last executing test programs: 1.644216235s ago: executing program 2 (id=5200): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="034886dd0100000000002b0000006000000000042b00fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef) 1.329021321s ago: executing program 0 (id=5207): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="b00000000314010027bd7000ffdbdf250900020073797a310012000008004100727865001400330070696d726567000000000000000000000900020073797a300000000008004100736977001400330076657468315f746f5f627269646765000900020025"], 0xb0}}, 0x0) 1.25855436s ago: executing program 2 (id=5209): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="034886dd010000000000000000006000000001002f00fe88a43de1a400000000000000007d01ff020000000000000000000000410001000022eb"], 0xfdef) 1.214181814s ago: executing program 0 (id=5210): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000001540)=ANY=[@ANYBLOB="1800000000100000000000000000000095", @ANYRES8=r0], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x9) r3 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001580)=ANY=[@ANYBLOB="34000000110001000000000000000000000000000007b2a8ffa36dc81fc5531fd39c35c916c991c2918662a63dc1e2d1b032f1159a16ccc41b0ea99a28da6d3138b0334581ddcb49dcd542f77e9c131381b8cb1a03f397f56e72286b0a29a067fb7381ae7528d44a22c3ec2761488383682836395b409623fb5479f56367b659faa151c7a55f4279f3111122b0f3e0c0880192b3ddf7ed90a8b92b3f44d0ae8a28261dd3c9305ca0955e3b187d7d1009f0ba537f2cafd3573c00", @ANYRES32=r6, @ANYBLOB="000000000000000014001a80100004800c0001800800000000000000"], 0x34}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001400)=ANY=[@ANYBLOB="14000000e803010000000200000000000000000a14000000150100000000000000000000000a0058bcbdaa22e393eecf821f478ebc3fbb0419ff"], 0x28}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_emit_ethernet(0x8c, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffff000086dd6e7377c20000110100000000000000000000ffffac1414aafe8000000000000000000000000000aa3c000400006dfffffe880000000000000000000000000101fe8000000000000000000000000000bbff0100000000000000000000000000013300000400000000fc010000000000000000000000000000fc020000000000000000000000000000fc010000000000000000000000000001fc00000000000000000000000000000020010000000000000000000000000002ff0100000000000000000000000000012300027f0000000000000000000000000000ffffac1e0001fe880000000000000000000000000101fe80000000000000000000000000000f4e224e2300009078426bccdc65c29a4bc2c1266dea7a5d91556e6bcf99e630bb84dc378b1de38f34f1affaee2dd464eee10d55665f304f4faf896314ca84b8858ff78dfaa0c8d0ba589c604890876f018e747742c2d85904376af37005afc26eff92bdb320283d09b08aca5615f6dac50ba1c60d9c08a7c7527a48e8b2f4cbbc3c1247c59318bc4c4089bd093f704ab62a26699e2b96cbce8b35c2a61054f85119d8fe809309cebf7982f1cdffe24bd956df3a892608e69c009693896f3d60a51d2bcfea344f19a959288eb646105f20adcd7ff377ab51d2ea7a9f0f7d7e422a0591e57fe339b233a8a4b9027c302aa327e0c1211479c6703f5dc7f426d9c9d99104db208deacb40de6577a952d10f47ad132acc94d3a2af687cc10d407612fa8a67520c93fd987e6db33d826848eb309607b21f6267f11f8be6c545eea61b51daf42dad6e66758da5dd5ee5b1ff62acad08a8d591a5d6b462b85997422ff8bcc582eb26ee298a0d7c71cd3dfd31bac59bbe31675b93d5fe3a60df3b84d50e3a73cae1005c70a7438107513841e9ec87ce2168f6e59e0bb0af820013ef18e78b922cfe7e55a1af141c1697a3adfdc76f13b34b9aed7fa3d32682bd27bd722f90b9ced8490783036b9fe6426b5f413b45acc81e2200bc9195d9051e896ffdbfb8d4bb59cdf5db4509032ed0c45b7ccc14f6c0a93a0d41134c4d129a142182eba80c10d4e7a52c1193b7caeefaa6eca7a0a536d91f9c935081dfa0d3e4bd72d1c6a7ffebeb5118ba20663579ee379d10c2373ad9cd9f2a6e994dddfa6d209aaf307e3771cfe6e2a5a3c21f840fd391dd7047fca7af964b7d5545128059aae8f4fc02ba2b2cf2ae4118202e95be5adc7bba7eecf0d6a04bbae07be74066242eec3ea1d3494f4aebc8c6ae354e0c10e9c4ef47c8314030abbf56cce51b1cbcfa6e7b7f5c1b09beb658644c0fcb909a5f1975ff0a6fc056aea5e67f10879c536f6cc602d1676cc22b89535ef1d8d31e97373b3280db7552ae4b55e6e8cef55f2afd7758f38db13abc09d21f970f5ef9bab3e9df3e598563c1aad03fc5d5e11953cde6edf5403c43db008dcf3ee099f76c5b41884699fbef8bc811294a545e380792c4cc74210e6eb63ca9a96d5619f41d937f9326f36296a2eba59b0645f66c79c815531cb9bc07515d173e07df779e4a3dd7113f598549ac53e5018a13aae89c6a6e75231d359a618b5bbabdbbd32bb930a10f2c87bfff955daa95e13bd5346cd70522d1f984d339ca2893b86aa9ae105e834654f26cb63c0a53ad737b3db32b3a9fe475759fa7a53964342bcacd1b1fa61c832731adaf946aba1ca5a70dc0931bdff8eb305de9e1bb22584c4e84ce0d3407853339c3ff9729c4b43d2c5da92cd1aa06138038e5f9f2cc5c372010de4bb2cb99c0ea7350456db9541faafe76e1454515ddbcaf2713d5c7e7d66983dfe0c3e19a388f2ebce7af270f8d669d0b27fc150f6190a17ef2f768f86cb6b39f734d3e8dea9621cb004b16afc7f6c616b3d6683aedf3e93edcaceed46ccba073398ebfd5fc57c6fe1a9dab29d81c00f989f349e7e626feb25b3f0ab0ef84ba96903d10a54e43b9c9eae26afc8da17946fd80d7a1fa18d8d8bab6c4e00ecf7372442e0e3ffb9e98af42d217058d268a435e41dcbbb823d94e5ce0cd7232834ecf909b829c8b250cea25fb7f76b58474b6101ca8d7af54245bf1ad8be9b16401e93b4e9acbe9c1d1a9a4c1370998b373b2bb4cd6dacf8384aec85ed8f9034a3c476d1c19733754b0e4a450bfb17854dd0a4dc73128b5c9a82aa8a9b9c91faf455d8f564550849d135ecdf954d76e72bdf24ba7c5b201a45159453b0d19e860843542622e95ebd6e250c948dd50c66115de9ceba5321a9cd0ddd5d26badbf25f081c99db5a6947257aae8adebb4aa4de4f4411f7bb416389ba2ffa76dea0a71136c55cb7b9081e1168a7a6d6955044dbcc129540984c65db17005948cd853a79696d97c13fe955dae7bc46051ca26053bed3b5a812bf9b8a6e90c59101ee405c4d58036521b143d6d85a141e15786dc6beb3afe10a5b9c1bf6e7581b63c3288af2ee6b22bd55f6f54bab99b426c2487996ec041706bc46e950a73cd54f074426283113e932acd3b3ac0b91b0c4c7540fd68820d008ee9d6fc561e0884ea7b466ffdb06a4b595a62793c9463c65f702d70d8796e4f3181e287f419ef51a126f241cb27522df9ecc5a4e98309ef4b454509b106ed68421524bcdb4295a41571d63f61916884651c8eec164a8e278a58bd9bd1c70fb3926343996a80af94c11e2d2cc5b822b9b34444f4825126b6fa50a87d3a686adbdd2022600881e365d60bb7ed2f0e67e1f41be728b2bc1c4453cf19bd4a6c42b600f27f9b8a27b234bd95c678757bfb307d83bfb6c087b883e93ae5fe4dc8ca1d394212efc8c5abf1d0db4073fb284aa45fe8738aaa51e07d44deabcfadafbe5326ed37480f707d7c503c98f9de9ccf816c0a5c1dd8dd8ad2e216ff85c0c4edf94b4ea68a96a0868e3ed0c40f8d0404a98cb3f5c021529d7f3a6ff0fc80195941faae7ebe6aea204c78c47216ab27133939f3538b2bb551f8ea5499a5fc17fd2dfc7c70746c485b03f396828c77cd2061a097c608602b02471d694ee08d29c391392fc5b895c00458473a9d1b2a280c60373076a16664d5870234db1f776c7dd5bb58ddc09d97ffc6b403722a505e332b3721968a1bb39afc90ebc5fe8427ca0378c09b87e722e84b734a2984371367de0b7abbb994f6b047b61e62b668f4a38e5b4e515319445a9f1b589c6a352f00f51e98029c5032ce6bbd9ae3903eddb8d0eb7441a829c2bce9839bb30c6fc148a256788535381efa7a24b0452a32eea9b7e7dad406f717090d89bb2c2cd781de141b3baf4a8c14aa634e736436a208dab1c31e1fe232442ea06a023878062c8c71ff5de0d7ed977efea7885efff90a416d2cb61db63bab27fb38b7312d8855a8783493eb0e84ceaf4a76931d2669b0ecc263d94b91f7741ceb9ca8024df88664c974aa769499783ee11ab76bbb55b676adf575a747ca9977c180fd7f2043adab85e46386e4ad06da14eb70deb5c0f573a502778227f39f19b78b7d01108cabb122c0149262979ab54c8e0cb4aa34cbd5850c373f73dc4daaf48baba1b4dd1feef336d889babdf4227ac17c601d4d9a050cad0cc810043226e953e54c9fad833087eaa9beaeebe0c3ae681f26dbbea47fdd69cfed0031699c7d3adb70cde2b5d7e49ce6289dd015514b207984f2d7c952b9558e37d894317493d6d81db5161f4cb85d92cccea0866b1bd8b212a9f6827dc809f93b7da66e03885ac4613b8acbec586cb277e1a434f676a2c34dd2b41694783c4421ef132e5a634037b56fc4e8ea5bb25f5965ea386fcb695b12ec6d45ff283b8a569da8d3b13134a5e3200d4ea1ca479a72be45f896f432f469c87c46a1410871db54040fa672dbf3d00ab70712dcf3e204acea84d9497c4413c215e5f2ebc0dc3eba6ff7d2e5c23073197fbbce09612cafacf1b208038a29e55f141dbe49c913982652bdbbd67e33a6b17c81c63d2d4396e3c49e2fb7d519e4d1c67786a9488531a5d0d42b36f892a45eee25828a58258881f7e1b0529c9c91d9c185433232ed3a41e22ab46ca3bde4ba22d8be7152572a880a639c312dba685c92cef0382c9f3bf5905d6fefb78cbe816a3e25d3408e2f749ba0e82839a0ef93293383d43340b86ef9ad428031cfef2554922aafb4ec8eae03be92a8d6a46e58779e9aae7ad1418caa18d9dacea2d31818fab7ff851c61433526d159ba92a5dc2b4ebbce816451ad6a6df3cfab6322f11d25bed5d5f3805f22b45a1d06f81a39bba4ca75b63f73fb20076f76f17e920c4879ae66963770d833add9ec9d2decc9cff569c37f08737a46687388000a4a280dbfa2a2ad50f7462d2dd2a6465de967a6ef26c8b5b06a8a83de55bb35d729717c789a47bddae8c8408620ba43ad3cd82ac3ab8fc2979865cea1d63cfd3d506ef8b079790bbba8f73604a575e804db325528e46c7d1b682ebb314cef177a5916dfc356dae2ea4d26d5540cd80ede677d25ea1c8fa22e8f60de381e2303aa6dd24800181fbb5bde89834af863f9b6c1c6eea64c7f3decc422df78516881f45a8478c457f740469fe2121534b28ce04bc99b95c3c0f9c19a08b239af2c1d1bce2fa818a72880f846f6e261e39592f935d707b19efb19f7e2948e7d179b55bc67df22a6007cd50fa45e3490d2d9d1046a005248a1eaf0ecd418abe4df0e92804ef91771c0b05df2c7b872dc5ca57d69d2c76fae01ab1488a4fc56d49fad9a1767a06fb9cc1aabb95c550e5c27d1ff48993f566e635b23fc9457c0126be2ebb6c7bc93f8cd0cbb71448917d7a46066e39d648bb6f9438da3e2fab5f1da23a98fb557b31b6511af14fe2dcdebe82208fb4b208d656c9e5f13901efa018a046ab33c56a3a87574b42baf86428e8ababf94832f588c334a0df59dc0b437b79c20dd70e39fad189fd76874cf857ca97f23ea51ec5368fd83967c3c303f8204eb3f4a61b608c169044f283535a89b61e9cd0daef7622becda6839663fa325e11564811e896a326152e7a7a5e6522026ee3fc314df7ebd547b4e169b4e760e6aa07ca51d82fa0947270652300a3f7c3e99a1375d7948d33f4114af9f312566ac0809a05befed2e83d79f94e7c7b0b0f2a6a5b5512244392f825a1fb57d5c7ed3194f9255e2b804d5f99293d4c80599ff0810d77f97b2fdbb4d152eec8af18b60a56ab10baa242e59a69385ea10278798218093f65c47dae41bc11a9e820b22a61ef9326cc89828ad2a7847dcd1a41bbbcdb2a78b66194e37370c4c907e2818cb88f810027bdfd2063e06b5edd3c459ad9fa0fb10c50c841996ba3f973001d26cc1f97d0031afaa42df6ee4a212844b5a13c9a6c887a024500b32df89136dc7be64933adff7f87b4aa83646c2ea8a9c88dbcb26480c30b6b29e3eabc9855ea389a7e399478ca3d5b595c2edf9ae64aac1f780c76fb818bec940e8a15ae243efa85bb46f660591effbbf395aa5829208fc3e013e7763a18b299cce82287644c84b47620c9474c944b50492fe7dea0d2e58a51dba92a72a5aefc6e667ac7fade4a791895ed0970872ad193fdce75e674e31dd0f3d797b5825d96d2e388140e4c7343338e833651613f590d41e6fadde32f4a6669371c236fc83d0260d9f9ce310fda68479641f5fe75bf3a950d6a755cd78326b95748e32d81593e2e9b0a2c59f7d572e5652c3e17196c8aab96c641be9f475bd459d8e971c49a1f2ff039d130f50c5c606fd6b2f15990536e166cba2f8817df8166a37832cc6589dd30677224139a8b83c0ae7ba48568907b37b4f010822ac9234869bf4a0594c11fe1e383068960042e27e777981c219691ed6037da4d875686367c9317eca64f9a09a49a7731e60bf1fc8e19502dd104474687a966ab68b0a76eb12321dc0031b2e4df4f878ced44a3a3c8db07281f6181672ecfceb7e48c9e7d8196b47b4c1c8df0e0dc413573a7e6a2c66a9dcfc790216ff32f1d66dd9e88a0b789e45964faf8a9bcc2bb24c4438bc752ac70cf61664fad6a435e3190e7e0410161c1a34702195dbc832b672e3e3773f99bc8b7fa919cdf9d7295ec0fdea25b29a9ec68c57e3493b7887c207eea7290d36b64446c1e9ced0a7b8cfdd036d516d16b9674da551c7608ee36e81798dfb924a098a6acc0e8aa7cbd0d0e1d9a3c802166bd3df000000000000000000"], 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085100000ce000000950000006743453c"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) r8 = socket(0x1e, 0x1, 0x0) connect$tipc(r8, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r8, &(0x7f0000000080)=ANY=[], 0x2000011a) sendmsg$nl_crypto(r8, &(0x7f0000001800)={0x0, 0x0, 0x0}, 0x0) socket$inet6(0xa, 0x0, 0x0) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001500), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRESDEC=r4, @ANYRES16=r9, @ANYRES16=r7], 0x44}, 0x1, 0x0, 0x0, 0x20080000}, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) r11 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r11, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) sendmsg$nl_route(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)=ANY=[@ANYBLOB="440049a01584a0545b21000010001fff00000000f1e921da2e08109df6921a0600d386b27e9604df61c74f760ee9be197a0693d9145556c780935981cb28f4c82253779786fa6b10cb48626f71d85c13a8028da50339281b67333fd8315d4a8419a9726c7ab208deb0e5feb8a5a2d746330f8ecd93a43e0fd5ed3c46a43f3d10ae856764aea386", @ANYRES32, @ANYBLOB="083c0600000002001c0012800b000100697036746e6c00000c00028006000f000100000008000400220f0000"], 0x44}}, 0x40090) sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x20000004}, 0x20000800) socket(0x10, 0x3, 0x0) 1.212072143s ago: executing program 4 (id=5211): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="9000000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="05000000070000002400128008000100677265001800028008000600ac1414000400120008000200", @ANYRES32, @ANYBLOB="440012800800010073697400380002800800140005000000050009"], 0x90}}, 0x0) 1.156021711s ago: executing program 3 (id=5213): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) write$binfmt_script(r0, &(0x7f00000003c0), 0xa3) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x100002, 0x0) (async) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001500)={&(0x7f0000000000)=ANY=[], &(0x7f0000000080)=""/236, 0x3e, 0xec, 0x1}, 0x20) (async) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000ac0)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008008000b7040000000000008500000003000000850000000f"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xb, &(0x7f00000009c0)=@framed={{}, [@printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x46}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x8, 0x4, 0x2}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000080)={r4, &(0x7f0000000100), 0x20000000}, 0x20) (async, rerun: 32) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000040)={r4, &(0x7f00000007c0), 0x20000000}, 0x20) (async) r5 = accept4(r2, 0x0, 0x0, 0x0) sendfile(r5, r1, &(0x7f0000000040)=0x1d, 0xffffffff) 1.09596625s ago: executing program 1 (id=5214): socket$packet(0x11, 0x3, 0x300) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0x20008081) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000070000000010000000900010073797a30000000005c000000030a01010000000000000000010000000900030073797a300000000028000480080002400000000208000140000000051400030076657468315f746f5f626174616476000900010073797a30"], 0xa4}}, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) 1.030671823s ago: executing program 2 (id=5215): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000003640)=[{{&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, 0x0}}, {{&(0x7f00000006c0)={0x2, 0x4e20}, 0x10, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1100000000000000000000000100000000000000000100001400000000000000000000000100000000000000000000001c"], 0x50}}], 0x2, 0x0) 968.163658ms ago: executing program 3 (id=5216): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x2c8, 0x3, 0x398, 0x4, 0x229, 0x240, 0x208, 0x4c000000, 0x300, 0x328, 0x328, 0x300, 0x328, 0x3, 0x0, {[{{@ip={@broadcast, @local, 0x0, 0x0, 'veth0_virt_wifi\x00', 'bridge0\x00', {}, {}, 0x6}, 0x0, 0x1e8, 0x208, 0x0, {0x0, 0x700}, [@common=@inet=@hashlimit2={{0x150}, {'veth1_to_team\x00', {0x0, 0x100000007, 0x0, 0x0, 0x0, 0x8000, 0xffff}}}, @common=@inet=@ecn={{0x28}, {0x11}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x98, 0xf8, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "41e9"}}]}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3f8) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="440000001800010000000000000000000a0000000000000000000000180016000d0001000900000048000000000010000000000008000400", @ANYRES32=r2, @ANYBLOB="0600150007"], 0x44}}, 0x0) 966.284864ms ago: executing program 4 (id=5217): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r2, @ANYBLOB="080026006c0900000a0006000802110000000000040067000400cc0004004a01060066003e88000004001e010a0034"], 0x5c}, 0x1, 0x700}, 0x0) 966.09768ms ago: executing program 1 (id=5218): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000040)={'vlan0\x00'}) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x220, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000500], 0x7, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006e2a30456b880000145b41fe6900000079616d3000000000000000000000000079616d3000000000000000000000000076657468315f742f5f626f6e640000000180c20000000000000000000180c20000000000000000000000b0000000670100009001000073746174697374696300000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000646e61740000000000000000ff0300000000000000000000000000000000000010000000000000000180c20000000000ffffffff000000006e666c6f6700000000000000000000000000000000000000000000000000000050000000121b6eb244d4f0fffbf04a000000007e4b000022d4e27ebdf3b9dc569e338e2c551c2fc4a19597ba4c501c8b1f16fb7809c40aee86f4fe16383d2afb577ed2bb6dd99f024b3f54ba000000004155444954000000000000000000000000000000000000000000000000000000080000000000002000000000000000000002000000000000"]}, 0x298) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x16, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x91}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x90) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0', [{0x20, 'broute\x00'}, {0x20, '*{\xa7p<*/*}\x00'}, {0x20, '(!}!@\\\'^++^'}, {}, {0x20, '\x17b\xcb\x1b\x01pp\xca\x93\x1f\xd2q\x1f\xc7T\x04\x1f\xc8u\xd1\xfb\xfa\x16Qg\xc8M6\xd1X2%\xc2\"\xd6\xc7\xd7F\'u\xad^~\xe9\xc0\xb5\xd4b\xe4\xe2\xd4C\x8d\x8d\xcb>\xc6\xd9\x12x+\x7f\x87\x8eE(\xfd\x83h\xcc\xfbo`\xc5Sf$\xb7\tU@u~\xed\xdbu\xf0H\x13se\xb3\x88t;\xec-\xd0\x7f\xd6.\xa1\x18%\xe7\x18\xdb\xe0c\xa2\xa4\xd1R\xf6\xc1p'}], 0xa, "2afec2a5028ef62e68aa140f9a4f0101000083a6b5b91db10db90f9f01825a461e25c4a914c674bcf21987e9a30442a2b7111cf662a8f22d99e933e20c1268ed167d2fa9ad8af25e2ccf9f20d898815ad733439381ac3f23d911777b75cfcba5e685cd2655d47aeea130ce9bfbd68c93d79fda8b9b80ea"}, 0x117) 954.293029ms ago: executing program 2 (id=5219): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001d00)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff9f0af0fff8fff7ff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b70500000000e000720a23fe000000008500000012000000b70000000000000095000000000000004e6258941c823b7505608556ba4ababb42684e890d31ae450400373a0a5447a801b8c1c4f0c4bd97c6555e61345400f9bd42abeb9ade0105000000000000a21902ff07000094a2b51c21df74924f5436a6ed89b98f75e800230c49c90fe1336481f3b92a63336c36fcd745d61d7739c6554ca201000000bebbe8282f8b1e26407437a397bf8f50e87ed4d27adfd876bffc402887781979461c4363bc5c9b6202ea471428197ef88bc333fbcec0ea4334f1ddb9d679ae95a90fd41d528f58d305000000435883df6c10ce86188c92292b2d0226082960be682836bdff8b0971f2a5405e453228e7b1005bd73479358a90df3e481947de6453736aa572158af6ea63d6d418fbbd2bba050000001da000ef78df03000000d19913a5fb03c79dac2e489f68127892658115e7ffb588a71dffffff951b8535167ab8069a2c92a3aa18e22517000026637b4c34bf2d0aa304ed42bf70480e9e97203fd169411f37fddd1f7fbe16dbbc0f307bceb5064f388a0350c3dc928b0e638b1e2b2a9d25264233e5d45eb377f56b95241024dbe30f67191c2b56b70328d6d3215dfffe5d89af1d10599bd494d921d1fb2db99b6aba0fa978f41eb1d4c553e5a9326ed550c13f8dd36716a899a1e79234294707c5312b924d142c17b20bb80ee202222c03fa84ccc374e717f694018630366397266090a82343aedfbf7afe892390c2eb775b0d16073da2229958db05de7df6ab7600004000010000006d8081cb3bf251d906c00da0e23b50465f8394820be571e3592d0000c7ef10fdc462e7040e7074ec43aa461fc54401a76406db718d4efd6c1bd10ce1d087cf9bba461162555a95524c84df0952d32093082b7aa71304e0d2d9ec310d1b676b378a5879e47941de1a28c3a8f400000000000000000e032b7d2badd0bc6617a859b7ac273b6304555f664469cec152030f06cc0ca1765838eb5590264736fbccfc3a8f4e3b10daf6a275daf5db2dac7096fe8ac8876acaad043663b3b0fedb05e6d31408fa20140c9d2db1c59ac8a3ce28e489d67d87d3a107ccea3007f58f2c5017e8807107f79ac50cc1d4f546b4443d137eb706b71b1767a10cca7a7c82b76c96e874aff249f36329a6526b354b6e674b08f7ef492b804c4b08fb10de807d79fd782027318cd7632e22d2faa16209272b39b5ec8d239832ea02cc88e249a2e77753a58987547571fbc8de747faab724bebb6401412b496e078fcb6c78ab447e871b76a8b0506f49594aa1d610567e14d739a60ff3ce04d0d2e5681e787c7e1ad25467bb81f2f440128207fe07a83759ec30cf9e0a3fd3f2fcee97fe8d273f8e712a8a64eaf2d89a1fa44554357fcd7ab531ff7a41c27164fca430a62d015b477de61853f5ee2e25b00a63642ec32ece2ff3bb5883deb895f52a923b5c744d8dccdd6a09ded8b90f1eeda8e6e884a4f090edb6ab9fc8107846508d51f3735493d5860cf80200ce31b92eb3563d485b5a7d192092d7a9fd2bc67d305d1d4573aad5f6501d1cd27657ce17330402dacb78d72d776330711645eed7d4c292f4448733c0826c4eb950f3d40457f82d7f792d106518f6bde874aff9e2bea7d73f74bebeeacfc700000000000000000000d40d73be47803297db004264c8c70b7761b22a7114a078a87d63d63b0c9dcc263a5b773bfeba212abef4181ad9e4872e328c0f105d51e3d167a2b717051d7681ba04552eeba18a000000b22b50d76d85040c9000ea68a528049a60d5e26b20455194f4be3b8466fd66d0e6cefcff7891c485d61cb66f4076cd60a22733cb00cf7cc12ca7d9bb864c0e650236a79a5c85349a9b1e6bbc3bace197e72490c566431cd3a08e9d1b641c1ba1f661d01573b904c3fa1427370fa15cecd294ac21fefe3d161fdf58e8bc5957ef145839f4370176e1be88d2e3516a1998c1621a00b4438b85a4dfee6f61827a1e50e158038b037dfda3ffb35069e41fc740ae720800de53948f176c3c15f3a529c02434b920d87f12a6e3420a2fdcb3559e7a5b1ddbb06b7a5977f63bfac701e673bf626d126b213c92e7169a930beb8d76f9db34e8098bea301baa96916d6458c923866dc192928b320738d1b298fb55f2a64500000000000000000000000000509885a38d9d995a46817e7ff7acddcc5f9253c63f86baf33f92820c9ff497cf76b6482c3ab53fb6ecea6d220b91b99b2fb4279ab09ae0645ab92df309000000000000a4868411948f8e3e259b717d722a1eebd3f6860a17f1ae9e10a1178f6aef4951b192d13e9600c1f700ca7b1d127e451034469bf2a8f93dbae6ad8e932e431dc18323794156238625bb9c45c5a76a68a8646e701b29a71ffbd854f50f195823106a5625ff94221f1f04c72525b50aae69081de9626de9847bf53475d90642d9730101d80b1b0000000000000000822b0641698d60160d9157548302dd2636d12c431f96728ae4a45361e6d47a1c4a52d67c0f0a62585c09fcfd70d0f249f87c44b47283c1c6f2430d70c751e4ada9b646e6e7c1719faee476d88a2943c71a21db55b7497dd7ed385ac2e8cb916390a3a0ed52e7371e1a141e69afa07b46ac20f3521fb251b72c82ee1c7eb4f67c0deed5618d0db925ce7a7c50a99835544c540f5d528587d1a26e78df1bc9a8e4d90c57d0b8122eae7b23e4456624f5337c16c42648c7a3d0b799ad409befe0cbe2aa781ba826918df7aa80dff4f62258e54419629eb1d37de7f6a3512bd618781d1ad3a4d4b0da44df9f9a93f0487f79a9b16dfa6f68b06ce6a96ca344d194cded05702c2300d1a4f451b33830765f8131f6c28fada65701851bba089b8a8347900e72d68cea965feb6a06225dd3f0e135323a5bde3b43c9d242b73abf9e05336af040a4a6bb5918146393f1d50705c1d1e986bf2f690de51ee8727d37339df5391db535bb1e9bb3e5dadb6e5a2bb4faa2dcbc6ca9b40ac96e448b9dadeb08fc2cf3a960f22bf20b9e967b7a75687372b8e3edc543896c360674d901a7f56b07ba1479b46eea3d94026a9c7e670ab40bb2c1ca1a7c90299361239bef773140af974c7efc285a64633d21513481b3ac62dec9fa3e8ce6156d76b82baa145bc550b0ccbc0934ccfea45292caa2f0654fe18dc0669a4f2af9fa232a293ad94261f55675cc686db72783a6bacc0df6a1ea943ae266af112f35319980cd681811a369e0d03cf7d22bed7cbe1afe498b88942b1bf7edae441a0d0d88fce65cb4e848793a28cbd7373f6acd3b5a48c034e487750388929d37fa3165f205dab3be5f3e5781a84298687cbf02dcaf0e14a2b260293f349d076eb75a2ddc5382d106f0beea02aa45018fe36d1176cf7704383b6922d10dc80bc7feca3982ae232d4bb47c722c83a7cf6ee8832f038b072eb803a47cd7f753e80c9f6eedb8"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1d4}, 