last executing test programs: 10.170191562s ago: executing program 2 (id=1671): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x29, 0x2, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {}, [{0x54, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x20000000}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg0\x00'}) socket$nl_route(0x10, 0x3, 0x0) (async) socket$kcm(0x29, 0x2, 0x0) (async) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {}, [{0x54, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x20000000}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg0\x00'}) (async) 9.787976603s ago: executing program 2 (id=1680): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x74}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x1f}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) 9.513989456s ago: executing program 2 (id=1683): setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000001c0)=0x70bf4d4b, 0x4) socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_BIND_MAP(0x23, 0x0, 0x0) sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$802154_dgram(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="180800000004000000d0ff0000080000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1e}, 0x90) 1.386064745s ago: executing program 4 (id=1781): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, r1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) syz_emit_ethernet(0x90, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040), 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@getlink={0x2c, 0x12, 0x221, 0x0, 0x0, {0x7}, [@IFLA_ADDRESS={0xa}]}, 0x2c}}, 0x0) ioctl$SIOCNRDECOBS(r2, 0x89e2) 1.263398252s ago: executing program 0 (id=1783): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ae8000000000a01010000000000000000050000000900010073797a3000000000ba000600e9eec003775c64e64f439fc0b5fb34bcd039590bba579a25436e11f718b64e3e01796b9e930a3d8eefa0bccf8429a311f3ce5ec5a0a7bb9e08c60e03cbcdd726725fb9b1bd1000cf2a77ab6ab91f2294632773ea59b8de2361cdd8045c5fdb81611e843cb814e4cfe672542287ebd3b2ed48dca1a08690b05bb9bbbcc05551bd05e4c6e0625fcae04323e0f29dbad3c57456d2ca020462188e1236ebe6da1442c71ab0a8ebfaacef2710111417370a0f8cd19c5f9e1a00000900010073797a300000000014010000030a01030000000000000000050000000900010073797a30000000000800054000000000af000c008451bef8928cf9ec5c3c0fca5cedf6b9ae811484cd4abbaec9eba3118a64f7b105ab0e5c8e377ddaf98490703415da6a50c72a1434c93ef4daa32cd2b643c4ab99e8adc29f67b58cd27b71b30213e6acd60b8fa2190c3fd64f382e41b97f4b12379ce9470cbfdb02cc2a2d8e0e7aec144e2df705b37b99cafc9b141b0f3176897eba9802e14cc423ecff994b4ff320f5786bd4fba343449446d922b94ac3f8621197db4c2dc061e9278f5a000900030073797a32000000000b00070066696c746572000024000480080002406b10a6210800014000000004080002404e73b858080001400000000014000000020a03000000"], 0x238}}, 0x0) close(r1) 1.236891055s ago: executing program 4 (id=1784): sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000480)=ANY=[], 0x2c}}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffec0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f0000000000)="2e000300010002", 0x7) write$binfmt_script(r0, 0x0, 0x0) r2 = socket(0x28, 0x1, 0x0) getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0xab) 1.138287286s ago: executing program 1 (id=1785): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a70000000060a010400000000000000000200000044000480400001800e000100627974656f72646572000000"], 0x98}}, 0x0) ioctl$IMSETDEVNAME(0xffffffffffffffff, 0x80184947, &(0x7f0000000100)={0x0, 'syz1\x00'}) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$cgroup_type(0xffffffffffffffff, &(0x7f00000003c0), 0x2, 0x0) write$cgroup_type(r2, &(0x7f0000000400), 0x9) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f1ea3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b2213fdc2881e1a6ec9d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232f0485a2ca9f37fc9c3d2688efcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdcdeb2af1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f925f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5c49209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378ad8f6afb0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3826ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3577], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ae8000000000a01010000000000000000050000000900010073797a3000000000ba000600e9eec003775c64e64f439fc0b5fb34bcd039590bba579a25436e11f718b64e3e01796b9e930a3d8eefa0bccf8429a311f3ce5ec5a0a7bb9e08c60e03cbcdd726725fb9b1bd1000cf2a77ab6ab91f2294632773ea59b8de2361cdd8045c5fdb81611e843cb814e4cfe672542287ebd3b2ed48dca1a08690b05bb9bbbcc05551bd05e4c6e0625fcae04323e0f29dbad3c57456d2ca020462188e1236ebe6da1442c71ab0a8ebfaacef2710111417370a0f8cd19c5f9e1a00000900010073797a300000000014010000030a01030000000000000000050000000900010073797a30000000000800054000000000af000c008451bef8928cf9ec5c3c0fca5cedf6b9ae811484cd4abbaec9eba3118a64f7b105ab0e5c8e377ddaf98490703415da6a50c72a1434c93ef4daa32cd2b643c4ab99e8adc29f67b58cd27b71b30213e6acd60b8fa2190c3fd64f382e41b97f4b12379ce9470cbfdb02cc2a2d8e0e7aec144e2df705b37b99cafc9b141b0f3176897eba9802e14cc423ecff994b4ff320f5786bd4fba343449446d922b94ac3f8621197db4c2dc061e9278f5a000900030073797a32000000000b00070066696c746572000024000480080002406b10a6210800014000000004080002404e73b858080001400000000014000000020a030000000000000000000500000014000000110001"], 0x238}}, 0x0) close(r1) 1.083723129s ago: executing program 3 (id=1786): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0x4, &(0x7f0000000d40)=ANY=[@ANYBLOB="18000000010000000000000001000000911206000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.070295567s ago: executing program 4 (id=1787): socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_mptcp(0x2, 0x1, 0x106) r0 = socket(0x23, 0x4, 0x5) connect$vsock_stream(r0, &(0x7f0000000300)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)={@cgroup, 0xffffffffffffffff, 0x26, 0x0, 0x0, @prog_fd}, 0x20) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000400000000000000080021850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gre={{0x8}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_TYPE={0x6}]}}}]}, 0x3c}}, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040), 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x19}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r3, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000240)) 1.001703579s ago: executing program 0 (id=1788): bpf$MAP_CREATE(0x0, 0x0, 0x0) getpid() sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r0) socket$kcm(0x2, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000c00)={{r2}, &(0x7f0000000b80), &(0x7f0000000bc0)=r0}, 0x20) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r1, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) r3 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000540)={'macvlan0\x00', 0x100}) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x2, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, 0x2e) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x1c, 0x0, 0x5, 0x70bd2b, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}}, 0x0) ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f00000000c0)={'team_slave_1\x00', 0x1ff}) ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f0000000080)={'veth1_macvtap\x00', 0x1000}) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000040)={'veth1_vlan\x00', 0xd3}) 870.359542ms ago: executing program 3 (id=1789): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) r0 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x3f0, 0xf0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x320, 0xffffffff, 0xffffffff, 0x320, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xd0, 0xf0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@dscp={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x230, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x3f000000, 0x8, 0x0, 'syz1\x00'}}, @common=@inet=@set2={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x450) 750.064228ms ago: executing program 1 (id=1790): unshare(0x0) socket$unix(0x1, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000100000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) socket$kcm(0x10, 0x0, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000000140001006970766c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e300000000000000000000000140001006772653000000000000000000000040008000140000000005c000000180a01010000000000000000010000000900"], 0x4b0}, 0x1, 0x0, 0x7000000}, 0x0) 708.932985ms ago: executing program 4 (id=1791): socket$inet6(0xa, 0x3, 0x7) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000800)={'geneve0\x00'}) socket(0x11, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) unshare(0x2000400) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000d40)={0x6, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020206425a77f9d3572a9ddb4134cfda100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000900)='syzkaller\x00', 0x6}, 0x90) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x33fe0}, 0x33fe0}}, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) connect$unix(r2, &(0x7f0000000100)=@abs={0x27}, 0x6e) 660.571363ms ago: executing program 2 (id=1688): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000008007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0xbfff, 0x0, '\x00', 0x0, 0x2}, 0x80) 659.747035ms ago: executing program 3 (id=1792): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bpq0, 0x2, [@default, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}) 578.302405ms ago: executing program 0 (id=1793): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, r1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) syz_emit_ethernet(0x90, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040), 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@getlink={0x2c, 0x12, 0x221, 0x0, 0x0, {0x7}, [@IFLA_ADDRESS={0xa}]}, 0x2c}}, 0x0) ioctl$SIOCNRDECOBS(r2, 0x89e2) 510.473123ms ago: executing program 1 (id=1794): syz_emit_ethernet(0x5e, &(0x7f00000005c0)={@local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0xb, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @local, {[@cipso={0x86, 0x18, 0x0, [{0x0, 0xb, "5e000000ff00000000"}, {0x0, 0x5, "4eb8a6"}, {0x0, 0x2}]}]}}, "a815a23da43974ff"}}}}}, 0x0) 505.694215ms ago: executing program 2 (id=1795): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000e0000000085000000500000009500000000000000"], &(0x7f0000000140)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001240)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_emit_ethernet(0x82, &(0x7f0000000140)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010101, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x16, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa, @rand_addr, {[@lsrr={0x83, 0x3}, @rr={0x7, 0x3}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@private=0xa010121}, {@private}, {@local}, {@remote}, {@private}, {@dev}, {@private}]}]}}}}}}}, 0x0) r1 = accept$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000040)=0x1c) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x4, {{0xa, 0x4e23, 0x101, @loopback, 0x3}}, 0x0, 0x1, [{{0xa, 0x4e22, 0x6, @loopback, 0x100}}]}, 0x110) 485.381773ms ago: executing program 3 (id=1796): sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000480)=ANY=[], 0x2c}}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffec0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f0000000000)="2e000300010002", 0x7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r2 = socket(0x28, 0x1, 0x0) getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0xab) 418.333731ms ago: executing program 4 (id=1797): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ae8000000000a01010000000000000000050000000900010073797a3000000000ba000600e9eec003775c64e64f439fc0b5fb34bcd039590bba579a25436e11f718b64e3e01796b9e930a3d8eefa0bccf8429a311f3ce5ec5a0a7bb9e08c60e03cbcdd726725fb9b1bd1000cf2a77ab6ab91f2294632773ea59b8de2361cdd8045c5fdb81611e843cb814e4cfe672542287ebd3b2ed48dca1a08690b05bb9bbbcc05551bd05e4c6e0625fcae04323e0f29dbad3c57456d2ca020462188e1236ebe6da1442c71ab0a8ebfaacef2710111417370a0f8cd19c5f9e1a00000900010073797a300000000014010000030a01030000000000000000050000000900010073797a30000000000800054000000000af000c008451bef8928cf9ec5c3c0fca5cedf6b9ae811484cd4abbaec9eba3118a64f7b105ab0e5c8e377ddaf98490703415da6a50c72a1434c93ef4daa32cd2b643c4ab99e8adc29f67b58cd27b71b30213e6acd60b8fa2190c3fd64f382e41b97f4b12379ce9470cbfdb02cc2a2d8e0e7aec144e2df705b37b99cafc9b141b0f3176897eba9802e14cc423ecff994b4ff320f5786bd4fba343449446d922b94ac3f8621197db4c2dc061e9278f5a000900030073797a32000000000b00070066696c746572000024000480080002406b10a6210800014000000004080002404e73b858080001400000000014000000020a03000000"], 0x238}}, 0x0) close(r1) 394.094034ms ago: executing program 1 (id=1798): r0 = socket$inet6(0xa, 0x806, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r0, 0x3) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000008080)=[{{0x0, 0x0, 0x0}, 0x20000}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10"], 0x20}}], 0x2, 0x0) 387.745512ms ago: executing program 0 (id=1799): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a70000000060a010400000000000000000200000044000480400001800e000100627974656f726465720000002c000280080001400d0000160800024000000000080004400000000208000340"], 0x98}}, 0x0) ioctl$IMSETDEVNAME(0xffffffffffffffff, 0x80184947, &(0x7f0000000100)={0x0, 'syz1\x00'}) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$cgroup_type(0xffffffffffffffff, &(0x7f00000003c0), 0x2, 0x0) write$cgroup_type(r2, &(0x7f0000000400), 0x9) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f1ea3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b2213fdc2881e1a6ec9d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232f0485a2ca9f37fc9c3d2688efcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdcdeb2af1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f925f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5c49209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378ad8f6afb0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3826ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3577], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ae8000000000a01010000000000000000050000000900010073797a3000000000ba000600e9eec003775c64e64f439fc0b5fb34bcd039590bba579a25436e11f718b64e3e01796b9e930a3d8eefa0bccf8429a311f3ce5ec5a0a7bb9e08c60e03cbcdd726725fb9b1bd1000cf2a77ab6ab91f2294632773ea59b8de2361cdd8045c5fdb81611e843cb814e4cfe672542287ebd3b2ed48dca1a08690b05bb9bbbcc05551bd05e4c6e0625fcae04323e0f29dbad3c57456d2ca020462188e1236ebe6da1442c71ab0a8ebfaacef2710111417370a0f8cd19c5f9e1a00000900010073797a300000000014010000030a01030000000000000000050000000900010073797a30000000000800054000000000af000c008451bef8928cf9ec5c3c0fca5cedf6b9ae811484cd4abbaec9eba3118a64f7b105ab0e5c8e377ddaf98490703415da6a50c72a1434c93ef4daa32cd2b643c4ab99e8adc29f67b58cd27b71b30213e6acd60b8fa2190c3fd64f382e41b97f4b12379ce9470cbfdb02cc2a2d8e0e7aec144e2df705b37b99cafc9b141b0f3176897eba9802e14cc423ecff994b4ff320f5786bd4fba343449446d922b94ac3f8621197db4c2dc061e9278f5a000900030073797a32000000000b00070066696c746572000024000480080002406b10a6210800014000000004080002404e73b858080001400000000014000000020a030000000000000000000500000014000000110001"], 0x238}}, 0x0) close(r1) 291.539881ms ago: executing program 2 (id=1800): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000002100), r3) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@ipv6_newaddr={0x48, 0x14, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r2}, [@IFA_ADDRESS={0x14, 0x1, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x402}, @IFA_CACHEINFO={0x14, 0x6, {0x325f, 0x7ff, 0x5, 0xfffffff9}}]}, 0x48}}, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$packet(0x11, 0x2, 0x300) r5 = socket$alg(0x26, 0x5, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'tunl0\x00', &(0x7f0000000100)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @local}}}}) bind$alg(r5, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000100001000000000000007f000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f740000000c0a01080000000000000000010000000900020073797a32000000004800038044000080080003400000000238000b80340001800a0001006c696d6974000000240002800c00014000000000000000010c00024000000000efffffff0eeb0340000005f50900010073797a30"], 0xf8}}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c0000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128008000100677470002000028014000800000000000000000000000000000000000500050000000000"], 0x4c}}, 0x0) r8 = accept4(r5, 0x0, 0x0, 0x0) sendmmsg$inet6(r8, &(0x7f0000002d40)=[{{0x0, 0x0, &(0x7f0000002c00)=[{&(0x7f0000002940)="99d661321aafe161f8daa3aa686b49201e28", 0x12}, {&(0x7f0000002980)="f555c15b70122cd0c98a5b39d975242bce2ae54f0a7ee6f8291bf1887f6fec817c26b1d863c34b037a56faa6dde89b09f5b752b2121b7fad3d1f6b7470ed80fece2a9b225b6f374dfe7761a3e1947198cd2e80db5039319fc789e105efe29c9fed9105d6c33e0349a8e3330282f27a58632de84541cac2cc7b21d99b0fd5ae4bfb5659bbda08606d62763806122f79162c835206d1d7adead527011943d2", 0x9e}, {&(0x7f0000002a40)="cedd02", 0x3}, {&(0x7f0000002b00)="ccf4d478ea4674b674d304c2f577f1bf3edcf361d2a56234a5f1d49af4b28f6cb9fffdedfbfe66d04276a5b7776a2c9f1366408c8cbde94e81b9d5aaf1df7468d4d9dc5331a21b85f9483318a39085ce0c42697a0db79feb1f6aea03ba242e87fa312419f10be40562264cffeb239c407716f0e67337bd09ec891e71fdae92b12a4864f25d27d77fcb4f434de62683beec9c42ae84dc6ce86531c64d50b07191721cd0dd2f40d4eb893e78172bd5708338ce03373eec8d300dacd21b7f9acd6a0360eac1d0690f873727440011ac07f627082060bdf97572abee5e501e3ed420cd5eb3fb1754", 0xe6}], 0x4}}], 0x1, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000001000040000000000000000079120cde0000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r10 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r10, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) sendto$inet(0xffffffffffffffff, &(0x7f0000000380)="e1", 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r10, 0x5421, &(0x7f0000000080)=0x3) splice(r10, 0x0, r9, 0x0, 0x0, 0x0) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x26}, 0x20) 288.983978ms ago: executing program 3 (id=1801): syz_emit_ethernet(0x68, &(0x7f0000000100)={@broadcast, @multicast, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x5a, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x8100, 0x2, 0x10, [], "7f1a"}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {}, {0x8, 0x22eb, 0xe000}}}}}}, 0x0) 252.595967ms