_fault+0xaa/0x120 [ 243.346680][T10793] do_recvmmsg+0x3bd/0xab0 [ 243.346709][T10793] ? __pfx_do_recvmmsg+0x10/0x10 [ 243.346744][T10793] ? ksys_write+0x22a/0x2b0 [ 243.346760][T10793] ? __pfx_lock_release+0x10/0x10 [ 243.346785][T10793] ? sb_end_write+0xe9/0x1c0 [ 243.346803][T10793] ? vfs_write+0x7fa/0xd10 [ 243.346820][T10793] ? __mutex_unlock_slowpath+0x227/0x800 [ 243.346845][T10793] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 243.346862][T10793] ? __fget_files+0x2a/0x410 [ 243.346894][T10793] __x64_sys_recvmmsg+0x199/0x250 [ 243.346913][T10793] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 243.346932][T10793] ? do_syscall_64+0x100/0x230 [ 243.346953][T10793] ? do_syscall_64+0xb6/0x230 [ 243.346972][T10793] do_syscall_64+0xf3/0x230 [ 243.346990][T10793] ? clear_bhb_loop+0x35/0x90 [ 243.347013][T10793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.347033][T10793] RIP: 0033:0x7ff89338d169 [ 243.347048][T10793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.347062][T10793] RSP: 002b:00007ff8942a0038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 243.347080][T10793] RAX: ffffffffffffffda RBX: 00007ff8935a5fa0 RCX: 00007ff89338d169 [ 243.347092][T10793] RDX: 03ffffffffffff67 RSI: 0000400000002440 RDI: 0000000000000004 [ 243.347103][T10793] RBP: 00007ff8942a0090 R08: 0000000000000000 R09: 0000000000000000 [ 243.347112][T10793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 243.347122][T10793] R13: 0000000000000000 R14: 00007ff8935a5fa0 R15: 00007fffed5905f8 [ 243.347147][T10793] [ 243.662535][T10800] netlink: 'syz.3.1749': attribute type 10 has an invalid length. [ 243.678055][T10800] veth1_macvtap: left promiscuous mode [ 243.701413][T10800] team0: Device veth1_macvtap failed to register rx_handler [ 243.798761][T10800] netlink: 'syz.3.1749': attribute type 1 has an invalid length. [ 244.086790][T10807] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 244.114323][T10814] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 244.429763][T10830] FAULT_INJECTION: forcing a failure. [ 244.429763][T10830] name failslab, interval 1, probability 0, space 0, times 0 [ 244.443017][T10831] netlink: 'syz.0.1760': attribute type 1 has an invalid length. [ 244.443043][T10831] __nla_validate_parse: 10 callbacks suppressed [ 244.443053][T10831] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1760'. [ 244.483263][T10830] CPU: 1 UID: 0 PID: 10830 Comm: syz.3.1759 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 244.483291][T10830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 244.483300][T10830] Call Trace: [ 244.483306][T10830] [ 244.483313][T10830] dump_stack_lvl+0x241/0x360 [ 244.483339][T10830] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.483355][T10830] ? __pfx__printk+0x10/0x10 [ 244.483371][T10830] ? __kmalloc_cache_node_noprof+0x47/0x3a0 [ 244.483393][T10830] ? __pfx___might_resched+0x10/0x10 [ 244.483413][T10830] should_fail_ex+0x40a/0x550 [ 244.483438][T10830] should_failslab+0xac/0x100 [ 244.483457][T10830] ? page_pool_create_percpu+0x77/0xb70 [ 244.483473][T10830] __kmalloc_cache_node_noprof+0x6f/0x3a0 [ 244.483493][T10830] ? rcu_is_watching+0x15/0xb0 [ 244.483511][T10830] page_pool_create_percpu+0x77/0xb70 [ 244.483533][T10830] bpf_test_run_xdp_live+0x2e6/0x2220 [ 244.483553][T10830] ? __pfx_lock_release+0x10/0x10 [ 244.483578][T10830] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 244.483595][T10830] ? __pfx___might_resched+0x10/0x10 [ 244.483616][T10830] ? __mutex_unlock_slowpath+0x227/0x800 [ 244.483642][T10830] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 244.483658][T10830] ? synchronize_rcu+0x11b/0x360 [ 244.483675][T10830] ? __pfx_synchronize_rcu+0x10/0x10 [ 244.483710][T10830] ? __pfx_bpf_dispatcher_change_prog+0x10/0x10 [ 244.483730][T10830] ? 0xffffffffa000095c [ 244.483742][T10830] ? 0xffffffffa0001f94 [ 244.483753][T10830] ? 0xffffffffa0001fd0 [ 244.483764][T10830] ? 