0x48) 814.412441ms ago: executing program 2 (id=5220): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0xb, &(0x7f0000000140)=@framed={{}, [@printk={@x, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x62}}]}, &(0x7f0000000000)='syzkaller\x00', 0x9, 0xfe7, &(0x7f0000001e00)=""/4071, 0x0, 0x3000}, 0x90) 660.352807ms ago: executing program 2 (id=5221): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'netdevsim0\x00'}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'vlan0\x00'}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000d906734ae5b5c8a914776831c98cbe213635a5dd1029"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket(0xa, 0x1, 0x0) close(r5) socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000020c0)=[@in={0x2, 0x4e24, @remote}]}, &(0x7f0000002100)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x71, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000003c00)=0x90) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f0000000000), 0x8) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="07000000126bf3ecdd474e3b36c80a5a7bff41fa9ad95026bb0c9f01d4f7ac8c6c5be2650df0c57ed27ff8525aa4f474cf21a7ad91612ddb23d08290f330675e496f22f9815a3fc36a21169e36ba0323cccd3a50b57a346591b20ef95f6dffd96287b6c4aa3873c3e582254cc4", @ANYRES16=r4, @ANYBLOB="0004feffffff000000000600000008000300", @ANYRES32=r6, @ANYBLOB="0500530003000000"], 0x24}}, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) socket$l2tp(0x2, 0x2, 0x73) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_subtree(r8, &(0x7f0000000200), 0x2, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f00000001c0)='hugetlb.2MB.rsvd.failcnt\x00', 0x2, 0x0) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r10 = openat$cgroup_subtree(r9, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r10, &(0x7f0000000400)=ANY=[@ANYRES16=r7], 0x5) 656.466652ms ago: executing program 1 (id=5222): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab8000000060a0108000000000000000001006c080c00064000000000000000059800048030000180080001006f7366002400028008000340000000010800034000000001080001400000000305000200090000000c00018008000100636d7000100001800a00010072656469720000003400018011000100666c6f775f6f66666c6f6164000000001c0002800900010073797a31000000000900010073797a3200000000140001800e000100627974656f72646572000000400000000b0a00000000000000000000010000090c001040000000000000000208000640000000000900010073797a31000000000c001040000000000000000150010000000ad83e0000000000000000040000050900010073797a3100000000080002400000000047000600151e8201a6ffa3c664db5130056a75f655f2ebca81b0499da016a31b8eddc18e28bb21692b5df016eff74aace02e607378c53fef1ba1af17307de8552a25b5c41c91fe000900010073797a30000000000900010073797a30000000000900010073797a3000000000ba000600b9c45109944006bde84554193ef4313fd71923f3c17a19f47d3040a6a637de4e293e2629c4916c2289c3a97994252cdf5460499abcde197b1e64c46f17c2760cec97cb359fb2663fe2e78d708a1f5917f9ab1fabf06ef348958ab6493aa2a0cfea88997203801b9b2d0c074c20f7580bdbc83f3032cb76a06c68c3edd3dc8b16283f6756b542cb2e0bef1f9f8ca4ee771631cb120ddf83be3615b226ff32014a8440613d148f5af7abd7a11dca097df010e5823bcd3100007c000000020a030000000000000000000700000208000240000000000c00044000000000000000020900010073797a31000000000c00044000000000000000050900010073797a31000000000c00044000000000000000051b000600e2a8a64f971e83ed11ff58340d04750e7f27e0f7a27bf80008000240000000012c020000180a01020000000000000000010000020900020073797a30000000000900010073797a31000000000c00054000000000000000040900020073797a31000000000c000540000000000000000134000380080001400000000018000380140001006e696376663000000000000000000000080001400000000008000240000000060c000540000000000000000288010380b80003801400010070696d726567300000000000000000001400010073797a6b616c6c657231000000000000140001006772653000000000000000000000000014000100626f6e645f736c6176655f30000000001400010076657468315f766972745f776966690014000100677265746170300000000000000000001400010000000000000000000000000000000000140001006970365f767469300000000000000000140001006970366772653000000000000000000008000140000000002c0003801400010076657468305f766c616e00000000000014000100697036677265746170300000000000000800014000000000680003801400010069703665727370616e300000000000001400010076657468315f746f5f626174616476001400010063616966300000000000000000000000140001007866726d3000000000000000000000001400010076657468310000000000000000000000080001400000000008000240000000c40800024000000006080001400000000008000240fffffff808000740be412e8e2a3c38b55e000000000c000540000000000000000214000000"], 0x5a4}, 0x1, 0x0, 0x0, 0xc010}, 0x0) 656.225685ms ago: executing program 3 (id=5223): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="6110bb00000000006113740000000000bfa00000000000000700000008ffffffd503010017740040950000000000000069163a0000000000bf67000000000000350607000fff07201706200020190000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00'}, 0x48) 656.102035ms ago: executing program 4 (id=5224): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40800000000000073113c00000000008510001402000000b7000000001000009500c200000000009500001238000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70) 574.330793ms ago: executing program 1 (id=5225): r0 = socket$inet6_udp(0xa, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x7a05, 0x1700) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r2, 0x1, 0x200000010, &(0x7f0000000000)=0x7, 0x4) sendto$unix(r1, &(0x7f0000000080)="008e", 0x2, 0xd1, 0x0, 0x0) write$binfmt_elf32(r1, &(0x7f0000000200)=ANY=[], 0x1) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x40000041, 0x0, 0x96) recvfrom$unix(r2, 0x0, 0x0, 0x10102, 0x0, 0x0) socket(0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000001880)={'wg1\x00', 0x0}) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000280)={0x40, r6, 0xa29, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r5}, @WGDEVICE_A_PRIVATE_KEY={0x24}]}, 0x40}}, 0x0) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x40, r6, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r5}]}, 0x40}}, 0x0) epoll_create1(0x80000) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r7, &(0x7f0000000000), 0x182000) r8 = socket$pppl2tp(0x18, 0x1, 0x1) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@bloom_filter={0x1e, 0x0, 0x100008, 0x253}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001980)={r9, 0x0, &(0x7f00000018c0)=""/188}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="1800"/32], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80) connect$pppl2tp(r8, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, 0x26) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, &(0x7f0000000280)={'erspan0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x40, 0x80, 0x7, 0x3, {{0x19, 0x4, 0x0, 0x0, 0x64, 0x64, 0x0, 0x81, 0x4, 0x0, @private=0xa010100, @multicast1, {[@timestamp_addr={0x44, 0x24, 0x4d, 0x1, 0x0, [{@broadcast, 0x7}, {@empty, 0x1}, {@multicast2, 0xfffffc01}, {@multicast2, 0x2}]}, @timestamp_addr={0x44, 0x4, 0x74}, @end, @noop, @rr={0x7, 0x23, 0xc5, [@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @broadcast, @remote, @multicast2, @empty]}]}}}}}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000002c0)={{{@in6, @in=@dev}}, {{@in6=@private1}, 0x0, @in6=@private0}}, 0x0) connect$inet6(r0, &(0x7f0000000400)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmsg$NL80211_CMD_GET_POWER_SAVE(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000700)=ANY=[], 0x14}}, 0x0) 564.418329ms ago: executing program 3 (id=5226): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x801, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2008000}, 0x20000000) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000600)={0x14, 0x3, 0x2, 0x5}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4008000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x28, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0x5, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}]}]}, @ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x28}}, 0x0) socket$inet6(0xa, 0x5, 0xfffffff9) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r3, 0x300, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20044000}, 0x4000004) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r8 = accept4(r7, 0x0, 0x0, 0x0) sendmsg$alg(r8, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000dc0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r8, &(0x7f0000000880)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000140)=""/150, 0x96}], 0x1}}], 0x1, 0x0, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r8, 0x29, 0x2a, &(0x7f00000003c0)={0x7, {{0xa, 0x4e23, 0x5, @dev={0xfe, 0x80, '\x00', 0x25}, 0x800}}}, 0x88) sendmsg$SMC_PNETID_GET(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r6, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) connect$inet6(r4, &(0x7f0000000600)={0xa, 0x4e24, 0x1, @dev={0xfe, 0x80, '\x00', 0x30}, 0x4}, 0x1c) sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newlink={0x70, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r9, 0x4048b}, [@IFLA_LINKINFO={0x50, 0x12, 0x0, 0x1, @sit={{0x8}, {0x44, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FLAGS={0x6, 0x8, 0x3f}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e20}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0x800000f0}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x8}, @IFLA_IPTUN_TTL={0x5}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @dev}, @IFLA_IPTUN_TOS={0x5, 0x5, 0xc9}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e20}]}}}]}, 0x70}, 0x1, 0x0, 0x0, 0x4004}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r6, 0x89f8, &(0x7f0000000480)={'tunl0\x00', &(0x7f00000012c0)}) sendmmsg$inet(r4, &(0x7f00000008c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @remote}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r9, @empty, @empty}}}], 0x20}}], 0x1, 0x0) 480.510261ms ago: executing program 0 (id=5227): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000f00)=ANY=[@ANYBLOB="300000001800dd8d0000000000000000020000000003000900000000060015000a0000000c0005"], 0x30}}, 0x0) 480.206121ms ago: executing program 4 (id=5228): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000000)=0xb, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="24006c0014000105000000000000000010"], 0x24}}, 0x0) 414.213244ms ago: executing program 0 (id=5229): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000780)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendto$inet(r4, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0xf, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e22, @local}}}, &(0x7f0000000180)=0x9c) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_OFLAGS={0x6, 0x3, 0xff}]}}}]}, 0x40}}, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000940)={0x290, 0x0, 0x2, 0x3, 0x0, 0x0, {0x7, 0x0, 0x3}, [@CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x1}, @CTA_EXPECT_MASTER={0x78, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast1}}, {0x14, 0x4, @private1}}}]}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x2}, @CTA_EXPECT_ZONE={0x6}, @CTA_EXPECT_TUPLE={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_HELP_NAME={0xa, 0x6, 'H.245\x00'}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x2}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x2}, @CTA_EXPECT_NAT={0x1c4, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x94, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x19}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @empty}}, {0x14, 0x4, @private2}}}]}, @CTA_EXPECT_NAT_TUPLE={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x1a}}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2e}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x20, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @rand_addr=0x64010101}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_EXPECT_NAT_TUPLE={0xb8, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xab}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @private1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x20}}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @broadcast}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}]}, 0x290}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@delchain={0x24, 0x64, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0x4, 0xffff}}}, 0x24}}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r7 = socket$netlink(0x10, 0x3, 0x4) writev(r7, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c5602117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100070c100000000000224e0000", 0x58}], 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r7) r8 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r8, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r8, &(0x7f0000000600), 0xfec8) 384.150968ms ago: executing program 4 (id=5230): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000800)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="290300000000000000001600000008000300", @ANYRES32=r3], 0x1c}}, 0x0) 324.789275ms ago: executing program 1 (id=5231): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) (async, rerun: 64) r1 = socket$igmp(0x2, 0x3, 0x2) (rerun: 64) setsockopt$MRT_FLUSH(r1, 0x0, 0xd4, &(0x7f0000000000), 0x4) (async) syz_80211_inject_frame(0x0, 0x0, 0x52) (async, rerun: 32) syz_80211_inject_frame(0x0, 0x0, 0x0) (async, rerun: 32) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) (async, rerun: 64) listen(r2, 0x80080400) (rerun: 64) r3 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @remote}, 0x10) getsockopt$inet_int(r3, 0x10d, 0x84, &(0x7f0000000000), &(0x7f0000000080)=0x4) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) r4 = socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x0, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x4}, 0x48) (async, rerun: 32) bpf$MAP_CREATE(0x0, 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x10) r5 = socket(0x15, 0x5, 0x0) getsockopt$nfc_llcp(r5, 0x114, 0x271d, 0x0, 0x20000008) bpf$MAP_CREATE(0x0, 0x0, 0xfe75) (async) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000006000000000000000000009500000000000000"], &(0x7f0000000140)='syzkaller\x00'}, 0x90) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000180)='percpu_create_chunk\x00', r6}, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) (async) setsockopt$IP_VS_SO_SET_STARTDAEMON(r5, 0x0, 0x48c, &(0x7f0000000100)={0x70d67d6b5cd8e523, 'gre0\x00'}, 0x18) socket$inet_udplite(0x2, 0x2, 0x88) (async) socket(0x10, 0x6, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x14, 0x4, 0x4, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1}, 0x48) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b80)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32, @ANYBLOB="000000400000000010010c"], 0x270}}, 0x0) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000004a40)={0x6, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000001a000000000000000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r7}, 0x90) 220.50622ms ago: executing program 3 (id=5232): socket$kcm(0x11, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) socket$netlink(0x10, 0x3, 0xb) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x0) socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a0300000000001a000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) 169.197843ms ago: executing program 0 (id=5233): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x90) r1 = socket$netlink(0x10, 0x3, 0x9) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000017c0)=r0, 0x4) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="2e00480010008188040f80ec59acbc0413a1f848100000005e0c0000000000000e0021001400000002800000121f", 0x2e}], 0x1}, 0x0) 88.920007ms ago: executing program 1 (id=5234): syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)={0x24, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x1091}]}, 0x24}}, 0x4004040) (async) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x5c, 0x0, 0x20, 0x70bd28, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x9e7c, 0x76}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6f}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x15}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x4a}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xc}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x32}]}, 0x5c}}, 0x1) (async) socket$kcm(0x10, 0xe, 0x10) (async) socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="0401020028000b05d25a806f8c6394f90824fc600d00030004000100ff3582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) (async) socket$inet6_sctp(0xa, 0x0, 0x84) (async) socket$inet_smc(0x2b, 0x1, 0x0) (async) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x24, &(0x7f00000003c0)=0x3, 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=@newtaction={0x164, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x150, 0x1, [@m_ctinfo={0x14c, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x3f00}, @TCA_CTINFO_ACT={0x18, 0x3, {0x0, 0x0, 0x5}}]}, {0xf8, 0x6, "d4173c88cee8cf53bc11af82df742a88bf2a557044746332ee8286260210cd32a472c6978d66695a07d452a3b6e053af92c70862ff211c71e2a2bf0b77c5c59c687021ca32c47697424c4f11a399184f47e2c25d1f88403f9e11b04b482f082f5e1f9a60f4cc8a9a8fe056b7e6f2ab167f77e85180940e6f06866545cea86ad08389c52bb99320c42783b6725a52b79327fd05d5973474c5f30e5b0c18d9e330832f101bcb35b02147de3b4ab3275827fb219e4fb76b59e0d84f6b196cddd5f21632b78388e71531de8d396f993d3cda2a93f17f7e361bbf7f59a95ee86fa92e870b617aac2d69117f4bfee13a6560bacd4f516b"}, {0xc}, {0xc}}}]}]}, 0x164}}, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) (async) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) (async) socket$nl_xfrm(0x10, 0x3, 0x6) (async) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) (async) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) (async) bind$inet(0xffffffffffffffff, 