ago: executing program 1 (id=1802): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x6, &(0x7f0000000680)=ANY=[@ANYBLOB="b40900000000000061111000000000008510000002000000850000005000003895000000000000009500000000000000752791631222a4b4dbffcb3e429313c626d8575b733278661f13493d24a9e56d000045361df4f2d2d4f8c2f01b4ebc5e56040b1134ecdb1e1f38ce94b48a6e6325a3c0fa265afb4cfef8a901af313b77f13a966aeb27ccb654fac79ae10600000075fa8341a6875728e9a45938c338b7a958249211eb70d5d978eff738aa6be2d07fedb69c65b63dd665e66a92dec0189df1c319c72478e432b17c45bec66c923fb483a6d4e050bfaa8f8f85364f849802fa2c3b80975e8753560000f0c313d9c19ebc37219f14fbcdd539b9b96af3000000000000a5ba432868c94d89a587a608d4a2775463f6ac50a87677ff52cdc32c5ca6b15a0f7dd116bf074bdf18f78df0a7ea01bf1b70dc492fb776d382e53f33275334ab9055204cf808192fe7965d545adc3025140be6c4ce9c53a78654d285020c3ed1802e4905bdaf45b00ca255fc9720af279d003823d909e0028d0e54b3bbab4040064c8075fb861c0957378d1aa25363fe4e6ee692dbc22d130f06b86ea597aa9147723879c8f36b42109343d97e02186e240d1c455ab6e5bdd818e196a93467649726cd2c134ede56f61c9b8da92eee2a520a1de4078d326bb41cf0e5e83f9354fabeb8f726aa631253e5cb18e2268a4c530df35d2e40646363b84d6e3cc37809dc3dc91b1747d982b00d04f69400"/542], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe}, 0x70) 191.438999ms ago: executing program 4 (id=1803): bpf$MAP_CREATE(0x0, 0x0, 0x0) getpid() sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r0) socket$kcm(0x2, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000c00)={{r2}, &(0x7f0000000b80), &(0x7f0000000bc0)=r0}, 0x20) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r1, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) r3 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000540)={'macvlan0\x00', 0x100}) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x2, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, 0x2e) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x1c, 0x0, 0x5, 0x70bd2b, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}}, 0x0) ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f00000000c0)={'team_slave_1\x00', 0x1ff}) ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f0000000080)={'veth1_macvtap\x00', 0x1000}) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000040)={'veth1_vlan\x00', 0xd3}) 130.437911ms ago: executing program 1 (id=1804): r0 = socket$inet_udplite(0x2, 0x2, 0x88) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) (async) r2 = socket$isdn_base(0x22, 0x3, 0x0) ioctl$IMSETDEVNAME(r2, 0x80184947, 0x0) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000300)={'tunl0\x00', &(0x7f0000000280)={'tunl0\x00', 0x0, 0x8, 0x700, 0x3, 0x4, {{0x17, 0x4, 0x1, 0x2a, 0x5c, 0x65, 0x0, 0x3, 0x2f, 0x0, @remote, @loopback, {[@noop, @ssrr={0x89, 0x23, 0x41, [@rand_addr=0x64010101, @loopback, @rand_addr=0x64010102, @broadcast, @multicast2, @loopback, @rand_addr=0x64010100, @rand_addr=0x64010100]}, @rr={0x7, 0x3, 0x68}, @lsrr={0x83, 0x17, 0x5b, [@dev={0xac, 0x14, 0x14, 0x2c}, @empty, @dev={0xac, 0x14, 0x14, 0x44}, @local, @multicast2]}, @lsrr={0x83, 0x7, 0x5, [@local]}]}}}}}) r3 = socket$nl_sock_diag(0x10, 0x3, 0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000002900)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x64, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x11}, @IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x64}}, 0x884) (async) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000340)={'batadv_slave_0\x00', 0x0}) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r4, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="34001000", @ANYRES16=r6, @ANYRESHEX, @ANYRES32=r8, @ANYBLOB="050030000000000005003800010000000800320005000000"], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x10) sendmsg$BATADV_CMD_GET_DAT_CACHE(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r6, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}}, 0x0) (async) sendmsg$DCCPDIAG_GETSOCK(r3, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80100009}, 0xc, 0x0}, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000900)=ANY=[@ANYBLOB="b4000000000000006910600000000000040000000000000095000000000000007220abb1b364768c328613d20a4d2451a69f9642"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48) (async) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000001c0)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl2\x00', 0x0, 0x2f, 0x6, 0x9, 0x0, 0x18, @loopback, @mcast2, 0x8, 0x20, 0x4, 0x80000000}}) r10 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', r9}, 0x48) (async) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r11, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x54, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x54}}, 0x0) (async) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b70200000000000085000003000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d0000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='block_plug\x00', r12}, 0x10) r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r13, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x20, 0x1405, 0x800, 0x70bd29, 0x25dfdbfc, "", [{{0x8}, {0x8, 0x3, 0x4}}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x884) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) (async) epoll_create(0x16a) r14 = socket$rxrpc(0x21, 0x2, 0x2) setsockopt$sock_int(r14, 0x1, 0x7, &(0x7f0000002900), 0x4) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 128.164175ms ago: executing program 0 (id=1805): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000280)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0, 0x0, 0x0, 0x20}}, @printk={@lu, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 54.437304ms ago: executing program 3 (id=1806): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bpq0, 0x2, [@default, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}) 0s ago: executing program 0 (id=1807): socket$inet6(0xa, 0x3, 0x7) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000800)={'geneve0\x00'}) socket(0x11, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) unshare(0x2000400) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x33fe0}, 0x33fe0}}, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) connect$unix(r2, &(0x7f0000000100)=@abs={0x27}, 0x6e) kernel console output (not intermixed with test programs): nth_read+0x10/0x10 [ 117.922077][ T6323] vfs_read+0x204/0xbc0 [ 117.926275][ T6323] ? __pfx_lock_release+0x10/0x10 [ 117.931359][ T6323] ? __pfx_vfs_read+0x10/0x10 [ 117.936080][ T6323] ? __fget_files+0x29/0x470 [ 117.940715][ T6323] ? __fget_files+0x3f6/0x470 [ 117.945470][ T6323] ksys_read+0x1a0/0x2c0 [ 117.949762][ T6323] ? __pfx_ksys_read+0x10/0x10 [ 117.954566][ T6323] ? do_syscall_64+0x100/0x230 [ 117.959360][ T6323] ? do_syscall_64+0xb6/0x230 [ 117.964059][ T6323] do_syscall_64+0xf3/0x230 [ 117.968578][ T6323] ? clear_bhb_loop+0x35/0x90 [ 117.973276][ T6323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.979189][ T6323] RIP: 0033:0x7fa2b4f75d7c [ 117.983611][ T6323] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 118.003224][ T6323] RSP: 002b:00007fa2b5c69040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 118.011652][ T6323] RAX: ffffffffffffffda RBX: 00007fa2b5105f80 RCX: 00007fa2b4f75d7c [ 118.019632][ T6323] RDX: 000000000000000f RSI: 00007fa2b5c690b0 RDI: 0000000000000003 [ 118.027608][ T6323] RBP: 00007fa2b5c690a0 R08: 0000000000000000 R09: 0000000000000000 [ 118.035584][ T6323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.043558][ T6323] R13: 000000000000000b R14: 00007fa2b5105f80 R15: 00007ffd2f9093c8 [ 118.051550][ T6323] [ 118.087423][ T6326] ieee802154 phy0 wpan0: encryption failed: -22 [ 118.097174][ T6307] syz.0.279 (6307) used greatest stack depth: 18432 bytes left [ 118.120992][ T6326] netlink: 36 bytes leftover after parsing attributes in process `syz.3.287'. [ 118.422136][ T6337] FAULT_INJECTION: forcing a failure. [ 118.422136][ T6337] name failslab, interval 1, probability 0, space 0, times 0 [ 118.445281][ T6337] CPU: 0 UID: 0 PID: 6337 Comm: syz.0.291 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 118.455618][ T6337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 118.465711][ T6337] Call Trace: [ 118.469016][ T6337] [ 118.471956][ T6337] dump_stack_lvl+0x241/0x360 [ 118.476651][ T6337] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.481862][ T6337] ? __pfx__printk+0x10/0x10 [ 118.486463][ T6337] ? fs_reclaim_acquire+0x93/0x140 [ 118.491592][ T6337] ? __pfx___might_resched+0x10/0x10 [ 118.496891][ T6337] ? dynamic_dname+0x141/0x1b0 [ 118.501665][ T6337] should_fail_ex+0x3b0/0x4e0 [ 118.506364][ T6337] ? tomoyo_encode+0x26f/0x540 [ 118.511157][ T6337] should_failslab+0xac/0x100 [ 118.515851][ T6337] ? tomoyo_encode+0x26f/0x540 [ 118.520628][ T6337] __kmalloc_noprof+0xd8/0x400 [ 118.525498][ T6337] tomoyo_encode+0x26f/0x540 [ 118.530107][ T6337] ? __pfx_sockfs_dname+0x10/0x10 [ 118.535147][ T6337] tomoyo_realpath_from_path+0x59e/0x5e0 [ 118.540804][ T6337] tomoyo_path_number_perm+0x23a/0x880 [ 118.546283][ T6337] ? tomoyo_path_number_perm+0x208/0x880 [ 118.552021][ T6337] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 118.558047][ T6337] ? __fget_files+0x29/0x470 [ 118.562657][ T6337] ? __fget_files+0x3f6/0x470 [ 118.567351][ T6337] ? __fget_files+0x29/0x470 [ 118.571959][ T6337] security_file_ioctl+0x75/0xb0 [ 118.576939][ T6337] __se_sys_ioctl+0x47/0x170 [ 118.581546][ T6337] do_syscall_64+0xf3/0x230 [ 118.586066][ T6337] ? clear_bhb_loop+0x35/0x90 [ 118.590768][ T6337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.596673][ T6337] RIP: 0033:0x7fb3c2f77299 [ 118.601107][ T6337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.620723][ T6337] RSP: 002b:00007fb3c3d33048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 118.629155][ T6337] RAX: ffffffffffffffda RBX: 00007fb3c3105f80 RCX: 00007fb3c2f77299 [ 118.637150][ T6337] RDX: 0000000020000340 RSI: 000000000000890b RDI: 0000000000000004 [ 118.645132][ T6337] RBP: 00007fb3c3d330a0 R08: 0000000000000000 R09: 0000000000000000 [ 118.653109][ T6337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.661260][ T6337] R13: 000000000000000b R14: 00007fb3c3105f80 R15: 00007ffef670c648 [ 118.669251][ T6337] [ 118.681824][ T6337] ERROR: Out of memory at tomoyo_realpath_from_path. [ 118.725876][ T6339] batadv0: entered promiscuous mode [ 118.735551][ T6339] vlan2: entered promiscuous mode [ 118.768224][ T6339] batadv0: left promiscuous mode [ 118.885584][ T6343] netlink: 'syz.2.293': attribute type 13 has an invalid length. [ 118.919692][ T6343] netlink: 'syz.2.293': attribute type 16 has an invalid length. [ 118.951062][ T6343] netlink: 'syz.2.293': attribute type 17 has an invalid length. [ 119.171562][ T6352] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 119.449922][ T6362] netlink: 'syz.0.301': attribute type 13 has an invalid length. [ 119.467534][ T6362] netlink: 'syz.0.301': attribute type 16 has an invalid length. [ 119.491541][ T6362] netlink: 'syz.0.301': attribute type 17 has an invalid length. [ 119.847267][ T6379] x_tables: duplicate underflow at hook 1 [ 120.223323][ T6366] syz.4.300 (6366) used greatest stack depth: 18368 bytes left [ 120.307812][ C1] eth0: bad gso: type: 1, size: 1408 [ 120.474874][ T6401] netlink: 'syz.1.317': attribute type 13 has an invalid length. [ 120.583040][ T6401] netlink: 'syz.1.317': attribute type 16 has an invalid length. [ 120.609046][ T6401] netlink: 'syz.1.317': attribute type 17 has an invalid length. [ 120.738405][ T6402] dummy0: entered promiscuous mode [ 120.781920][ T6402] dummy0: left promiscuous mode [ 121.311340][ C1] eth0: bad gso: type: 1, size: 1408 [ 121.402913][ T6436] netlink: 'syz.3.329': attribute type 13 has an invalid length. [ 121.459863][ C1] eth0: bad gso: type: 1, size: 1408 [ 121.537954][ T6407] dccp_close: ABORT with 515 bytes unread [ 121.834599][ T6450] netlink: 72 bytes leftover after parsing attributes in process `syz.0.335'. [ 121.880101][ T6448] batadv0: entered promiscuous mode [ 121.885616][ T6448] vlan2: entered promiscuous mode [ 121.923635][ T6448] batadv0: left promiscuous mode [ 122.216420][ T6462] warning: `syz.0.340' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 122.268035][ T6460] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.339'. [ 122.298098][ T6460] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 122.338324][ T6460] syzkaller0: entered promiscuous mode [ 122.367857][ T6460] syzkaller0: entered allmulticast mode [ 122.380632][ C1] eth0: bad gso: type: 1, size: 1408 [ 122.415291][ C1] eth0: bad gso: type: 1, size: 1408 [ 123.230446][ T6468] dccp_close: ABORT with 267 bytes unread [ 123.419574][ T6505] trusted_key: syz.3.357 sent an empty control message without MSG_MORE. [ 124.359806][ T6541] validate_nla: 8 callbacks suppressed [ 124.359831][ T6541] netlink: 'syz.2.369': attribute type 13 has an invalid length. [ 124.406060][ T6541] netlink: 'syz.2.369': attribute type 16 has an invalid length. [ 124.421010][ T6541] netlink: 'syz.2.369': attribute type 17 has an invalid length. [ 124.836458][ T6546] netlink: 12 bytes leftover after parsing attributes in process `syz.0.370'. [ 124.861007][ T6534] dccp_close: ABORT with 267 bytes unread [ 125.657573][ T6576] netlink: 'syz.1.382': attribute type 13 has an invalid length. [ 125.715195][ T6576] netlink: 'syz.1.382': attribute type 16 has an invalid length. [ 125.743306][ T6576] netlink: 'syz.1.382': attribute type 17 has an invalid length. [ 125.984505][ T6580] netlink: 8 bytes leftover after parsing attributes in process `syz.0.383'. [ 126.027382][ T6585] ieee802154 phy0 wpan0: encryption failed: -22 [ 126.037163][ T6585] netlink: 36 bytes leftover after parsing attributes in process `syz.1.385'. [ 126.155870][ T6587] netlink: 'syz.2.387': attribute type 13 has an invalid length. [ 126.176659][ T6587] netlink: 'syz.2.387': attribute type 16 has an invalid length. [ 126.199812][ T6587] netlink: 'syz.2.387': attribute type 17 has an invalid length. [ 126.559523][ T6601] netlink: 4 bytes leftover after parsing attributes in process `syz.1.390'. [ 126.619393][ T6601] netlink: 'syz.1.390': attribute type 11 has an invalid length. [ 126.642096][ T6601] netlink: 8 bytes leftover after parsing attributes in process `syz.1.390'. [ 127.057232][ T6611] batadv0: entered promiscuous mode [ 127.063312][ T6611] vlan2: entered promiscuous mode [ 127.078512][ T6611] batadv0: left promiscuous mode [ 127.159556][ T6593] dccp_close: ABORT with 267 bytes unread [ 127.511130][ T6622] ieee802154 phy0 wpan0: encryption failed: -22 [ 127.537626][ T6622] netlink: 36 bytes leftover after parsing attributes in process `syz.1.399'. [ 127.620205][ T6629] netlink: 4 bytes leftover after parsing attributes in process `syz.2.398'. [ 127.664273][ T6629] veth0_macvtap: left promiscuous mode [ 128.015569][ T6641] netlink: 72 bytes leftover after parsing attributes in process `syz.2.405'. [ 128.082451][ T6639] vxcan0: entered promiscuous mode [ 128.102482][ T6639] vlan2: entered promiscuous mode [ 128.133268][ T6639] vxcan0: left promiscuous mode [ 128.393564][ T6652] FAULT_INJECTION: forcing a failure. [ 128.393564][ T6652] name failslab, interval 1, probability 0, space 0, times 0 [ 128.434470][ T6652] CPU: 0 UID: 0 PID: 6652 Comm: syz.0.408 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 128.444793][ T6652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 128.454904][ T6652] Call Trace: [ 128.458313][ T6652] [ 128.461287][ T6652] dump_stack_lvl+0x241/0x360 [ 128.466052][ T6652] ? __pfx_dump_stack_lvl+0x10/0x10 [ 128.471328][ T6652] ? __pfx__printk+0x10/0x10 [ 128.475988][ T6652] ? __pfx_lock_acquire+0x10/0x10 [ 128.481071][ T6652] ? nf_ct_pernet+0x45/0x270 [ 128.485727][ T6652] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 128.491770][ T6652] should_fail_ex+0x3b0/0x4e0 [ 128.496509][ T6652] ? __nf_conntrack_alloc+0x8f/0x380 [ 128.501859][ T6652] should_failslab+0xac/0x100 [ 128.506589][ T6652] ? __nf_conntrack_alloc+0x8f/0x380 [ 128.512005][ T6652] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 128.517404][ T6652] __nf_conntrack_alloc+0x8f/0x380 [ 128.522630][ T6652] init_conntrack+0x3c3/0x1310 [ 128.527505][ T6652] ? __pfx_init_conntrack+0x10/0x10 [ 128.532727][ T6652] ? __pfx___nf_conntrack_find_get+0x10/0x10 [ 128.538724][ T6652] nf_conntrack_in+0xd59/0x1880 [ 128.543610][ T6652] ? __pfx_nf_conntrack_in+0x10/0x10 [ 128.548934][ T6652] ? __pfx_ipv6_conntrack_local+0x10/0x10 [ 128.554662][ T6652] nf_hook_slow+0xc3/0x220 [ 128.559120][ T6652] ? __ip6_local_out+0x4dc/0x800 [ 128.564212][ T6652] __ip6_local_out+0x6fa/0x800 [ 128.569002][ T6652] ? __pfx___ip6_local_out+0x10/0x10 [ 128.574319][ T6652] ? __pfx_dst_output+0x10/0x10 [ 128.579188][ T6652] ? csum_ipv6_magic+0x1e5/0x2f0 [ 128.584665][ T6652] ip6_local_out+0x26/0x70 [ 128.589098][ T6652] ip6_send_skb+0x112/0x230 [ 128.593618][ T6652] ping_v6_sendmsg+0x13c4/0x1b00 [ 128.598588][ T6652] ? __pfx_ping_v6_sendmsg+0x10/0x10 [ 128.603887][ T6652] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 128.609967][ T6652] ? inet_sendmsg+0x16b/0x390 [ 128.614700][ T6652] ? __local_bh_enable_ip+0x168/0x200 [ 128.620256][ T6652] ? lockdep_hardirqs_on+0x99/0x150 [ 128.625468][ T6652] ? __local_bh_enable_ip+0x168/0x200 [ 128.630854][ T6652] ? inet_sendmsg+0x16b/0x390 [ 128.635545][ T6652] ? do_raw_spin_unlock+0x13c/0x8b0 [ 128.640764][ T6652] ? inet_sendmsg+0x330/0x390 [ 128.645459][ T6652] __sock_sendmsg+0x1a6/0x270 [ 128.650150][ T6652] ____sys_sendmsg+0x525/0x7d0 [ 128.654951][ T6652] ? __pfx_____sys_sendmsg+0x10/0x10 [ 128.660286][ T6652] __sys_sendmmsg+0x3b2/0x740 [ 128.665011][ T6652] ? __pfx___sys_sendmmsg+0x10/0x10 [ 128.670367][ T6652] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 128.676298][ T6652] ? ksys_write+0x23e/0x2c0 [ 128.680824][ T6652] ? __pfx_lock_release+0x10/0x10 [ 128.685869][ T6652] ? vfs_write+0x7c4/0xc90 [ 128.690310][ T6652] ? __mutex_unlock_slowpath+0x21d/0x750 [ 128.695953][ T6652] ? __pfx_vfs_write+0x10/0x10 [ 128.700755][ T6652] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 128.706747][ T6652] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 128.713089][ T6652] ? do_syscall_64+0x100/0x230 [ 128.717871][ T6652] __x64_sys_sendmmsg+0xa0/0xb0 [ 128.722745][ T6652] do_syscall_64+0xf3/0x230 [ 128.727259][ T6652] ? clear_bhb_loop+0x35/0x90 [ 128.732054][ T6652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.737996][ T6652] RIP: 0033:0x7fb3c2f77299 [ 128.742459][ T6652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.762180][ T6652] RSP: 