0xffffffffa0002018 [ 244.483790][T10830] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 244.483824][T10830] ? _copy_from_user+0x95/0xb0 [ 244.483843][T10830] ? bpf_test_init+0x137/0x160 [ 244.483859][T10830] ? xdp_convert_md_to_buff+0x5b/0x330 [ 244.483879][T10830] bpf_prog_test_run_xdp+0x805/0x11e0 [ 244.483903][T10830] ? __pfx_lock_release+0x10/0x10 [ 244.483930][T10830] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 244.483949][T10830] ? __fget_files+0x2a/0x410 [ 244.483971][T10830] ? __fget_files+0x2a/0x410 [ 244.484001][T10830] ? fput+0x21b/0x290 [ 244.484019][T10830] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 244.484038][T10830] bpf_prog_test_run+0x2e4/0x360 [ 244.484062][T10830] __sys_bpf+0x487/0x820 [ 244.484082][T10830] ? __pfx___sys_bpf+0x10/0x10 [ 244.484112][T10830] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 244.484134][T10830] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 244.484155][T10830] ? do_syscall_64+0x100/0x230 [ 244.484176][T10830] __x64_sys_bpf+0x7c/0x90 [ 244.484194][T10830] do_syscall_64+0xf3/0x230 [ 244.484210][T10830] ? clear_bhb_loop+0x35/0x90 [ 244.484232][T10830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.484250][T10830] RIP: 0033:0x7ff89338d169 [ 244.484264][T10830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.484277][T10830] RSP: 002b:00007ff8942a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 244.484297][T10830] RAX: ffffffffffffffda RBX: 00007ff8935a5fa0 RCX: 00007ff89338d169 [ 244.484308][T10830] RDX: 0000000000000050 RSI: 0000400000000600 RDI: 000000000000000a [ 244.484318][T10830] RBP: 00007ff8942a0090 R08: 0000000000000000 R09: 0000000000000000 [ 244.484326][T10830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 244.484335][T10830] R13: 0000000000000000 R14: 00007ff8935a5fa0 R15: 00007fffed5905f8 [ 244.484359][T10830] [ 245.327624][T10859] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1772'. [ 245.416868][T10865] netlink: 'syz.0.1775': attribute type 1 has an invalid length. [ 245.429736][T10865] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1775'. [ 245.526585][T10870] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1777'. [ 245.720471][T10878] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1781'. [ 245.730434][T10878] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 245.856313][T10881] lo speed is unknown, defaulting to 1000 [ 245.897863][T10884] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1783'. [ 245.958241][T10884] openvswitch: netlink: Key 6 has unexpected len 4 expected 2 [ 246.029169][T10884] netlink: 'syz.3.1783': attribute type 3 has an invalid length. [ 246.037142][T10884] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1783'. [ 246.112140][T10888] lo speed is unknown, defaulting to 1000 [ 247.091869][T10917] netlink: 'syz.0.1793': attribute type 11 has an invalid length. [ 247.130533][T10917] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1793'. [ 247.147657][T10917] ipvlan2: entered promiscuous mode [ 247.179943][T10917] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 247.419319][T10925] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1797'. [ 247.984206][T10951] RDS: rds_bind could not find a transport for 100:806:aaaa:aaaa:aaaa::, load rds_tcp or rds_rdma? [ 248.015975][T10951] netlink: 'syz.4.1809': attribute type 1 has an invalid length. [ 248.056643][T10953] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1810'. [ 248.079593][T10953] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 248.429222][ T5836] Bluetooth: hci4: command 0x0405 tx timeout [ 250.152818][T10972] vlan2: entered promiscuous mode [ 250.340111][T10986] __nla_validate_parse: 11 callbacks suppressed [ 250.340129][T10986] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1822'. [ 250.513025][T10984] syz.2.1821 (10984) used greatest stack depth: 18464 bytes left [ 250.569318][T11000] xt_hashlimit: size too large, truncated to 1048576 [ 250.751401][T11006] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 251.015490][T11021] tipc: Enabled bearer , priority 0 [ 251.057880][T11020] tipc: Disabling bearer [ 251.331096][T11038] netlink: 'syz.1.1842': attribute type 1 has an invalid length. [ 251.339931][T11038] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1842'. [ 