0x0, 0x0) 498.624µs ago: executing program 4 (id=5235): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000001340), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={&(0x7f0000001740)={0x30, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_DOI={0x8}]}, 0x30}}, 0x0) 276.434µs ago: executing program 0 (id=5236): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="60000000020601010000000000000000000000001c0007800500140007000400080012400005000008000840000000120900020073797a300000002005000100070000000c000300686173683a697000050005000a000000050004"], 0x60}}, 0x0) 0s ago: executing program 3 (id=5237): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff00000000000000008500000091000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000000000000850000001000000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) kernel console output (not intermixed with test programs): '. [ 265.090924][T14803] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 265.104141][T14803] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 265.130500][T14803] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 265.263812][ T5098] Bluetooth: hci0: command tx timeout [ 265.444213][T14803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.540869][T14803] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.581722][ T5149] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.588932][ T5149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.641712][T14880] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.648937][T14880] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.813878][T15068] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3430'. [ 266.064825][T15088] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3435'. [ 266.258443][T14803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 266.338948][T15102] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3440'. [ 266.507566][T15115] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 266.575632][T15122] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3445'. [ 266.918459][T15143] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3447'. [ 266.955343][T15142] netlink: 'syz.0.3449': attribute type 4 has an invalid length. [ 267.011542][T15147] netlink: 'syz.0.3449': attribute type 4 has an invalid length. [ 267.026998][T15149] xt_l2tp: missing protocol rule (udp|l2tpip) [ 267.089371][T14803] veth0_vlan: entered promiscuous mode [ 267.158474][T14803] veth1_vlan: entered promiscuous mode [ 267.252131][T15155] bond3: (slave bridge0): Enslaving as an active interface with an up link [ 267.293395][T14803] veth0_macvtap: entered promiscuous mode [ 267.344317][ T5095] Bluetooth: hci0: command 0x0419 tx timeout [ 267.355910][T14803] veth1_macvtap: entered promiscuous mode [ 267.379308][T14803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.394790][T14803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.406441][T14803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.420090][T14803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.431543][T14803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.443480][T14803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.453754][T14803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.465624][T14803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.485454][T14803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 267.501974][T14803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.514838][T14803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.527520][T14803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.539827][T14803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.550789][T14803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.562443][T14803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.575348][T14803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 267.598934][T14803] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.610039][T14803] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.626634][T14803] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.639480][T14803] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.815016][T15179] delete_channel: no stack [ 267.861916][ T6472] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 267.895676][ T6472] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 267.999055][T10576] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.022779][T10576] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 268.081380][T15190] netlink: 'syz.1.3466': attribute type 6 has an invalid length. [ 268.228894][T15197] __nla_validate_parse: 2 callbacks suppressed [ 268.228914][T15197] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3348'. [ 268.266621][T15195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 268.383903][ T5103] Bluetooth: hci1: command 0x0406 tx timeout [ 268.390221][T15206] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 268.437588][T15207] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 268.460088][T15207] netlink: 264 bytes leftover after parsing attributes in process `syz.2.3467'. [ 268.475194][T15206] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 268.607988][T15217] netlink: 'syz.3.3474': attribute type 5 has an invalid length. [ 268.798871][T15222] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3477'. [ 269.432533][ T5098] Bluetooth: hci0: command 0x0419 tx timeout [ 269.647001][T15231] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3480'. [ 269.705612][T15240] tipc: Enabling of bearer rejected, failed to enable media [ 269.737249][T15236] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3481'. [ 269.784064][T15249] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3485'. [ 269.823150][T15247] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3483'. [ 269.863154][T15247] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3483'. [ 270.017465][T15258] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 270.114008][T15266] netlink: 468 bytes leftover after parsing attributes in process `syz.2.3490'. [ 270.120022][T15265] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 270.163527][T15265] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 270.289194][T15274] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3494'. [ 270.604613][T15282] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 271.180317][T15308] netlink: 'syz.0.3507': attribute type 11 has an invalid length. [ 271.461858][T15320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 271.526512][T15331] netlink: 'syz.3.3517': attribute type 2 has an invalid length. [ 271.582516][ T5103] Bluetooth: hci0: command 0x0419 tx timeout [ 271.590613][T15335] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 271.606015][T15335] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 271.635032][T15338] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 271.947206][T15358] vlan1: entered promiscuous mode [ 271.987924][T15360] netlink: 'syz.3.3526': attribute type 10 has an invalid length. [ 272.240916][T15372] netlink: 'syz.3.3532': attribute type 1 has an invalid length. [ 272.634844][T15391] netlink: 'syz.0.3539': attribute type 18 has an invalid length. [ 272.870622][T15399] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 272.951941][T15405] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 272.982377][T15405] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 273.180970][T15416] FAULT_INJECTION: forcing a failure. [ 273.180970][T15416] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 273.207639][T15416] CPU: 0 PID: 15416 Comm: syz.0.3549 Not tainted 6.10.0-rc6-syzkaller-01408-gce2f84ebcd85 #0 [ 273.217848][T15416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 273.227937][T15416] Call Trace: [ 273.231229][T15416] [ 273.234172][T15416] dump_stack_lvl+0x241/0x360 [ 273.238877][T15416] ? __pfx_dump_stack_lvl+0x10/0x10 [ 273.244106][T15416] ? __pfx__printk+0x10/0x10 [ 273.248728][T15416] ? __pfx_lock_release+0x10/0x10 [ 273.253874][T15416] should_fail_ex+0x3b0/0x4e0 [ 273.258665][T15416] _copy_from_user+0x2f/0xe0 [ 273.263267][T15416] copy_msghdr_from_user+0xae/0x680 [ 273.268467][T15416] ? __pfx___might_resched+0x10/0x10 [ 273.273755][T15416] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 273.279581][T15416] ? __might_fault+0xaa/0x120 [ 273.284261][T15416] __sys_sendmmsg+0x374/0x740 [ 273.288944][T15416] ? __pfx___sys_sendmmsg+0x10/0x10 [ 273.294163][T15416] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 273.300052][T15416] ? ksys_write+0x23e/0x2c0 [ 273.304555][T15416] ? __pfx_lock_release+0x10/0x10 [ 273.309583][T15416] ? vfs_write+0x7c4/0xc90 [ 273.313998][T15416] ? __mutex_unlock_slowpath+0x21d/0x750 [ 273.319676][T15416] ? __pfx_vfs_write+0x10/0x10 [ 273.324452][T15416] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 273.330423][T15416] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 273.336740][T15416] ? do_syscall_64+0x100/0x230 [ 273.341502][T15416] __x64_sys_sendmmsg+0xa0/0xb0 [ 273.346351][T15416] do_syscall_64+0xf3/0x230 [ 273.350848][T15416] ? clear_bhb_loop+0x35/0x90 [ 273.355520][T15416] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.361403][T15416] RIP: 0033:0x7f8819975bd9 [ 273.365938][T15416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.385549][T15416] RSP: 002b:00007f881a82c048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 273.393972][T15416] RAX: ffffffffffffffda RBX: 00007f8819b03f60 RCX: 00007f8819975bd9 [ 273.401957][T15416] RDX: 0000000000000299 RSI: 0000000020003dc0 RDI: 0000000000000004 [ 273.409927][T15416] RBP: 00007f881a82c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 273.417898][T15416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 273.425872][T15416] R13: 000000000000000b R14: 00007f8819b03f60 R15: 00007ffc78c45c98 [ 273.433866][T15416] [ 273.443256][T15418] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 273.458535][T15420] __nla_validate_parse: 12 callbacks suppressed [ 273.458552][T15420] netlink: 316 bytes leftover after parsing attributes in process `syz.1.3552'. [ 273.501891][T15420] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 273.524846][T15418] netlink: 'syz.2.3551': attribute type 1 has an invalid length. [ 273.535005][T15418] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3551'. [ 273.539961][T15423] SET target dimension over the limit! [ 273.651996][T15430] netlink: 'syz.0.3556': attribute type 9 has an invalid length. [ 273.850454][T15447] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3564'. [ 274.023817][T15466] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3569'. [ 274.047261][T15466] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3569'. [ 274.204523][T15478] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 274.211812][T15478] IPv6: NLM_F_CREATE should be set when creating new route [ 274.248009][T15484] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 274.352191][T15488] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 274.390584][T15488] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 274.411935][T15493] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3575'. [ 274.435217][T15492] netlink: 'syz.1.3576': attribute type 4 has an invalid length. [ 274.507562][T15492] netlink: 'syz.1.3576': attribute type 4 has an invalid length. [ 274.549511][T15492] netlink: 209840 bytes leftover after parsing attributes in process `syz.1.3576'. [ 274.592955][T15492] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3576'. [ 274.643945][T15492] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3576'. [ 274.850794][T15519] ip6t_rpfilter: unknown options [ 274.950406][T15531] netlink: 'syz.1.3588': attribute type 1 has an invalid length. [ 274.969833][T15531] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.3588'. [ 275.154310][T15539] netlink: zone id is out of range [ 275.167372][T15539] netlink: zone id is out of range [ 275.183753][T15539] netlink: zone id is out of range [ 275.198946][T15539] netlink: zone id is out of range [ 275.218684][T15539] netlink: zone id is out of range [ 275.254246][T15539] netlink: zone id is out of range [ 275.259402][T15539] netlink: zone id is out of range [ 275.323483][T15539] netlink: zone id is out of range [ 275.684233][T15564] team0: Port device macvlan9 added [ 275.746220][T15567] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 275.895631][T15573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 275.925988][T15573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 277.209937][T15637] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 277.316832][T15649] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 277.364241][T14875] wlan1: No basic rates, using min rate instead [ 277.374291][T15649] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 277.395754][T14875] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 277.427160][T14875] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 277.564361][ T11] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 277.624978][T15671] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 277.654806][T15671] batadv_slave_0: entered allmulticast mode [ 277.691732][T15675] netlink: 'syz.0.3635': attribute type 29 has an invalid length. [ 277.723057][ T11] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 277.756595][T15675] netlink: 'syz.0.3635': attribute type 29 has an invalid length. [ 277.807897][T15674] RDS: rds_bind could not find a transport for 2001::, load rds_tcp or rds_rdma? [ 277.874287][ T11] wlan1: authentication with 08:02:11:00:00:00 timed out [ 278.095511][T15689] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for erspan1 [ 278.599020][T15727] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 278.730039][T15737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 278.776773][T15737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 279.153204][T15759] bridge0: port 2(bridge_slave_1) entered disabled state [ 279.160923][T15759] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.221328][T15759] bridge0: port 2(bridge_slave_1) entered blocking state [ 279.228800][T15759] bridge0: port 2(bridge_slave_1) entered forwarding state [ 279.237699][T15759] bridge0: port 1(bridge_slave_0) entered blocking state [ 279.244971][T15759] bridge0: port 1(bridge_slave_0) entered forwarding state [ 279.301054][T15759] team0: Port device bridge0 added [ 279.326538][T15762] bridge_slave_1: left allmulticast mode [ 279.360669][T15762] bridge_slave_1: left promiscuous mode [ 279.394331][T15762] bridge0: port 2(bridge_slave_1) entered disabled state [ 279.417107][T15762] bridge_slave_0: left allmulticast mode [ 279.425782][T15762] bridge_slave_0: left promiscuous mode [ 279.431730][T15762] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.488360][T15762] team0: Port device bridge0 removed [ 279.539766][T15777] netlink: 'syz.2.3668': attribute type 5 has an invalid length. [ 279.765948][T15788] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 279.803660][T15788] __nla_validate_parse: 10 callbacks suppressed [ 279.803680][T15788] netlink: 264 bytes leftover after parsing attributes in process `syz.4.3673'. [ 279.869868][T15793] xt_policy: output policy not valid in PREROUTING and INPUT [ 281.385813][T15842] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3690'. [ 281.472609][T15848] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3692'. [ 281.759273][T15862] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3698'. [ 281.816120][T15868] net_ratelimit: 146 callbacks suppressed [ 281.816140][T15868] team_slave_1: mtu less than device minimum [ 281.941555][T15873] netlink: 468 bytes leftover after parsing attributes in process `syz.1.3703'. [ 281.959951][T15873] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3703'. [ 281.964343][T15877] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3704'. [ 282.182261][T15888] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3709'. [ 282.195814][T15891] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3711'. [ 282.212681][T15888] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3709'. [ 282.410578][T15898] geneve2: entered promiscuous mode [ 282.586218][T15914] pim6reg: entered allmulticast mode [ 282.762334][T15910] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 282.777658][T15910] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.891606][T15910] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 282.910003][T15910] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.934237][T15931] netlink: 'syz.2.3724': attribute type 2 has an invalid length. [ 283.039780][T15910] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 283.061714][T15910] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.210234][T15910] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 283.234590][T15910] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.263736][T15945] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 283.361505][T15910] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 283.377619][T15910] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.413352][T15910] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 283.421702][T15910] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.453586][T15910] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 283.462089][T15910] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.482238][T15910] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 283.504790][T15910] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.755444][T15966] netlink: 'syz.1.3736': attribute type 1 has an invalid length. [ 283.948058][T15980] ip6gretap0: entered promiscuous mode [ 283.973340][T15980] macsec2: entered promiscuous mode [ 283.978733][T15980] macsec2: entered allmulticast mode [ 283.999790][T15980] ip6gretap0: entered allmulticast mode [ 284.010482][T15980] ip6gretap0: left allmulticast mode [ 284.022909][T15980] ip6gretap0: left promiscuous mode [ 284.105653][T15991] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 284.232922][T15991] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 284.276126][T15991] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 284.318676][ T5149] wlan1: No basic rates, using min rate instead [ 284.334895][ T5149] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 284.355184][ T5149] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 284.472616][ T2463] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 284.506095][T16020] FAULT_INJECTION: forcing a failure. [ 284.506095][T16020] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 284.526066][T16020] CPU: 1 PID: 16020 Comm: syz.1.3756 Not tainted 6.10.0-rc6-syzkaller-01408-gce2f84ebcd85 #0 [ 284.536244][T16020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 284.546338][T16020] Call Trace: [ 284.549636][T16020] [ 284.552578][T16020] dump_stack_lvl+0x241/0x360 [ 284.557299][T16020] ? __pfx_dump_stack_lvl+0x10/0x10 [ 284.562566][T16020] ? __pfx__printk+0x10/0x10 [ 284.567179][T16020] ? __pfx_lock_release+0x10/0x10 [ 284.572224][T16020] should_fail_ex+0x3b0/0x4e0 [ 284.576944][T16020] _copy_from_user+0x2f/0xe0 [ 284.581541][T16020] copy_msghdr_from_user+0xae/0x680 [ 284.586748][T16020] ? __pfx___might_resched+0x10/0x10 [ 284.592041][T16020] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 284.597862][T16020] ? __might_fault+0xaa/0x120 [ 284.602543][T16020] __sys_sendmmsg+0x374/0x740 [ 284.607240][T16020] ? __pfx___sys_sendmmsg+0x10/0x10 [ 284.612474][T16020] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 284.618386][T16020] ? ksys_write+0x23e/0x2c0 [ 284.622897][T16020] ? __pfx_lock_release+0x10/0x10 [ 284.627957][T16020] ? vfs_write+0x7c4/0xc90 [ 284.632383][T16020] ? __mutex_unlock_slowpath+0x21d/0x750 [ 284.638052][T16020] ? __pfx_vfs_write+0x10/0x10 [ 284.642845][T16020] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 284.648833][T16020] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 284.655242][T16020] ? do_syscall_64+0x100/0x230 [ 284.660005][T16020] __x64_sys_sendmmsg+0xa0/0xb0 [ 284.664974][T16020] do_syscall_64+0xf3/0x230 [ 