002b:00007fb3c3d33048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 128.770627][ T6652] RAX: ffffffffffffffda RBX: 00007fb3c3105f80 RCX: 00007fb3c2f77299 [ 128.778607][ T6652] RDX: 0000000000000001 RSI: 0000000020000800 RDI: 0000000000000003 [ 128.786585][ T6652] RBP: 00007fb3c3d330a0 R08: 0000000000000000 R09: 0000000000000000 [ 128.794562][ T6652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.802539][ T6652] R13: 000000000000000b R14: 00007fb3c3105f80 R15: 00007ffef670c648 [ 128.810546][ T6652] [ 128.845794][ T6658] ieee802154 phy0 wpan0: encryption failed: -22 [ 128.892701][ T6658] netlink: 36 bytes leftover after parsing attributes in process `syz.2.411'. [ 128.930850][ T6644] dccp_close: ABORT with 267 bytes unread [ 129.046368][ T6666] netlink: 'syz.2.414': attribute type 11 has an invalid length. [ 129.061976][ T6666] netlink: 'syz.2.414': attribute type 11 has an invalid length. [ 129.081827][ T6666] debugfs: Directory 'netdev:' with parent 'phy14' already present! [ 129.134517][ T6666] netlink: 'syz.2.414': attribute type 11 has an invalid length. [ 129.148524][ T6666] netlink: 20 bytes leftover after parsing attributes in process `syz.2.414'. [ 129.159838][ T6666] (unnamed net_device) (uninitialized): option ad_actor_system: mode dependency failed, not supported in mode balance-rr(0) [ 129.514819][ T6684] pim6reg: entered allmulticast mode [ 129.608284][ T6684] pim6reg: left allmulticast mode [ 130.018312][ T6698] ieee802154 phy0 wpan0: encryption failed: -22 [ 130.036849][ T6698] netlink: 36 bytes leftover after parsing attributes in process `syz.2.424'. [ 130.220969][ T6706] FAULT_INJECTION: forcing a failure. [ 130.220969][ T6706] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 130.245292][ T6706] CPU: 0 UID: 0 PID: 6706 Comm: syz.4.426 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 130.255603][ T6706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 130.265781][ T6706] Call Trace: [ 130.269093][ T6706] [ 130.272050][ T6706] dump_stack_lvl+0x241/0x360 [ 130.276781][ T6706] ? __pfx_dump_stack_lvl+0x10/0x10 [ 130.282114][ T6706] ? __pfx__printk+0x10/0x10 [ 130.286736][ T6706] ? __pfx_lock_release+0x10/0x10 [ 130.291808][ T6706] should_fail_ex+0x3b0/0x4e0 [ 130.296536][ T6706] _copy_from_user+0x2f/0xe0 [ 130.301167][ T6706] copy_msghdr_from_user+0xae/0x680 [ 130.306417][ T6706] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 130.312286][ T6706] __sys_sendmsg+0x23d/0x3a0 [ 130.316932][ T6706] ? __pfx___sys_sendmsg+0x10/0x10 [ 130.322113][ T6706] ? vfs_write+0x7c4/0xc90 [ 130.326621][ T6706] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 130.332997][ T6706] ? do_syscall_64+0x100/0x230 [ 130.337805][ T6706] ? do_syscall_64+0xb6/0x230 [ 130.342517][ T6706] do_syscall_64+0xf3/0x230 [ 130.347055][ T6706] ? clear_bhb_loop+0x35/0x90 [ 130.351775][ T6706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.357690][ T6706] RIP: 0033:0x7f1117177299 [ 130.362115][ T6706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.381836][ T6706] RSP: 002b:00007f1117ec6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 130.390366][ T6706] RAX: ffffffffffffffda RBX: 00007f1117305f80 RCX: 00007f1117177299 [ 130.398350][ T6706] RDX: 0000000000000000 RSI: 00000000200005c0 RDI: 0000000000000004 [ 130.406334][ T6706] RBP: 00007f1117ec60a0 R08: 0000000000000000 R09: 0000000000000000 [ 130.414313][ T6706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.422293][ T6706] R13: 000000000000000b R14: 00007f1117305f80 R15: 00007fff10b1e738 [ 130.430284][ T6706] [ 130.930529][ T6732] FAULT_INJECTION: forcing a failure. [ 130.930529][ T6732] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 130.944994][ T6732] CPU: 0 UID: 0 PID: 6732 Comm: syz.2.436 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 130.955376][ T6732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 130.965476][ T6732] Call Trace: [ 130.968786][ T6732] [ 130.971751][ T6732] dump_stack_lvl+0x241/0x360 [ 130.976482][ T6732] ? __pfx_dump_stack_lvl+0x10/0x10 [ 130.978834][ T6703] dccp_close: ABORT with 267 bytes unread [ 130.981705][ T6732] ? __pfx__printk+0x10/0x10 [ 130.981745][ T6732] ? snprintf+0xda/0x120 [ 130.996509][ T6732] should_fail_ex+0x3b0/0x4e0 [ 131.001251][ T6732] _copy_to_user+0x2f/0xb0 [ 131.005724][ T6732] simple_read_from_buffer+0xca/0x150 [ 131.011156][ T6732] proc_fail_nth_read+0x1e9/0x250 [ 131.016241][ T6732] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 131.021849][ T6732] ? rw_verify_area+0x520/0x6b0 [ 131.026749][ T6732] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 131.032433][ T6732] vfs_read+0x204/0xbc0 [ 131.036640][ T6732] ? __pfx_lock_release+0x10/0x10 [ 131.041728][ T6732] ? __pfx_vfs_read+0x10/0x10 [ 131.046461][ T6732] ? __fget_files+0x29/0x470 [ 131.051105][ T6732] ? __fget_files+0x3f6/0x470 [ 131.055826][ T6732] ksys_read+0x1a0/0x2c0 [ 131.060120][ T6732] ? __pfx_ksys_read+0x10/0x10 [ 131.064919][ T6732] ? do_syscall_64+0x100/0x230 [ 131.069718][ T6732] ? do_syscall_64+0xb6/0x230 [ 131.074419][ T6732] do_syscall_64+0xf3/0x230 [ 131.078943][ T6732] ? clear_bhb_loop+0x35/0x90 [ 131.083652][ T6732] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.089562][ T6732] RIP: 0033:0x7fa2b4f75d7c [ 131.093991][ T6732] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 131.113610][ T6732] RSP: 002b:00007fa2b5c69040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 131.122040][ T6732] RAX: ffffffffffffffda RBX: 00007fa2b5105f80 RCX: 00007fa2b4f75d7c [ 131.130200][ T6732] RDX: 000000000000000f RSI: 00007fa2b5c690b0 RDI: 0000000000000003 [ 131.138180][ T6732] RBP: 00007fa2b5c690a0 R08: 0000000000000000 R09: 0000000000000000 [ 131.146161][ T6732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.154144][ T6732] R13: 000000000000000b R14: 00007fa2b5105f80 R15: 00007ffd2f9093c8 [ 131.162145][ T6732] [ 131.230429][ T6739] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.246823][ T6739] netlink: 36 bytes leftover after parsing attributes in process `syz.3.437'. [ 131.321035][ T6744] sctp: [Deprecated]: syz.1.439 (pid 6744) Use of struct sctp_assoc_value in delayed_ack socket option. [ 131.321035][ T6744] Use struct sctp_sack_info instead [ 131.384144][ T6744] netlink: 24 bytes leftover after parsing attributes in process `syz.1.439'. [ 131.593934][ T6757] vlan2: entered promiscuous mode [ 131.827160][ T6762] xt_bpf: check failed: parse error [ 131.974385][ T6768] netlink: 4 bytes leftover after parsing attributes in process `syz.3.446'. [ 131.993429][ T6768] veth0_macvtap: left promiscuous mode [ 132.011464][ T6772] netlink: 'syz.4.448': attribute type 13 has an invalid length. [ 132.141408][ T6772] netlink: 'syz.4.448': attribute type 16 has an invalid length. [ 132.164283][ T6772] netlink: 'syz.4.448': attribute type 17 has an invalid length. [ 132.392755][ T6779] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.417131][ T6779] netlink: 36 bytes leftover after parsing attributes in process `syz.3.451'. [ 132.477569][ T6781] syzkaller0: entered promiscuous mode [ 132.485618][ T6781] syzkaller0: entered allmulticast mode [ 132.527891][ T6781] syzkaller0: refused to change device tx_queue_len [ 132.820568][ T6796] vlan2: entered promiscuous mode [ 132.847847][ T6799] FAULT_INJECTION: forcing a failure. [ 132.847847][ T6799] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 132.865176][ T6799] CPU: 0 UID: 0 PID: 6799 Comm: syz.3.458 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 132.875659][ T6799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 132.885763][ T6799] Call Trace: [ 132.889076][ T6799] [ 132.892058][ T6799] dump_stack_lvl+0x241/0x360 [ 132.896823][ T6799] ? __pfx_dump_stack_lvl+0x10/0x10 [ 132.902078][ T6799] ? __pfx__printk+0x10/0x10 [ 132.906732][ T6799] ? __pfx_lock_release+0x10/0x10 [ 132.911924][ T6799] should_fail_ex+0x3b0/0x4e0 [ 132.916656][ T6799] _copy_from_iter+0x1f6/0x1960 [ 132.921544][ T6799] ? __virt_addr_valid+0x183/0x530 [ 132.926793][ T6799] ? __pfx_lock_release+0x10/0x10 [ 132.931902][ T6799] ? __alloc_skb+0x28f/0x440 [ 132.936645][ T6799] ? __pfx__copy_from_iter+0x10/0x10 [ 132.942069][ T6799] ? __virt_addr_valid+0x183/0x530 [ 132.947310][ T6799] ? __virt_addr_valid+0x183/0x530 [ 132.952465][ T6799] ? __virt_addr_valid+0x45f/0x530 [ 132.957626][ T6799] ? __check_object_size+0x49c/0x900 [ 132.962963][ T6799] netlink_sendmsg+0x73d/0xcb0 [ 132.967801][ T6799] ? __pfx_netlink_sendmsg+0x10/0x10 [ 132.973141][ T6799] ? __import_iovec+0x536/0x820 [ 132.978037][ T6799] ? aa_sock_msg_perm+0x91/0x160 [ 132.979309][ T6775] dccp_close: ABORT with 267 bytes unread [ 132.983085][ T6799] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 132.983121][ T6799] ? security_socket_sendmsg+0x87/0xb0 [ 132.999825][ T6799] ? __pfx_netlink_sendmsg+0x10/0x10 [ 133.005163][ T6799] __sock_sendmsg+0x221/0x270 [ 133.009889][ T6799] ____sys_sendmsg+0x525/0x7d0 [ 133.014737][ T6799] ? __pfx_____sys_sendmsg+0x10/0x10 [ 133.020105][ T6799] __sys_sendmsg+0x2b0/0x3a0 [ 133.024747][ T6799] ? __pfx___sys_sendmsg+0x10/0x10 [ 133.029901][ T6799] ? vfs_write+0x7c4/0xc90 [ 133.034407][ T6799] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 133.040788][ T6799] ? do_syscall_64+0x100/0x230 [ 133.045607][ T6799] ? do_syscall_64+0xb6/0x230 [ 133.050337][ T6799] do_syscall_64+0xf3/0x230 [ 133.054896][ T6799] ? clear_bhb_loop+0x35/0x90 [ 133.059631][ T6799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.065578][ T6799] RIP: 0033:0x7f4548b77299 [ 133.070037][ T6799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.089688][ T6799] RSP: 002b:00007f4549a04048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 133.098156][ T6799] RAX: ffffffffffffffda RBX: 00007f4548d05f80 RCX: 00007f4548b77299 [ 133.106171][ T6799] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000005 [ 133.113982][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.114159][ T6799] RBP: 00007f4549a040a0 R08: 0000000000000000 R09: 0000000000000000 [ 133.121524][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.128354][ T6799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.128373][ T6799] R13: 000000000000000b R14: 00007f4548d05f80 R15: 00007fff4541a1d8 [ 133.128408][ T6799] [ 133.189823][ T6807] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 133.419195][ T6816] netlink: 4 bytes leftover after parsing attributes in process `syz.3.462'. [ 133.435938][ T6815] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.451950][ T6815] netlink: 36 bytes leftover after parsing attributes in process `syz.1.464'. [ 133.954686][ T6834] netlink: 4 bytes leftover after parsing attributes in process `syz.2.470'. [ 133.984875][ T6835] netlink: 'syz.0.472': attribute type 13 has an invalid length. [ 134.011940][ T6835] netlink: 'syz.0.472': attribute type 16 has an invalid length. [ 134.043884][ T6835] netlink: 'syz.0.472': attribute type 17 has an invalid length. [ 134.256952][ T6843] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 134.367894][ T6846] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.385940][ T6846] netlink: 36 bytes leftover after parsing attributes in process `syz.0.476'. [ 134.518598][ T6853] netlink: 56 bytes leftover after parsing attributes in process `syz.0.478'. [ 134.750505][ T6831] dccp_close: ABORT with 267 bytes unread [ 135.050102][ T6872] netlink: 'syz.1.486': attribute type 13 has an invalid length. [ 135.069665][ T6872] netlink: 'syz.1.486': attribute type 16 has an invalid length. [ 135.083527][ T6872] netlink: 'syz.1.486': attribute type 17 has an invalid length. [ 135.170564][ T6844] dccp_close: ABORT with 267 bytes unread [ 135.402518][ T6877] ieee802154 phy0 wpan0: encryption failed: -22 [ 135.430433][ T6877] netlink: 36 bytes leftover after parsing attributes in process `syz.2.488'. [ 136.584608][ T6908] netlink: 'syz.4.497': attribute type 13 has an invalid length. [ 136.615309][ T6886] dccp_close: ABORT with 267 bytes unread [ 136.703900][ T6912] ieee802154 phy0 wpan0: encryption failed: -22 [ 136.714661][ T6912] netlink: 36 bytes leftover after parsing attributes in process `syz.3.501'. [ 136.858838][ C1] eth0: bad gso: type: 1, size: 1408 [ 137.552803][ T6931] netlink: 8 bytes leftover after parsing attributes in process `syz.0.509'. [ 137.859865][ T6938] validate_nla: 2 callbacks suppressed [ 137.859889][ T6938] netlink: 'syz.0.512': attribute type 13 has an invalid length. [ 137.898689][ T6938] netlink: 'syz.0.512': attribute type 16 has an invalid length. [ 137.923114][ T6938] netlink: 'syz.0.512': attribute type 17 has an invalid length. [ 138.378458][ T6932] dccp_close: ABORT with 267 bytes unread [ 138.419779][ C1] eth0: bad gso: type: 1, size: 1408 [ 138.484092][ T6949] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.511048][ T6949] netlink: 36 bytes leftover after parsing attributes in process `syz.3.513'. [ 139.016959][ T6975] netlink: 'syz.3.525': attribute type 13 has an invalid length. [ 139.033368][ T6975] netlink: 'syz.3.525': attribute type 16 has an invalid length. [ 139.047250][ T6975] netlink: 'syz.3.525': attribute type 17 has an invalid length. [ 139.662667][ C1] eth0: bad gso: type: 1, size: 1408 [ 139.833737][ T6989] ieee802154 phy0 wpan0: encryption failed: -22 [ 139.871625][ T6989] netlink: 36 bytes leftover after parsing attributes in process `syz.0.532'. [ 139.997732][ T6995] netlink: 60 bytes leftover after parsing attributes in process `syz.4.533'. [ 140.223249][ T7005] netlink: 'syz.4.536': attribute type 13 has an invalid length. [ 140.269874][ T7005] netlink: 'syz.4.536': attribute type 16 has an invalid length. [ 140.277680][ T7005] netlink: 'syz.4.536': attribute type 17 has an invalid length. [ 140.628582][ T7022] ieee802154 phy0 wpan0: encryption failed: -22 [ 140.650073][ T7022] netlink: 36 bytes leftover after parsing attributes in process `syz.2.544'. [ 140.688612][ C1] eth0: bad gso: type: 1, size: 1408 [ 140.761328][ T7024] FAULT_INJECTION: forcing a failure. [ 140.761328][ T7024] name failslab, interval 1, probability 0, space 0, times 0 [ 140.774581][ T7024] CPU: 0 UID: 0 PID: 7024 Comm: syz.3.545 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 140.784863][ T7024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 140.794970][ T7024] Call Trace: [ 140.798282][ T7024] [ 140.801240][ T7024] dump_stack_lvl+0x241/0x360 [ 140.805971][ T7024] ? __pfx_dump_stack_lvl+0x10/0x10 [ 140.811209][ T7024] ? __pfx__printk+0x10/0x10 [ 140.815973][ T7024] ? __pfx_validate_chain+0x10/0x10 [ 140.821231][ T7024] ? ip6_pol_route+0x198/0x15d0 [ 140.826147][ T7024] should_fail_ex+0x3b0/0x4e0 [ 140.830894][ T7024] should_failslab+0xac/0x100 [ 140.835625][ T7024] ? __alloc_skb+0x1c3/0x440 [ 140.839318][ T6992] dccp_close: ABORT with 392 bytes unread [ 140.840254][ T7024] kmem_cache_alloc_node_noprof+0x71/0x320 [ 140.840373][ T7024] __alloc_skb+0x1c3/0x440 [ 140.840406][ T7024] ? ip6_pol_route+0x198/0x15d0 [ 140.840443][ T7024] ? __pfx___alloc_skb+0x10/0x10 [ 140.840478][ T7024] ? __pfx_validate_chain+0x10/0x10 [ 140.840507][ T7024] alloc_skb_with_frags+0xc3/0x770 [ 140.840558][ T7024] sock_alloc_send_pskb+0x91a/0xa60 [ 140.840619][ T7024] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 140.840658][ T7024] ? __lock_acquire+0x137a/0x2040 [ 140.840705][ T7024] __ip6_append_data+0x2ad8/0x4070 [ 140.840767][ T7024] ? __pfx_icmpv6_getfrag+0x10/0x10 [ 140.840816][ T7024] ? __pfx___ip6_append_data+0x10/0x10 [ 140.840844][ T7024] ? ip6_setup_cork+0x9fd/0xfb0 [ 140.840868][ T7024] ? dst_release+0x48/0x50 [ 140.840904][ T7024] ip6_append_data+0x264/0x3a0 [ 140.840955][ T7024] ? __pfx_icmpv6_getfrag+0x10/0x10 [ 140.840995][ T7024] ? icmp6_send+0xba4/0x2070 [ 140.841023][ T7024] icmp6_send+0x153d/0x2070 [ 140.841068][ T7024] ? icmp6_send+0xba4/0x2070 [ 140.841114][ T7024] ? __pfx_icmp6_send+0x10/0x10 [ 140.841143][ T7024] ? __asan_memset+0x23/0x50 [ 140.841173][ T7024] ? xfrm_lookup_with_ifid+0x198e/0x1ed0 [ 140.841226][ T7024] ? __pfx_rcuref_put+0x10/0x10 [ 140.841266][ T7024] ip6_link_failure+0x3c/0x4f0 [ 140.841295][ T7024] ? vti_tunnel_xmit+0xf39/0x1a60 [ 140.841317][ T7024] ? __pfx_ip6_link_failure+0x10/0x10 [ 140.841363][ T7024] vti_tunnel_xmit+0xf42/0x1a60 [ 140.841407][ T7024] ? skb_network_protocol+0x5aa/0x7b0 [ 140.841456][ T7024] ? __pfx_vti_tunnel_xmit+0x10/0x10 [ 140.841500][ T7024] ? validate_xmit_skb+0x9f9/0x1120 [ 140.841540][ T7024] dev_hard_start_xmit+0x27a/0x7e0 [ 140.841594][ T7024] __dev_queue_xmit+0x1b63/0x3e90 [ 140.841649][ T7024] ? __dev_queue_xmit+0x2da/0x3e90 [ 140.841683][ T7024] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 140.841720][ T7024] ? __pfx___dev_queue_xmit+0x10/0x10 [ 140.841760][ T7024] ? neigh_connected_output+0x1d5/0x450 [ 140.841782][ T7024] ? read_seqbegin+0x157/0x2b0 [ 140.841816][ T7024] ? lockdep_hardirqs_on+0x99/0x150 [ 140.841845][ T7024] ? read_seqbegin+0x208/0x2b0 [ 140.841884][ T7024] ? __pfx_read_seqbegin+0x10/0x10 [ 140.841924][ T7024] ? __pfx_lock_acquire+0x10/0x10 [ 140.841965][ T7024] ? neigh_connected_output+0x3a7/0x450 [ 140.842015][ T7024] ip6_finish_output2+0xffa/0x1680 [ 140.842053][ T7024] ? ip6_finish_output2+0x712/0x1680 [ 140.842078][ T7024] ? nf_hook+0x9e/0x450 [ 141.076393][ T7024] ? __pfx_ip6_finish_output2+0x10/0x10 [ 141.082006][ T7024] ? ip6_mtu+0x81/0x3f0 [ 141.086216][ T7024] ip6_finish_output+0x41e/0x810 [ 141.091215][ T7024] ip6_send_skb+0x112/0x230 [ 141.095808][ T7024] ping_v6_sendmsg+0x13c4/0x1b00 [ 141.100822][ T7024] ? __pfx_ping_v6_sendmsg+0x10/0x10 [ 141.106155][ T7024] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 141.112184][ T7024] ? inet_sendmsg+0x16b/0x390 [ 141.116920][ T7024] ? __local_bh_enable_ip+0x168/0x200 [ 141.122344][ T7024] ? lockdep_hardirqs_on+0x99/0x150 [ 141.127679][ T7024] ? __local_bh_enable_ip+0x168/0x200 [ 141.133101][ T7024] ? inet_sendmsg+0x16b/0x390 [ 141.137824][ T7024] ? do_raw_spin_unlock+0x13c/0x8b0 [ 141.143082][ T7024] ? inet_sendmsg+0x330/0x390 [ 141.147808][ T7024] __sock_sendmsg+0x1a6/0x270 [ 141.152534][ T7024] ____sys_sendmsg+0x525/0x7d0 [ 141.157366][ T7024] ? __pfx_____sys_sendmsg+0x10/0x10 [ 141.162726][ T7024] __sys_sendmmsg+0x3b2/0x740 [ 141.167467][ T7024] ? __pfx___sys_sendmmsg+0x10/0x10 [ 141.172761][ T7024] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 141.178716][ T7024] ? ksys_write+0x23e/0x2c0 [ 141.183274][ T7024] ? __pfx_lock_release+0x10/0x10 [ 141.188357][ T7024] ? vfs_write+0x7c4/0xc90 [ 141.192827][ T7024] ? __mutex_unlock_slowpath+0x21d/0x750 [ 141.198507][ T7024] ? __pfx_vfs_write+0x10/0x10 [ 141.203532][ T7024] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 141.209577][ T7024] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 141.215954][ T7024] ? do_syscall_64+0x100/0x230 [ 141.220770][ T7024] __x64_sys_sendmmsg+0xa0/0xb0 [ 141.225678][ T7024] do_syscall_64+0xf3/0x230 [ 141.230319][ T7024] ? clear_bhb_loop+0x35/0x90 [ 141.235051][ T7024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.240988][ T7024] RIP: 0033:0x7f4548b77299 [ 141.245439][ T7024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.265091][ T7024] RSP: 002b:00007f4549a04048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 141.273565][ T7024] RAX: ffffffffffffffda RBX: 00007f4548d05f80 RCX: 00007f4548b77299 [ 141.281668][ T7024] RDX: 0000000000000001 RSI: 0000000020000800 RDI: 0000000000000003 [ 141.289678][ T7024] RBP: 00007f4549a040a0 R08: 0000000000000000 R09: 0000000000000000 [ 141.297683][ T7024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.305689][ T7024] R13: 000000000000000b R14: 00007f4548d05f80 R15: 00007fff4541a1d8 [ 141.313839][ T7024] [ 141.707061][ T7044] netlink: 4 bytes leftover after parsing attributes in process `syz.3.554'. [ 141.719235][ T7043] netlink: 'syz.1.552': attribute type 13 has an invalid length. [ 141.748484][ T7044] hsr0: entered promiscuous mode [ 141.769305][ T7044] macvlan2: entered allmulticast mode [ 141.778069][ T7044] hsr0: entered allmulticast mode [ 141.789251][ T7044] hsr_slave_0: entered allmulticast mode [ 141.814682][ T7044] hsr_slave_1: entered allmulticast mode [ 141.824465][ T7044] hsr0: left allmulticast mode [ 141.835379][ T7044] hsr_slave_0: left allmulticast mode [ 141.846709][ T7044] hsr_slave_1: left allmulticast mode [ 141.890902][ C1] eth0: bad gso: type: 1, size: 1408 [ 142.022063][ T7053] ieee802154 phy0 wpan0: encryption failed: -22 [ 142.040082][ T7053] netlink: 36 bytes leftover after parsing attributes in process `syz.0.557'. [ 142.529811][ T7073] xt_hashlimit: overflow, try lower: 0/0 [ 142.653402][ T7075] netlink: 4 bytes leftover after parsing attributes in process `syz.3.564'. [ 142.926930][ T7084] netlink: 12 bytes leftover after parsing attributes in process `syz.2.567'. [ 143.024956][ C1] eth0: bad gso: type: 1, size: 1408 [ 143.034909][ T7058] dccp_close: ABORT with 392 bytes unread [ 143.090571][ T7088] validate_nla: 2 callbacks suppressed [ 143.090592][ T7088] netlink: 'syz.2.569': attribute type 13 has an invalid length. [ 143.130544][ T7088] netlink: 'syz.2.569': attribute type 16 has an invalid length. [ 143.148641][ T7088] netlink: 'syz.2.569': attribute type 17 has an invalid length. [ 143.205343][ T7093] ieee802154 phy0 wpan0: encryption failed: -22 [ 143.217439][ T7093] netlink: 36 bytes leftover after parsing attributes in process `syz.1.571'. [ 143.476822][ T7102] batadv0: entered promiscuous mode [ 143.529433][ T7102] netlink: 16 bytes leftover after parsing attributes in process `syz.1.574'. [ 144.269249][ T7133] ieee802154 phy0 wpan0: encryption failed: -22 [ 144.288702][ T7133] netlink: 36 bytes leftover after parsing attributes in process `syz.0.584'. [ 144.600759][ T7142] FAULT_INJECTION: forcing a failure. [ 144.600759][ T7142] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 144.651672][ T7142] CPU: 0 UID: 0 PID: 7142 Comm: syz.1.588 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 144.662075][ T7142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 144.672171][ T7142] Call Trace: [ 144.675576][ T7142] [ 144.678561][ T7142] dump_stack_lvl+0x241/0x360 [ 144.683379][ T7142] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.688628][ T7142] ? __pfx__printk+0x10/0x10 [ 144.693267][ T7142] ? __pfx_lock_release+0x10/0x10 [ 144.698356][ T7142] should_fail_ex+0x3b0/0x4e0 [ 144.703094][ T7142] _copy_from_user+0x2f/0xe0 [ 144.707731][ T7142] btf_new_fd+0x324/0xd30 [ 144.712122][ T7142] ? __pfx_btf_new_fd+0x10/0x10 [ 144.717020][ T7142] ? bpf_btf_load+0xcf/0x1a0 [ 144.721635][ T7142] __sys_bpf+0x6ef/0x810 [ 144.725902][ T7142] ? __pfx___sys_bpf+0x10/0x10 [ 144.730689][ T7142] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 144.736694][ T7142] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 144.743046][ T7142] ? do_syscall_64+0x100/0x230 [ 144.747827][ T7142] __x64_sys_bpf+0x7c/0x90 [ 144.752257][ T7142] do_syscall_64+0xf3/0x230 [ 144.756773][ T7142] ? clear_bhb_loop+0x35/0x90 [ 144.761472][ T7142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.767379][ T7142] RIP: 0033:0x7fc920f77299 [ 144.771802][ T7142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.791693][ T7142] RSP: 002b:00007fc921dd5048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 144.800132][ T7142] RAX: ffffffffffffffda RBX: 00007fc921105f80 RCX: 00007fc920f77299 [ 144.808118][ T7142] RDX: 0000000000000020 RSI: 0000000020000080 RDI: 0000000000000012 [ 144.816135][ T7142] RBP: 00007fc921dd50a0 R08: 0000000000000000 R09: 0000000000000000 [ 144.824118][ T7142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.832095][ T7142] R13: 000000000000000b R14: 00007fc921105f80 R15: 00007fff98194568 [ 144.840104][ T7142] [ 144.876748][ T7123] dccp_close: ABORT with 392 bytes unread [ 145.175702][ T7153] netlink: 'syz.2.591': attribute type 23 has an invalid length. [ 145.292937][ T7161] netlink: 60 bytes leftover after parsing attributes in process `syz.1.595'. [ 145.355057][ T7163] ieee802154 phy0 wpan0: encryption failed: -22 [ 145.376639][ T7163] netlink: 36 bytes leftover after parsing attributes in process `syz.3.596'. [ 145.562195][ T7175] netlink: 168 bytes leftover after parsing attributes in process `syz.1.598'. [ 145.580179][ T7175] netlink: 72 bytes leftover after parsing attributes in process `syz.1.598'. [ 146.402705][ T7209] ieee802154 phy0 wpan0: encryption failed: -22 [ 146.414638][ T7209] netlink: 36 bytes leftover after parsing attributes in process `syz.0.611'. [ 147.075436][ T7234] netlink: 12 bytes leftover after parsing attributes in process `syz.4.618'. [ 147.276832][ T7241] ieee802154 phy0 wpan0: encryption failed: -22 [ 147.290009][ T7241] netlink: 36 bytes leftover after parsing attributes in process `syz.4.624'. [ 147.416611][ T7246] FAULT_INJECTION: forcing a failure. [ 147.416611][ T7246] name failslab, interval 1, probability 0, space 0, times 0 [ 147.438010][ T7246] CPU: 0 UID: 0 PID: 7246 Comm: syz.4.627 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 147.448322][ T7246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 147.458505][ T7246] Call Trace: [ 147.461907][ T7246] [ 147.464871][ T7246] dump_stack_lvl+0x241/0x360 [ 147.469603][ T7246] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.474847][ T7246] ? __pfx__printk+0x10/0x10 [ 147.479483][ T7246] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 147.484983][ T7246] ? __pfx___might_resched+0x10/0x10 [ 147.490349][ T7246] should_fail_ex+0x3b0/0x4e0 [ 147.495084][ T7246] should_failslab+0xac/0x100 [ 147.499806][ T7246] ? bcm_tx_setup+0x360/0x18a0 [ 147.504621][ T7246] __kmalloc_cache_noprof+0x6c/0x2c0 [ 147.509948][ T7246] bcm_tx_setup+0x360/0x18a0 [ 147.514688][ T7246] bcm_sendmsg+0x585/0x7a0 [ 147.519243][ T7246] ? __pfx_bcm_sendmsg+0x10/0x10 [ 147.524306][ T7246] ? iovec_from_user+0x1b0/0x240 [ 147.529292][ T7246] ? __import_iovec+0x361/0x820 [ 147.534186][ T7246] ? aa_sock_msg_perm+0x91/0x160 [ 147.539169][ T7246] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 147.544594][ T7246] ? security_socket_sendmsg+0x87/0xb0 [ 147.550093][ T7246] ? __pfx_bcm_sendmsg+0x10/0x10 [ 147.555161][ T7246] __sock_sendmsg+0x221/0x270 [ 147.559896][ T7246] ____sys_sendmsg+0x525/0x7d0 [ 147.564727][ T7246] ? __pfx_____sys_sendmsg+0x10/0x10 [ 147.570183][ T7246] __sys_sendmsg+0x2b0/0x3a0 [ 147.574834][ T7246] ? __pfx___sys_sendmsg+0x10/0x10 [ 147.579996][ T7246] ? vfs_write+0x7c4/0xc90 [ 147.584507][ T7246] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 147.590977][ T7246] ? do_syscall_64+0x100/0x230 [ 147.595789][ T7246] ? do_syscall_64+0xb6/0x230 [ 147.600604][ T7246] do_syscall_64+0xf3/0x230 [ 147.605516][ T7246] ? clear_bhb_loop+0x35/0x90 [ 147.610317][ T7246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.616337][ T7246] RIP: 0033:0x7f1117177299 [ 147.620784][ T7246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.640524][ T7246] RSP: 002b:00007f1117ec6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 147.648991][ T7246] RAX: ffffffffffffffda RBX: 00007f1117305f80 RCX: 00007f1117177299 [ 147.657003][ T7246] RDX: 0000000000000000 RSI: 00000000200005c0 RDI: 0000000000000004 [ 147.665008][ T7246] RBP: 00007f1117ec60a0 R08: 0000000000000000 R09: 0000000000000000 [ 147.673021][ T7246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 147.681035][ T7246] R13: 000000000000000b R14: 00007f1117305f80 R15: 00007fff10b1e738 [ 147.689063][ T7246] [ 147.904144][ T7263] netlink: 8 bytes leftover after parsing attributes in process `syz.2.629'. [ 148.501549][ T7291] ieee802154 phy0 wpan0: encryption failed: -22 [ 148.585569][ T7293] __nla_validate_parse: 1 callbacks suppressed [ 148.585592][ T7293] netlink: 32 bytes leftover after parsing attributes in process `syz.4.639'. [ 148.689196][ T7293] batadv_slave_0: entered promiscuous mode [ 148.707417][ T7297] FAULT_INJECTION: forcing a failure. [ 148.707417][ T7297] name failslab, interval 1, probability 0, space 0, times 0 [ 148.749288][ T7292] batadv_slave_0: left promiscuous mode [ 148.755284][ T7297] CPU: 0 UID: 0 PID: 7297 Comm: syz.1.642 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 148.765575][ T7297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 148.775672][ T7297] Call Trace: [ 148.778992][ T7297] [ 148.781955][ T7297] dump_stack_lvl+0x241/0x360 [ 148.786685][ T7297] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.791935][ T7297] ? __pfx__printk+0x10/0x10 [ 148.796745][ T7297] ? fs_reclaim_acquire+0x93/0x140 [ 148.801992][ T7297] ? __pfx___might_resched+0x10/0x10 [ 148.807320][ T7297] ? dynamic_dname+0x141/0x1b0 [ 148.812177][ T7297] should_fail_ex+0x3b0/0x4e0 [ 148.816926][ T7297] ? tomoyo_encode+0x26f/0x540 [ 148.821737][ T7297] should_failslab+0xac/0x100 [ 148.826482][ T7297] ? tomoyo_encode+0x26f/0x540 [ 148.831380][ T7297] __kmalloc_noprof+0xd8/0x400 [ 148.836196][ T7297] tomoyo_encode+0x26f/0x540 [ 148.840834][ T7297] ? __pfx_sockfs_dname+0x10/0x10 [ 148.845904][ T7297] tomoyo_realpath_from_path+0x59e/0x5e0 [ 148.851599][ T7297] tomoyo_path_number_perm+0x23a/0x880 [ 148.857215][ T7297] ? tomoyo_path_number_perm+0x208/0x880 [ 148.862901][ T7297] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 148.868939][ T7297] ? __fget_files+0x29/0x470 [ 148.873551][ T7297] ? __fget_files+0x3f6/0x470 [ 148.878505][ T7297] ? __fget_files+0x29/0x470 [ 148.883284][ T7297] security_file_ioctl+0x75/0xb0 [ 148.888246][ T7297] __se_sys_ioctl+0x47/0x170 [ 148.892944][ T7297] do_syscall_64+0xf3/0x230 [ 148.897459][ T7297] ? clear_bhb_loop+0x35/0x90 [ 148.902153][ T7297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.908144][ T7297] RIP: 0033:0x7fc920f77299 [ 148.912568][ T7297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.932191][ T7297] RSP: 002b:00007fc921dd5048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 148.940711][ T7297] RAX: ffffffffffffffda RBX: 00007fc921105f80 RCX: 00007fc920f77299 [ 148.948714][ T7297] RDX: 0000000020000340 RSI: 000000000000890b RDI: 0000000000000004 [ 148.956695][ T7297] RBP: 00007fc921dd50a0 R08: 0000000000000000 R09: 0000000000000000 [ 148.964759][ T7297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 148.972753][ T7297] R13: 000000000000000b R14: 00007fc921105f80 R15: 00007fff98194568 [ 148.980850][ T7297] [ 148.989577][ T7297] ERROR: Out of memory at tomoyo_realpath_from_path. [ 149.140151][ T7302] ebt_among: dst integrity fail: 200 [ 149.584875][ T7323] ieee802154 phy0 wpan0: encryption failed: -22 [ 149.612466][ T7323] netlink: 36 bytes leftover after parsing attributes in process `syz.3.652'. [ 150.240205][ T7356] FAULT_INJECTION: forcing a failure. [ 150.240205][ T7356] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 150.274316][ T7356] CPU: 1 UID: 0 PID: 7356 Comm: syz.0.662 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 150.284713][ T7356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 150.294808][ T7356] Call Trace: [ 150.298123][ T7356] [ 150.301095][ T7356] dump_stack_lvl+0x241/0x360 [ 150.305817][ T7356] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.311096][ T7356] ? __pfx__printk+0x10/0x10 [ 150.315745][ T7356] ? snprintf+0xda/0x120 [ 150.320058][ T7356] should_fail_ex+0x3b0/0x4e0 [ 150.324785][ T7356] _copy_to_user+0x2f/0xb0 [ 150.329330][ T7356] simple_read_from_buffer+0xca/0x150 [ 150.334762][ T7356] proc_fail_nth_read+0x1e9/0x250 [ 150.339839][ T7356] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 150.345438][ T7356] ? rw_verify_area+0x520/0x6b0 [ 150.350336][ T7356] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 150.355930][ T7356] vfs_read+0x204/0xbc0 [ 150.360134][ T7356] ? __pfx_lock_release+0x10/0x10 [ 150.365223][ T7356] ? __pfx_vfs_read+0x10/0x10 [ 150.369958][ T7356] ? __fget_files+0x29/0x470 [ 150.374603][ T7356] ? __fget_files+0x3f6/0x470 [ 150.379350][ T7356] ksys_read+0x1a0/0x2c0 [ 150.383643][ T7356] ? __pfx_ksys_read+0x10/0x10 [ 150.388692][ T7356] ? do_syscall_64+0x100/0x230 [ 150.393477][ T7356] ? do_syscall_64+0xb6/0x230 [ 150.398177][ T7356] do_syscall_64+0xf3/0x230 [ 150.402695][ T7356] ? clear_bhb_loop+0x35/0x90 [ 150.407388][ T7356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.413391][ T7356] RIP: 0033:0x7fb3c2f75d7c [ 150.417811][ T7356] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 150.437529][ T7356] RSP: 002b:00007fb3c3d33040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 150.445955][ T7356] RAX: ffffffffffffffda RBX: 00007fb3c3105f80 RCX: 00007fb3c2f75d7c [ 150.453933][ T7356] RDX: 000000000000000f RSI: 00007fb3c3d330b0 RDI: 0000000000000004 [ 150.461912][ T7356] RBP: 00007fb3c3d330a0 R08: 0000000000000000 R09: 0000000000000000 [ 150.469893][ T7356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 150.477871][ T7356] R13: 000000000000000b R14: 00007fb3c3105f80 R15: 00007ffef670c648 [ 150.485868][ T7356] [ 150.797418][ C1] eth0: bad gso: type: 1, size: 1408 [ 150.938123][ T7371] netlink: 'syz.3.668': attribute type 13 has an invalid length. [ 150.987394][ T7371] netlink: 'syz.3.668': attribute type 16 has an invalid length. [ 151.005626][ T7371] netlink: 'syz.3.668': attribute type 17 has an invalid length. [ 151.153271][ T7377] ieee802154 phy0 wpan0: encryption failed: -22 [ 151.185577][ T7377] netlink: 36 bytes leftover after parsing attributes in process `syz.2.667'. [ 151.240991][ T7380] netlink: 'syz.1.672': attribute type 10 has an invalid length. [ 151.324347][ T7387] FAULT_INJECTION: forcing a failure. [ 151.324347][ T7387] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 151.348415][ T7387] CPU: 0 UID: 0 PID: 7387 Comm: syz.4.674 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 151.358731][ T7387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 151.368827][ T7387] Call Trace: [ 151.372141][ T7387] [ 151.373190][ T7380] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 151.375080][ T7387] dump_stack_lvl+0x241/0x360 [ 151.388207][ T7387] ? __pfx_dump_stack_lvl+0x10/0x10 [ 151.393454][ T7387] ? __pfx__printk+0x10/0x10 [ 151.398090][ T7387] ? __pfx_lock_release+0x10/0x10 [ 151.403259][ T7387] should_fail_ex+0x3b0/0x4e0 [ 151.407992][ T7387] _copy_from_iter+0x43a/0x1960 [ 151.412878][ T7387] ? __virt_addr_valid+0x183/0x530 [ 151.418036][ T7387] ? __pfx__copy_from_iter+0x10/0x10 [ 151.423371][ T7387] ? __virt_addr_valid+0x183/0x530 [ 151.428520][ T7387] ? __virt_addr_valid+0x183/0x530 [ 151.433667][ T7387] ? __virt_addr_valid+0x45f/0x530 [ 151.438817][ T7387] ? __phys_addr_symbol+0x2f/0x70 [ 151.443889][ T7387] ? __check_object_size+0x49c/0x900 [ 151.449224][ T7387] bcm_tx_setup+0x5bc/0x18a0 [ 151.453896][ T7387] bcm_sendmsg+0x585/0x7a0 [ 151.458376][ T7387] ? __pfx_bcm_sendmsg+0x10/0x10 [ 151.463355][ T7387] ? iovec_from_user+0x1b0/0x240 [ 151.468358][ T7387] ? __import_iovec+0x361/0x820 [ 151.473246][ T7387] ? aa_sock_msg_perm+0x91/0x160 [ 151.478222][ T7387] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 151.483553][ T7387] ? security_socket_sendmsg+0x87/0xb0 [ 151.489060][ T7387] ? __pfx_bcm_sendmsg+0x10/0x10 [ 151.494036][ T7387] __sock_sendmsg+0x221/0x270 [ 151.498761][ T7387] ____sys_sendmsg+0x525/0x7d0 [ 151.503575][ T7387] ? __pfx_____sys_sendmsg+0x10/0x10 [ 151.508899][ T7387] __sys_sendmsg+0x2b0/0x3a0 [ 151.513514][ T7387] ? __pfx___sys_sendmsg+0x10/0x10 [ 151.518636][ T7387] ? vfs_write+0x7c4/0xc90 [ 151.523124][ T7387] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 151.529473][ T7387] ? do_syscall_64+0x100/0x230 [ 151.534272][ T7387] ? do_syscall_64+0xb6/0x230 [ 151.538969][ T7387] do_syscall_64+0xf3/0x230 [ 151.543488][ T7387] ? clear_bhb_loop+0x35/0x90 [ 151.548179][ T7387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.554181][ T7387] RIP: 0033:0x7f1117177299 [ 151.558664][ T7387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.578282][ T7387] RSP: 002b:00007f1117ec6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.586710][ T7387] RAX: ffffffffffffffda RBX: 00007f1117305f80 RCX: 00007f1117177299 [ 151.594693][ T7387] RDX: 0000000000000000 RSI: 00000000200005c0 RDI: 0000000000000004 [ 151.602678][ T7387] RBP: 00007f1117ec60a0 R08: 0000000000000000 R09: 0000000000000000 [ 151.610659][ T7387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.618659][ T7387] R13: 000000000000000b R14: 00007f1117305f80 R15: 00007fff10b1e738 [ 151.626653][ T7387] [ 151.696295][ T7392] netlink: 'syz.2.676': attribute type 1 has an invalid length. [ 152.039811][ C1] eth0: bad gso: type: 1, size: 1408 [ 152.056710][ T7406] Cannot find add_set index 0 as target [ 152.090288][ T7406] netlink: 'syz.3.682': attribute type 10 has an invalid length. [ 152.098089][ T7406] netlink: 40 bytes leftover after parsing attributes in process `syz.3.682'. [ 152.150631][ T7406] batman_adv: batadv0: Adding interface: virt_wifi0 [ 152.169126][ T7409] netlink: 'syz.2.684': attribute type 13 has an invalid length. [ 152.185224][ T7406] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.235721][ T7406] batman_adv: batadv0: Interface activated: virt_wifi0 [ 152.256621][ T7409] netlink: 'syz.2.684': attribute type 16 has an invalid length. [ 152.268489][ T7409] netlink: 'syz.2.684': attribute type 17 has an invalid length. [ 152.464968][ T7419] ieee802154 phy0 wpan0: encryption failed: -22 [ 152.488420][ T7418] netlink: 4 bytes leftover after parsing attributes in process `syz.4.687'. [ 