251.491675][T11044] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1844'. [ 251.704070][T11053] tipc: Enabled bearer , priority 0 [ 251.726176][T11052] tipc: Disabling bearer [ 251.744959][T11057] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1850'. [ 251.775709][T11057] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1850'. [ 252.126192][T11072] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 252.148963][T11075] netlink: 260 bytes leftover after parsing attributes in process `syz.1.1857'. [ 252.817514][T11089] tipc: Enabled bearer , priority 0 [ 252.828159][T11087] tipc: Disabling bearer [ 252.839918][T11090] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1862'. [ 253.003965][T11094] syz.2.1862 uses old SIOCAX25GETINFO [ 253.404331][T11109] bond0: (slave team0): Releasing backup interface [ 253.455020][T11109] bridge_slave_0: left allmulticast mode [ 253.460728][T11109] bridge_slave_0: left promiscuous mode [ 253.514020][T11109] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.551916][T11109] bridge_slave_1: left allmulticast mode [ 253.570174][T11109] bridge_slave_1: left promiscuous mode [ 253.599713][T11109] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.641244][T11109] bond0: (slave bond_slave_0): Releasing backup interface [ 253.677853][T11109] bond0: (slave bond_slave_1): Releasing backup interface [ 253.704242][T11109] team0: Port device team_slave_0 removed [ 253.717365][T11109] team0: Port device team_slave_1 removed [ 253.732410][T11109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 253.761933][T11109] bond2: (slave batadv1): Releasing active interface [ 253.792245][T11100] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 253.813709][T11109] bond5: (slave bond6): Releasing backup interface [ 254.152436][T11110] vlan2: entered allmulticast mode [ 254.381339][T11123] syzkaller0: entered promiscuous mode [ 254.394269][T11123] syzkaller0: entered allmulticast mode [ 254.527593][T11132] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 255.539921][T11062] Set syz1 is full, maxelem 65536 reached [ 256.870986][T11132] workqueue: Failed to create a rescuer kthread for wq "bond9": -EINTR [ 257.117237][T11149] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1882'. [ 257.153477][T11149] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1882'. [ 257.353636][T11163] netlink: 'syz.4.1885': attribute type 10 has an invalid length. [ 257.373412][T11163] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 257.960530][T11182] syzkaller0: entered promiscuous mode [ 257.966673][T11187] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1891'. [ 257.975772][T11182] syzkaller0: entered allmulticast mode [ 258.167635][T11192] netlink: 'syz.0.1895': attribute type 1 has an invalid length. [ 260.173334][T11192] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 260.174394][T11195] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 260.199007][T11194] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 260.341250][T11205] lo speed is unknown, defaulting to 1000 [ 260.444872][T11211] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1899'. [ 261.108806][T11205] netlink: 312 bytes leftover after parsing attributes in process `syz.4.1898'. [ 261.151459][T11205] netlink: 'syz.4.1898': attribute type 10 has an invalid length. [ 261.182738][T11205] netlink: 55 bytes leftover after parsing attributes in process `syz.4.1898'. [ 261.208743][T11231] syzkaller0: entered promiscuous mode [ 261.214366][T11231] syzkaller0: entered allmulticast mode [ 261.229960][T11205] geneve0: entered promiscuous mode [ 261.242714][T11205] geneve0: entered allmulticast mode [ 261.904486][T11240] netlink: 'syz.0.1911': attribute type 10 has an invalid length. [ 261.958769][T11241] netlink: 'syz.0.1911': attribute type 10 has an invalid length. [ 261.971362][T11241] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1911'. [ 262.027959][T11244] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1913'. [ 264.949495][T11240] bridge0: port 1(team0) entered disabled state [ 265.015951][T11252] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1911'. [ 265.016862][T11240] team0: left allmulticast mode [ 265.031130][T11240] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562 [ 265.110689][T11240] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 11240, name: syz.0.1911 [ 265.127937][T11240] preempt_count: 0, expected: 0 [ 265.134518][T11240] RCU nest depth: 1, expected: 0 [ 265.139583][T11240] 2 locks held by syz.0.1911/11240: [ 265.152234][T11240] #0: ffffffff8fed6908 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xc4c/0x1d90 [ 265.169736][T11240] #1: ffffffff8eb392e0 (rcu_read_lock){....