284.669476][T16020] ? clear_bhb_loop+0x35/0x90 [ 284.674159][T16020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.680044][T16020] RIP: 0033:0x7fd686375bd9 [ 284.684450][T16020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.704246][T16020] RSP: 002b:00007fd687084048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 284.712661][T16020] RAX: ffffffffffffffda RBX: 00007fd686503f60 RCX: 00007fd686375bd9 [ 284.720624][T16020] RDX: 0000000000000299 RSI: 0000000020003dc0 RDI: 0000000000000004 [ 284.728587][T16020] RBP: 00007fd6870840a0 R08: 0000000000000000 R09: 0000000000000000 [ 284.736551][T16020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 284.744512][T16020] R13: 000000000000000b R14: 00007fd686503f60 R15: 00007fff4feb4248 [ 284.752496][T16020] [ 284.759591][T10576] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 284.816700][T16023] __nla_validate_parse: 11 callbacks suppressed [ 284.816715][T16023] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3757'. [ 284.873083][ T2475] wlan1: authentication with 08:02:11:00:00:00 timed out [ 284.938927][T16025] dccp_v6_rcv: dropped packet with invalid checksum [ 285.044798][T16027] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 285.093500][T16027] netlink: 'syz.1.3759': attribute type 1 has an invalid length. [ 285.120296][T16027] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3759'. [ 285.128013][T16029] openvswitch: netlink: Missing key (keys=40, expected=100) [ 285.199933][T16031] SET target dimension over the limit! [ 285.211080][T16033] netlink: 316 bytes leftover after parsing attributes in process `syz.0.3762'. [ 285.254919][T16033] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 285.407456][T16042] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3767'. [ 285.421906][T16045] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3768'. [ 285.445802][T16047] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3769'. [ 285.490054][T16051] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3771'. [ 285.806773][T16065] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3774'. [ 285.834599][T16065] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3774'. [ 286.279889][T16105] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3787'. [ 286.417715][T16115] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 286.593863][T16115] vlan3: entered allmulticast mode [ 286.631746][T16115] mac80211_hwsim hwsim14 wlan1: entered allmulticast mode [ 286.669838][T16115] mac80211_hwsim hwsim14 wlan1: left allmulticast mode [ 286.972970][T16149] netlink: zone id is out of range [ 286.991947][T16149] netlink: zone id is out of range [ 287.019872][T16149] netlink: zone id is out of range [ 287.024170][T16156] netlink: 'syz.1.3799': attribute type 1 has an invalid length. [ 287.059952][T16149] netlink: zone id is out of range [ 287.068812][T16143] openvswitch: netlink: nsh attr 2048 is out of range max 3 [ 287.096462][T16149] netlink: zone id is out of range [ 287.114317][T16149] netlink: zone id is out of range [ 287.139917][T16149] netlink: zone id is out of range [ 287.154505][T16149] netlink: zone id is out of range [ 287.196069][T16149] netlink: zone id is out of range [ 287.274105][T16170] team0: Port device macvlan5 added [ 287.549043][T16190] netlink: 'syz.4.3813': attribute type 17 has an invalid length. [ 287.580280][T16190] IPv6: sit1: Disabled Multicast RS [ 287.607679][T16190] netlink: 'syz.4.3813': attribute type 17 has an invalid length. [ 287.936334][T16214] xt_TCPMSS: Only works on TCP SYN packets [ 289.126034][T16289] mac80211_hwsim hwsim8 wlan1: entered promiscuous mode [ 289.144155][T16289] team0: Port device wlan1 added [ 289.300177][T16299] FAULT_INJECTION: forcing a failure. [ 289.300177][T16299] name failslab, interval 1, probability 0, space 0, times 0 [ 289.324383][T16299] CPU: 1 PID: 16299 Comm: syz.4.3846 Not tainted 6.10.0-rc6-syzkaller-01408-gce2f84ebcd85 #0 [ 289.334589][T16299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 289.344669][T16299] Call Trace: [ 289.347968][T16299] [ 289.350915][T16299] dump_stack_lvl+0x241/0x360 [ 289.355618][T16299] ? __pfx_dump_stack_lvl+0x10/0x10 [ 289.360839][T16299] ? __pfx__printk+0x10/0x10 [ 289.365459][T16299] ? ref_tracker_alloc+0x332/0x490 [ 289.370596][T16299] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 289.376080][T16299] should_fail_ex+0x3b0/0x4e0 [ 289.380787][T16299] ? skb_clone+0x20c/0x390 [ 289.385223][T16299] should_failslab+0x9/0x20 [ 289.389743][T16299] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 289.395135][T16299] skb_clone+0x20c/0x390 [ 289.399403][T16299] __netlink_deliver_tap+0x3cc/0x7c0 [ 289.404723][T16299] ? netlink_deliver_tap+0x2e/0x1b0 [ 289.409940][T16299] netlink_deliver_tap+0x19d/0x1b0 [ 289.415070][T16299] __netlink_sendskb+0x60/0xd0 [ 289.419864][T16299] netlink_dump+0x97d/0xd80 [ 289.424399][T16299] ? __pfx_netlink_dump+0x10/0x10 [ 289.429474][T16299] __netlink_dump_start+0x59f/0x780 [ 289.434705][T16299] vsock_diag_handler_dump+0x1a4/0x240 [ 289.440191][T16299] ? __pfx_vsock_diag_handler_dump+0x10/0x10 [ 289.446192][T16299] ? __pfx_vsock_diag_dump+0x10/0x10 [ 289.451511][T16299] ? sock_diag_lock_handler+0x19/0x280 [ 289.456993][T16299] ? __pfx_vsock_diag_handler_dump+0x10/0x10 [ 289.462996][T16299] sock_diag_rcv_msg+0x3dc/0x5f0 [ 289.467964][T16299] netlink_rcv_skb+0x1e3/0x430 [ 289.472753][T16299] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 289.478244][T16299] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 289.483622][T16299] ? netlink_deliver_tap+0x2e/0x1b0 [ 289.488854][T16299] netlink_unicast+0x7f0/0x990 [ 289.493648][T16299] ? __pfx_netlink_unicast+0x10/0x10 [ 289.498952][T16299] ? __virt_addr_valid+0x183/0x520 [ 289.504090][T16299] ? __check_object_size+0x49c/0x900 [ 289.509380][T16299] ? bpf_lsm_netlink_send+0x9/0x10 [ 289.514502][T16299] netlink_sendmsg+0x8e4/0xcb0 [ 289.519297][T16299] ? __pfx_netlink_sendmsg+0x10/0x10 [ 289.524579][T16299] ? __import_iovec+0x536/0x820 [ 289.529420][T16299] ? aa_sock_msg_perm+0x91/0x160 [ 289.534352][T16299] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 289.539623][T16299] ? security_socket_sendmsg+0x87/0xb0 [ 289.545085][T16299] ? __pfx_netlink_sendmsg+0x10/0x10 [ 289.550378][T16299] __sock_sendmsg+0x221/0x270 [ 289.555074][T16299] ____sys_sendmsg+0x525/0x7d0 [ 289.559848][T16299] ? __pfx_____sys_sendmsg+0x10/0x10 [ 289.565152][T16299] __sys_sendmsg+0x2b0/0x3a0 [ 289.569757][T16299] ? __pfx___sys_sendmsg+0x10/0x10 [ 289.574865][T16299] ? vfs_write+0x7c4/0xc90 [ 289.579325][T16299] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 289.585654][T16299] ? do_syscall_64+0x100/0x230 [ 289.590413][T16299] ? do_syscall_64+0xb6/0x230 [ 289.595082][T16299] do_syscall_64+0xf3/0x230 [ 289.599577][T16299] ? clear_bhb_loop+0x35/0x90 [ 289.604260][T16299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.610187][T16299] RIP: 0033:0x7fbdae375bd9 [ 289.614601][T16299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.634225][T16299] RSP: 002b:00007fbdaf0ef048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 289.642663][T16299] RAX: ffffffffffffffda RBX: 00007fbdae503f60 RCX: 00007fbdae375bd9 [ 289.650649][T16299] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000009 [ 289.658764][T16299] RBP: 00007fbdaf0ef0a0 R08: 0000000000000000 R09: 0000000000000000 [ 289.666732][T16299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 289.674702][T16299] R13: 000000000000000b R14: 00007fbdae503f60 R15: 00007ffe68fb11a8 [ 289.682708][T16299] [ 289.835368][T16326] IPv6: sit1: Disabled Multicast RS [ 289.959554][T16340] __nla_validate_parse: 10 callbacks suppressed [ 289.959573][T16340] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3855'. [ 290.199007][T16357] netlink: 'syz.1.3867': attribute type 5 has an invalid length. [ 290.336168][T16365] bond3: (slave bridge0): Releasing backup interface [ 290.371931][T16365] bridge0: entered promiscuous mode [ 290.413257][T16365] team0: Port device bridge0 added [ 290.477654][T16372] team0: Port device bridge0 removed [ 290.661644][T16383] xt_l2tp: missing protocol rule (udp|l2tpip) [ 290.917909][T16400] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3883'. [ 291.122123][T16413] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3888'. [ 291.272311][T16421] netlink: 468 bytes leftover after parsing attributes in process `syz.3.3892'. [ 291.292987][T16422] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3891'. [ 291.302264][T16421] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3892'. [ 291.447129][T16429] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3895'. [ 291.468487][T16429] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3895'. [ 291.473517][T16433] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3896'. [ 291.571494][T16437] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3898'. [ 292.114480][T16471] IPVS: Unknown mcast interface: vcan0 [ 292.133111][T16474] net_ratelimit: 146 callbacks suppressed [ 292.133131][T16474] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 292.733695][T16513] openvswitch: netlink: Tunnel attr 8192 out of range max 16 [ 292.875241][T16524] FAULT_INJECTION: forcing a failure. [ 292.875241][T16524] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 292.903275][T16521] SET target dimension over the limit! [ 292.921724][T16524] CPU: 0 PID: 16524 Comm: syz.4.3931 Not tainted 6.10.0-rc6-syzkaller-01408-gce2f84ebcd85 #0 [ 292.931919][T16524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 292.941988][T16524] Call Trace: [ 292.945283][T16524] [ 292.948229][T16524] dump_stack_lvl+0x241/0x360 [ 292.952970][T16524] ? __pfx_dump_stack_lvl+0x10/0x10 [ 292.955366][T16521] tipc: Started in network mode [ 292.958169][T16524] ? __pfx__printk+0x10/0x10 [ 292.958198][T16524] ? __pfx_lock_release+0x10/0x10 [ 292.972666][T16524] should_fail_ex+0x3b0/0x4e0 [ 292.977381][T16524] _copy_from_user+0x2f/0xe0 [ 292.980714][T16521] tipc: Node identity ac1414aa, cluster identity 4711 [ 292.981972][T16524] copy_msghdr_from_user+0xae/0x680 [ 292.981999][T16524] ? __pfx___might_resched+0x10/0x10 [ 292.999237][T16524] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 293.005074][T16524] ? __might_fault+0xaa/0x120 [ 293.008290][T16521] tipc: Enabled bearer , priority 10 [ 293.009756][T16524] __sys_sendmmsg+0x374/0x740 [ 293.020612][T16524] ? __pfx___sys_sendmmsg+0x10/0x10 [ 293.025873][T16524] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 293.031821][T16524] ? ksys_write+0x23e/0x2c0 [ 293.036345][T16524] ? __pfx_lock_release+0x10/0x10 [ 293.041397][T16524] ? vfs_write+0x7c4/0xc90 [ 293.045839][T16524] ? __mutex_unlock_slowpath+0x21d/0x750 [ 293.051500][T16524] ? __pfx_vfs_write+0x10/0x10 [ 293.056308][T16524] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 293.062320][T16524] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 293.068671][T16524] ? do_syscall_64+0x100/0x230 [ 293.073468][T16524] __x64_sys_sendmmsg+0xa0/0xb0 [ 293.075372][T16539] SET target dimension over the limit! [ 293.078371][T16524] do_syscall_64+0xf3/0x230 [ 293.078400][T16524] ? clear_bhb_loop+0x35/0x90 [ 293.078426][T16524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.099055][T16524] RIP: 0033:0x7fbdae375bd9 [ 293.103487][T16524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 293.123109][T16524] RSP: 002b:00007fbdaf0ef048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 293.131549][T16524] RAX: ffffffffffffffda RBX: 00007fbdae503f60 RCX: 00007fbdae375bd9 [ 293.139540][T16524] RDX: 0000000000000299 RSI: 0000000020003dc0 RDI: 0000000000000004 [ 293.147530][T16524] RBP: 00007fbdaf0ef0a0 R08: 0000000000000000 R09: 0000000000000000 [ 293.155493][T16524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 293.163459][T16524] R13: 000000000000000b R14: 00007fbdae503f60 R15: 00007ffe68fb11a8 [ 293.171433][T16524] [ 293.357091][T16552] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 293.602215][T16562] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 293.987397][T14875] tipc: Node number set to 2886997162 [ 294.522818][T16609] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 294.724143][T16626] netlink: 'syz.2.3963': attribute type 1 has an invalid length. [ 294.871955][T16633] team0: Port device macvlan10 added [ 295.020749][T16645] x_tables: ip_tables: ah match: only valid for protocol 51 [ 295.283619][T16666] __nla_validate_parse: 26 callbacks suppressed [ 295.283639][T16666] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3973'. [ 295.566121][T16677] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3980'. [ 295.602734][T16677] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3980'. [ 295.648480][T16681] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3981'. [ 296.673780][T16698] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 296.911762][T16744] wg2: entered promiscuous mode [ 296.931040][T16744] wg2: entered allmulticast mode [ 297.991854][T16815] Bluetooth: MGMT ver 1.22 [ 298.066948][T16767] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 298.701808][T16849] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4050'. [ 299.253816][T16881] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4064'. [ 299.374993][T16885] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 299.705048][T16906] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4076'. [ 300.143162][ T5103] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 300.238515][T16932] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4083'. [ 300.366376][T16935] netlink: 'syz.4.4084': attribute type 10 has an invalid length. [ 300.449391][T16935] batman_adv: batadv0: Adding interface: team0 [ 300.463276][T16935] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 300.489879][T16935] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 300.500690][T16938] netlink: 'syz.4.4084': attribute type 10 has an invalid length. [ 300.511379][T16938] netlink: 2 bytes leftover after parsing attributes in process `syz.4.4084'. [ 300.520936][T16938] team0: entered promiscuous mode [ 300.527344][T16938] team_slave_0: entered promiscuous mode [ 300.534536][T16938] team_slave_1: entered promiscuous mode [ 300.550987][T16938] 8021q: adding VLAN 0 to HW filter on device team0 [ 300.558068][T16938] batman_adv: batadv0: Interface activated: team0 [ 300.565334][T16938] batman_adv: batadv0: Interface deactivated: team0 [ 300.571947][T16938] batman_adv: batadv0: Removing interface: team0 [ 300.619258][T16939] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 300.846410][T16948] tipc: Started in network mode [ 300.851431][T16948] tipc: Node identity 152e5aaf, cluster identity 9 [ 300.882738][T16948] tipc: Node number set to 355359407 [ 300.911217][T16950] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4090'. [ 301.017697][T16960] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4090'. [ 301.569386][T16992] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4106'. [ 301.682711][T17000] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4109'. [ 301.726307][T17000] netlink: 112 bytes leftover after parsing attributes in process `syz.3.4109'. [ 301.756039][T17000] vlan0: entered allmulticast mode [ 301.771052][T17000] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 302.648943][T17057] netlink: 'syz.2.4135': attribute type 1 has an invalid length. [ 302.757842][T17064] tipc: Cannot configure node identity twice [ 302.905512][T17076] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 303.001566][T17082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 303.040126][T17082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 303.478083][T17111] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4156'. [ 303.524086][T17114] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4157'. [ 303.534616][T17113] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4157'. [ 303.607929][T17116] FAULT_INJECTION: forcing a failure. [ 303.607929][T17116] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 303.672926][T17116] CPU: 0 PID: 17116 Comm: syz.2.4158 Not tainted 6.10.0-rc6-syzkaller-01408-gce2f84ebcd85 #0 [ 303.683134][T17116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 303.693188][T17116] Call Trace: [ 303.696460][T17116] [ 303.699398][T17116] dump_stack_lvl+0x241/0x360 [ 303.704086][T17116] ? __pfx_dump_stack_lvl+0x10/0x10 [ 303.709282][T17116] ? __pfx__printk+0x10/0x10 [ 303.713902][T17116] ? snprintf+0xda/0x120 [ 303.718146][T17116] should_fail_ex+0x3b0/0x4e0 [ 303.722838][T17116] _copy_to_user+0x2f/0xb0 [ 303.727258][T17116] simple_read_from_buffer+0xca/0x150 [ 303.732639][T17116] proc_fail_nth_read+0x1e9/0x250 [ 303.737683][T17116] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 303.743227][T17116] ? rw_verify_area+0x520/0x6b0 [ 303.748072][T17116] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 303.753616][T17116] vfs_read+0x204/0xbc0 [ 303.757769][T17116] ? __pfx_lock_release+0x10/0x10 [ 303.762794][T17116] ? __pfx_vfs_read+0x10/0x10 [ 303.767469][T17116] ? __fget_files+0x29/0x470 [ 303.772052][T17116] ? __fget_files+0x3f6/0x470 [ 303.776736][T17116] ksys_read+0x1a0/0x2c0 [ 303.780975][T17116] ? __pfx_ksys_read+0x10/0x10 [ 303.785732][T17116] ? do_syscall_64+0x100/0x230 [ 303.790491][T17116] ? do_syscall_64+0xb6/0x230 [ 303.795161][T17116] do_syscall_64+0xf3/0x230 [ 303.799658][T17116] ? clear_bhb_loop+0x35/0x90 [ 303.804331][T17116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.810213][T17116] RIP: 0033:0x7f6a041746bc [ 303.814654][T17116] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 303.834339][T17116] RSP: 002b:00007f6a03bff040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 303.842762][T17116] RAX: ffffffffffffffda RBX: 00007f6a04303f60 RCX: 00007f6a041746bc [ 303.850754][T17116] RDX: 000000000000000f RSI: 00007f6a03bff0b0 RDI: 000000000000000a [ 303.858732][T17116] RBP: 00007f6a03bff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 303.866718][T17116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 303.874688][T17116] R13: 000000000000000b R14: 00007f6a04303f60 R15: 00007ffdf25870a8 [ 303.882679][T17116] [ 303.927985][T17121] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4159'. [ 304.248673][T17144] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 304.384436][T17158] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 304.392688][T17157] netlink: 'syz.3.4172': attribute type 2 has an invalid length. [ 304.426863][T17157] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 304.430070][T17158] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 304.528128][T17168] netlink: 'syz.0.4175': attribute type 5 has an invalid length. [ 305.233829][T17211] xt_l2tp: missing protocol rule (udp|l2tpip) [ 305.483976][T17223] RDS: rds_bind could not find a transport for 2001::, load rds_tcp or rds_rdma? [ 305.489761][T17221] gretap0: entered promiscuous mode [ 305.503222][T17221] gretap0: left promiscuous mode [ 305.656829][T17233] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 305.695548][T17233] __nla_validate_parse: 5 callbacks suppressed [ 305.695568][T17233] netlink: 264 bytes leftover after parsing attributes in process `syz.0.4200'. [ 305.706873][T17237] netlink: 'syz.4.4201': attribute type 10 has an invalid length. [ 305.741235][T17239] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4202'. [ 305.778785][T17237] team0: Device ipvlan1 failed to register rx_handler [ 305.918955][T17252] netlink: 468 bytes leftover after parsing attributes in process `syz.2.4204'. [ 305.976014][T17255] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4206'. [ 305.987211][T17258] IPv6: sit2: Disabled Multicast RS [ 306.254674][T17275] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4208'. [ 306.364220][T17267] ebt_among: src integrity fail: 30a [ 306.424212][T17271] gretap0: entered promiscuous mode [ 306.454416][T17271] gretap0: left promiscuous mode [ 306.575889][T17292] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4216'. [ 306.579948][T17293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4215'. [ 306.683827][T17293] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4215'. [ 