152.500253][ T7419] netlink: 36 bytes leftover after parsing attributes in process `syz.3.686'. [ 152.549576][ T7423] netlink: 12 bytes leftover after parsing attributes in process `syz.4.687'. [ 152.858602][ T7442] netlink: 60 bytes leftover after parsing attributes in process `syz.0.688'. [ 152.965678][ T7446] netlink: 'syz.2.696': attribute type 13 has an invalid length. [ 153.053475][ C1] eth0: bad gso: type: 1, size: 1408 [ 153.454813][ T7463] ieee802154 phy0 wpan0: encryption failed: -22 [ 153.483869][ T7463] netlink: 36 bytes leftover after parsing attributes in process `syz.2.703'. [ 153.890191][ C1] eth0: bad gso: type: 1, size: 1408 [ 154.002998][ T7488] FAULT_INJECTION: forcing a failure. [ 154.002998][ T7488] name failslab, interval 1, probability 0, space 0, times 0 [ 154.024019][ T7485] netlink: 188 bytes leftover after parsing attributes in process `syz.1.714'. [ 154.049390][ T7485] netlink: 56 bytes leftover after parsing attributes in process `syz.1.714'. [ 154.059371][ T7488] CPU: 0 UID: 0 PID: 7488 Comm: syz.2.715 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 154.069758][ T7488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 154.079854][ T7488] Call Trace: [ 154.083165][ T7488] [ 154.086123][ T7488] dump_stack_lvl+0x241/0x360 [ 154.090864][ T7488] ? __pfx_dump_stack_lvl+0x10/0x10 [ 154.096282][ T7488] ? __pfx__printk+0x10/0x10 [ 154.101004][ T7488] ? fs_reclaim_acquire+0x93/0x140 [ 154.106164][ T7488] ? __pfx___might_resched+0x10/0x10 [ 154.111499][ T7488] should_fail_ex+0x3b0/0x4e0 [ 154.116246][ T7488] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 154.122011][ T7488] should_failslab+0xac/0x100 [ 154.126737][ T7488] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 154.132503][ T7488] __kmalloc_noprof+0xd8/0x400 [ 154.137321][ T7488] ? kfree+0x4e/0x360 [ 154.141369][ T7488] tomoyo_realpath_from_path+0xcf/0x5e0 [ 154.146947][ T7488] tomoyo_path_number_perm+0x23a/0x880 [ 154.152458][ T7488] ? tomoyo_path_number_perm+0x208/0x880 [ 154.158139][ T7488] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 154.164186][ T7488] ? __fget_files+0x29/0x470 [ 154.168895][ T7488] ? __fget_files+0x3f6/0x470 [ 154.173621][ T7488] ? __fget_files+0x29/0x470 [ 154.178320][ T7488] security_file_ioctl+0x75/0xb0 [ 154.183282][ T7488] __se_sys_ioctl+0x47/0x170 [ 154.187996][ T7488] do_syscall_64+0xf3/0x230 [ 154.192513][ T7488] ? clear_bhb_loop+0x35/0x90 [ 154.197220][ T7488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.203123][ T7488] RIP: 0033:0x7fa2b4f77299 [ 154.207548][ T7488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.227250][ T7488] RSP: 002b:00007fa2b5c69048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 154.235711][ T7488] RAX: ffffffffffffffda RBX: 00007fa2b5105f80 RCX: 00007fa2b4f77299 [ 154.243696][ T7488] RDX: 0000000020000340 RSI: 000000000000890b RDI: 0000000000000004 [ 154.251692][ T7488] RBP: 00007fa2b5c690a0 R08: 0000000000000000 R09: 0000000000000000 [ 154.259698][ T7488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 154.267688][ T7488] R13: 000000000000000b R14: 00007fa2b5105f80 R15: 00007ffd2f9093c8 [ 154.275692][ T7488] [ 154.360680][ T7493] ieee802154 phy0 wpan0: encryption failed: -22 [ 154.362202][ T7488] ERROR: Out of memory at tomoyo_realpath_from_path. [ 154.382129][ T7493] netlink: 36 bytes leftover after parsing attributes in process `syz.3.718'. [ 154.764600][ C1] eth0: bad gso: type: 1, size: 1408 [ 155.269982][ T7532] ieee802154 phy0 wpan0: encryption failed: -22 [ 155.303664][ T7532] netlink: 36 bytes leftover after parsing attributes in process `syz.1.731'. [ 155.526311][ T7543] netlink: 20 bytes leftover after parsing attributes in process `syz.3.734'. [ 155.726928][ C1] eth0: bad gso: type: 1, size: 1408 [ 156.093905][ T7572] ieee802154 phy0 wpan0: encryption failed: -22 [ 156.104976][ T7572] netlink: 36 bytes leftover after parsing attributes in process `syz.1.745'. [ 156.285617][ C1] eth0: bad gso: type: 1, size: 1408 [ 156.449241][ C1] eth0: bad gso: type: 1, size: 1408 [ 156.573300][ T7592] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.928167][ T7606] ieee802154 phy0 wpan0: encryption failed: -22 [ 156.990911][ T7609] netlink: 36 bytes leftover after parsing attributes in process `syz.4.758'. [ 157.411390][ T7624] netlink: 4 bytes leftover after parsing attributes in process `syz.0.759'. [ 157.497387][ T7624] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 157.506809][ T7624] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 157.515767][ T7624] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 157.524649][ T7624] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 157.544626][ T7624] vxlan0: entered promiscuous mode [ 158.051219][ T7651] ieee802154 phy0 wpan0: encryption failed: -22 [ 158.065267][ T7651] netlink: 36 bytes leftover after parsing attributes in process `syz.3.771'. [ 158.648465][ C1] eth0: bad gso: type: 1, size: 1408 [ 158.840950][ T7678] syz.1.779[7678] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 158.841125][ T7678] syz.1.779[7678] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 158.871252][ T7678] validate_nla: 8 callbacks suppressed [ 158.871276][ T7678] netlink: 'syz.1.779': attribute type 7 has an invalid length. [ 159.078413][ T7685] ieee802154 phy0 wpan0: encryption failed: -22 [ 159.090196][ T7685] netlink: 36 bytes leftover after parsing attributes in process `syz.0.783'. [ 159.282659][ T7694] netlink: 936 bytes leftover after parsing attributes in process `syz.4.784'. [ 159.611893][ C1] eth0: bad gso: type: 1, size: 1408 [ 159.961514][ T7725] ieee802154 phy0 wpan0: encryption failed: -22 [ 159.991312][ T7725] netlink: 36 bytes leftover after parsing attributes in process `syz.1.796'. [ 160.519659][ T7746] FAULT_INJECTION: forcing a failure. [ 160.519659][ T7746] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 160.556666][ C1] eth0: bad gso: type: 1, size: 1408 [ 160.558996][ T7746] CPU: 0 UID: 0 PID: 7746 Comm: syz.1.803 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 160.572274][ T7746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 160.582369][ T7746] Call Trace: [ 160.585682][ T7746] [ 160.588644][ T7746] dump_stack_lvl+0x241/0x360 [ 160.593371][ T7746] ? __pfx_dump_stack_lvl+0x10/0x10 [ 160.598613][ T7746] ? __pfx__printk+0x10/0x10 [ 160.603242][ T7746] ? __pfx_lock_release+0x10/0x10 [ 160.608309][ T7746] ? do_vfs_ioctl+0xf0e/0x2e50 [ 160.613218][ T7746] should_fail_ex+0x3b0/0x4e0 [ 160.618012][ T7746] _copy_from_user+0x2f/0xe0 [ 160.622654][ T7746] nr_rt_ioctl+0x781/0xfb0 [ 160.627210][ T7746] ? aa_get_newest_label+0xff/0x6f0 [ 160.632449][ T7746] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 160.638831][ T7746] ? tomoyo_path_number_perm+0x208/0x880 [ 160.644518][ T7746] ? __pfx_nr_rt_ioctl+0x10/0x10 [ 160.649612][ T7746] ? apparmor_capable+0x138/0x1b0 [ 160.654802][ T7746] sock_do_ioctl+0x158/0x460 [ 160.659545][ T7746] ? __pfx_sock_do_ioctl+0x10/0x10 [ 160.664740][ T7746] sock_ioctl+0x629/0x8e0 [ 160.669097][ T7746] ? __pfx_sock_ioctl+0x10/0x10 [ 160.673965][ T7746] ? __fget_files+0x29/0x470 [ 160.678593][ T7746] ? __fget_files+0x3f6/0x470 [ 160.683304][ T7746] ? __fget_files+0x29/0x470 [ 160.687924][ T7746] ? bpf_lsm_file_ioctl+0x9/0x10 [ 160.692882][ T7746] ? security_file_ioctl+0x87/0xb0 [ 160.698011][ T7746] ? __pfx_sock_ioctl+0x10/0x10 [ 160.702905][ T7746] __se_sys_ioctl+0xfc/0x170 [ 160.707535][ T7746] do_syscall_64+0xf3/0x230 [ 160.712072][ T7746] ? clear_bhb_loop+0x35/0x90 [ 160.716780][ T7746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.722696][ T7746] RIP: 0033:0x7fc920f77299 [ 160.727259][ T7746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.746977][ T7746] RSP: 002b:00007fc921dd5048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 160.755607][ T7746] RAX: ffffffffffffffda RBX: 00007fc921105f80 RCX: 00007fc920f77299 [ 160.763606][ T7746] RDX: 0000000020000340 RSI: 000000000000890b RDI: 0000000000000004 [ 160.771618][ T7746] RBP: 00007fc921dd50a0 R08: 0000000000000000 R09: 0000000000000000 [ 160.779610][ T7746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 160.787687][ T7746] R13: 000000000000000b R14: 00007fc921105f80 R15: 00007fff98194568 [ 160.795687][ T7746] [ 161.057016][ T7759] ieee802154 phy0 wpan0: encryption failed: -22 [ 161.079304][ T7759] netlink: 36 bytes leftover after parsing attributes in process `syz.1.808'. [ 163.060659][ T7839] FAULT_INJECTION: forcing a failure. [ 163.060659][ T7839] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 163.101811][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 163.119884][ T7839] CPU: 1 UID: 0 PID: 7839 Comm: syz.2.834 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 163.120958][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 163.130172][ T7839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 163.130193][ T7839] Call Trace: [ 163.130204][ T7839] [ 163.130214][ T7839] dump_stack_lvl+0x241/0x360 [ 163.130252][ T7839] ? __pfx_dump_stack_lvl+0x10/0x10 [ 163.130279][ T7839] ? __pfx__printk+0x10/0x10 [ 163.168121][ T7839] ? snprintf+0xda/0x120 [ 163.172505][ T7839] should_fail_ex+0x3b0/0x4e0 [ 163.177249][ T7839] _copy_to_user+0x2f/0xb0 [ 163.181800][ T7839] simple_read_from_buffer+0xca/0x150 [ 163.187225][ T7839] proc_fail_nth_read+0x1e9/0x250 [ 163.190651][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 163.192277][ T7839] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 163.201740][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 163.204740][ T7839] ? rw_verify_area+0x520/0x6b0 [ 163.213703][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 163.216508][ T7839] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 163.224306][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 163.228968][ T7839] vfs_read+0x204/0xbc0 [ 163.229008][ T7839] ? __pfx_lock_release+0x10/0x10 [ 163.229049][ T7839] ? __pfx_vfs_read+0x10/0x10 [ 163.249969][ T7839] ? __fget_files+0x29/0x470 [ 163.254617][ T7839] ? __fget_files+0x3f6/0x470 [ 163.259358][ T7839] ksys_read+0x1a0/0x2c0 [ 163.263651][ T7839] ? __pfx_ksys_read+0x10/0x10 [ 163.268460][ T7839] ? do_syscall_64+0x100/0x230 [ 163.273259][ T7839] ? do_syscall_64+0xb6/0x230 [ 163.277944][ T7839] do_syscall_64+0xf3/0x230 [ 163.282456][ T7839] ? clear_bhb_loop+0x35/0x90 [ 163.287167][ T7839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.293154][ T7839] RIP: 0033:0x7fa2b4f75d7c [ 163.297583][ T7839] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 163.317197][ T7839] RSP: 002b:00007fa2b5c69040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 163.322673][ T7848] raw_sendmsg: syz.0.835 forgot to set AF_INET. Fix it! [ 163.325607][ T7839] RAX: ffffffffffffffda RBX: 00007fa2b5105f80 RCX: 00007fa2b4f75d7c [ 163.340731][ T7839] RDX: 000000000000000f RSI: 00007fa2b5c690b0 RDI: 0000000000000003 [ 163.348831][ T7839] RBP: 00007fa2b5c690a0 R08: 0000000000000000 R09: 0000000000000000 [ 163.356846][ T7839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 163.364859][ T7839] R13: 000000000000000b R14: 00007fa2b5105f80 R15: 00007ffd2f9093c8 [ 163.372894][ T7839] [ 163.560866][ T6032] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.667917][ T7857] netlink: 'syz.4.839': attribute type 9 has an invalid length. [ 163.701226][ T7857] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.839'. [ 163.757532][ T6032] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.808902][ T7854] syzkaller0: entered allmulticast mode [ 163.935257][ T6032] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.004111][ T7862] syzkaller0 (unregistering): left allmulticast mode [ 164.113291][ T7859] netlink: 'syz.4.839': attribute type 9 has an invalid length. [ 164.156351][ T7859] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.839'. [ 164.273930][ T6032] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.624378][ T6032] bridge_slave_1: left allmulticast mode [ 164.632124][ T6032] bridge_slave_1: left promiscuous mode [ 164.637969][ T6032] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.651158][ T6032] bridge_slave_0: left allmulticast mode [ 164.656869][ T6032] bridge_slave_0: left promiscuous mode [ 164.666480][ T6032] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.186967][ T6032] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 165.202096][ T6032] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 165.218102][ T6032] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 165.243097][ T6032] bond0 (unregistering): Released all slaves [ 165.261755][ T7840] chnl_net:caif_netlink_parms(): no params data found [ 165.269865][ T5245] Bluetooth: hci1: command tx timeout [ 165.817025][ T7915] netlink: 'syz.4.856': attribute type 3 has an invalid length. [ 165.835507][ T7915] netlink: 'syz.4.856': attribute type 3 has an invalid length. [ 165.869354][ T7840] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.876660][ T7840] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.900002][ T7840] bridge_slave_0: entered allmulticast mode [ 165.920090][ T7840] bridge_slave_0: entered promiscuous mode [ 165.977737][ T7840] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.987598][ T7840] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.995285][ T7840] bridge_slave_1: entered allmulticast mode [ 166.006831][ T7840] bridge_slave_1: entered promiscuous mode [ 166.136382][ T6032] hsr_slave_0: left promiscuous mode [ 166.162123][ T6032] hsr_slave_1: left promiscuous mode [ 166.176548][ T6032] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.186896][ T6032] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 166.203128][ T6032] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.226991][ T6032] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 166.308463][ T6032] veth1_macvtap: left promiscuous mode [ 166.314621][ T6032] veth0_macvtap: left promiscuous mode [ 166.320426][ T6032] veth1_vlan: left promiscuous mode [ 166.326022][ T6032] veth0_vlan: left promiscuous mode [ 167.054217][ T6032] team0 (unregistering): Port device team_slave_1 removed [ 167.133833][ T6032] team0 (unregistering): Port device team_slave_0 removed [ 167.350503][ T5245] Bluetooth: hci1: command tx timeout [ 167.611079][ T7929] syzkaller0: entered allmulticast mode [ 167.697561][ T7951] netlink: 12 bytes leftover after parsing attributes in process `syz.3.865'. [ 167.746123][ T7840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.760108][ T7840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.023977][ T7840] team0: Port device team_slave_0 added [ 168.048742][ T7840] team0: Port device team_slave_1 added [ 168.155882][ T7973] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 168.170154][ C1] eth0: bad gso: type: 1, size: 1408 [ 168.191311][ T7840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.213394][ T7840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.254117][ T7840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.270488][ T7840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.277578][ T7840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.306944][ T7840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.507775][ T7840] hsr_slave_0: entered promiscuous mode [ 168.527362][ T7840] hsr_slave_1: entered promiscuous mode [ 168.539867][ T7840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 168.547491][ T7840] Cannot create hsr debugfs directory [ 168.852696][ T7982] syzkaller0: entered allmulticast mode [ 168.941113][ T7982] syzkaller0 (unregistering): left allmulticast mode [ 169.429440][ T5245] Bluetooth: hci1: command tx timeout [ 169.587696][ T8015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 169.739758][ T7840] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 169.767266][ T7840] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 169.785287][ T7840] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 169.798885][ T7840] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 169.847077][ T8020] xt_bpf: check failed: parse error [ 169.982449][ T7840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.016514][ T7840] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.035248][ T5286] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.042479][ T5286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.062021][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.069294][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.230250][ T8007] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 170.633334][ T7840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.826156][ T7840] veth0_vlan: entered promiscuous mode [ 170.885998][ T7840] veth1_vlan: entered promiscuous mode [ 170.963376][ T8055] netlink: 4 bytes leftover after parsing attributes in process `syz.0.903'. [ 170.977860][ T7840] veth0_macvtap: entered promiscuous mode [ 171.032471][ T7840] veth1_macvtap: entered promiscuous mode [ 171.056825][ T8056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 171.107190][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.129445][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.141589][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.153954][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.168752][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.197747][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.214614][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.232302][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.249072][ T7840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.286449][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.297587][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.310570][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.321424][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.332619][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.344503][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.356900][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.368343][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.434205][ T7840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 171.478056][ T7840] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.495842][ T7840] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.505784][ T7840] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.509681][ T5245] Bluetooth: hci1: command tx timeout [ 171.523015][ T7840] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.705081][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 171.720278][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 171.736732][ T8079] netlink: 12 bytes leftover after parsing attributes in process `syz.3.913'. [ 171.794687][ T2534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 171.797918][ T8079] sch_tbf: burst 0 is lower than device veth1_to_bridge mtu (1514) ! [ 171.803496][ T2534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.184177][ T8143] netlink: 8 bytes leftover after parsing attributes in process `syz.4.936'. [ 173.205822][ T8143] netlink: 16 bytes leftover after parsing attributes in process `syz.4.936'. [ 173.317637][ T8148] sctp: [Deprecated]: syz.2.939 (pid 8148) Use of int in maxseg socket option. [ 173.317637][ T8148] Use struct sctp_assoc_value instead [ 173.847369][ T8167] Illegal XDP return value 4294967282 on prog (id 254) dev N/A, expect packet loss! [ 174.057704][ T8179] netlink: 'syz.4.952': attribute type 4 has an invalid length. [ 174.162290][ T8185] netlink: 20 bytes leftover after parsing attributes in process `syz.1.955'. [ 174.195357][ T8185] netlink: 5312 bytes leftover after parsing attributes in process `syz.1.955'. [ 174.228015][ T8185] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 174.896040][ T8203] netlink: 'syz.4.962': attribute type 29 has an invalid length. [ 174.944957][ T8203] netlink: 'syz.4.962': attribute type 29 has an invalid length. [ 174.979629][ T8203] netlink: 'syz.4.962': attribute type 29 has an invalid length. [ 175.002408][ T8203] netlink: 'syz.4.962': attribute type 29 has an invalid length. [ 175.036440][ T8203] netlink: 'syz.4.962': attribute type 29 has an invalid length. [ 175.067459][ T8201] netlink: 'syz.4.962': attribute type 29 has an invalid length. [ 175.300917][ T8219] netlink: 'syz.0.967': attribute type 4 has an invalid length. [ 175.556662][ T8231] ieee802154 phy0 wpan0: encryption failed: -22 [ 175.600512][ T8231] netlink: 36 bytes leftover after parsing attributes in process `syz.1.973'. [ 176.082533][ T8255] netlink: 'syz.3.981': attribute type 3 has an invalid length. [ 176.167796][ T8255] netlink: 72 bytes leftover after parsing attributes in process `syz.3.981'. [ 176.394638][ T8270] xt_bpf: check failed: parse error [ 176.560108][ T8276] ieee802154 phy0 wpan0: encryption failed: -22 [ 176.581809][ T8276] netlink: 36 bytes leftover after parsing attributes in process `syz.0.989'. [ 176.787467][ T8287] netlink: 20 bytes leftover after parsing attributes in process `syz.2.988'. [ 176.877931][ T8287] netlink: 4 bytes leftover after parsing attributes in process `syz.2.988'. [ 177.540465][ T8318] netlink: 'syz.0.1004': attribute type 4 has an invalid length. [ 177.860576][ T8330] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1010'. [ 178.643692][ T8362] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1018'. [ 178.785556][ T8370] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1020'. [ 178.858642][ T8373] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1021'. [ 179.023593][ T8382] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1025'. [ 179.330996][ T8392] ieee802154 phy0 wpan0: encryption failed: -22 [ 179.362148][ T8392] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1030'. [ 179.609500][ T8402] xt_TPROXY: Can be used only with -p tcp or -p udp [ 180.420828][ T8436] ieee802154 phy0 wpan0: encryption failed: -22 [ 180.474064][ T8431] xt_CT: No such helper "netbios-ns" [ 181.209150][ T8470] __nla_validate_parse: 3 callbacks suppressed [ 181.209173][ T8470] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1057'. [ 181.549403][ T8477] ieee802154 phy0 wpan0: encryption failed: -22 [ 181.571508][ T8477] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1059'. [ 181.602219][ T8479] netlink: 'syz.2.1060': attribute type 11 has an invalid length. [ 181.637931][ T8479] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1060'. [ 181.662694][ T8482] netlink: 'syz.4.1061': attribute type 13 has an invalid length. [ 181.847141][ T8482] netlink: 'syz.4.1061': attribute type 16 has an invalid length. [ 181.869218][ T8482] netlink: 'syz.4.1061': attribute type 17 has an invalid length. [ 182.059122][ T8487] netlink: 'syz.2.1064': attribute type 11 has an invalid length. [ 182.124440][ T8487] netlink: 'syz.2.1064': attribute type 11 has an invalid length. [ 182.174183][ T8487] debugfs: Directory 'netdev:' with parent 'phy14' already present! [ 182.236434][ T8495] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1067'. [ 182.552331][ T8511] ieee802154 phy0 wpan0: encryption failed: -22 [ 182.575283][ T8511] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1073'. [ 182.638235][ T8512] netlink: 120 bytes leftover after parsing attributes in process `syz.0.1074'. [ 182.773409][ T8521] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1077'. [ 182.826861][ T8525] RDS: rds_bind could not find a transport for fec0:ffff:ffff:ffff::1, load rds_tcp or rds_rdma? [ 182.998677][ T8498] dccp_close: ABORT with 299 bytes unread [ 183.149734][ T8533] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1082'. [ 183.381056][ T8545] ieee802154 phy0 wpan0: encryption failed: -22 [ 183.408142][ T8545] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1087'. [ 183.571856][ T8553] tun0: tun_chr_ioctl cmd 35108 [ 183.646250][ T8552] netlink: 120 bytes leftover after parsing attributes in process `syz.1.1089'. [ 184.101127][ C1] eth0: bad gso: type: 1, size: 1408 [ 184.506898][ T8588] ieee802154 phy0 wpan0: encryption failed: -22 [ 184.903177][ T8571] dccp_close: ABORT with 299 bytes unread [ 185.013004][ T8608] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 185.041401][ T25] IPVS: starting estimator thread 0... [ 185.141482][ T8611] IPVS: using max 16 ests per chain, 38400 per kthread [ 185.676815][ C1] eth0: bad gso: type: 1, size: 1408 [ 185.704644][ T8629] ieee802154 phy0 wpan0: encryption failed: -22 [ 186.380521][ C1] eth0: bad gso: type: 1, size: 1408 [ 186.587493][ T8634] dccp_close: ABORT with 299 bytes unread [ 186.609370][ C1] eth0: bad gso: type: 1, size: 1408 [ 186.785819][ T8667] ieee802154 phy0 wpan0: encryption failed: -22 [ 186.815547][ T8667] __nla_validate_parse: 6 callbacks suppressed [ 186.815570][ T8667] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1129'. [ 187.229792][ T8676] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1133'. [ 187.285493][ T8694] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 187.342451][ T3072] IPVS: starting estimator thread 0... [ 187.449340][ T8700] IPVS: using max 17 ests per chain, 40800 per kthread [ 187.533702][ T8710] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1142'. [ 187.692454][ T8718] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.700610][ T8718] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1144'. [ 187.775652][ T8720] ip6_tunnel: non-ECT from 0000:0000:0000:0000:0000:ffff:e000:0001 with DS=0xe [ 188.071878][ T8737] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1153'. [ 188.338548][ T8747] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1151'. [ 188.401069][ T8746] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1155'. [ 188.430409][ T8750] ieee802154 phy0 wpan0: encryption failed: -22 [ 188.440333][ T8750] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1158'. [ 188.572760][ T8751] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1157'. [ 188.618659][ C1] eth0: bad gso: type: 1, size: 1408 [ 188.783648][ T8761] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 188.924289][ T8765] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 189.301798][ T8781] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 189.352812][ T8784] ieee802154 phy0 wpan0: encryption failed: -22 [ 189.369864][ T8784] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1169'. [ 189.507693][ T8791] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 190.281646][ T8813] netlink: 'syz.1.1180': attribute type 13 has an invalid length. [ 190.350633][ T8819] netlink: 'syz.1.1180': attribute type 16 has an invalid length. [ 190.360574][ T8815] ieee802154 phy0 wpan0: encryption failed: -22 [ 190.367550][ T8819] netlink: 'syz.1.1180': attribute type 17 has an invalid length. [ 190.773636][ T8837] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 191.215076][ T8852] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 191.860589][ T8867] netlink: 'syz.4.1195': attribute type 13 has an invalid length. [ 191.965137][ T8873] netlink: 'syz.4.1195': attribute type 16 has an invalid length. [ 192.009207][ T8873] netlink: 'syz.4.1195': attribute type 17 has an invalid length. [ 192.275514][ T8884] __nla_validate_parse: 6 callbacks suppressed [ 192.275538][ T8884] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1196'. [ 192.321859][ T8883] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1199'. [ 192.570019][ T8893] FAULT_INJECTION: forcing a failure. [ 192.570019][ T8893] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 192.599229][ T8893] CPU: 1 UID: 0 PID: 8893 Comm: syz.4.1201 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 192.609633][ T8893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 192.619817][ T8893] Call Trace: [ 192.623127][ T8893] [ 192.626083][ T8893] dump_stack_lvl+0x241/0x360 [ 192.630815][ T8893] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.636179][ T8893] ? __pfx__printk+0x10/0x10 [ 192.640812][ T8893] ? __pfx_lock_release+0x10/0x10 [ 192.645891][ T8893] should_fail_ex+0x3b0/0x4e0 [ 192.650611][ T8893] _copy_to_user+0x2f/0xb0 [ 192.655053][ T8893] bpf_verifier_vlog+0x31e/0x860 [ 192.660084][ T8893] __btf_verifier_log+0xd5/0x120 [ 192.665056][ T8893] ? __pfx___btf_verifier_log+0x10/0x10 [ 192.670627][ T8893] ? sort_r+0x22c3/0x2960 [ 192.674997][ T8893] __btf_verifier_log_type+0x389/0x640 [ 192.680475][ T8893] ? btf_ref_type_check_meta+0x2de/0x7a0 [ 192.686118][ T8893] ? btf_ref_type_check_meta+0xe8/0x7a0 [ 192.691672][ T8893] ? __pfx___btf_verifier_log_type+0x10/0x10 [ 192.697670][ T8893] btf_ref_type_check_meta+0x5e0/0x7a0 [ 192.703230][ T8893] btf_parse_type_sec+0x4d5/0x2620 [ 192.708360][ T8893] ? bpf_verifier_vlog+0x32b/0x860 [ 192.713500][ T8893] ? btf_check_sec_info+0x379/0x4f0 [ 192.718718][ T8893] ? __pfx_btf_parse_type_sec+0x10/0x10 [ 192.724287][ T8893] ? btf_parse_str_sec+0x21f/0x2b0 [ 192.729417][ T8893] btf_new_fd+0x43f/0xd30 [ 192.733770][ T8893] ? __pfx_btf_new_fd+0x10/0x10 [ 192.738640][ T8893] ? bpf_btf_load+0xcf/0x1a0 [ 192.743272][ T8893] __sys_bpf+0x6ef/0x810 [ 192.747564][ T8893] ? __pfx___sys_bpf+0x10/0x10 [ 192.752365][ T8893] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 192.758374][ T8893] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 192.764723][ T8893] ? do_syscall_64+0x100/0x230 [ 192.769529][ T8893] __x64_sys_bpf+0x7c/0x90 [ 192.774049][ T8893] do_syscall_64+0xf3/0x230 [ 192.778562][ T8893] ? clear_bhb_loop+0x35/0x90 [ 192.783254][ T8893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.789161][ T8893] RIP: 0033:0x7f1117177299 [ 192.793583][ T8893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.813377][ T8893] RSP: 002b:00007f1117ec6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 192.821809][ T8893] RAX: ffffffffffffffda RBX: 00007f1117305f80 RCX: 00007f1117177299 [ 192.829793][ T8893] RDX: 0000000000000020 RSI: 0000000020000080 RDI: 0000000000000012 [ 192.837860][ T8893] RBP: 00007f1117ec60a0 R08: 0000000000000000 R09: 0000000000000000 [ 192.845853][ T8893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 192.853883][ T8893] R13: 000000000000000b R14: 00007f1117305f80 R15: 00007fff10b1e738 [ 192.861891][ T8893] [ 192.973597][ T8899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 193.209246][ T8906] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.243366][ T8906] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1207'. [ 193.344701][ T8907] batadv_slave_0: mtu less than device minimum [ 193.420124][ T8910] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1208'. [ 193.451422][ T8910] xt_CONNSECMARK: invalid mode: 0 [ 193.470105][ T8910] x_tables: ip6_tables: DNPT target: used from hooks FORWARD, but only usable from PREROUTING/OUTPUT [ 193.515681][ T8910] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1208'. [ 193.699655][ T8916] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.718188][ T8916] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1211'. [ 193.878003][ T8924] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1214'. [ 194.351404][ T8944] nbd: must specify a size in bytes for the device [ 194.429342][ T8949] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 194.553574][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.560122][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.697020][ T8957] netlink: 'syz.4.1225': attribute type 9 has an invalid length. [ 194.776533][ T8959] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.786091][ T8959] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1226'. [ 195.344151][ T8943] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1222'. [ 195.386817][ T8943] vlan2: entered promiscuous mode [ 195.402380][ T8943] team0: entered promiscuous mode [ 195.407479][ T8943] team_slave_0: entered promiscuous mode [ 195.425444][ T8943] team_slave_1: entered promiscuous mode [ 195.456096][ T8943] team0: left promiscuous mode [ 195.468941][ T8943] team_slave_0: left promiscuous mode [ 195.493504][ T8943] team_slave_1: left promiscuous mode [ 195.534519][ T8966] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.571719][ T8969] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1228'. [ 195.781548][ T8975] xt_bpf: check failed: parse error [ 195.784172][ T8961] dccp_close: ABORT with 323 bytes unread [ 196.338663][ T9000] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 196.645324][ T9014] ieee802154 phy0 wpan0: encryption failed: -22 [ 196.828705][ C1] eth0: bad gso: type: 1, size: 1408 [ 196.856466][ T9026] FAULT_INJECTION: forcing a failure. [ 196.856466][ T9026] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 196.912654][ T9026] CPU: 1 UID: 0 PID: 9026 Comm: syz.0.1247 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 196.923058][ T9026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 196.933415][ T9026] Call Trace: [ 196.936730][ T9026] [ 196.939698][ T9026] dump_stack_lvl+0x241/0x360 [ 196.944471][ T9026] ? __pfx_dump_stack_lvl+0x10/0x10 [ 196.949807][ T9026] ? __pfx__printk+0x10/0x10 [ 196.954442][ T9026] ? __pfx_lock_release+0x10/0x10 [ 196.959611][ T9026] should_fail_ex+0x3b0/0x4e0 [ 196.964348][ T9026] _copy_to_user+0x2f/0xb0 [ 196.968890][ T9026] bpf_verifier_vlog+0x31e/0x860 [ 196.973887][ T9026] __btf_verifier_log+0xd5/0x120 [ 196.978862][ T9026] ? bpf_verifier_vlog+0x32b/0x860 [ 196.984007][ T9026] ? __pfx___btf_verifier_log+0x10/0x10 [ 196.989583][ T9026] ? sort_r+0x22c3/0x2960 [ 196.993957][ T9026] __btf_verifier_log_type+0x4a8/0x640 [ 196.999464][ T9026] ? btf_ref_type_check_meta+0x2de/0x7a0 [ 197.005127][ T9026] ? btf_ref_type_check_meta+0xe8/0x7a0 [ 197.010710][ T9026] ? __pfx___btf_verifier_log_type+0x10/0x10 [ 197.016831][ T9026] btf_ref_type_check_meta+0x5e0/0x7a0 [ 197.022351][ T9026] btf_parse_type_sec+0x4d5/0x2620 [ 197.027514][ T9026] ? bpf_verifier_vlog+0x32b/0x860 [ 197.032656][ T9026] ? btf_check_sec_info+0x379/0x4f0 [ 197.037876][ T9026] ? __pfx_btf_parse_type_sec+0x10/0x10 [ 197.043442][ T9026] ? btf_parse_str_sec+0x21f/0x2b0 [ 197.048571][ T9026] btf_new_fd+0x43f/0xd30 [ 197.052925][ T9026] ? __pfx_btf_new_fd+0x10/0x10 [ 197.057807][ T9026] ? bpf_btf_load+0xcf/0x1a0 [ 197.062432][ T9026] __sys_bpf+0x6ef/0x810 [ 197.066694][ T9026] ? __pfx___sys_bpf+0x10/0x10 [ 197.071483][ T9026] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 197.077506][ T9026] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 197.083870][ T9026] ? do_syscall_64+0x100/0x230 [ 197.088663][ T9026] __x64_sys_bpf+0x7c/0x90 [ 197.093101][ T9026] do_syscall_64+0xf3/0x230 [ 197.097618][ T9026] ? clear_bhb_loop+0x35/0x90 [ 197.102411][ T9026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.108321][ T9026] RIP: 0033:0x7fb3c2f77299 [ 197.112789][ T9026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.132627][ T9026] RSP: 002b:00007fb3c3d33048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 197.141094][ T9026] RAX: ffffffffffffffda RBX: 00007fb3c3105f80 RCX: 00007fb3c2f77299 [ 197.149084][ T9026] RDX: 0000000000000020 RSI: 0000000020000080 RDI: 0000000000000012 [ 197.157066][ T9026] RBP: 00007fb3c3d330a0 R08: 0000000000000000 R09: 0000000000000000 [ 197.165226][ T9026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 197.173242][ T9026] R13: 000000000000000b R14: 00007fb3c3105f80 R15: 00007ffef670c648 [ 197.181258][ T9026] [ 197.565329][ T9051] batman_adv: batadv0: Adding interface: ipvlan2 [ 197.583703][ T9051] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.614048][ T9020] dccp_close: ABORT with 323 bytes unread [ 197.628677][ T9051] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active [ 197.682419][ T9053] ieee802154 phy0 wpan0: encryption failed: -22 [ 197.700684][ T9053] __nla_validate_parse: 7 callbacks suppressed [ 197.700706][ T9053] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1259'. [ 197.974250][ T9069] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1264'. [ 198.346559][ T9085] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1269'. [ 198.514651][ T9091] ieee802154 phy0 wpan0: encryption failed: -22 [ 198.536286][ T9091] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1274'. [ 198.733170][ T9097] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1277'. [ 199.005967][ T9113] netlink: 'syz.0.1283': attribute type 21 has an invalid length. [ 199.045073][ T9114] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 199.132231][ T9109] syzkaller0: entered promiscuous mode [ 199.138160][ T9109] syzkaller0: entered allmulticast mode [ 199.157983][ T9083] dccp_close: ABORT with 327 bytes unread [ 199.506980][ T9129] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.530290][ T9129] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1288'. [ 199.669984][ T9135] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1291'. [ 200.546781][ T9159] xt_bpf: check failed: parse error [ 200.959311][ T9147] dccp_close: ABORT with 327 bytes unread [ 201.057572][ T9166] ieee802154 phy0 wpan0: encryption failed: -22 [ 201.066844][ T9166] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1302'. [ 201.686690][ T9140] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1294'. [ 201.758920][ T5245] Bluetooth: hci4: command 0x0406 tx timeout [ 201.759828][ T5234] Bluetooth: hci2: command 0x0406 tx timeout [ 201.920601][ T9171] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1304'. [ 202.036019][ T9161] netlink: 'syz.3.1301': attribute type 10 has an invalid length. [ 202.062680][ T9161] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.091983][ T9161] bond0: (slave team0): Enslaving as an active interface with an up link [ 202.262120][ T9179] FAULT_INJECTION: forcing a failure. [ 202.262120][ T9179] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 202.289621][ T9179] CPU: 1 UID: 0 PID: 9179 Comm: syz.1.1306 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 202.300014][ T9179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 202.310106][ T9179] Call Trace: [ 202.313403][ T9179] [ 202.316339][ T9179] dump_stack_lvl+0x241/0x360 [ 202.321044][ T9179] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.326263][ T9179] ? __pfx__printk+0x10/0x10 [ 202.330875][ T9179] ? __pfx_lock_release+0x10/0x10 [ 202.335924][ T9179] should_fail_ex+0x3b0/0x4e0 [ 202.340627][ T9179] _copy_to_user+0x2f/0xb0 [ 202.345057][ T9179] bpf_verifier_vlog+0x31e/0x860 [ 202.350020][ T9179] __btf_verifier_log+0xd5/0x120 [ 202.354975][ T9179] ? __pfx___btf_verifier_log+0x10/0x10 [ 202.360538][ T9179] __btf_verifier_log_type+0x389/0x640 [ 202.366012][ T9179] ? btf_ref_type_check_meta+0x370/0x7a0 [ 202.371744][ T9179] ? btf_ref_type_check_meta+0xe8/0x7a0 [ 202.377297][ T9179] ? __pfx___btf_verifier_log_type+0x10/0x10 [ 202.383288][ T9179] ? rcu_is_watching+0x15/0xb0 [ 202.388077][ T9179] btf_ref_type_check_meta+0x5e0/0x7a0 [ 202.393586][ T9179] btf_parse_type_sec+0x4d5/0x2620 [ 202.398742][ T9179] ? btf_check_sec_info+0x379/0x4f0 [ 202.403984][ T9179] ? __pfx_btf_parse_type_sec+0x10/0x10 [ 202.409557][ T9179] ? btf_parse_str_sec+0x21f/0x2b0 [ 202.414696][ T9179] btf_new_fd+0x43f/0xd30 [ 202.419050][ T9179] ? __pfx_btf_new_fd+0x10/0x10 [ 202.423919][ T9179] ? bpf_btf_load+0xcf/0x1a0 [ 202.428524][ T9179] __sys_bpf+0x6ef/0x810 [ 202.432779][ T9179] ? __pfx___sys_bpf+0x10/0x10 [ 202.437564][ T9179] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 202.443564][ T9179] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 202.449909][ T9179] ? do_syscall_64+0x100/0x230 [ 202.454688][ T9179] __x64_sys_bpf+0x7c/0x90 [ 202.459118][ T9179] do_syscall_64+0xf3/0x230 [ 202.463629][ T9179] ? clear_bhb_loop+0x35/0x90 [ 202.468323][ T9179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.474239][ T9179] RIP: 0033:0x7f5275177299 [ 202.478661][ T9179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.498292][ T9179] RSP: 002b:00007f5275ea2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 202.506721][ T9179] RAX: ffffffffffffffda RBX: 00007f5275305f80 RCX: 00007f5275177299 [ 202.514790][ T9179] RDX: 0000000000000020 RSI: 0000000020000080 RDI: 0000000000000012 [ 202.522769][ T9179] RBP: 00007f5275ea20a0 R08: 0000000000000000 R09: 0000000000000000 [ 202.530749][ T9179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 202.538909][ T9179] R13: 000000000000000b R14: 00007f5275305f80 R15: 00007ffd579dbd98 [ 202.546988][ T9179] [ 202.896698][ T9196] ieee802154 phy0 wpan0: encryption failed: -22 [ 202.916958][ T9196] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1313'. [ 203.125835][ T9215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1319'. [ 203.186922][ T9217] netlink: 'syz.1.1321': attribute type 10 has an invalid length. [ 203.255523][ T9217] team0: Port device wlan1 added [ 203.519392][ T9190] dccp_close: ABORT with 327 bytes unread [ 203.563238][ T9237] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1329'. [ 203.613449][ T9239] ieee802154 phy0 wpan0: encryption failed: -22 [ 203.638234][ T9239] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1331'. [ 203.677619][ T9244] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1332'. [ 203.784942][ T9250] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1333'. [ 203.958968][ T9257] netlink: 'syz.2.1336': attribute type 10 has an invalid length. [ 204.037160][ T9257] team0: Port device wlan1 added [ 204.162105][ T9260] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1337'. [ 204.492881][ T9283] netlink: 'syz.2.1346': attribute type 13 has an invalid length. [ 204.501439][ T9282] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.510332][ T9282] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1345'. [ 204.522453][ T9283] netlink: 'syz.2.1346': attribute type 16 has an invalid length. [ 204.546129][ T9283] netlink: 'syz.2.1346': attribute type 17 has an invalid length. [ 204.661312][ T9290] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1348'. [ 204.860477][ T9296] netlink: 'syz.4.1350': attribute type 10 has an invalid length. [ 204.957690][ T9299] xt_TPROXY: Can be used only with -p tcp or -p udp [ 204.969806][ T9296] team0: Port device wlan1 added [ 205.479370][ T9319] ieee802154 phy0 wpan0: encryption failed: -22 [ 205.555865][ T9326] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1359'. [ 205.740150][ T9333] IPVS: length: 89 != 24 [ 206.568146][ T9368] ieee802154 phy0 wpan0: encryption failed: -22 [ 206.709324][ T54] Bluetooth: hci1: command 0x0405 tx timeout [ 206.734481][ T9380] FAULT_INJECTION: forcing a failure. [ 206.734481][ T9380] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 206.749315][ T9380] CPU: 0 UID: 0 PID: 9380 Comm: syz.2.1380 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 206.759796][ T9380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 206.769896][ T9380] Call Trace: [ 206.773207][ T9380] [ 206.776172][ T9380] dump_stack_lvl+0x241/0x360 [ 206.780907][ T9380] ? __pfx_dump_stack_lvl+0x10/0x10 [ 206.786156][ T9380] ? __pfx__printk+0x10/0x10 [ 206.790798][ T9380] ? __pfx_lock_release+0x10/0x10 [ 206.795883][ T9380] should_fail_ex+0x3b0/0x4e0 [ 206.800628][ T9380] _copy_to_user+0x2f/0xb0 [ 206.805111][ T9380] bpf_verifier_vlog+0x31e/0x860 [ 206.810120][ T9380] __btf_verifier_log+0xd5/0x120 [ 206.815111][ T9380] ? __pfx___btf_verifier_log+0x10/0x10 [ 206.820696][ T9380] ? __btf_verifier_log+0xd5/0x120 [ 206.825860][ T9380] ? bpf_verifier_vlog+0x32b/0x860 [ 206.831036][ T9380] __btf_verifier_log_type+0x389/0x640 [ 206.836651][ T9380] ? __btf_verifier_log_type+0x4a8/0x640 [ 206.842336][ T9380] ? btf_enum_check_meta+0x14f/0xdb0 [ 206.847679][ T9380] ? __pfx___btf_verifier_log_type+0x10/0x10 [ 206.853715][ T9380] ? btf_ref_type_check_meta+0x370/0x7a0 [ 206.859406][ T9380] ? btf_ref_type_check_meta+0xe8/0x7a0 [ 206.865085][ T9380] ? __pfx___btf_verifier_log_type+0x10/0x10 [ 206.871121][ T9380] btf_enum_check_meta+0x483/0xdb0 [ 206.876279][ T9380] ? btf_ref_type_check_meta+0x5e0/0x7a0 [ 206.881926][ T9380] btf_parse_type_sec+0x4d5/0x2620 [ 206.887064][ T9380] ? btf_check_sec_info+0x379/0x4f0 [ 206.892285][ T9380] ? __pfx_btf_parse_type_sec+0x10/0x10 [ 206.897876][ T9380] ? btf_parse_str_sec+0x21f/0x2b0 [ 206.903015][ T9380] btf_new_fd+0x43f/0xd30 [ 206.907372][ T9380] ? __pfx_btf_new_fd+0x10/0x10 [ 206.912261][ T9380] ? bpf_btf_load+0xcf/0x1a0 [ 206.916902][ T9380] __sys_bpf+0x6ef/0x810 [ 206.921193][ T9380] ? __pfx___sys_bpf+0x10/0x10 [ 206.926021][ T9380] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 206.932071][ T9380] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 206.938423][ T9380] ? do_syscall_64+0x100/0x230 [ 206.943205][ T9380] __x64_sys_bpf+0x7c/0x90 [ 206.947635][ T9380] do_syscall_64+0xf3/0x230 [ 206.952155][ T9380] ? clear_bhb_loop+0x35/0x90 [ 206.956846][ T9380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.962763][ T9380] RIP: 0033:0x7fa2b4f77299 [ 206.967233][ T9380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 206.986884][ T9380] RSP: 002b:00007fa2b5c69048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 206.995335][ T9380] RAX: ffffffffffffffda RBX: 00007fa2b5105f80 RCX: 00007fa2b4f77299 [ 207.003327][ T9380] RDX: 0000000000000020 RSI: 0000000020000080 RDI: 0000000000000012 [ 207.011357][ T9380] RBP: 00007fa2b5c690a0 R08: 0000000000000000 R09: 0000000000000000 [ 207.019379][ T9380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 207.027375][ T9380] R13: 000000000000000b R14: 00007fa2b5105f80 R15: 00007ffd2f9093c8 [ 207.035375][ T9380] [ 207.117299][ T9385] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 207.356428][ T9399] netlink: 'syz.0.1386': attribute type 10 has an invalid length. [ 207.406539][ T9399] team0: Port device wlan1 added [ 207.542052][ T9403] pim6reg1: entered promiscuous mode [ 207.565032][ T9403] pim6reg1: entered allmulticast mode [ 207.586871][ T9412] ieee802154 phy0 wpan0: encryption failed: -22 [ 207.597665][ T9403] Bluetooth: MGMT ver 1.23 [ 207.961632][ T9429] __nla_validate_parse: 6 callbacks suppressed [ 207.961654][ T9429] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1395'. [ 208.135883][ T9437] xt_bpf: check failed: parse error [ 208.147377][ T9438] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'. [ 208.232325][ T9440] netlink: 'syz.0.1401': attribute type 1 has an invalid length. [ 208.249541][ T9440] netlink: 'syz.0.1401': attribute type 2 has an invalid length. [ 208.257846][ T9440] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1401'. [ 208.351538][ T9445] ieee802154 phy0 wpan0: encryption failed: -22 [ 208.374607][ T9445] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1403'. [ 208.514687][ T9459] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1405'. [ 208.613095][ T9463] netlink: 'syz.1.1407': attribute type 13 has an invalid length. [ 208.641097][ T9463] netlink: 'syz.1.1407': attribute type 16 has an invalid length. [ 208.657467][ T9463] netlink: 'syz.1.1407': attribute type 17 has an invalid length. [ 208.734007][ T9467] (unnamed net_device) (uninitialized): option lp_interval: invalid value (18446744073709551614) [ 208.750331][ T9426] dccp_close: ABORT with 329 bytes unread [ 208.751713][ T9467] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647 [ 208.786433][ T9467] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 208.789693][ T9469] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1409'. [ 209.194993][ T9485] ieee802154 phy0 wpan0: encryption failed: -22 [ 209.218256][ T9489] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1418'. [ 209.238581][ T9485] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1417'. [ 209.248724][ T9482] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1415'. [ 209.412427][ T9497] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1422'. [ 209.682665][ T9514] validate_nla: 3 callbacks suppressed [ 209.682688][ T9514] netlink: 'syz.1.1426': attribute type 13 has an invalid length. [ 209.938001][ T3072] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.983195][ T9530] ieee802154 phy0 wpan0: encryption failed: -22 [ 210.173096][ T9494] dccp_close: ABORT with 329 bytes unread [ 210.236680][ T9538] netlink: 'syz.3.1436': attribute type 13 has an invalid length. [ 210.314794][ T9538] netlink: 'syz.3.1436': attribute type 16 has an invalid length. [ 210.331524][ T9538] netlink: 'syz.3.1436': attribute type 17 has an invalid length. [ 210.339720][ C1] eth0: bad gso: type: 1, size: 1408 [ 210.346701][ C1] eth0: bad gso: type: 1, size: 1408 [ 210.815543][ T9566] ieee802154 phy0 wpan0: encryption failed: -22 [ 211.440324][ T9600] xt_bpf: check failed: parse error [ 211.606641][ T9608] FAULT_INJECTION: forcing a failure. [ 211.606641][ T9608] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 211.629733][ T9610] netlink: 'syz.1.1462': attribute type 26 has an invalid length. [ 211.648880][ T9608] CPU: 0 UID: 0 PID: 9608 Comm: syz.0.1461 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 211.659279][ T9608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 211.669381][ T9608] Call Trace: [ 211.672690][ T9608] [ 211.675646][ T9608] dump_stack_lvl+0x241/0x360 [ 211.680374][ T9608] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.685611][ T9608] ? __pfx__printk+0x10/0x10 [ 211.690261][ T9608] ? __pfx_lock_release+0x10/0x10 [ 211.695343][ T9608] should_fail_ex+0x3b0/0x4e0 [ 211.700076][ T9608] _copy_from_user+0x2f/0xe0 [ 211.704725][ T9608] copy_msghdr_from_user+0xae/0x680 [ 211.709977][ T9608] ? _parse_integer_limit+0x1b5/0x200 [ 211.715404][ T9608] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 211.721261][ T9608] __sys_sendmmsg+0x374/0x740 [ 211.726001][ T9608] ? __pfx___sys_sendmmsg+0x10/0x10 [ 211.731338][ T9608] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 211.737247][ T9608] ? ksys_write+0x23e/0x2c0 [ 211.741765][ T9608] ? __pfx_lock_release+0x10/0x10 [ 211.746811][ T9608] ? vfs_write+0x7c4/0xc90 [ 211.751245][ T9608] ? __mutex_unlock_slowpath+0x21d/0x750 [ 211.756886][ T9608] ? __pfx_vfs_write+0x10/0x10 [ 211.761700][ T9608] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 211.767700][ T9608] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 211.774047][ T9608] ? do_syscall_64+0x100/0x230 [ 211.778834][ T9608] __x64_sys_sendmmsg+0xa0/0xb0 [ 211.783710][ T9608] do_syscall_64+0xf3/0x230 [ 211.788225][ T9608] ? clear_bhb_loop+0x35/0x90 [ 211.792923][ T9608] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.798829][ T9608] RIP: 0033:0x7fb3c2f77299 [ 211.803260][ T9608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.822886][ T9608] RSP: 002b:00007fb3c3d33048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 211.831315][ T9608] RAX: ffffffffffffffda RBX: 00007fb3c3105f80 RCX: 00007fb3c2f77299 [ 211.839296][ T9608] RDX: 0000000000000001 RSI: 0000000020002d40 RDI: 000000000000000c [ 211.847360][ T9608] RBP: 00007fb3c3d330a0 R08: 0000000000000000 R09: 0000000000000000 [ 211.855355][ T9608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.863346][ T9608] R13: 000000000000000b R14: 00007fb3c3105f80 R15: 00007ffef670c648 [ 211.871350][ T9608] [ 211.905537][ T9612] ieee802154 phy0 wpan0: encryption failed: -22 [ 212.971598][ T9657] vxcan0: tx drop: invalid da for name 0x0000000000000002 [ 213.147413][ T9663] __nla_validate_parse: 13 callbacks suppressed [ 213.147436][ T9663] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1476'. [ 213.359380][ T9668] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1477'. [ 213.374297][ T9677] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1476'. [ 213.401093][ T9677] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 213.411506][ T9678] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1479'. [ 213.508005][ T9680] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1482'. [ 213.640872][ T9686] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1485'. [ 213.714504][ T9692] netlink: 'syz.4.1486': attribute type 13 has an invalid length. [ 213.733543][ T9692] netlink: 'syz.4.1486': attribute type 16 has an invalid length. [ 213.743215][ T9692] netlink: 'syz.4.1486': attribute type 17 has an invalid length. [ 214.303990][ T9714] delete_channel: no stack [ 214.367838][ T9714] IPVS: set_ctl: invalid protocol: 227 172.20.20.170:20003 [ 214.518041][ T9723] xt_bpf: check failed: parse error [ 214.612895][ T9726] netlink: 'syz.0.1499': attribute type 13 has an invalid length. [ 214.671044][ T9726] netlink: 'syz.0.1499': attribute type 16 has an invalid length. [ 214.699661][ T9726] netlink: 'syz.0.1499': attribute type 17 has an invalid length. [ 214.788003][ T9728] (unnamed net_device) (uninitialized): option lp_interval: invalid value (18446744073709551614) [ 214.808705][ T9728] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647 [ 214.831286][ T9732] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 214.852314][ T9738] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 214.901424][ T9736] batadv_slave_0: mtu less than device minimum [ 215.043830][ T9745] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 215.075105][ T9744] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains [ 215.359732][ T9755] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1508'. [ 215.387868][ C1] eth0: bad gso: type: 1, size: 1408 [ 215.393896][ C1] eth0: bad gso: type: 1, size: 1408 [ 215.603427][ T9767] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1508'. [ 215.648340][ T9771] netlink: 'syz.1.1511': attribute type 11 has an invalid length. [ 216.313314][ C1] eth0: bad gso: type: 1, size: 1408 [ 216.381228][ C1] eth0: bad gso: type: 1, size: 1408 [ 216.401045][ T9791] tun0: tun_chr_ioctl cmd 1074812118 [ 216.472084][ T9791] pimreg: entered allmulticast mode [ 216.506473][ T9791] dvmrp5: entered allmulticast mode [ 216.528929][ T9791] pimreg: left allmulticast mode [ 216.539511][ T9791] dvmrp5: left allmulticast mode [ 216.894617][ T9816] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 216.920710][ T5286] IPVS: starting estimator thread 0... [ 217.009099][ T9817] IPVS: using max 19 ests per chain, 45600 per kthread [ 217.040337][ T9822] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1532'. [ 217.237689][ T9836] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1532'. [ 217.408105][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 217.754469][ T9859] smc: net device lo applied user defined pnetid SYZ2 [ 218.164934][ T9875] __nla_validate_parse: 2 callbacks suppressed [ 218.164957][ T9875] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1553'. [ 218.833669][ T9903] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1561'. [ 218.860667][ T9910] netlink: 'syz.1.1564': attribute type 13 has an invalid length. [ 218.861063][ T9911] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 218.923987][ T9910] netlink: 'syz.1.1564': attribute type 16 has an invalid length. [ 218.962515][ T9910] netlink: 'syz.1.1564': attribute type 17 has an invalid length. [ 219.059739][ T9919] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 219.097240][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 219.206956][ T9923] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1567'. [ 219.236827][ T9926] ieee802154 phy0 wpan0: encryption failed: -22 [ 219.264112][ T9926] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1568'. [ 220.076923][ T9955] netlink: 'syz.1.1577': attribute type 13 has an invalid length. [ 220.097043][ T9955] netlink: 'syz.1.1577': attribute type 16 has an invalid length. [ 220.108271][ T9955] netlink: 'syz.1.1577': attribute type 17 has an invalid length. [ 220.722178][ T9948] dccp_close: ABORT with 329 bytes unread [ 220.805636][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 221.038396][ T9963] ɶƣ0GC¦: entered promiscuous mode [ 221.057020][ T9986] netlink: 'syz.2.1588': attribute type 1 has an invalid length. [ 221.076903][ T9986] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1588'. [ 221.119573][ T9988] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1589'. [ 