}-{1:3}, at: team_change_rx_flags+0x29/0x330 [ 265.180590][T11240] CPU: 1 UID: 0 PID: 11240 Comm: syz.0.1911 Not tainted 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 265.180614][T11240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 265.180625][T11240] Call Trace: [ 265.180631][T11240] [ 265.180638][T11240] dump_stack_lvl+0x241/0x360 [ 265.180663][T11240] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.180682][T11240] ? __pfx__printk+0x10/0x10 [ 265.180710][T11240] __might_resched+0x5d4/0x780 [ 265.180729][T11240] ? __wake_up_klogd+0xd5/0x110 [ 265.180751][T11240] ? __wake_up_klogd+0x1c/0x110 [ 265.180773][T11240] ? __pfx___might_resched+0x10/0x10 [ 265.180794][T11240] ? do_setlink+0xfee/0x40f0 [ 265.180818][T11240] ? __lock_acquire+0x1397/0x2100 [ 265.180847][T11240] __mutex_lock+0x126/0x1010 [ 265.180875][T11240] ? dev_set_allmulti+0x11c/0x270 [ 265.180900][T11240] ? __pfx___mutex_lock+0x10/0x10 [ 265.180919][T11240] ? __pfx_lock_acquire+0x10/0x10 [ 265.180947][T11240] ? netdev_info+0x122/0x170 [ 265.180967][T11240] ? netif_set_allmulti+0x1a2/0x380 [ 265.180996][T11240] dev_set_allmulti+0x11c/0x270 [ 265.181026][T11240] team_change_rx_flags+0x1a8/0x330 [ 265.181048][T11240] ? team_change_rx_flags+0x29/0x330 [ 265.181070][T11240] ? __pfx_team_change_rx_flags+0x10/0x10 [ 265.181105][T11240] netif_set_allmulti+0x20e/0x380 [ 265.181138][T11240] dev_set_allmulti+0x143/0x270 [ 265.181169][T11240] del_nbp+0xce/0xb40 [ 265.181195][T11240] br_del_if+0x145/0x320 [ 265.181211][T11240] ? br_del_slave+0x12/0x30 [ 265.181234][T11240] do_set_master+0x349/0x730 [ 265.181271][T11240] do_setlink+0xfee/0x40f0 [ 265.181314][T11240] ? mark_lock+0x9a/0x360 [ 265.181332][T11240] ? __pfx_do_setlink+0x10/0x10 [ 265.181354][T11240] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 265.181381][T11240] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 265.181411][T11240] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 265.181428][T11240] ? lockdep_hardirqs_on+0x99/0x150 [ 265.181447][T11240] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 265.181463][T11240] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 265.181484][T11240] ? rcu_is_watching+0x15/0xb0 [ 265.181504][T11240] ? __mutex_lock+0xba3/0x1010 [ 265.181522][T11240] ? __mutex_lock+0x602/0x1010 [ 265.181542][T11240] ? rtnl_newlink+0xc4c/0x1d90 [ 265.181559][T11240] ? __pfx___mutex_lock+0x10/0x10 [ 265.181582][T11240] ? ns_capable+0x8a/0xf0 [ 265.181600][T11240] ? rtnl_link_get_net_capable+0x168/0x340 [ 265.181623][T11240] rtnl_newlink+0x15a6/0x1d90 [ 265.181641][T11240] ? stack_depot_save_flags+0x37/0x940 [ 265.181670][T11240] ? __pfx_rtnl_newlink+0x10/0x10 [ 265.181686][T11240] ? __netlink_deliver_tap+0x561/0x7f0 [ 265.181706][T11240] ? __pfx_validate_chain+0x10/0x10 [ 265.181719][T11240] ? __sock_sendmsg+0x221/0x270 [ 265.181734][T11240] ? ____sys_sendmsg+0x53a/0x860 [ 265.181745][T11240] ? __sys_sendmsg+0x269/0x350 [ 265.181758][T11240] ? do_syscall_64+0xf3/0x230 [ 265.181772][T11240] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.181805][T11240] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 265.181825][T11240] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 265.181850][T11240] ? mark_lock+0x9a/0x360 [ 265.181865][T11240] ? __lock_acquire+0x1397/0x2100 [ 265.181907][T11240] ? __pfx_lock_release+0x10/0x10 [ 265.181938][T11240] ? __pfx_rtnl_newlink+0x10/0x10 [ 265.181959][T11240] rtnetlink_rcv_msg+0x791/0xcf0 [ 265.181975][T11240] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 