306.754012][T17300] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4217'. [ 306.784322][T17300] IPVS: Error joining to the multicast group [ 306.964031][T17316] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4222'. [ 307.142287][T17331] SET target dimension over the limit! [ 307.334568][T17340] netlink: 'syz.0.4232': attribute type 1 has an invalid length. [ 307.347162][T17340] netlink: 'syz.0.4232': attribute type 2 has an invalid length. [ 307.611510][T17359] netlink: 'syz.3.4239': attribute type 13 has an invalid length. [ 307.634595][T17361] netlink: 'syz.2.4240': attribute type 1 has an invalid length. [ 307.635413][T17359] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 308.203235][T17395] gretap0: entered promiscuous mode [ 308.215118][T17395] gretap0: left promiscuous mode [ 308.261933][T17391] netlink: 'syz.0.4247': attribute type 1 has an invalid length. [ 308.271417][T17391] netlink: 'syz.0.4247': attribute type 1 has an invalid length. [ 308.546796][T17415] netlink: 'syz.1.4257': attribute type 1 has an invalid length. [ 308.938966][T17437] SET target dimension over the limit! [ 309.034788][T17444] FAULT_INJECTION: forcing a failure. [ 309.034788][T17444] name failslab, interval 1, probability 0, space 0, times 0 [ 309.075230][T17444] CPU: 0 PID: 17444 Comm: syz.4.4269 Not tainted 6.10.0-rc6-syzkaller-01408-gce2f84ebcd85 #0 [ 309.085442][T17444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 309.095516][T17444] Call Trace: [ 309.098813][T17444] [ 309.101757][T17444] dump_stack_lvl+0x241/0x360 [ 309.106461][T17444] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.111677][T17444] ? __pfx__printk+0x10/0x10 [ 309.116295][T17444] should_fail_ex+0x3b0/0x4e0 [ 309.121006][T17444] ? __alloc_skb+0x1c3/0x440 [ 309.125621][T17444] should_failslab+0x9/0x20 [ 309.130138][T17444] kmem_cache_alloc_node_noprof+0x71/0x320 [ 309.135959][T17444] ? aa_label_sk_perm+0x4f0/0x6d0 [ 309.140983][T17444] __alloc_skb+0x1c3/0x440 [ 309.145398][T17444] ? __pfx___alloc_skb+0x10/0x10 [ 309.150333][T17444] pfkey_sendmsg+0x1da/0x1050 [ 309.155003][T17444] ? __pfx___might_resched+0x10/0x10 [ 309.160288][T17444] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 309.165391][T17444] ? aa_sk_perm+0x967/0xab0 [ 309.169898][T17444] ? __pfx_aa_sk_perm+0x10/0x10 [ 309.174741][T17444] ? __might_fault+0xaa/0x120 [ 309.179408][T17444] ? __pfx_lock_release+0x10/0x10 [ 309.184425][T17444] ? __import_iovec+0x536/0x820 [ 309.189267][T17444] ? aa_sock_msg_perm+0x91/0x160 [ 309.194212][T17444] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 309.199487][T17444] ? security_socket_sendmsg+0x87/0xb0 [ 309.204935][T17444] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 309.210032][T17444] __sock_sendmsg+0x221/0x270 [ 309.214705][T17444] ____sys_sendmsg+0x525/0x7d0 [ 309.219469][T17444] ? __pfx_____sys_sendmsg+0x10/0x10 [ 309.224759][T17444] __sys_sendmsg+0x2b0/0x3a0 [ 309.229428][T17444] ? __pfx___sys_sendmsg+0x10/0x10 [ 309.234531][T17444] ? vfs_write+0x7c4/0xc90 [ 309.238965][T17444] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 309.245282][T17444] ? do_syscall_64+0x100/0x230 [ 309.250036][T17444] ? do_syscall_64+0xb6/0x230 [ 309.254702][T17444] do_syscall_64+0xf3/0x230 [ 309.259192][T17444] ? clear_bhb_loop+0x35/0x90 [ 309.263862][T17444] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.269743][T17444] RIP: 0033:0x7fbdae375bd9 [ 309.274145][T17444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.293744][T17444] RSP: 002b:00007fbdaf0ef048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 309.302147][T17444] RAX: ffffffffffffffda RBX: 00007fbdae503f60 RCX: 00007fbdae375bd9 [ 309.310107][T17444] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 309.318074][T17444] RBP: 00007fbdaf0ef0a0 R08: 0000000000000000 R09: 0000000000000000 [ 309.326032][T17444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 309.333991][T17444] R13: 000000000000000b R14: 00007fbdae503f60 R15: 00007ffe68fb11a8 [ 309.341960][T17444] [ 309.664403][T17471] netlink: 'syz.3.4278': attribute type 3 has an invalid length. [ 309.701628][T17476] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0 [ 309.838337][T17481] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 310.019378][T17496] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 310.074383][T17496] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 310.319557][T17514] macvlan10: entered promiscuous mode [ 310.325849][T17514] vlan1: entered promiscuous mode [ 310.344669][T17514] team0: Port device macvlan10 added [ 310.362227][T17522] x_tables: duplicate underflow at hook 1 [ 310.447333][T17527] netlink: 'syz.3.4297': attribute type 30 has an invalid length. [ 310.775041][T17537] RDS: rds_bind could not find a transport for 2001::, load rds_tcp or rds_rdma? [ 310.954717][T17550] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 310.962278][T17550] __nla_validate_parse: 18 callbacks suppressed [ 310.962295][T17550] netlink: 264 bytes leftover after parsing attributes in process `syz.1.4306'. [ 310.980574][T17548] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4305'. [ 311.291145][T17557] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4308'. [ 311.334296][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 311.340790][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.348761][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.356648][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.364659][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.372523][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.380547][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.388412][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.396358][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.404230][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.412147][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.420031][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.428086][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.436053][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.444027][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.451857][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.459827][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.467696][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.475751][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.483621][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.491549][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.499432][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.507419][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.515291][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.523393][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.531218][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.539177][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.547046][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.555025][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.562916][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.570851][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.578731][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.586713][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.595076][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.603049][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.610885][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.618868][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.626737][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.634711][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.642582][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.650520][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.658407][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.666395][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.674331][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.682293][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.690174][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.698208][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.706121][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.716807][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.724732][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.732700][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.740546][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.748540][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.756409][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.764391][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.772281][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.780258][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.788143][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.796197][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.804138][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.812049][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.819911][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.828030][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.835899][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.843873][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.851702][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.859664][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.867523][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.875585][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.883490][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.891423][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.899297][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.907402][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.915276][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.923278][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.931134][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.939072][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.946938][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.954917][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.962799][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 311.970760][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 311.978643][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 312.174978][T17572] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4313'. [ 312.241964][T17579] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4317'. [ 312.446722][T17593] netlink: 80 bytes leftover after parsing attributes in process `syz.3.4321'. [ 312.458170][T17589] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4322'. [ 312.625048][T17598] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4322'. [ 312.820934][T17608] netlink: 64 bytes leftover after parsing attributes in process `syz.3.4328'. [ 312.844601][T17610] netlink: 108 bytes leftover after parsing attributes in process `syz.0.4329'. [ 312.875716][T17612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 312.981696][T17618] FAULT_INJECTION: forcing a failure. [ 312.981696][T17618] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 313.003875][T17617] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 313.047788][T17617] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 313.058003][T17618] CPU: 0 PID: 17618 Comm: syz.3.4331 Not tainted 6.10.0-rc6-syzkaller-01408-gce2f84ebcd85 #0 [ 313.068174][T17618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 313.078225][T17618] Call Trace: [ 313.081496][T17618] [ 313.084418][T17618] dump_stack_lvl+0x241/0x360 [ 313.089090][T17618] ? __pfx_dump_stack_lvl+0x10/0x10 [ 313.094280][T17618] ? __pfx__printk+0x10/0x10 [ 313.098860][T17618] ? __pfx_lock_release+0x10/0x10 [ 313.103879][T17618] should_fail_ex+0x3b0/0x4e0 [ 313.108552][T17618] _copy_from_user+0x2f/0xe0 [ 313.113138][T17618] copy_msghdr_from_user+0xae/0x680 [ 313.118327][T17618] ? __pfx___might_resched+0x10/0x10 [ 313.123608][T17618] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 313.129493][T17618] ? __might_fault+0xaa/0x120 [ 313.134159][T17618] __sys_sendmmsg+0x374/0x740 [ 313.138837][T17618] ? __pfx___sys_sendmmsg+0x10/0x10 [ 313.144069][T17618] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 313.149963][T17618] ? ksys_write+0x23e/0x2c0 [ 313.154459][T17618] ? __pfx_lock_release+0x10/0x10 [ 313.159561][T17618] ? vfs_write+0x7c4/0xc90 [ 313.163971][T17618] ? __mutex_unlock_slowpath+0x21d/0x750 [ 313.169617][T17618] ? __pfx_vfs_write+0x10/0x10 [ 313.174403][T17618] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 313.180391][T17618] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 313.186804][T17618] ? do_syscall_64+0x100/0x230 [ 313.191567][T17618] __x64_sys_sendmmsg+0xa0/0xb0 [ 313.196418][T17618] do_syscall_64+0xf3/0x230 [ 313.200914][T17618] ? clear_bhb_loop+0x35/0x90 [ 313.205582][T17618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.211462][T17618] RIP: 0033:0x7f41f2975bd9 [ 313.215868][T17618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.235464][T17618] RSP: 002b:00007f41f3704048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 313.243868][T17618] RAX: ffffffffffffffda RBX: 00007f41f2b03f60 RCX: 00007f41f2975bd9 [ 313.251828][T17618] RDX: 0000000000000299 RSI: 0000000020003dc0 RDI: 0000000000000004 [ 313.259785][T17618] RBP: 00007f41f37040a0 R08: 0000000000000000 R09: 0000000000000000 [ 313.267748][T17618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 313.275712][T17618] R13: 000000000000000b R14: 00007f41f2b03f60 R15: 00007ffce3bce588 [ 313.283687][T17618] [ 313.537668][T17638] dccp_v6_rcv: dropped packet with invalid checksum [ 313.891122][T17666] netlink: 'syz.3.4342': attribute type 15 has an invalid length. [ 313.918036][T17666] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 65023 - 0 [ 313.927673][T17666] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 65023 - 0 [ 313.936935][T17666] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 65023 - 0 [ 313.946316][T17666] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 65023 - 0 [ 313.970747][T17666] vxlan0: entered promiscuous mode [ 314.188782][T17684] netlink: zone id is out of range [ 314.201706][T17684] netlink: zone id is out of range [ 314.209384][T17684] netlink: zone id is out of range [ 314.221447][T17684] netlink: zone id is out of range [ 314.228977][T17684] netlink: zone id is out of range [ 314.240811][T17684] netlink: zone id is out of range [ 314.249105][T17684] netlink: zone id is out of range [ 314.264915][T17684] netlink: zone id is out of range [ 314.270398][T17684] netlink: zone id is out of range [ 314.973457][T17736] netlink: 'syz.4.4376': attribute type 9 has an invalid length. [ 315.033019][T17739] netlink: 'syz.1.4377': attribute type 8 has an invalid length. [ 315.040805][T17739] netlink: 'syz.1.4377': attribute type 7 has an invalid length. [ 315.359179][T17763] netlink: 'syz.4.4384': attribute type 5 has an invalid length. [ 315.767234][T17788] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 315.776655][T17790] xt_l2tp: missing protocol rule (udp|l2tpip) [ 315.955632][T17797] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 315.992884][T17797] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 316.209271][T17812] __nla_validate_parse: 8 callbacks suppressed [ 316.209291][T17812] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4401'. [ 316.283944][T17814] RDS: rds_bind could not find a transport for 2001::, load rds_tcp or rds_rdma? [ 316.466932][T17821] tipc: Invalid UDP bearer configuration [ 316.466986][T17821] tipc: Enabling of bearer rejected, failed to enable media [ 316.619914][T17836] netlink: 'syz.0.4409': attribute type 8 has an invalid length. [ 316.935546][T17856] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4413'. [ 316.960992][T17857] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4415'. [ 317.084585][T17868] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 317.231825][T17877] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 317.255525][T17868] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 317.291702][T17878] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4424'. [ 317.348647][T17881] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4425'. [ 317.363841][T17881] netlink: 'syz.4.4425': attribute type 6 has an invalid length. [ 317.386551][T17881] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 317.395990][T17881] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 317.405689][T17881] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 317.414884][T17881] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 317.430164][T17881] vxlan0: entered promiscuous mode [ 317.443665][T17885] netlink: 'syz.0.4427': attribute type 2 has an invalid length. [ 318.076346][T17925] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 318.083691][T17925] IPv6: NLM_F_CREATE should be set when creating new route [ 318.276950][T17936] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4445'. [ 318.334450][T17943] netlink: 68 bytes leftover after parsing attributes in process `syz.3.4445'. [ 318.367742][T17937] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 318.414638][T17936] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 318.556457][T17954] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4448'. [ 318.660839][T17960] net_ratelimit: 145 callbacks suppressed [ 318.660857][T17960] dccp_v6_rcv: dropped packet with invalid checksum [ 318.800919][T17971] netlink: 'syz.3.4456': attribute type 1 has an invalid length. [ 318.832827][T17971] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.4456'. [ 318.883874][T17974] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4458'. [ 319.407709][T18013] FAULT_INJECTION: forcing a failure. [ 319.407709][T18013] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 319.431574][T18013] CPU: 1 PID: 18013 Comm: syz.2.4474 Not tainted 6.10.0-rc6-syzkaller-01408-gce2f84ebcd85 #0 [ 319.441790][T18013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 319.451867][T18013] Call Trace: [ 319.455248][T18013] [ 319.458196][T18013] dump_stack_lvl+0x241/0x360 [ 319.462907][T18013] ? __pfx_dump_stack_lvl+0x10/0x10 [ 319.468132][T18013] ? __pfx__printk+0x10/0x10 [ 319.472836][T18013] ? __pfx_lock_release+0x10/0x10 [ 319.477894][T18013] should_fail_ex+0x3b0/0x4e0 [ 319.482620][T18013] _copy_from_iter+0x1f6/0x1960 [ 319.487495][T18013] ? __virt_addr_valid+0x183/0x520 [ 319.492644][T18013] ? __pfx_lock_release+0x10/0x10 [ 319.497692][T18013] ? __alloc_skb+0x28f/0x440 [ 319.502302][T18013] ? __pfx__copy_from_iter+0x10/0x10 [ 319.507605][T18013] ? __virt_addr_valid+0x183/0x520 [ 319.512748][T18013] ? __virt_addr_valid+0x183/0x520 [ 319.517890][T18013] ? __virt_addr_valid+0x44e/0x520 [ 319.523028][T18013] ? __check_object_size+0x49c/0x900 [ 319.528335][T18013] pfkey_sendmsg+0x235/0x1050 [ 319.533031][T18013] ? __pfx___might_resched+0x10/0x10 [ 319.538331][T18013] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 319.543454][T18013] ? aa_sk_perm+0x967/0xab0 [ 319.547974][T18013] ? __pfx_aa_sk_perm+0x10/0x10 [ 319.552832][T18013] ? __might_fault+0xaa/0x120 [ 319.557527][T18013] ? __pfx_lock_release+0x10/0x10 [ 319.562574][T18013] ? __import_iovec+0x536/0x820 [ 319.567445][T18013] ? aa_sock_msg_perm+0x91/0x160 [ 319.572407][T18013] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 319.577704][T18013] ? security_socket_sendmsg+0x87/0xb0 [ 319.583187][T18013] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 319.588313][T18013] __sock_sendmsg+0x221/0x270 [ 319.593015][T18013] ____sys_sendmsg+0x525/0x7d0 [ 319.597811][T18013] ? __pfx_____sys_sendmsg+0x10/0x10 [ 319.603135][T18013] __sys_sendmsg+0x2b0/0x3a0 [ 319.607756][T18013] ? __pfx___sys_sendmsg+0x10/0x10 [ 319.612889][T18013] ? vfs_write+0x7c4/0xc90 [ 319.617365][T18013] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 319.623710][T18013] ? do_syscall_64+0x100/0x230 [ 319.628499][T18013] ? do_syscall_64+0xb6/0x230 [ 319.633199][T18013] do_syscall_64+0xf3/0x230 [ 319.637720][T18013] ? clear_bhb_loop+0x35/0x90 [ 319.642432][T18013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.648343][T18013] RIP: 