221.197050][ C1] eth0: bad gso: type: 1, size: 1408 [ 221.219466][ T9990] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1590'. [ 221.523464][T10004] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 222.231943][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 222.317412][ C1] eth0: bad gso: type: 1, size: 1408 [ 222.428411][T10038] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 222.605767][T10047] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 222.840528][T10060] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1615'. [ 223.026949][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 223.160063][T10074] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1620'. [ 223.180735][T10074] netem: unknown loss type 13 [ 223.188274][T10074] netem: change failed [ 223.206097][T10074] netlink: 'syz.1.1620': attribute type 9 has an invalid length. [ 223.222536][T10074] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1620'. [ 223.339337][T10082] netlink: 'syz.1.1620': attribute type 9 has an invalid length. [ 223.349813][T10082] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1620'. [ 223.481339][T10092] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1624'. [ 223.619886][T10097] netlink: 'syz.4.1626': attribute type 13 has an invalid length. [ 223.633860][T10097] netlink: 'syz.4.1626': attribute type 16 has an invalid length. [ 223.642193][T10097] netlink: 'syz.4.1626': attribute type 17 has an invalid length. [ 223.658185][T10098] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1625'. [ 223.893853][T10102] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1629'. [ 223.999918][T10113] dvmrp0: entered allmulticast mode [ 224.018321][T10075] dccp_close: ABORT with 329 bytes unread [ 224.563341][T10141] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1641'. [ 224.635134][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 224.648407][T10146] netlink: 'syz.4.1642': attribute type 13 has an invalid length. [ 224.667969][T10141] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1641'. [ 224.855787][T10153] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1644'. [ 225.267370][T10169] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1650'. [ 225.497846][T10147] dccp_close: ABORT with 329 bytes unread [ 225.637901][T10188] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1658'. [ 226.207146][T10205] IPVS: rr: TCP 172.20.20.170:0 - no destination available [ 226.311467][ T54] Bluetooth: hci1: command 0x0405 tx timeout [ 227.135955][T10247] xt_bpf: check failed: parse error [ 227.854333][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 228.280432][T10289] __nla_validate_parse: 3 callbacks suppressed [ 228.280457][T10289] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1693'. [ 228.451745][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 228.469896][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 228.479000][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 228.497653][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 228.507210][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 228.515659][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 228.569163][T10300] xt_bpf: check failed: parse error [ 228.621914][T10302] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1699'. [ 228.642385][T10303] Bluetooth: MGMT ver 1.23 [ 228.754280][T10309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1702'. [ 229.052377][T10324] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1706'. [ 229.253506][T10334] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 229.266307][T10334] tipc: Enabling of bearer rejected, failed to enable media [ 229.297375][T10340] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1708'. [ 229.352729][T10294] chnl_net:caif_netlink_parms(): no params data found [ 229.678501][T10294] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.707169][T10294] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.739146][T10294] bridge_slave_0: entered allmulticast mode [ 229.746497][T10294] bridge_slave_0: entered promiscuous mode [ 229.801267][T10294] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.819881][T10294] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.837660][T10294] bridge_slave_1: entered allmulticast mode [ 229.851763][T10294] bridge_slave_1: entered promiscuous mode [ 230.007478][T10375] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1717'. [ 230.051118][T10365] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1715'. [ 230.197743][T10294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 230.227006][T10294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 230.286152][T10377] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1718'. [ 230.383991][T10294] team0: Port device team_slave_0 added [ 230.413910][T10294] team0: Port device team_slave_1 added [ 230.549260][ T54] Bluetooth: hci3: command tx timeout [ 230.576737][T10294] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 230.600940][T10294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 230.708135][T10294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 230.769661][T10294] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 230.776669][T10294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 230.833806][T10294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 230.845704][T10401] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1727'. [ 230.862200][T10403] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1725'. [ 231.132020][T10294] hsr_slave_0: entered promiscuous mode [ 231.159337][T10294] hsr_slave_1: entered promiscuous mode [ 231.185447][T10294] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 231.209112][T10294] Cannot create hsr debugfs directory [ 231.796135][T10294] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.087341][T10294] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.262509][T10294] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.587107][T10294] netdevsim netdevsim2 netdevsim0 (unregistering): left promiscuous mode [ 232.629836][ T54] Bluetooth: hci3: command tx timeout [ 232.720243][T10480] ieee802154 phy0 wpan0: encryption failed: -22 [ 232.753069][T10294] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.022647][T10294] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 233.083101][T10294] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 233.146504][T10294] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 233.183747][T10294] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 233.464569][T10294] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.491129][T10505] ieee802154 phy0 wpan0: encryption failed: -22 [ 233.555213][T10294] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.570662][T10513] __nla_validate_parse: 6 callbacks suppressed [ 233.570684][T10513] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1758'. [ 233.588482][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.595743][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.626035][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.633301][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.167543][T10294] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 234.318435][T10294] veth0_vlan: entered promiscuous mode [ 234.461939][T10294] veth1_vlan: entered promiscuous mode [ 234.599395][T10294] veth0_macvtap: entered promiscuous mode [ 234.632613][T10294] veth1_macvtap: entered promiscuous mode [ 234.671901][T10294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.695547][T10294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.709673][ T54] Bluetooth: hci3: command tx timeout [ 234.726692][T10294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.751049][T10294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.767116][T10294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.793067][T10294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.803236][T10294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.814748][T10294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.824914][T10294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.837561][T10294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.853370][T10294] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 234.900807][T10550] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1774'. [ 234.950651][T10553] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 234.960051][T10553] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 234.968909][T10553] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 234.977656][T10553] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 235.019686][T10553] vxlan0: entered promiscuous mode [ 235.039223][T10553] vxlan0: entered allmulticast mode [ 235.063765][T10553] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 235.072935][T10553] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 235.082115][T10553] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 235.091150][T10553] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 235.128193][T10562] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1775'. [ 235.172320][T10294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.213608][T10294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.235673][T10294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.255839][T10294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.267486][T10294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.282664][T10294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.293108][T10294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.304258][T10294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.316808][T10294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.327859][T10294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.340974][T10294] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 235.402560][T10294] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.442077][T10294] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.470547][T10294] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.497885][T10294] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.779226][ T6032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.802068][ T6032] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.828032][T10587] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1785'. [ 235.881658][T10587] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1785'. [ 235.898513][ T6043] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.935694][ T6043] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.549706][T10625] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1799'. [ 236.639256][T10627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1800'. [ 236.743545][T10627] bpq0: entered promiscuous mode [ 236.748571][T10627] bpq0: entered allmulticast mode [ 236.777914][T10627] [ 236.780302][T10627] ====================================================== [ 236.787351][T10627] WARNING: possible circular locking dependency detected [ 236.790875][ T54] Bluetooth: hci3: command tx timeout [ 236.794371][T10627] 6.10.0-syzkaller-12562-g1722389b0d86 #0 Not tainted [ 236.794388][T10627] ------------------------------------------------------ [ 236.794398][T10627] syz.2.1800/10627 is trying to acquire lock: [ 236.819655][T10627] ffffffff8fbdbcd8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_device_down+0xb5/0x7b0 [ 236.829221][T10627] [ 236.829221][T10627] but task is already holding lock: [ 236.836625][T10627] ffffffff8fbdbc78 (nr_neigh_list_lock){+...}-{2:2}, at: nr_rt_device_down+0x28/0x7b0 [ 236.846255][T10627] [ 236.846255][T10627] which lock already depends on the new lock. [ 236.846255][T10627] [ 236.856759][T10627] [ 236.856759][T10627] the existing dependency chain (in reverse order) is: [ 236.865784][T10627] [ 236.865784][T10627] -> #2 (nr_neigh_list_lock){+...}-{2:2}: [ 236.873711][T10627] lock_acquire+0x1ed/0x550 [ 236.878774][T10627] _raw_spin_lock_bh+0x35/0x50 [ 236.884086][T10627] nr_rt_ioctl+0x398/0xfb0 [ 236.889311][T10627] sock_do_ioctl+0x158/0x460 [ 236.894441][T10627] sock_ioctl+0x629/0x8e0 [ 236.899360][T10627] __se_sys_ioctl+0xfc/0x170 [ 236.904489][T10627] do_syscall_64+0xf3/0x230 [ 236.909531][T10627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.915963][T10627] [ 236.915963][T10627] -> #1 (&nr_node->node_lock){+...}-{2:2}: [ 236.923968][T10627] lock_acquire+0x1ed/0x550 [ 236.929004][T10627] _raw_spin_lock_bh+0x35/0x50 [ 236.934295][T10627] nr_rt_ioctl+0x192/0xfb0 [ 236.939250][T10627] sock_do_ioctl+0x158/0x460 [ 236.944389][T10627] sock_ioctl+0x629/0x8e0 [ 236.949256][T10627] __se_sys_ioctl+0xfc/0x170 [ 236.954391][T10627] do_syscall_64+0xf3/0x230 [ 236.959449][T10627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.965876][T10627] [ 236.965876][T10627] -> #0 (nr_node_list_lock){+...}-{2:2}: [ 236.973702][T10627] validate_chain+0x18e0/0x5900 [ 236.979078][T10627] __lock_acquire+0x137a/0x2040 [ 236.984456][T10627] lock_acquire+0x1ed/0x550 [ 236.989495][T10627] _raw_spin_lock_bh+0x35/0x50 [ 236.994785][T10627] nr_rt_device_down+0xb5/0x7b0 [ 237.000176][T10627] nr_device_event+0x134/0x150 [ 237.005475][T10627] notifier_call_chain+0x19f/0x3e0 [ 237.011116][T10627] __dev_notify_flags+0x207/0x400 [ 237.016668][T10627] dev_change_flags+0xf0/0x1a0 [ 237.021960][T10627] dev_ifsioc+0x7c8/0xe70 [ 237.026827][T10627] dev_ioctl+0x719/0x1340 [ 237.031697][T10627] sock_do_ioctl+0x240/0x460 [ 237.036813][T10627] sock_ioctl+0x629/0x8e0 [ 237.041669][T10627] __se_sys_ioctl+0xfc/0x170 [ 237.046870][T10627] do_syscall_64+0xf3/0x230 [ 237.051902][T10627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.058386][T10627] [ 237.058386][T10627] other info that might help us debug this: [ 237.058386][T10627] [ 237.068611][T10627] Chain exists of: [ 237.068611][T10627] nr_node_list_lock --> &nr_node->node_lock --> nr_neigh_list_lock [ 237.068611][T10627] [ 237.082444][T10627] Possible unsafe locking scenario: [ 237.082444][T10627] [ 237.089894][T10627] CPU0 CPU1 [ 237.095263][T10627] ---- ---- [ 237.100629][T10627] lock(nr_neigh_list_lock); [ 237.105318][T10627] lock(&nr_node->node_lock); [ 237.112685][T10627] lock(nr_neigh_list_lock); [ 237.119884][T10627] lock(nr_node_list_lock); [ 237.124488][T10627] [ 237.124488][T10627] *** DEADLOCK *** [ 237.124488][T10627] [ 237.132626][T10627] 2 locks held by syz.2.1800/10627: [ 237.137860][T10627] #0: ffffffff8fa7f788 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x706/0x1340 [ 237.146737][T10627] #1: ffffffff8fbdbc78 (nr_neigh_list_lock){+...}-{2:2}, at: nr_rt_device_down+0x28/0x7b0 [ 237.156782][T10627] [ 237.156782][T10627] stack backtrace: [ 237.162668][T10627] CPU: 0 UID: 0 PID: 10627 Comm: syz.2.1800 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 237.173108][T10627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 237.183170][T10627] Call Trace: [ 237.186455][T10627] [ 237.189389][T10627] dump_stack_lvl+0x241/0x360 [ 237.194077][T10627] ? __pfx_dump_stack_lvl+0x10/0x10 [ 237.199289][T10627] ? print_circular_bug+0x130/0x1a0 [ 237.204495][T10627] check_noncircular+0x36a/0x4a0 [ 237.209443][T10627] ? __pfx_check_noncircular+0x10/0x10 [ 237.214949][T10627] ? lockdep_lock+0x123/0x2b0 [ 237.219643][T10627] validate_chain+0x18e0/0x5900 [ 237.224499][T10627] ? __pfx_lockdep_unlock+0x10/0x10 [ 237.229716][T10627] ? __pfx_validate_chain+0x10/0x10 [ 237.235039][T10627] ? __pfx_validate_chain+0x10/0x10 [ 237.240252][T10627] ? __try_to_del_timer_sync+0x2ad/0x340 [ 237.245915][T10627] ? mark_lock+0x9a/0x350 [ 237.250264][T10627] __lock_acquire+0x137a/0x2040 [ 237.255159][T10627] lock_acquire+0x1ed/0x550 [ 237.259676][T10627] ? nr_rt_device_down+0xb5/0x7b0 [ 237.264724][T10627] ? __pfx_lock_acquire+0x10/0x10 [ 237.269764][T10627] ? nr_rt_device_down+0xb5/0x7b0 [ 237.274808][T10627] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 237.280626][T10627] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 237.286004][T10627] ? nr_rt_device_down+0xb5/0x7b0 [ 237.291046][T10627] _raw_spin_lock_bh+0x35/0x50 [ 237.295817][T10627] ? nr_rt_device_down+0xb5/0x7b0 [ 237.300870][T10627] nr_rt_device_down+0xb5/0x7b0 [ 237.305781][T10627] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 237.311522][T10627] ? do_raw_spin_unlock+0x13c/0x8b0 [ 237.316759][T10627] ? packet_notifier+0xa1a/0xa30 [ 237.321738][T10627] nr_device_event+0x134/0x150 [ 237.326531][T10627] notifier_call_chain+0x19f/0x3e0 [ 237.331665][T10627] __dev_notify_flags+0x207/0x400 [ 237.336815][T10627] ? __pfx___dev_notify_flags+0x10/0x10 [ 237.342372][T10627] ? __dev_change_flags+0x579/0x6f0 [ 237.347584][T10627] ? __pfx___dev_change_flags+0x10/0x10 [ 237.353151][T10627] ? rcu_is_watching+0x15/0xb0 [ 237.357946][T10627] ? trace_contention_end+0x3c/0x120 [ 237.363259][T10627] ? __mutex_lock+0x2ef/0xd70 [ 237.367958][T10627] dev_change_flags+0xf0/0x1a0 [ 237.372758][T10627] dev_ifsioc+0x7c8/0xe70 [ 237.377117][T10627] ? __pfx_dev_ifsioc+0x10/0x10 [ 237.381992][T10627] ? dev_load+0x21/0x1f0 [ 237.386268][T10627] dev_ioctl+0x719/0x1340 [ 237.390623][T10627] sock_do_ioctl+0x240/0x460 [ 237.395224][T10627] ? __pfx_sock_do_ioctl+0x10/0x10 [ 237.400384][T10627] sock_ioctl+0x629/0x8e0 [ 237.404726][T10627] ? __pfx_sock_ioctl+0x10/0x10 [ 237.409585][T10627] ? __fget_files+0x29/0x470 [ 237.414193][T10627] ? __fget_files+0x3f6/0x470 [ 237.418881][T10627] ? __fget_files+0x29/0x470 [ 237.423525][T10627] ? bpf_lsm_file_ioctl+0x9/0x10 [ 237.428476][T10627] ? security_file_ioctl+0x87/0xb0 [ 237.434216][T10627] ? __pfx_sock_ioctl+0x10/0x10 [ 237.439081][T10627] __se_sys_ioctl+0xfc/0x170 [ 237.443683][T10627] do_syscall_64+0xf3/0x230 [ 237.448197][T10627] ? clear_bhb_loop+0x35/0x90 [ 237.452886][T10627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.458876][T10627] RIP: 0033:0x7f940ad77299 [ 237.463296][T10627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.483000][T10627] RSP: 002b:00007f940ba8d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 237.491431][T10627] RAX: ffffffffffffffda RBX: 00007f940af05f80 RCX: 00007f940ad77299 [ 237.499411][T10627] RDX: 0000000020000000 RSI: 0000000000008914 RDI: 0000000000000008 [ 237.507390][T10627] RBP: 00007f940ade48e6 R08: 0000000000000000 R09: 0000000000000000 [ 237.515368][T10627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 237.523344][T10627] R13: 000000000000000b R14: 00007f940af05f80 R15: 00007ffd62cd5198 [ 237.531329][T10627] [ 237.611483][T10638] base_sock_release(ffff888061355a00) sk=ffff88801268c000