265.181995][T11240] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 265.182018][T11240] ? ref_tracker_free+0x643/0x7e0 [ 265.182035][T11240] netlink_rcv_skb+0x206/0x480 [ 265.182053][T11240] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 265.182071][T11240] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 265.182115][T11240] ? netlink_deliver_tap+0x2e/0x1b0 [ 265.182135][T11240] netlink_unicast+0x7f6/0x990 [ 265.182158][T11240] ? __pfx_netlink_unicast+0x10/0x10 [ 265.182172][T11240] ? __virt_addr_valid+0x45f/0x530 [ 265.182187][T11240] ? __phys_addr_symbol+0x2f/0x70 [ 265.182199][T11240] ? __check_object_size+0x47a/0x730 [ 265.182220][T11240] netlink_sendmsg+0x8de/0xcb0 [ 265.182251][T11240] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.182272][T11240] ? aa_sock_msg_perm+0x91/0x160 [ 265.182296][T11240] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.182311][T11240] __sock_sendmsg+0x221/0x270 [ 265.182331][T11240] ____sys_sendmsg+0x53a/0x860 [ 265.182352][T11240] ? __pfx_____sys_sendmsg+0x10/0x10 [ 265.182365][T11240] ? __fget_files+0x2a/0x410 [ 265.182385][T11240] ? __fget_files+0x2a/0x410 [ 265.182409][T11240] __sys_sendmsg+0x269/0x350 [ 265.182422][T11240] ? __pfx_futex_wake+0x10/0x10 [ 265.182444][T11240] ? __pfx___sys_sendmsg+0x10/0x10 [ 265.182492][T11240] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 265.182511][T11240] ? do_syscall_64+0x100/0x230 [ 265.182528][T11240] ? do_syscall_64+0xb6/0x230 [ 265.182545][T11240] do_syscall_64+0xf3/0x230 [ 265.182560][T11240] ? clear_bhb_loop+0x35/0x90 [ 265.182579][T11240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.182597][T11240] RIP: 0033:0x7f95a458d169 [ 265.182612][T11240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.182625][T11240] RSP: 002b:00007f95a23f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 265.182642][T11240] RAX: ffffffffffffffda RBX: 00007f95a47a5fa0 RCX: 00007f95a458d169 [ 265.182653][T11240] RDX: 0000000004040850 RSI: 0000400000000000 RDI: 0000000000000009 [ 265.182662][T11240] RBP: 00007f95a460e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 265.182671][T11240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 265.182679][T11240] R13: 0000000000000000 R14: 00007f95a47a5fa0 R15: 00007ffc685388c8 [ 265.182700][T11240] [ 265.761209][T11240] [ 265.763568][T11240] ============================= [ 265.768401][T11240] [ BUG: Invalid wait context ] [ 265.773233][T11240] 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 Tainted: G W [ 265.781799][T11240] ----------------------------- [ 265.786627][T11240] syz.0.1911/11240 is trying to lock: [ 265.791989][T11240] ffff88805c740d28 (&dev->lock){+.+.}-{4:4}, at: dev_set_allmulti+0x11c/0x270 [ 265.800874][T11240] other info that might help us debug this: [ 265.806746][T11240] context-{5:5} [ 265.810188][T11240] 2 locks held by syz.0.1911/11240: [ 265.815370][T11240] #0: ffffffff8fed6908 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xc4c/0x1d90 [ 265.824419][T11240] #1: ffffffff8eb392e0 (rcu_read_lock){....}-{1:3}, at: team_change_rx_flags+0x29/0x330 [ 265.834247][T11240] stack backtrace: [ 265.837973][T11240] CPU: 1 UID: 0 PID: 11240 Comm: syz.0.1911 Tainted: G W 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 265.837995][T11240] Tainted: [W]=WARN [ 265.837999][T11240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 265.838009][T11240] Call Trace: [ 265.838016][T11240] [ 265.838024][T11240] dump_stack_lvl+0x241/0x360 [ 265.838044][T11240] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.838057][T11240] ? __pfx__printk+0x10/0x10 [ 265.838074][T11240] __lock_acquire+0x15a8/0x2100 [ 265.838097][T11240] lock_acquire+0x1ed/0x550 [ 265.838120][T11240] ? dev_set_allmulti+0x11c/0x270 [ 265.838142][T11240] ? __pfx_lock_acquire+0x10/0x10 [ 265.838159][T11240] ? __wake_up_klogd+0x1c/0x110 [ 265.838175][T11240] ? __pfx___might_resched+0x10/0x10 [ 265.838191][T11240] ? do_setlink+0xfee/0x40f0 [ 265.838209][T11240] ? __lock_acquire+0x1397/0x2100 [ 265.838228][T11240] __mutex_lock+0x19c/0x1010 [ 265.838244][T11240] ? dev_set_allmulti+0x11c/0x270 [ 