0033:0x7f6a04175bd9 [ 319.652770][T18013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.672569][T18013] RSP: 002b:00007f6a03bff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 319.681102][T18013] RAX: ffffffffffffffda RBX: 00007f6a04303f60 RCX: 00007f6a04175bd9 [ 319.689105][T18013] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 319.697097][T18013] RBP: 00007f6a03bff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 319.705086][T18013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 319.713067][T18013] R13: 000000000000000b R14: 00007f6a04303f60 R15: 00007ffdf25870a8 [ 319.721060][T18013] [ 319.726520][T18011] tc_dump_action: action bad kind [ 319.819832][T18025] IPVS: wrr: SCTP 127.0.0.1:0 - no destination available [ 319.845057][T18027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 319.934779][T18033] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 319.966467][T18027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 320.600432][T18075] xt_l2tp: missing protocol rule (udp|l2tpip) [ 320.823139][T18088] netlink: 'syz.0.4504': attribute type 1 has an invalid length. [ 320.831689][T18083] No such timeout policy "syz0" [ 321.054990][T18099] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 321.123736][T18107] netlink: 'syz.3.4511': attribute type 2 has an invalid length. [ 321.378233][T18123] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 321.447977][T18119] netlink: 'syz.1.4517': attribute type 1 has an invalid length. [ 321.473995][T18119] __nla_validate_parse: 5 callbacks suppressed [ 321.474014][T18119] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4517'. [ 321.499384][T18124] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4518'. [ 321.766346][T18147] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4530'. [ 321.768923][T18148] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4531'. [ 322.048158][T18166] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4538'. [ 322.164799][T18171] netlink: 'syz.3.4540': attribute type 2 has an invalid length. [ 322.347149][T18183] netlink: 100 bytes leftover after parsing attributes in process `syz.3.4546'. [ 322.575017][T18195] netlink: 'syz.1.4550': attribute type 3 has an invalid length. [ 322.703976][T18203] netlink: 316 bytes leftover after parsing attributes in process `syz.1.4553'. [ 322.744267][T18203] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 322.871601][T18206] netlink: 'syz.0.4554': attribute type 1 has an invalid length. [ 322.904063][T18206] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4554'. [ 322.988485][T18206] dccp_check_seqno: Step 6 failed for RESET packet, (LSWL(194039376244405) <= P.seqno(0) <= S.SWH(194039376244479)) and (P.ackno exists or LAWL(198759020759585) <= P.ackno(198759020759587) <= S.AWH(198759020759587), sending SYNC... [ 323.056083][T18210] dccp_v6_rcv: dropped packet with invalid checksum [ 323.239500][T18219] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 323.246832][T18219] IPv6: NLM_F_CREATE should be set when creating new route [ 323.342379][T18225] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4562'. [ 323.473024][T18227] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4563'. [ 323.992202][T18251] dccp_v6_rcv: dropped packet with invalid checksum [ 324.104119][T18255] : entered promiscuous mode [ 324.215547][T18264] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 324.235420][T18264] netlink: 'syz.4.4577': attribute type 1 has an invalid length. [ 324.469266][T18277] 0: renamed from hsr0 (while UP) [ 324.499488][T18277] 0: entered allmulticast mode [ 324.507214][T18277] hsr_slave_0: entered allmulticast mode [ 324.515182][T18277] hsr_slave_1: entered allmulticast mode [ 324.522740][T18277] A link change request failed with some changes committed already. Interface 70 may have been left with an inconsistent configuration, please check. [ 324.759802][T18301] netlink: zone id is out of range [ 324.765321][T18301] netlink: zone id is out of range [ 324.770576][T18301] netlink: zone id is out of range [ 324.777136][T18301] netlink: zone id is out of range [ 324.783619][T18301] netlink: zone id is out of range [ 324.803148][T18301] netlink: zone id is out of range [ 324.809307][T18301] netlink: zone id is out of range [ 324.820536][T18301] netlink: zone id is out of range [ 325.321202][T18342] bridge0: port 1(vlan1) entered blocking state [ 325.336697][T18342] bridge0: port 1(vlan1) entered disabled state [ 325.351725][T18342] vlan1: entered allmulticast mode [ 325.371392][T18342] vlan1: left allmulticast mode [ 337.984091][ C1] net_ratelimit: 144 callbacks suppressed [ 337.984106][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 337.993316][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 348.305309][T18355] netlink: 'syz.1.4608': attribute type 1 has an invalid length. [ 348.354519][T18355] __nla_validate_parse: 7 callbacks suppressed [ 348.355259][T18355] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4608'. [ 348.498642][T18371] netlink: 'syz.3.4616': attribute type 9 has an invalid length. [ 348.518819][T18371] netlink: 'syz.3.4616': attribute type 7 has an invalid length. [ 348.561856][T18371] netlink: 'syz.3.4616': attribute type 8 has an invalid length. [ 348.604732][T18371] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4616'. [ 348.646666][T18380] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4618'. [ 348.665823][T18380] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4618'. [ 348.667724][T18383] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4620'. [ 348.824777][T18389] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4620'. [ 348.855336][T18389] netlink: 2 bytes leftover after parsing attributes in process `syz.1.4620'. [ 349.566565][T18412] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4627'. [ 349.593972][T18412] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 349.635052][T18412] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1) [ 349.726884][T18408] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4625'. [ 349.869578][T18416] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 349.991575][T18422] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4628'. [ 350.468447][T18455] netlink: 'syz.2.4640': attribute type 5 has an invalid length. [ 350.566707][T18460] FAULT_INJECTION: forcing a failure. [ 350.566707][T18460] name failslab, interval 1, probability 0, space 0, times 0 [ 350.593779][T18460] CPU: 0 PID: 18460 Comm: syz.0.4642 Not tainted 6.10.0-rc6-syzkaller-01408-gce2f84ebcd85 #0 [ 350.604043][T18460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 350.614124][T18460] Call Trace: [ 350.617420][T18460] [ 350.620366][T18460] dump_stack_lvl+0x241/0x360 [ 350.625070][T18460] ? __pfx_dump_stack_lvl+0x10/0x10 [ 350.630293][T18460] ? __pfx__printk+0x10/0x10 [ 350.634920][T18460] should_fail_ex+0x3b0/0x4e0 [ 350.639631][T18460] ? skb_clone+0x20c/0x390 [ 350.644063][T18460] should_failslab+0x9/0x20 [ 350.648585][T18460] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 350.653980][T18460] ? __pfx_lock_release+0x10/0x10 [ 350.659029][T18460] skb_clone+0x20c/0x390 [ 350.663288][T18460] pfkey_broadcast_one+0x99/0x330 [ 350.668337][T18460] ? pfkey_broadcast+0x45/0x400 [ 350.673201][T18460] pfkey_broadcast+0x3ca/0x400 [ 350.677965][T18460] ? pfkey_broadcast+0x45/0x400 [ 350.682818][T18460] pfkey_sendmsg+0xe10/0x1050 [ 350.687508][T18460] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 350.692625][T18460] ? __might_fault+0xaa/0x120 [ 350.697291][T18460] ? __pfx_lock_release+0x10/0x10 [ 350.702303][T18460] ? __import_iovec+0x536/0x820 [ 350.707177][T18460] ? aa_sock_msg_perm+0x91/0x160 [ 350.712109][T18460] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 350.717380][T18460] ? security_socket_sendmsg+0x87/0xb0 [ 350.722832][T18460] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 350.727930][T18460] __sock_sendmsg+0x221/0x270 [ 350.732600][T18460] ____sys_sendmsg+0x525/0x7d0 [ 350.737387][T18460] ? __pfx_____sys_sendmsg+0x10/0x10 [ 350.742691][T18460] __sys_sendmsg+0x2b0/0x3a0 [ 350.747288][T18460] ? __pfx___sys_sendmsg+0x10/0x10 [ 350.752401][T18460] ? vfs_write+0x7c4/0xc90 [ 350.756867][T18460] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 350.763199][T18460] ? do_syscall_64+0x100/0x230 [ 350.767963][T18460] ? do_syscall_64+0xb6/0x230 [ 350.772653][T18460] do_syscall_64+0xf3/0x230 [ 350.777156][T18460] ? clear_bhb_loop+0x35/0x90 [ 350.781836][T18460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.787727][T18460] RIP: 0033:0x7f8819975bd9 [ 350.792139][T18460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.811736][T18460] RSP: 002b:00007f881a82c048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 350.820141][T18460] RAX: ffffffffffffffda RBX: 00007f8819b03f60 RCX: 00007f8819975bd9 [ 350.828103][T18460] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 350.836061][T18460] RBP: 00007f881a82c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 350.844018][T18460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 350.851975][T18460] R13: 000000000000000b R14: 00007f8819b03f60 R15: 00007ffc78c45c98 [ 350.859947][T18460] [ 350.872042][T18466] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (268435456) [ 351.798939][T18530] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 351.935431][T18549] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 351.983663][T18554] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 352.036461][T18554] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 352.165525][T18561] netlink: 'syz.4.4675': attribute type 29 has an invalid length. [ 352.174891][T18561] netlink: 'syz.4.4675': attribute type 29 has an invalid length. [ 352.297546][T18575] xt_l2tp: missing protocol rule (udp|l2tpip) [ 352.516007][T18591] sctp: [Deprecated]: syz.0.4687 (pid 18591) Use of int in maxseg socket option. [ 352.516007][T18591] Use struct sctp_assoc_value instead [ 352.596794][T18589] sctp: [Deprecated]: syz.0.4687 (pid 18589) Use of int in maxseg socket option. [ 352.596794][T18589] Use struct sctp_assoc_value instead [ 352.651690][T18589] x_tables: duplicate underflow at hook 2 [ 352.829064][T18611] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 352.864947][T14871] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 352.895446][T14871] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 352.973853][T18611] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 352.985380][ T62] wlan1: authenticated [ 353.003895][ T62] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 353.056544][T18611] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 353.124394][ T2475] wlan1: associate with 08:02:11:00:00:00 (try 2/3) [ 353.201989][T18635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 353.242562][ T2456] wlan1: associate with 08:02:11:00:00:00 (try 3/3) [ 353.346120][T18648] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 353.353618][ T2456] wlan1: association with 08:02:11:00:00:00 timed out [ 353.375709][T18635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 353.451200][T18651] __nla_validate_parse: 22 callbacks suppressed [ 353.451259][T18651] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4710'. [ 353.501437][T18653] netlink: 'syz.3.4711': attribute type 4 has an invalid length. [ 353.536095][T18653] netlink: 'syz.3.4711': attribute type 4 has an invalid length. [ 353.689341][T18664] netlink: 68 bytes leftover after parsing attributes in process `syz.4.4716'. [ 353.864919][T18674] bridge0: port 1(bond0) entered blocking state [ 353.886941][T18674] bridge0: port 1(bond0) entered disabled state [ 353.913807][T18674] bond0: entered allmulticast mode [ 353.929633][T18674] bond_slave_0: entered allmulticast mode [ 353.950488][T18674] bond_slave_1: entered allmulticast mode [ 353.976247][T18674] bond0: left allmulticast mode [ 353.981147][T18674] bond_slave_0: left allmulticast mode [ 354.001691][T18674] bond_slave_1: left allmulticast mode [ 354.011443][T18679] netlink: 316 bytes leftover after parsing attributes in process `syz.1.4721'. [ 354.020957][T18691] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4723'. [ 354.040933][T18679] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 354.070683][T18687] netlink: 108 bytes leftover after parsing attributes in process `syz.2.4724'. [ 354.079957][T18687] netlink: 108 bytes leftover after parsing attributes in process `syz.2.4724'. [ 354.114145][T18695] netlink: 'syz.4.4726': attribute type 4 has an invalid length. [ 354.205731][T18695] netlink: 'syz.4.4726': attribute type 4 has an invalid length. [ 354.222999][T18698] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4727'. [ 354.341882][T18709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4729'. [ 354.369994][T18708] bridge0: entered promiscuous mode [ 354.382334][T18709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4729'. [ 354.392947][T18708] team0: Port device bridge0 added [ 354.408563][T18709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4729'. [ 354.441723][T18711] team0: Port device bridge0 removed [ 354.530121][T18706] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 354.654372][T18725] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 354.742949][T18729] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 354.768022][T18729] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 354.793579][T18732] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 355.160590][T18750] FAULT_INJECTION: forcing a failure. [ 355.160590][T18750] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 355.209965][T18750] CPU: 0 PID: 18750 Comm: syz.2.4743 Not tainted 6.10.0-rc6-syzkaller-01408-gce2f84ebcd85 #0 [ 355.220187][T18750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 355.230266][T18750] Call Trace: [ 355.233562][T18750] [ 355.236498][T18750] dump_stack_lvl+0x241/0x360 [ 355.241175][T18750] ? __pfx_dump_stack_lvl+0x10/0x10 [ 355.246367][T18750] ? __pfx__printk+0x10/0x10 [ 355.250952][T18750] ? __pfx_lock_release+0x10/0x10 [ 355.256004][T18750] ? vfs_write+0x7c4/0xc90 [ 355.260448][T18750] should_fail_ex+0x3b0/0x4e0 [ 355.265131][T18750] _copy_from_user+0x2f/0xe0 [ 355.269715][T18750] __sys_bpf+0x1a4/0x810 [ 355.273957][T18750] ? __pfx___sys_bpf+0x10/0x10 [ 355.278727][T18750] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 355.284701][T18750] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 355.291038][T18750] ? do_syscall_64+0x100/0x230 [ 355.295796][T18750] __x64_sys_bpf+0x7c/0x90 [ 355.300205][T18750] do_syscall_64+0xf3/0x230 [ 355.304702][T18750] ? clear_bhb_loop+0x35/0x90 [ 355.309374][T18750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.315260][T18750] RIP: 0033:0x7f6a04175bd9 [ 355.319689][T18750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.339288][T18750] RSP: 002b:00007f6a03bff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 355.347694][T18750] RAX: ffffffffffffffda RBX: 00007f6a04303f60 RCX: 00007f6a04175bd9 [ 355.355656][T18750] RDX: 0000000000000020 RSI: 00000000200000c0 RDI: 0000000000000012 [ 355.363620][T18750] RBP: 00007f6a03bff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 355.371582][T18750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 355.379541][T18750] R13: 000000000000000b R14: 00007f6a04303f60 R15: 00007ffdf25870a8 [ 355.387512][T18750] [ 355.722854][T18775] netlink: 'syz.1.4754': attribute type 9 has an invalid length. [ 355.752868][T18775] netlink: 'syz.1.4754': attribute type 7 has an invalid length. [ 355.783752][T18775] netlink: 'syz.1.4754': attribute type 8 has an invalid length. [ 355.896217][T18781] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 355.903557][T18781] IPv6: NLM_F_CREATE should be set when creating new route [ 356.105396][T18789] : renamed from vlan1 (while UP) [ 356.174236][T18793] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 356.325789][T18800] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 356.384251][T18793] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 357.096649][T18824] netlink: zone id is out of range [ 357.101814][T18824] netlink: zone id is out of range [ 357.118958][T18824] netlink: zone id is out of range [ 357.125259][T18824] netlink: zone id is out of range [ 357.130666][T18824] netlink: zone id is out of range [ 357.152236][T18824] netlink: zone id is out of range [ 357.169635][T18824] netlink: zone id is out of range [ 357.184598][T18824] netlink: zone id is out of range [ 357.194551][T18824] netlink: zone id is out of range [ 357.211321][T18824] netlink: zone id is out of range [ 357.214479][T18832] netlink: 'syz.0.4774': attribute type 3 has an invalid length. [ 357.553327][T18857] netlink: 'syz.0.4783': attribute type 4 has an invalid length. [ 357.618730][T18864] netlink: 'syz.0.4783': attribute type 4 has an invalid length. [ 357.751428][T18870] syz.2.4789 (18870) used greatest stack depth: 17904 bytes left [ 357.850307][T18879] FAULT_INJECTION: forcing a failure. [ 357.850307][T18879] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 357.880013][T18879] CPU: 1 PID: 18879 Comm: syz.3.4790 Not tainted 6.10.0-rc6-syzkaller-01408-gce2f84ebcd85 #0 [ 357.890326][T18879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 357.900408][T18879] Call Trace: [ 357.903704][T18879] [ 357.906648][T18879] dump_stack_lvl+0x241/0x360 [ 357.911353][T18879] ? __pfx_dump_stack_lvl+0x10/0x10 [ 357.916578][T18879] ? __pfx__printk+0x10/0x10 [ 357.921195][T18879] ? snprintf+0xda/0x120 [ 357.925463][T18879] should_fail_ex+0x3b0/0x4e0 [ 357.930173][T18879] _copy_to_user+0x2f/0xb0 [ 357.934621][T18879] simple_read_from_buffer+0xca/0x150 [ 357.940020][T18879] proc_fail_nth_read+0x1e9/0x250 [ 357.945065][T18879] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 357.950640][T18879] ? rw_verify_area+0x520/0x6b0 [ 357.955512][T18879] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 357.961078][T18879] vfs_read+0x204/0xbc0 [ 357.965259][T18879] ? __pfx_lock_release+0x10/0x10 [ 357.970317][T18879] ? __pfx_vfs_read+0x10/0x10 [ 357.975017][T18879] ? __fget_files+0x29/0x470 [ 357.979631][T18879] ? __fget_files+0x3f6/0x470 [ 357.984336][T18879] ksys_read+0x1a0/0x2c0 [ 357.988623][T18879] ? __pfx_ksys_read+0x10/0x10 [ 357.993382][T18879] ? do_syscall_64+0x100/0x230 [ 357.998142][T18879] ? do_syscall_64+0xb6/0x230 [ 358.002822][T18879] do_syscall_64+0xf3/0x230 [ 358.007317][T18879] ? clear_bhb_loop+0x35/0x90 [ 358.011988][T18879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.017871][T18879] RIP: 0033:0x7f41f29746bc [ 358.022282][T18879] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 358.041890][T18879] RSP: 002b:00007f41f3704040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 358.050302][T18879] RAX: ffffffffffffffda RBX: 00007f41f2b03f60 RCX: 00007f41f29746bc [ 358.058262][T18879] RDX: 000000000000000f RSI: 00007f41f37040b0 RDI: 0000000000000004 [ 358.066221][T18879] RBP: 00007f41f37040a0 R08: 0000000000000000 R09: 0000000000000000 [ 358.074179][T18879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 358.082139][T18879] R13: 000000000000000b R14: 00007f41f2b03f60 R15: 00007ffce3bce588 [ 358.090114][T18879] [ 358.322333][T18907] sctp: [Deprecated]: syz.3.4802 (pid 18907) Use of struct sctp_assoc_value in delayed_ack socket option. [ 358.322333][T18907] Use struct sctp_sack_info instead [ 358.767206][T18942] __nla_validate_parse: 15 callbacks suppressed [ 358.767227][T18942] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4815'. [ 358.786526][T18936] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4814'. [ 358.840894][T18936] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 358.893522][T18936] macsec3: entered promiscuous mode [ 358.924905][T18946] validate_nla: 2 callbacks suppressed [ 358.924924][T18946] netlink: 'syz.4.4816': attribute type 1 has an invalid length. [ 358.951173][T18946] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4816'. [ 359.004039][T18951] netlink: 'syz.2.4818': attribute type 9 has an invalid length. [ 359.459036][T18991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4828'. [ 359.472923][T18990] netlink: 1 bytes leftover after parsing