265.838264][T11240] ? dev_set_allmulti+0x11c/0x270 [ 265.838283][T11240] ? __pfx___mutex_lock+0x10/0x10 [ 265.838297][T11240] ? __pfx_lock_acquire+0x10/0x10 [ 265.838314][T11240] ? netdev_info+0x122/0x170 [ 265.838327][T11240] ? netif_set_allmulti+0x1a2/0x380 [ 265.838347][T11240] dev_set_allmulti+0x11c/0x270 [ 265.838368][T11240] team_change_rx_flags+0x1a8/0x330 [ 265.838384][T11240] ? team_change_rx_flags+0x29/0x330 [ 265.838399][T11240] ? __pfx_team_change_rx_flags+0x10/0x10 [ 265.838414][T11240] netif_set_allmulti+0x20e/0x380 [ 265.838434][T11240] dev_set_allmulti+0x143/0x270 [ 265.838453][T11240] del_nbp+0xce/0xb40 [ 265.838468][T11240] br_del_if+0x145/0x320 [ 265.838480][T11240] ? br_del_slave+0x12/0x30 [ 265.838496][T11240] do_set_master+0x349/0x730 [ 265.838516][T11240] do_setlink+0xfee/0x40f0 [ 265.838540][T11240] ? mark_lock+0x9a/0x360 [ 265.838553][T11240] ? __pfx_do_setlink+0x10/0x10 [ 265.838569][T11240] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 265.838587][T11240] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 265.838606][T11240] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 265.838618][T11240] ? lockdep_hardirqs_on+0x99/0x150 [ 265.838633][T11240] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 265.838645][T11240] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 265.838659][T11240] ? rcu_is_watching+0x15/0xb0 [ 265.838674][T11240] ? __mutex_lock+0xba3/0x1010 [ 265.838688][T11240] ? __mutex_lock+0x602/0x1010 [ 265.838704][T11240] ? rtnl_newlink+0xc4c/0x1d90 [ 265.838720][T11240] ? __pfx___mutex_lock+0x10/0x10 [ 265.838737][T11240] ? ns_capable+0x8a/0xf0 [ 265.838753][T11240] ? rtnl_link_get_net_capable+0x168/0x340 [ 265.838772][T11240] rtnl_newlink+0x15a6/0x1d90 [ 265.838788][T11240] ? stack_depot_save_flags+0x37/0x940 [ 265.838810][T11240] ? __pfx_rtnl_newlink+0x10/0x10 [ 265.838825][T11240] ? __netlink_deliver_tap+0x561/0x7f0 [ 265.838843][T11240] ? __pfx_validate_chain+0x10/0x10 [ 265.838855][T11240] ? __sock_sendmsg+0x221/0x270 [ 265.838871][T11240] ? ____sys_sendmsg+0x53a/0x860 [ 265.838882][T11240] ? __sys_sendmsg+0x269/0x350 [ 265.838894][T11240] ? do_syscall_64+0xf3/0x230 [ 265.838908][T11240] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.838931][T11240] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 265.838949][T11240] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 265.838969][T11240] ? mark_lock+0x9a/0x360 [ 265.838982][T11240] ? __lock_acquire+0x1397/0x2100 [ 265.839009][T11240] ? __pfx_lock_release+0x10/0x10 [ 265.839031][T11240] ? __pfx_rtnl_newlink+0x10/0x10 [ 265.839047][T11240] rtnetlink_rcv_msg+0x791/0xcf0 [ 265.839063][T11240] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 265.839080][T11240] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 265.839099][T11240] ? ref_tracker_free+0x643/0x7e0 [ 265.839118][T11240] netlink_rcv_skb+0x206/0x480 [ 265.839134][T11240] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 265.839151][T11240] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 265.839174][T11240] ? netlink_deliver_tap+0x2e/0x1b0 [ 265.839191][T11240] netlink_unicast+0x7f6/0x990 [ 265.839209][T11240] ? __pfx_netlink_unicast+0x10/0x10 [ 265.839223][T11240] ? __virt_addr_valid+0x45f/0x530 [ 265.839236][T11240] ? __phys_addr_symbol+0x2f/0x70 [ 265.839247][T11240] ? __check_object_size+0x47a/0x730 [ 265.839265][T11240] netlink_sendmsg+0x8de/0xcb0 [ 265.839285][T11240] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.839302][T11240] ? aa_sock_msg_perm+0x91/0x160 [ 265.839322][T11240] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.839338][T11240] __sock_sendmsg+0x221/0x270 [ 265.839355][T11240] ____sys_sendmsg+0x53a/0x860 [ 265.839371][T11240] ? __pfx_____sys_sendmsg+0x10/0x10 [ 265.839384][T11240] ? __fget_files+0x2a/0x410 [ 265.839402][T11240] ? __fget_files+0x2a/0x410 [ 265.839420][T11240] __sys_sendmsg+0x269/0x350 [ 265.839433][T11240] ? __pfx_futex_wake+0x10/0x10 [ 265.839453][T11240] ? __pfx___sys_sendmsg+0x10/0x10 [ 265.839479][T11240] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 265.839497][T11240] ? do_syscall_64+0x100/0x230 [ 265.839513][T11240] ? do_syscall_64+0xb6/0x230 [ 265.839527][T11240] do_syscall_64+0xf3/0x230 [ 265.839541][T11240] ? clear_bhb_loop+0x35/0x90 [ 265.839559][T11240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.839576][T11240] RIP: 0033:0x7f95a458d169 [ 265.839588][T11240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.839599][T11240] RSP: 002b:00007f95a23f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 265.839614][T11240] RAX: ffffffffffffffda RBX: 00007f95a47a5fa0 RCX: 00007f95a458d169 [ 265.839624][T11240] RDX: 0000000004040850 RSI: 0000400000000000 RDI: 0000000000000009 [ 265.839633][T11240] RBP: 00007f95a460e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 265.839641][T11240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 265.839649][T11240] R13: 0000000000000000 R14: 00007f95a47a5fa0 R15: 00007ffc685388c8 [ 265.839663][T11240] [ 266.425583][T11240] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 266.433019][T11240] team0: left promiscuous mode [ 266.437906][T11240] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 266.447889][T11240] bridge0: port 1(team0) entered disabled state [ 266.468433][T11240] batman_adv: batadv0: Adding interface: team0 [ 266.474822][T11240] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 266.490386][T11241] team0: entered promiscuous mode [ 266.495749][T11241] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 266.504272][T11241] 8021q: adding VLAN 0 to HW filter on device team0 [ 266.511089][T11241] batman_adv: batadv0: Interface activated: team0 [ 266.518215][T11241] batman_adv: batadv0: Interface deactivated: team0 [ 266.525245][T11241] batman_adv: batadv0: Removing interface: team0 [ 266.533646][T11241] bridge0: port 1(team0) entered blocking state [ 266.542295][T11241] bridge0: port 1(team0) entered disabled state [ 266.548936][T11241] team0: entered allmulticast mode [ 266.556906][T11241] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562 [ 266.566555][T11241] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 11241, name: syz.0.1911 [ 266.578142][T11241] preempt_count: 0, expected: 0 [ 266.583239][T11241] RCU nest depth: 1, expected: 0 [ 266.588337][T11241] INFO: lockdep is turned off. [ 266.595308][T11241] CPU: 0 UID: 0 PID: 11241 Comm: syz.0.1911 Tainted: G W 6.14.0-rc5-syzkaller-01147-g8ef890df4031 #0 [ 266.595337][T11241] Tainted: [W]=WARN [ 266.595343][T11241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 266.595354][T11241] Call Trace: [ 266.595360][T11241] [ 266.595367][T11241] dump_stack_lvl+0x241/0x360 [ 266.595391][T11241] ? __pfx_dump_stack_lvl+0x10/0x10 [ 266.595405][T11241] ? __pfx__printk+0x10/0x10 [ 266.595419][T11241] ? __irq_work_queue_local+0x137/0x410 [ 266.595442][T11241] __might_resched+0x5d4/0x780 [ 266.595457][T11241] ? __wake_up_klogd+0xd5/0x110 [ 266.595473][T11241] ? __wake_up_klogd+0x1c/0x110 [ 266.595489][T11241] ? __pfx___might_resched+0x10/0x10 [ 266.595505][T11241] ? rcu_is_watching+0x15/0xb0 [ 266.595520][T11241] ? lock_release+0xbf/0xa30 [ 266.595540][T11241] __mutex_lock+0x126/0x1010 [ 266.595554][T11241] ? _printk+0xd5/0x120 [ 266.595566][T11241] ? rcu_is_watching+0x15/0xb0 [ 266.595581][T11241] ? dev_set_allmulti+0x11c/0x270 [ 266.595601][T11241] ? __pfx___mutex_lock+0x10/0x10 [ 266.595616][T11241] ? __pfx_lock_acquire+0x10/0x10 [ 266.595636][T11241] ? netdev_info+0x122/0x170 [ 266.595649][T11241] ? __pfx_ib_device_get_by_netdev+0x10/0x10 [ 266.595665][T11241] ? hsr_netdev_notify+0x295/0xb50 [ 266.595681][T11241] ? netif_set_allmulti+0x1a2/0x380 [ 266.595702][T11241] dev_set_allmulti+0x11c/0x270 [ 266.595721][T11241] team_change_rx_flags+0x1a8/0x330 [ 266.595736][T11241] ? team_change_rx_flags+0x29/0x330 [ 266.595752][T11241] ? __pfx_team_change_rx_flags+0x10/0x10 [ 266.595766][T11241] netif_set_allmulti+0x20e/0x380 [ 266.595787][T11241] dev_set_allmulti+0x143/0x270 [ 266.595806][T11241] br_add_if+0x317/0xef0 [ 266.595821][T11241] ? validate_linkmsg+0x828/0xa40 [ 266.595838][T11241] do_set_master+0x579/0x730 [ 266.595858][T11241] do_setlink+0xfee/0x40f0 [ 266.595878][T11241] ? rcu_is_watching+0x15/0xb0 [ 