attributes in process `syz.0.4830'. [ 359.497800][T18991] netlink: 'syz.1.4828': attribute type 3 has an invalid length. [ 359.555676][T18993] bridge0: port 1(vlan0) entered blocking state [ 359.562336][T18993] bridge0: port 1(vlan0) entered disabled state [ 359.577834][T18993] vlan0: entered allmulticast mode [ 359.611696][T18993] veth0_vlan: entered allmulticast mode [ 359.631228][T18993] vlan0: entered promiscuous mode [ 359.654641][T18993] bridge0: port 1(vlan0) entered blocking state [ 359.661074][T18993] bridge0: port 1(vlan0) entered forwarding state [ 359.681500][T18999] netlink: 'syz.0.4831': attribute type 43 has an invalid length. [ 359.737564][T19002] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4829'. [ 360.114497][T19009] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4833'. [ 360.142838][T19009] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4833'. [ 360.675833][T19024] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4837'. [ 360.928678][T19038] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4842'. [ 361.884647][T19078] SET target dimension over the limit! [ 362.179530][T19091] netlink: 'syz.1.4859': attribute type 1 has an invalid length. [ 362.235853][T19091] netlink: 'syz.1.4859': attribute type 1 has an invalid length. [ 362.254818][T19097] netlink: 'syz.2.4862': attribute type 1 has an invalid length. [ 362.266967][T19091] netlink: 'syz.1.4859': attribute type 1 has an invalid length. [ 362.278297][T19091] netlink: 'syz.1.4859': attribute type 1 has an invalid length. [ 362.297109][T19091] netlink: 'syz.1.4859': attribute type 1 has an invalid length. [ 362.401799][T19104] bond7: (slave bridge4): Enslaving as an active interface with an up link [ 363.879910][T19179] __nla_validate_parse: 80 callbacks suppressed [ 363.879929][T19179] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4894'. [ 363.907398][T19181] xt_ecn: cannot match TCP bits for non-tcp packets [ 364.045399][T19194] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4895'. [ 364.073949][T19194] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4895'. [ 364.095491][T19194] validate_nla: 65 callbacks suppressed [ 364.095509][T19194] netlink: 'syz.4.4895': attribute type 4 has an invalid length. [ 364.535497][T19229] net_ratelimit: 150 callbacks suppressed [ 364.535517][T19229] dccp_v6_rcv: dropped packet with invalid checksum [ 364.569810][T19231] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 364.650640][T19231] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 364.668574][T19231] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 364.844678][T19236] netlink: 'syz.2.4911': attribute type 2 has an invalid length. [ 364.872861][T19236] : entered promiscuous mode [ 364.985618][T19245] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4913'. [ 365.223201][T19262] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4918'. [ 365.323936][T19268] xt_l2tp: missing protocol rule (udp|l2tpip) [ 365.371897][T19270] netlink: 1 bytes leftover after parsing attributes in process `syz.1.4921'. [ 365.456485][T19279] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4923'. [ 365.483713][T19279] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4923'. [ 365.519325][T19279] netlink: 'syz.4.4923': attribute type 4 has an invalid length. [ 365.594047][T19286] netlink: 'syz.1.4927': attribute type 1 has an invalid length. [ 365.609751][T19286] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4927'. [ 365.731757][T19293] ɶƣ0GCTw: entered promiscuous mode [ 365.739250][T19295] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4931'. [ 365.919413][T19302] FAULT_INJECTION: forcing a failure. [ 365.919413][T19302] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 365.933095][T19302] CPU: 0 PID: 19302 Comm: syz.2.4934 Not tainted 6.10.0-rc6-syzkaller-01408-gce2f84ebcd85 #0 [ 365.943259][T19302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 365.953322][T19302] Call Trace: [ 365.956611][T19302] [ 365.959530][T19302] dump_stack_lvl+0x241/0x360 [ 365.964210][T19302] ? __pfx_dump_stack_lvl+0x10/0x10 [ 365.969423][T19302] ? __pfx__printk+0x10/0x10 [ 365.974015][T19302] ? __pfx_lock_release+0x10/0x10 [ 365.979032][T19302] should_fail_ex+0x3b0/0x4e0 [ 365.983721][T19302] _copy_from_user+0x2f/0xe0 [ 365.988344][T19302] copy_msghdr_from_user+0xae/0x680 [ 365.993558][T19302] ? __pfx___might_resched+0x10/0x10 [ 365.998846][T19302] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 366.004666][T19302] ? __might_fault+0xaa/0x120 [ 366.009359][T19302] __sys_sendmmsg+0x374/0x740 [ 366.014055][T19302] ? __pfx___sys_sendmmsg+0x10/0x10 [ 366.019350][T19302] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 366.025245][T19302] ? ksys_write+0x23e/0x2c0 [ 366.029850][T19302] ? __pfx_lock_release+0x10/0x10 [ 366.034883][T19302] ? vfs_write+0x7c4/0xc90 [ 366.039291][T19302] ? __mutex_unlock_slowpath+0x21d/0x750 [ 366.044928][T19302] ? __pfx_vfs_write+0x10/0x10 [ 366.049736][T19302] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 366.055724][T19302] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 366.062065][T19302] ? do_syscall_64+0x100/0x230 [ 366.066845][T19302] __x64_sys_sendmmsg+0xa0/0xb0 [ 366.071709][T19302] do_syscall_64+0xf3/0x230 [ 366.076202][T19302] ? clear_bhb_loop+0x35/0x90 [ 366.080879][T19302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.086874][T19302] RIP: 0033:0x7f6a04175bd9 [ 366.091296][T19302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.110899][T19302] RSP: 002b:00007f6a03bff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 366.119308][T19302] RAX: ffffffffffffffda RBX: 00007f6a04303f60 RCX: 00007f6a04175bd9 [ 366.127280][T19302] RDX: 0000000000000299 RSI: 0000000020003dc0 RDI: 0000000000000004 [ 366.135263][T19302] RBP: 00007f6a03bff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 366.143238][T19302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 366.151230][T19302] R13: 000000000000000b R14: 00007f6a04303f60 R15: 00007ffdf25870a8 [ 366.159204][T19302] [ 366.317942][T19310] macvlan3: entered promiscuous mode [ 366.323763][T19310] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 366.331770][T19310] team0: Port device macvlan3 added [ 366.463995][T19316] netlink: 'syz.4.4939': attribute type 2 has an invalid length. [ 366.543109][T14882] IPVS: starting estimator thread 0... [ 366.558423][T19321] x_tables: unsorted underflow at hook 4 [ 366.642685][T19322] IPVS: using max 16 ests per chain, 38400 per kthread [ 369.441578][T19327] __nla_validate_parse: 2 callbacks suppressed [ 369.441598][T19327] netlink: 80 bytes leftover after parsing attributes in process `syz.1.4940'. [ 369.750056][ T5095] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 369.759827][ T5095] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 369.768941][ T5095] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 369.779972][ T5095] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 369.788577][ T5095] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 369.797186][ T5095] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 369.924366][T19359] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4949'. [ 369.979686][T19364] xt_limit: Overflow, try lower: 262144/524288 [ 370.288368][T19349] chnl_net:caif_netlink_parms(): no params data found [ 370.426238][T19390] netlink: 'syz.1.4959': attribute type 6 has an invalid length. [ 370.442874][T19349] bridge0: port 1(bridge_slave_0) entered blocking state [ 370.450134][T19349] bridge0: port 1(bridge_slave_0) entered disabled state [ 370.460581][T19349] bridge_slave_0: entered allmulticast mode [ 370.470514][T19349] bridge_slave_0: entered promiscuous mode [ 370.481461][T19349] bridge0: port 2(bridge_slave_1) entered blocking state [ 370.489690][T19349] bridge0: port 2(bridge_slave_1) entered disabled state [ 370.498367][T19349] bridge_slave_1: entered allmulticast mode [ 370.505998][T19349] bridge_slave_1: entered promiscuous mode [ 370.534099][T19404] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4963'. [ 370.638610][T19349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 370.677624][T19349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 370.696784][T19413] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4967'. [ 370.727389][T19413] netlink: 112 bytes leftover after parsing attributes in process `syz.4.4967'. [ 370.762142][T19349] team0: Port device team_slave_0 added [ 370.807585][T19349] team0: Port device team_slave_1 added [ 370.873607][T19349] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 370.880886][T19349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 370.910877][T19349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 370.933570][T19349] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 370.950135][T19349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 370.978439][T19349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 370.994368][T19427] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 371.001678][T19427] IPv6: NLM_F_CREATE should be set when creating new route [ 371.080147][T19431] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4974'. [ 371.190223][T19349] hsr_slave_0: entered promiscuous mode [ 371.219386][T19349] hsr_slave_1: entered promiscuous mode [ 371.240402][T19440] netlink: 'syz.1.4976': attribute type 5 has an invalid length. [ 371.367261][T19446] netlink: 468 bytes leftover after parsing attributes in process `syz.1.4978'. [ 371.396484][T19446] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4978'. [ 371.561270][T19458] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 371.690428][T19349] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 65023 - 0 [ 371.703226][T19467] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 371.722491][T19349] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.740133][T19467] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 371.851818][T19349] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 65023 - 0 [ 371.873326][T19349] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.899256][T19475] netlink: 'syz.1.4986': attribute type 1 has an invalid length. [ 371.907621][ T5095] Bluetooth: hci5: command tx timeout [ 371.912546][T19475] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4986'. [ 371.972362][T19349] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 65023 - 0 [ 371.983376][T19349] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.058097][T19349] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 65023 - 0 [ 372.068822][T19349] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.215962][T19349] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 372.229130][T19349] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 372.240294][T19349] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 372.253568][T19349] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 372.417966][T19349] 8021q: adding VLAN 0 to HW filter on device bond0 [ 372.464875][T19349] 8021q: adding VLAN 0 to HW filter on device team0 [ 372.485294][T14871] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.492512][T14871] bridge0: port 1(bridge_slave_0) entered forwarding state [ 372.519511][T14871] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.526732][T14871] bridge0: port 2(bridge_slave_1) entered forwarding state [ 372.591170][T19349] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 372.754929][T19492] dccp_v6_rcv: dropped packet with invalid checksum [ 373.004718][T19505] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 373.027368][T19505] netlink: 'syz.4.4994': attribute type 1 has an invalid length. [ 373.037143][T19505] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4994'. [ 373.112917][T19349] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 373.180342][T19509] xt_l2tp: missing protocol rule (udp|l2tpip) [ 373.225933][T19349] veth0_vlan: entered promiscuous mode [ 373.245008][T19513] tipc: Started in network mode [ 373.251768][T19513] tipc: Node identity , cluster identity 8 [ 373.273855][T19512] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 373.305107][T19349] veth1_vlan: entered promiscuous mode [ 373.417931][T19349] veth0_macvtap: entered promiscuous mode [ 373.449987][T19349] veth1_macvtap: entered promiscuous mode [ 373.453429][ T5098] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 373.474890][ T5098] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 373.487941][T19522] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 373.506456][ T5098] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 373.539996][ T5098] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 373.554615][ T5098] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 373.564518][T19349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 373.576554][T19349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.576939][ T5098] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 373.586395][T19349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 373.586415][T19349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.586425][T19349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 373.586438][T19349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.586473][T19349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 373.586486][T19349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.588237][T19349] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 373.694820][T19349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 373.706079][T19349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.717619][T19349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 373.729184][T19349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.741781][T19349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 373.756689][T19349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.766656][T19349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 373.778580][T19349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.790307][T19349] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 373.828590][T19349] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.854688][T19349] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.872080][T19349] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.887776][T19349] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.984255][ T5098] Bluetooth: hci5: command tx timeout [ 374.191705][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 374.214279][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 374.310089][T19558] netlink: 'syz.2.5012': attribute type 3 has an invalid length. [ 374.328786][T19558] netlink: 'syz.2.5012': attribute type 4 has an invalid length. [ 374.347902][T19558] netlink: 'syz.2.5012': attribute type 7 has an invalid length. [ 374.356359][T19558] netlink: 'syz.2.5012': attribute type 8 has an invalid length. [ 374.372161][T19558] netlink: 'syz.2.5012': attribute type 7 has an invalid length. [ 374.399025][ T2475] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 374.424011][ T2475] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 374.566136][T19519] chnl_net:caif_netlink_parms(): no params data found [ 374.865383][T19570] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 374.912380][T19586] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 375.046863][T19595] __nla_validate_parse: 4 callbacks suppressed [ 375.046916][T19595] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5024'. [ 375.101046][T19586] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 375.120017][T19519] bridge0: port 1(bridge_slave_0) entered blocking state [ 375.128549][T19519] bridge0: port 1(bridge_slave_0) entered disabled state [ 375.136522][T19519] bridge_slave_0: entered allmulticast mode [ 375.145410][T19519] bridge_slave_0: entered promiscuous mode [ 375.155241][T19519] bridge0: port 2(bridge_slave_1) entered blocking state [ 375.162520][T19519] bridge0: port 2(bridge_slave_1) entered disabled state [ 375.164041][T19586] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 375.169902][T19519] bridge_slave_1: entered allmulticast mode [ 375.214103][T19519] bridge_slave_1: entered promiscuous mode [ 375.268097][T19604] veth1_macvtap: left promiscuous mode [ 375.353180][T19519] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 375.381249][T19519] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 375.492166][T19519] team0: Port device team_slave_0 added [ 375.551759][T19519] team0: Port device team_slave_1 added [ 375.638592][T19622] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5033'. [ 375.656855][T19519] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 375.663735][ T5098] Bluetooth: hci6: command tx timeout [ 375.672228][T19519] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 375.700626][T19519] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 375.727826][T19519] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 375.735027][T19519] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 375.764850][T19519] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 375.916232][T19519] hsr_slave_0: entered promiscuous mode [ 375.926479][T19519] hsr_slave_1: entered promiscuous mode [ 375.936099][T19519] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 375.945423][T19519] Cannot create hsr debugfs directory [ 376.038126][T19638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5040'. [ 376.066684][ T5098] Bluetooth: hci5: command tx timeout [ 376.187441][T19519] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 376.205695][T19519] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.288237][T19519] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 376.313561][T19519] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.359081][T19652] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 376.458776][T19519] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 376.500510][T19519] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.526204][T19665] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 376.549841][T19666] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.5048'. [ 376.569825][T19652] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 376.623626][T19519] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 376.655395][T19519] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.950983][T19519] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 376.960917][T19686] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 376.981992][T19686] netlink: 264 bytes leftover after parsing attributes in process `syz.1.5057'. [ 376.984726][T19519] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 377.020250][T19690] netlink: 468 bytes leftover after parsing attributes in process `syz.3.5058'. [ 377.030528][T19519] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 377.056125][T19519] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 377.080880][T19690] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5058'. [ 377.317761][T19701] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5061'. [ 377.364882][T19701] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5061'. [ 377.436477][T19701] netlink: 'syz.4.5061': attribute type 4 has an invalid length. [ 377.521948][T19519] 8021q: adding VLAN 0 to HW filter on device bond0 [ 377.577922][T19519] 8021q: adding VLAN 0 to HW filter on device team0 [ 377.602592][T14875] bridge0: port 1(bridge_slave_0) entered blocking state [ 377.609860][T14875] bridge0: port 1(bridge_slave_0) entered forwarding state [ 377.632439][T14871] bridge0: port 2(bridge_slave_1) entered blocking state [ 377.639622][T14871] bridge0: port 2(bridge_slave_1) entered forwarding state [ 377.743546][ T5095] Bluetooth: hci6: command tx timeout [ 377.884678][T19724] netlink: 52 bytes leftover after parsing attributes in process `syz.3.5072'. [ 378.040916][T19519] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 378.145608][ T5095] Bluetooth: hci5: command tx timeout [ 378.258672][T19519] veth0_vlan: entered promiscuous mode [ 378.319880][T19519] veth1_vlan: entered promiscuous mode [ 378.440461][T19519] veth0_macvtap: entered promiscuous