266.595896][T11241] ? do_raw_spin_lock+0x14f/0x370 [ 266.595912][T11241] ? __pfx_do_setlink+0x10/0x10 [ 266.595931][T11241] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 266.595953][T11241] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 266.595966][T11241] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 266.595980][T11241] ? rcu_is_watching+0x15/0xb0 [ 266.595994][T11241] ? __mutex_lock+0xba3/0x1010 [ 266.596009][T11241] ? __mutex_lock+0x602/0x1010 [ 266.596025][T11241] ? rtnl_newlink+0xc4c/0x1d90 [ 266.596041][T11241] ? __pfx___mutex_lock+0x10/0x10 [ 266.596059][T11241] ? ns_capable+0x8a/0xf0 [ 266.596076][T11241] ? rtnl_link_get_net_capable+0x168/0x340 [ 266.596096][T11241] rtnl_newlink+0x15a6/0x1d90 [ 266.596113][T11241] ? stack_depot_save_flags+0x37/0x940 [ 266.596138][T11241] ? __pfx_rtnl_newlink+0x10/0x10 [ 266.596155][T11241] ? __netlink_deliver_tap+0x561/0x7f0 [ 266.596173][T11241] ? __pfx_validate_chain+0x10/0x10 [ 266.596186][T11241] ? __sock_sendmsg+0x221/0x270 [ 266.596203][T11241] ? ____sys_sendmsg+0x53a/0x860 [ 266.596216][T11241] ? __sys_sendmsg+0x269/0x350 [ 266.596228][T11241] ? do_syscall_64+0xf3/0x230 [ 266.596242][T11241] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.596265][T11241] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 266.596302][T11241] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 266.596324][T11241] ? mark_lock+0x9a/0x360 [ 266.596341][T11241] ? __lock_acquire+0x1397/0x2100 [ 266.596370][T11241] ? __pfx_lock_release+0x10/0x10 [ 266.596393][T11241] ? __pfx_rtnl_newlink+0x10/0x10 [ 266.596411][T11241] rtnetlink_rcv_msg+0x791/0xcf0 [ 266.596428][T11241] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 266.596445][T11241] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 266.596464][T11241] ? ref_tracker_free+0x643/0x7e0 [ 266.596479][T11241] netlink_rcv_skb+0x206/0x480 [ 266.596497][T11241] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 266.596514][T11241] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 266.596537][T11241] ? netlink_deliver_tap+0x2e/0x1b0 [ 266.596557][T11241] netlink_unicast+0x7f6/0x990 [ 266.596580][T11241] ? __pfx_netlink_unicast+0x10/0x10 [ 266.596594][T11241] ? __virt_addr_valid+0x45f/0x530 [ 266.596607][T11241] ? __phys_addr_symbol+0x2f/0x70 [ 266.596619][T11241] ? __check_object_size+0x47a/0x730 [ 266.596638][T11241] netlink_sendmsg+0x8de/0xcb0 [ 266.596658][T11241] ? __pfx_netlink_sendmsg+0x10/0x10 [ 266.596676][T11241] ? aa_sock_msg_perm+0x91/0x160 [ 266.596695][T11241] ? __pfx_netlink_sendmsg+0x10/0x10 [ 266.596711][T11241] __sock_sendmsg+0x221/0x270 [ 266.596727][T11241] ____sys_sendmsg+0x53a/0x860 [ 266.596743][T11241] ? __pfx_____sys_sendmsg+0x10/0x10 [ 266.596755][T11241] ? __fget_files+0x2a/0x410 [ 266.596773][T11241] ? __fget_files+0x2a/0x410 [ 266.596792][T11241] __sys_sendmsg+0x269/0x350 [ 266.596804][T11241] ? __pfx_futex_wake+0x10/0x10 [ 266.596822][T11241] ? __pfx___sys_sendmsg+0x10/0x10 [ 266.596849][T11241] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 266.596867][T11241] ? do_syscall_64+0x100/0x230 [ 266.596882][T11241] ? do_syscall_64+0xb6/0x230 [ 266.596898][T11241] do_syscall_64+0xf3/0x230 [ 266.596912][T11241] ? clear_bhb_loop+0x35/0x90 [ 266.596929][T11241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.596947][T11241] RIP: 0033:0x7f95a458d169 [ 266.596960][T11241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.596971][T11241] RSP: 002b:00007f95a23d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 266.596987][T11241] RAX: ffffffffffffffda RBX: 00007f95a47a6080 RCX: 00007f95a458d169 [ 266.596997][T11241] RDX: 0000000000000000 RSI: 0000400000000100 RDI: 0000000000000009 [ 266.597006][T11241] RBP: 00007f95a460e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 266.597015][T11241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 266.597023][T11241] R13: 0000000000000000 R14: 00007f95a47a6080 R15: 00007ffc685388c8 [ 266.597040][T11241] [ 266.597133][T11241] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 267.202748][T11262] ieee80211 phy21: Selected rate control algorithm 'minstrel_ht'