mode [ 378.459637][T19756] netlink: 'syz.2.5083': attribute type 3 has an invalid length. [ 378.483455][T19519] veth1_macvtap: entered promiscuous mode [ 378.495971][T19756] IPVS: Unknown mcast interface: vcan0 [ 378.575425][T19519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 378.595097][T19519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.606922][T19519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 378.618066][T19519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.662913][T19519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 378.684611][T19519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.705105][T19519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 378.729179][T19519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.742920][T19519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 378.766754][T19519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.792033][T19519] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 378.850394][T19519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 378.880560][T19519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.891555][T19519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 378.920453][T19519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.948445][T19519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 378.977291][T19519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 379.010703][T19519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 379.072112][T19519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 379.122685][T19519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 379.149816][T19519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 379.177309][T19519] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 379.192653][T19777] netlink: 'syz.2.5091': attribute type 11 has an invalid length. [ 379.210615][T19519] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.237922][T19519] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.258273][T19519] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.274122][T19519] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.525147][ T2456] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 379.536703][ T2456] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 379.589735][T19805] netlink: 'syz.2.5101': attribute type 1 has an invalid length. [ 379.609523][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 379.627629][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 379.793500][T19815] netlink: 'syz.3.5103': attribute type 21 has an invalid length. [ 379.812279][T19815] netlink: 'syz.3.5103': attribute type 4 has an invalid length. [ 379.822562][ T5095] Bluetooth: hci6: command 0x040f tx timeout [ 379.928567][T19822] netdevsim netdevsim3 netdevsim0: Unsupported IPsec algorithm [ 380.208674][T19830] __nla_validate_parse: 13 callbacks suppressed [ 380.208694][T19830] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5107'. [ 380.236086][T19832] netlink: 48 bytes leftover after parsing attributes in process `syz.4.5108'. [ 380.243813][T19830] Cannot find del_set index 0 as target [ 380.246179][T19832] netlink: 48 bytes leftover after parsing attributes in process `syz.4.5108'. [ 380.366045][T19835] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5109'. [ 380.402985][T19835] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5109'. [ 380.426194][T19835] netlink: 'syz.4.5109': attribute type 4 has an invalid length. [ 380.539851][T19846] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 380.617823][T19846] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 380.642123][T19846] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 380.911617][T19865] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5121'. [ 380.964780][T19867] FAULT_INJECTION: forcing a failure. [ 380.964780][T19867] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 380.978185][T19867] CPU: 0 PID: 19867 Comm: syz.2.5122 Not tainted 6.10.0-rc6-syzkaller-01408-gce2f84ebcd85 #0 [ 380.988355][T19867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 380.998441][T19867] Call Trace: [ 381.001710][T19867] [ 381.004635][T19867] dump_stack_lvl+0x241/0x360 [ 381.009314][T19867] ? __pfx_dump_stack_lvl+0x10/0x10 [ 381.014504][T19867] ? __pfx__printk+0x10/0x10 [ 381.019086][T19867] ? __pfx_lock_release+0x10/0x10 [ 381.024131][T19867] should_fail_ex+0x3b0/0x4e0 [ 381.028809][T19867] _copy_from_user+0x2f/0xe0 [ 381.033394][T19867] copy_msghdr_from_user+0xae/0x680 [ 381.038584][T19867] ? __pfx___might_resched+0x10/0x10 [ 381.043899][T19867] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 381.049707][T19867] ? __might_fault+0xaa/0x120 [ 381.054379][T19867] __sys_sendmmsg+0x374/0x740 [ 381.059062][T19867] ? __pfx___sys_sendmmsg+0x10/0x10 [ 381.064290][T19867] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 381.070178][T19867] ? ksys_write+0x23e/0x2c0 [ 381.074681][T19867] ? __pfx_lock_release+0x10/0x10 [ 381.079701][T19867] ? vfs_write+0x7c4/0xc90 [ 381.084116][T19867] ? __mutex_unlock_slowpath+0x21d/0x750 [ 381.089769][T19867] ? __pfx_vfs_write+0x10/0x10 [ 381.094548][T19867] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 381.100523][T19867] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 381.106847][T19867] ? do_syscall_64+0x100/0x230 [ 381.111608][T19867] __x64_sys_sendmmsg+0xa0/0xb0 [ 381.116462][T19867] do_syscall_64+0xf3/0x230 [ 381.120956][T19867] ? clear_bhb_loop+0x35/0x90 [ 381.125627][T19867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 381.131512][T19867] RIP: 0033:0x7f6a04175bd9 [ 381.135919][T19867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 381.155518][T19867] RSP: 002b:00007f6a03bff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 381.163930][T19867] RAX: ffffffffffffffda RBX: 00007f6a04303f60 RCX: 00007f6a04175bd9 [ 381.171893][T19867] RDX: 0000000000000299 RSI: 0000000020003dc0 RDI: 0000000000000004 [ 381.179861][T19867] RBP: 00007f6a03bff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 381.187827][T19867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 381.195787][T19867] R13: 000000000000000b R14: 00007f6a04303f60 R15: 00007ffdf25870a8 [ 381.203759][T19867] [ 381.293092][T19870] netlink: 72 bytes leftover after parsing attributes in process `syz.1.5124'. [ 381.310791][T19870] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5124'. [ 381.357030][T19875] macvlan4: entered promiscuous mode [ 381.373707][T19875] team0: Port device macvlan4 added [ 381.485525][T19885] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5129'. [ 381.647811][T19893] netlink: 'syz.4.5133': attribute type 1 has an invalid length. [ 381.669019][T19893] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5133'. [ 381.756993][T19896] netlink: 'syz.3.5134': attribute type 8 has an invalid length. [ 381.876247][T19901] dummy0: entered promiscuous mode [ 381.902612][ T5098] Bluetooth: hci6: command 0x040f tx timeout [ 381.916495][T19901] batadv0: entered promiscuous mode [ 381.952765][T19903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 381.964043][T19901] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 381.982483][T19901] Cannot create hsr debugfs directory [ 381.992279][T19905] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 382.088710][T19907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 382.104979][T19910] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 382.153762][T19907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 382.174579][T19910] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 382.548516][T19931] tipc: Started in network mode [ 382.564860][T19931] tipc: Node identity 9ca6, cluster identity 3 [ 382.577713][T19931] tipc: Node number set to 40102 [ 382.996578][T19955] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 383.120536][T19964] bridge0: port 2(bridge_slave_1) entered disabled state [ 383.128264][T19964] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.188513][T19964] bridge0: port 2(bridge_slave_1) entered blocking state [ 383.196037][T19964] bridge0: port 2(bridge_slave_1) entered forwarding state [ 383.204831][T19964] bridge0: port 1(bridge_slave_0) entered blocking state [ 383.211967][T19964] bridge0: port 1(bridge_slave_0) entered forwarding state [ 383.260164][T19964] team0: Port device bridge0 added [ 383.293108][T19972] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 383.328317][T19974] bridge_slave_1: left allmulticast mode [ 383.364042][T19974] bridge_slave_1: left promiscuous mode [ 383.369863][T19974] bridge0: port 2(bridge_slave_1) entered disabled state [ 383.415758][T19974] bridge_slave_0: left allmulticast mode [ 383.423254][T19974] bridge_slave_0: left promiscuous mode [ 383.424642][T19981] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 383.434077][T19974] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.532709][T19977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 383.546026][T19974] team0: Port device bridge0 removed [ 383.689780][T19990] bond4: (slave bridge38): Enslaving as an active interface with an up link [ 383.993733][ T5098] Bluetooth: hci6: command 0x040f tx timeout [ 384.047502][T20007] bond0: option arp_all_targets: invalid value (3) [ 384.384635][T20026] gtp0: entered promiscuous mode [ 384.403199][T20026] gtp0: entered allmulticast mode [ 384.774754][T20044] ebt_among: src integrity fail: 30a [ 384.816064][T20045] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 384.888848][T20051] netlink: 'syz.4.5188': attribute type 1 has an invalid length. [ 384.964776][T20056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 385.048515][T20056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 385.082889][T20059] xt_l2tp: missing protocol rule (udp|l2tpip) [ 385.424895][T20072] __nla_validate_parse: 13 callbacks suppressed [ 385.424957][T20072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5195'. [ 385.532138][T20074] netlink: 1 bytes leftover after parsing attributes in process `syz.2.5196'. [ 385.661879][T20078] pim6reg: entered allmulticast mode [ 385.698894][T20078] pim6reg: left allmulticast mode [ 386.083352][T20100] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5207'. [ 386.104204][T20097] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5206'. [ 386.251035][T20109] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5211'. [ 386.263371][T20109] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5211'. [ 386.278164][T20115] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5214'. [ 386.295085][T20107] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5210'. [ 386.443300][T20122] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 386.503226][T20123] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5217'. [ 386.515125][T20130] netlink: 'syz.3.5216': attribute type 1 has an invalid length. [ 386.546934][T20130] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5216'. [ 386.866788][T20150] netlink: 'syz.0.5227': attribute type 5 has an invalid length. [ 386.938249][T20155] IPv6: sit1: Disabled Multicast RS [ 387.216045][T20167] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 387.342603][ T5103] ================================================================== [ 387.350711][ T5103] BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 [ 387.359419][ T5103] Read of size 8 at addr ffff88807e5cdf18 by task kworker/u9:4/5103 [ 387.367405][ T5103] [ 387.369732][ T5103] CPU: 1 PID: 5103 Comm: kworker/u9:4 Not tainted 6.10.0-rc6-syzkaller-01408-gce2f84ebcd85 #0 [ 387.379990][ T5103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 387.390054][ T5103] Workqueue: hci0 hci_cmd_sync_work [ 387.395274][ T5103] Call Trace: [ 387.398558][ T5103] [ 387.401504][ T5103] dump_stack_lvl+0x241/0x360 [ 387.406201][ T5103] ? __pfx_dump_stack_lvl+0x10/0x10 [ 387.411413][ T5103] ? __pfx__printk+0x10/0x10 [ 387.416013][ T5103] ? _printk+0xd5/0x120 [ 387.420183][ T5103] ? __virt_addr_valid+0x183/0x520 [ 387.425316][ T5103] ? __virt_addr_valid+0x183/0x520 [ 387.430455][ T5103] print_report+0x169/0x550 [ 387.434986][ T5103] ? __virt_addr_valid+0x183/0x520 [ 387.440208][ T5103] ? __virt_addr_valid+0x183/0x520 [ 387.445341][ T5103] ? __virt_addr_valid+0x44e/0x520 [ 387.450468][ T5103] ? __phys_addr+0xba/0x170 [ 387.454997][ T5103] ? mgmt_remove_adv_monitor_sync+0x3a/0xd0 [ 387.460929][ T5103] kasan_report+0x143/0x180 [ 387.465457][ T5103] ? mgmt_remove_adv_monitor_sync+0x3a/0xd0 [ 387.471473][ T5103] mgmt_remove_adv_monitor_sync+0x3a/0xd0 [ 387.477230][ T5103] ? __pfx_mgmt_remove_adv_monitor_sync+0x10/0x10 [ 387.483680][ T5103] hci_cmd_sync_work+0x22b/0x400 [ 387.488654][ T5103] ? process_scheduled_works+0x945/0x1830 [ 387.494405][ T5103] process_scheduled_works+0xa2c/0x1830 [ 387.499982][ T5103] ? __pfx_process_scheduled_works+0x10/0x10 [ 387.505985][ T5103] ? assign_work+0x364/0x3d0 [ 387.510588][ T5103] worker_thread+0x86d/0xd50 [ 387.515198][ T5103] ? __kthread_parkme+0x169/0x1d0 [ 387.520239][ T5103] ? __pfx_worker_thread+0x10/0x10 [ 387.525361][ T5103] kthread+0x2f0/0x390 [ 387.529452][ T5103] ? __pfx_worker_thread+0x10/0x10 [ 387.534576][ T5103] ? __pfx_kthread+0x10/0x10 [ 387.539184][ T5103] ret_from_fork+0x4b/0x80 [ 387.543614][ T5103] ? __pfx_kthread+0x10/0x10 [ 387.548208][ T5103] ret_from_fork_asm+0x1a/0x30 [ 387.552980][ T5103] [ 387.555990][ T5103] [ 387.558296][ T5103] Allocated by task 19667: [ 387.562694][ T5103] kasan_save_track+0x3f/0x80 [ 387.567362][ T5103] __kasan_kmalloc+0x98/0xb0 [ 387.571942][ T5103] kmalloc_trace_noprof+0x19c/0x2c0 [ 387.577126][ T5103] mgmt_pending_new+0x65/0x250 [ 387.581875][ T5103] mgmt_pending_add+0x36/0x120 [ 387.586624][ T5103] remove_adv_monitor+0x102/0x1b0 [ 387.591631][ T5103] hci_mgmt_cmd+0xc47/0x11d0 [ 387.596214][ T5103] hci_sock_sendmsg+0x7b8/0x11c0 [ 387.601132][ T5103] __sock_sendmsg+0x221/0x270 [ 387.605808][ T5103] sock_write_iter+0x2dd/0x400 [ 387.610557][ T5103] vfs_write+0xa72/0xc90 [ 387.614786][ T5103] ksys_write+0x1a0/0x2c0 [ 387.619104][ T5103] do_syscall_64+0xf3/0x230 [ 387.623594][ T5103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.629475][ T5103] [ 387.631779][ T5103] Freed by task 18968: [ 387.635821][ T5103] kasan_save_track+0x3f/0x80 [ 387.640481][ T5103] kasan_save_free_info+0x40/0x50 [ 387.645492][ T5103] poison_slab_object+0xe0/0x150 [ 387.650413][ T5103] __kasan_slab_free+0x37/0x60 [ 387.655164][ T5103] kfree+0x149/0x360 [ 387.659041][ T5103] mgmt_pending_foreach+0xd1/0x130 [ 387.664222][ T5103] __mgmt_power_off+0x187/0x420 [ 387.669053][ T5103] hci_dev_close_sync+0x587/0xf70 [ 387.674063][ T5103] hci_dev_close+0x112/0x210 [ 387.678638][ T5103] sock_do_ioctl+0x158/0x460 [ 387.683227][ T5103] sock_ioctl+0x629/0x8e0 [ 387.687540][ T5103] __se_sys_ioctl+0xfc/0x170 [ 387.692136][ T5103] do_syscall_64+0xf3/0x230 [ 387.696724][ T5103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.702632][ T5103] [ 387.704949][ T5103] The buggy address belongs to the object at ffff88807e5cdf00 [ 387.704949][ T5103] which belongs to the cache kmalloc-96 of size 96 [ 387.718824][ T5103] The buggy address is located 24 bytes inside of [ 387.718824][ T5103] freed 96-byte region [ffff88807e5cdf00, ffff88807e5cdf60) [ 387.732458][ T5103] [ 387.734770][ T5103] The buggy address belongs to the physical page: [ 387.741167][ T5103] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e5cd [ 387.749920][ T5103] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 387.757378][ T5103] page_type: 0xffffefff(slab) [ 387.762042][ T5103] raw: 00fff00000000000 ffff888015041280 ffffea0001e2bbc0 dead000000000007 [ 387.770629][ T5103] raw: 0000000000000000 0000000000200020 00000001ffffefff 0000000000000000 [ 387.779298][ T5103] page dumped because: kasan: bad access detected [ 387.785709][ T5103] page_owner tracks the page as allocated [ 387.791404][ T5103] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 25, tgid 25 (kworker/1:0), ts 66533387417, free_ts 66529735726 [ 387.811637][ T5103] post_alloc_hook+0x1f3/0x230 [ 387.816421][ T5103] get_page_from_freelist+0x2e4c/0x2f10 [ 387.821955][ T5103] __alloc_pages_noprof+0x256/0x6c0 [ 387.827166][ T5103] alloc_slab_page+0x5f/0x120 [ 387.831832][ T5103] allocate_slab+0x5a/0x2f0 [ 387.836323][ T5103] ___slab_alloc+0xcd1/0x14b0 [ 387.840999][ T5103] __slab_alloc+0x58/0xa0 [ 387.845313][ T5103] kmalloc_trace_noprof+0x1d5/0x2c0 [ 387.850499][ T5103] dst_cow_metrics_generic+0x56/0x1c0 [ 387.856038][ T5103] icmp6_dst_alloc+0x270/0x420 [ 387.860817][ T5103] mld_sendpack+0x6a3/0xdb0 [ 387.865306][ T5103] mld_dad_work+0x44/0x500 [ 387.869708][ T5103] process_scheduled_works+0xa2c/0x1830 [ 387.875243][ T5103] worker_thread+0x86d/0xd50 [ 387.879817][ T5103] kthread+0x2f0/0x390 [ 387.883870][ T5103] ret_from_fork+0x4b/0x80 [ 387.888272][ T5103] page last free pid 5285 tgid 5280 stack trace: [ 387.894575][ T5103] free_unref_page+0xd22/0xea0 [ 387.899327][ T5103] vfree+0x186/0x2e0 [ 387.903211][ T5103] bpf_prog_calc_tag+0x663/0x900 [ 387.908148][ T5103] resolve_pseudo_ldimm64+0xdf/0x16a0 [ 387.913512][ T5103] bpf_check+0x6520/0x19690 [ 387.918000][ T5103] bpf_prog_load+0x1667/0x20f0 [ 387.922744][ T5103] __sys_bpf+0x4ee/0x810 [ 387.926976][ T5103] __x64_sys_bpf+0x7c/0x90 [ 387.931380][ T5103] do_syscall_64+0xf3/0x230 [ 387.935869][ T5103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.941764][ T5103] [ 387.944071][ T5103] Memory state around the buggy address: [ 387.949682][ T5103] ffff88807e5cde00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 387.957730][ T5103] ffff88807e5cde80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 387.965776][ T5103] >ffff88807e5cdf00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 387.973819][ T5103] ^ [ 387.978646][ T5103] ffff88807e5cdf80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 387.986707][ T5103] ffff88807e5ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 387.994747][ T5103] ================================================================== [ 388.011091][ T5103] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 388.018318][ T5103] CPU: 1 PID: 5103 Comm: kworker/u9:4 Not tainted 6.10.0-rc6-syzkaller-01408-gce2f84ebcd85 #0 [ 388.028565][ T5103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 388.038719][ T5103] Workqueue: hci0 hci_cmd_sync_work [ 388.043938][ T5103] Call Trace: [ 388.047243][ T5103] [ 388.050182][ T5103] dump_stack_lvl+0x241/0x360 [ 388.054872][ T5103] ? __pfx_dump_stack_lvl+0x10/0x10 [ 388.060077][ T5103] ? __pfx__printk+0x10/0x10 [ 388.064673][ T5103] ? preempt_schedule+0xe1/0xf0 [ 388.069551][ T5103] ? vscnprintf+0x5d/0x90 [ 388.073891][ T5103] panic+0x349/0x860 [ 388.077793][ T5103] ? check_panic_on_warn+0x21/0xb0 [ 388.082908][ T5103] ? __pfx_panic+0x10/0x10 [ 388.087316][ T5103] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 388.093374][ T5103] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 388.099692][ T5103] ? print_report+0x502/0x550 [ 388.104363][ T5103] check_panic_on_warn+0x86/0xb0 [ 388.109293][ T5103] ? mgmt_remove_adv_monitor_sync+0x3a/0xd0 [ 388.115175][ T5103] end_report+0x77/0x160 [ 388.119409][ T5103] kasan_report+0x154/0x180 [ 388.123924][ T5103] ? mgmt_remove_adv_monitor_sync+0x3a/0xd0 [ 388.129810][ T5103] mgmt_remove_adv_monitor_sync+0x3a/0xd0 [ 388.135522][ T5103] ? __pfx_mgmt_remove_adv_monitor_sync+0x10/0x10 [ 388.141927][ T5103] hci_cmd_sync_work+0x22b/0x400 [ 388.146851][ T5103] ? process_scheduled_works+0x945/0x1830 [ 388.152561][ T5103] process_scheduled_works+0xa2c/0x1830 [ 388.158121][ T5103] ? __pfx_process_scheduled_works+0x10/0x10 [ 388.164092][ T5103] ? assign_work+0x364/0x3d0 [ 388.168671][ T5103] worker_thread+0x86d/0xd50 [ 388.173253][ T5103] ? __kthread_parkme+0x169/0x1d0 [ 388.178262][ T5103] ? __pfx_worker_thread+0x10/0x10 [ 388.183356][ T5103] kthread+0x2f0/0x390 [ 388.187411][ T5103] ? __pfx_worker_thread+0x10/0x10 [ 388.192506][ T5103] ? __pfx_kthread+0x10/0x10 [ 388.197081][ T5103] ret_from_fork+0x4b/0x80 [ 388.201484][ T5103] ? __pfx_kthread+0x10/0x10 [ 388.206062][ T5103] ret_from_fork_asm+0x1a/0x30 [ 388.210819][ T5103] [ 388.214067][ T5103] Kernel Offset: disabled [ 388.218377][ T5103] Rebooting in 86400 seconds..